Showing papers on "Denial-of-service attack published in 2020"

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Abstract: Distributed Denial of Service (DDoS) attacks are one of the most harmful threats in today’s Internet, disrupting the availability of essential services. The challenge of DDoS detection is the combination of attack approaches coupled with the volume of live traffic to be analysed. In this paper, we present a practical, lightweight deep learning DDoS detection system called Lucid, which exploits the properties of Convolutional Neural Networks (CNNs) to classify traffic flows as either malicious or benign. We make four main contributions; (1) an innovative application of a CNN to detect DDoS traffic with low processing overhead, (2) a dataset-agnostic preprocessing mechanism to produce traffic observations for online attack detection, (3) an activation analysis to explain Lucid’s DDoS classification, and (4) an empirical validation of the solution on a resource-constrained hardware platform. Using the latest datasets, Lucid matches existing state-of-the-art detection accuracy whilst presenting a 40x reduction in processing time, as compared to the state-of-the-art. With our evaluation results, we prove that the proposed approach is suitable for effective DDoS detection in resource-constrained operational environments.

Exploring the Attack Surface of Blockchain: A Comprehensive Survey

Abstract: In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51% attack, DNS attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities.

CNN-Based Network Intrusion Detection against Denial-of-Service Attacks

Abstract: As cyberattacks become more intelligent, it is challenging to detect advanced attacks in a variety of fields including industry, national defense, and healthcare. Traditional intrusion detection systems are no longer enough to detect these advanced attacks with unexpected patterns. Attackers bypass known signatures and pretend to be normal users. Deep learning is an alternative to solving these issues. Deep Learning (DL)-based intrusion detection does not require a lot of attack signatures or the list of normal behaviors to generate detection rules. DL defines intrusion features by itself through training empirical data. We develop a DL-based intrusion model especially focusing on denial of service (DoS) attacks. For the intrusion dataset, we use KDD CUP 1999 dataset (KDD), the most widely used dataset for the evaluation of intrusion detection systems (IDS). KDD consists of four types of attack categories, such as DoS, user to root (U2R), remote to local (R2L), and probing. Numerous KDD studies have been employing machine learning and classifying the dataset into the four categories or into two categories such as attack and benign. Rather than focusing on the broad categories, we focus on various attacks belonging to same category. Unlike other categories of KDD, the DoS category has enough samples for training each attack. In addition to KDD, we use CSE-CIC-IDS2018 which is the most up-to-date IDS dataset. CSE-CIC-IDS2018 consists of more advanced DoS attacks than that of KDD. In this work, we focus on the DoS category of both datasets and develop a DL model for DoS detection. We develop our model based on a Convolutional Neural Network (CNN) and evaluate its performance through comparison with an Recurrent Neural Network (RNN). Furthermore, we suggest the optimal CNN design for the better performance through numerous experiments.

Input-Based Event-Triggering Consensus of Multiagent Systems Under Denial-of-Service Attacks

Abstract: This paper applies an input-based triggering approach to investigate the secure consensus problem in multiagent systems under denial-of-service (DoS) attacks. The DoS attacks are based on the time-sequence fashion and occur aperiodically in an unknown attack strategy, which can usually damage the control channels executed by an intelligent adversary. A novel event-triggered control scheme on the basis of the relative interagent state is developed under the DoS attacks, by designing a link-based estimator to estimate the relative interagent state between intermitted communication instead of the absolute state. Compared with most of the existing work on the design of the triggering condition related to the state measurement error, the proposed triggering condition is designed based on the control input signal from the view of privacy protection, which can avoid continuous sampling for every agent. Besides, the attack frequency and attack duration of DoS attacks are analyzed and the secure consensus is reachable provided that the attack frequency and attack duration satisfy some certain conditions under the proposed control algorithm. “Zeno phenomenon” does not exhibit by proving that there exist different positive lower bounds corresponding to different link-based triggering conditions. Finally, the effectiveness of the proposed algorithm is verified by a numerical example.

Effective Attack Detection in Internet of Medical Things Smart Environment Using a Deep Belief Neural Network

Abstract: The Internet of Things (IoT) has lately developed into an innovation for developing smart environments. Security and privacy are viewed as main problems in any technology’s dependence on the IoT model. Privacy and security issues arise due to the different possible attacks caused by intruders. Thus, there is an essential need to develop an intrusion detection system for attack and anomaly identification in the IoT system. In this work, we have proposed a deep learning-based method Deep Belief Network (DBN) algorithm model for the intrusion detection system. Regarding the attacks and anomaly detection, the CICIDS 2017 dataset is utilized for the performance analysis of the present IDS model. The proposed method produced better results in all the parameters in relation to accuracy, recall, precision, F1-score, and detection rate. The proposed method has achieved 99.37% accuracy for normal class, 97.93% for Botnet class, 97.71% for Brute Force class, 96.67% for Dos/DDoS class, 96.37% for Infiltration class, 97.71% for Ports can class and 98.37% for Web attack, and these results were compared with various classifiers as shown in the results.

Learning-Driven Detection and Mitigation of DDoS Attack in IoT via SDN-Cloud Architecture

Abstract: The Internet-of-Things (IoT) network is growing big owing to its utility in smart applications. An IoT network is susceptible to security breaches, in majority due to the resource-constrained nature of IoT. Of the various breaches, the Distributed Denial-of-Service (DDoS) attack can snip off the network service to the users in various ways, such as consumption of server’s resources, saturating link bandwidth, etc. These types of DDoS breaches can turn out to be a catastrophe in critical IoT use cases. This article delves into tackling the DDoS attack triggered by malicious wireless IoT on IoT servers. Our security scheme leverages the cloud and software-defined network (SDN) paradigm to mitigate the DDoS attack on IoT servers. We have proposed a novel mechanism named learning-driven detection mitigation (LEDEM) that detects DDoS using a semisupervised machine-learning algorithm and mitigates DDoS. We tested LEDEM in the testbed and emulated topology, and compared the results with state-of-the-art solutions. We achieved an improved accuracy rate of 96.28% in detecting DDoS attack.

A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks Using Machine Learning

Abstract: While there have been extensive studies of denial of service (DoS) attacks and DDoS attack mitigation, such attacks remain challenging to mitigate. For example, Low-Rate DDoS (LR-DDoS) attacks are known to be difficult to detect, particularly in a software-defined network (SDN). Hence, in this paper we present a flexible modular architecture that allows the identification and mitigation of LR-DDoS attacks in SDN settings. Specifically, we train the intrusion detection system (IDS) in our architecture using six machine learning (ML) models (i.e., J48, Random Tree, REP Tree, Random Forest, Multi-Layer Perceptron (MLP), and Support Vector Machines (SVM)) and evaluate their performance using the Canadian Institute of Cybersecurity (CIC) DoS dataset. The findings from the evaluation demonstrate that our approach achieves a detection rate of 95%, despite the difficulty in detecting LR-DoS attacks. We also remark that in our deployment, we use the open network operating system (ONOS) controller running on Mininet virtual machine in order for our simulated environment to be as close to real-world production networks as possible. In our testing topology, the intrusion prevention detection system mitigates all attacks previously detected by the IDS system. This demonstrates the utility of our architecture in identifying and mitigating LR-DDoS attacks.

FlowGuard: An Intelligent Edge Defense Mechanism Against IoT DDoS Attacks

Abstract: Internet-of-Things (IoT) devices are getting more and more popular in recent years and IoT networks play an important role in the industry as well as people’s activities. On the one hand, they bring convenience to every aspect of our daily life; on the other hand, they are vulnerable to various attacks that in turn cancels out their benefits to a certain degree. In this article, we target the defense techniques against IoT Distributed Denial-of-Service (DDoS) attacks and propose an edge-centric IoT defense scheme termed FlowGuard for the detection, identification, classification, and mitigation of IoT DDoS attacks. We present a new DDoS attack detection algorithm based on traffic variations and design two machine learning models for DDoS identification and classification. To demonstrate the effectiveness of the two machine learning models, we generate a large data set by DDoS simulators BoNeSi and SlowHTTPTest, and combine it with the CICDDoS2019 data set, to test the identification and classification accuracy as well as the model efficiency. Our results indicate that the identification accuracy of the proposed long short-term memory is as high as 98.9%, which significantly outperforms the other four well-known learning models mentioned in the most related work. The classification accuracy of the proposed convolutional neural network is up to 99.9%. Besides, our models satisfactorily meet the delay requirements of IoT when deployed in edge servers with computational powers higher than a personal computer.

DDoSNet: A Deep-Learning Model for Detecting Network Attacks

Abstract: Software-Defined Networking (SDN) is an emerging paradigm, which evolved in recent years to address the weaknesses in traditional networks. The significant feature of the SDN, which is achieved by disassociating the control plane from the data plane, facilitates network management and allows the network to be efficiently programmable. However, the new architecture can be susceptible to several attacks that lead to resource exhaustion and prevent the SDN controller from supporting legitimate users. One of these attacks, which nowadays is growing significantly, is the Distributed Denial of Service (DDoS) attack. DDoS attack has a high impact on crashing the network resources, making the target servers unable to support the valid users. The current methods deploy Machine Learning (ML) for intrusion detection against DDoS attacks in the SDN network using the standard datasets. However, these methods suffer several drawbacks, and the used datasets do not contain the most recent attack patterns - hence, lacking in attack diversity. In this paper, we propose DDoSNet, an intrusion detection system against DDoS attacks in SDN environments. Our method is based on Deep Learning (DL) technique, combining the Recurrent Neural Network (RNN) with autoencoder. We evaluate our model using the newly released dataset CICDDoS2019, which contains a comprehensive variety of DDoS attacks and addresses the gaps of the existing current datasets. We obtain a significant improvement in attack detection, as compared to other benchmarking methods. Hence, our model provides great confidence in securing these networks.

Performance evaluation of Botnet DDoS attack detection using machine learning

Abstract: Botnet is regarded as one of the most sophisticated vulnerability threats nowadays. A large portion of network traffic is dominated by Botnets. Botnets are conglomeration of trade PCs (Bots) which are remotely controlled by their originator (BotMaster) under a Command and-Control (C&C) foundation. They are the keys to several Internet assaults like spams, Distributed Denial of Service Attacks (DDoS), rebate distortions, malwares and phishing. To over the problem of DDoS attack, various machine learning methods typically Support Vector Machine (SVM), Artificial Neural Network (ANN), Naive Bayes (NB), Decision Tree (DT), and Unsupervised Learning (USML) (K-means, X-means etc.) were proposed. With the increasing popularity of Machine Learning in the field of Computer Security, it will be a remarkable accomplishment to carry out performance assessment of the machine learning methods given a common platform. This could assist developers in choosing a suitable method for their case studies and assist them in further research. This paper performed an experimental analysis of the machine learning methods for Botnet DDoS attack detection. The evaluation is done on the UNBS-NB 15 and KDD99 which are well-known publicity datasets for Botnet DDoS attack detection. Machine learning methods typically Support Vector Machine (SVM), Artificial Neural Network (ANN), Naive Bayes (NB), Decision Tree (DT), and Unsupervised Learning (USML) are investigated for Accuracy, False Alarm Rate (FAR), Sensitivity, Specificity, False positive rate (FPR), AUC, and Matthews correlation coefficient (MCC) of datasets. Performance of KDD99 dataset has been experimentally shown to be better as compared to the UNBS-NB 15 dataset. This validation is significant in computer security and other related fields.

An Evolutionary SVM Model for DDOS Attack Detection in Software Defined Networks

Abstract: Software-Defined Network (SDN) has become a promising network architecture in current days that provide network operators more control over the network infrastructure. The controller, also called as the operating system of the SDN, is responsible for running various network applications and maintaining several network services and functionalities. Despite all its capabilities, the introduction of various architectural entities of SDN poses many security threats and potential targets. Distributed Denial of Services (DDoS) is a rapidly growing attack that poses a tremendous threat to the Internet. As the control layer is vulnerable to DDoS attacks, the goal of this paper is to detect the attack traffic, by taking the centralized control aspect of SDN. Nowadays, in the field of SDN, various machine learning (ML) techniques are being deployed for detecting malicious traffic. Despite these works, choosing the relevant features and accurate classifiers for attack detection is an open question. For better detection accuracy, in this work, Support Vector Machine (SVM) is assisted by kernel principal component analysis (KPCA) with genetic algorithm (GA). In the proposed SVM model, KPCA is used for reducing the dimension of feature vectors, and GA is used for optimizing different SVM parameters. In order to reduce the noise caused by feature differences, an improved kernel function (N-RBF) is proposed. The experimental results show that compared to single-SVM, the proposed model achieves more accurate classification with better generalization. Moreover, the proposed model can be embedded within the controller to define security rules to prevent possible attacks by the attackers.

A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks

Abstract: As novel technologies continue to reshape the digital era, cyberattacks are also increasingly becoming more commonplace and sophisticated. Distributed denial of service (DDoS) attacks are, perhaps, the most prevalent and exponentially-growing attack, targeting the varied and emerging computational network infrastructures across the globe. This necessitates the design of an efficient and early detection of large-scale sophisticated DDoS attacks. Software defined networks (SDN) point to a promising solution, as a network paradigm which decouples the centralized control intelligence from the forwarding logic. In this work, a deep convolutional neural network (CNN) ensemble framework for efficient DDoS attack detection in SDNs is proposed. The proposed framework is evaluated on a current state-of-the-art Flow-based dataset under established benchmarks. Improved accuracy is demonstrated against existing related detection approaches.

Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models

Abstract: Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

Distributed Resilient Finite-Time Secondary Control for Heterogeneous Battery Energy Storage Systems Under Denial-of-Service Attacks

Abstract: This article addresses the problem of distributed resilient finite-time control of multiple heterogeneous battery energy storage systems (BESSs) in a microgrid subject to denial-of-service (DoS) attacks. Note that DoS attacks may block information transmission among BESSs by preventing the BESS from sending data, compromising the devices and jamming a communication network. A distributed secure control framework is presented, where an acknowledgment (ACK)-based attack detection strategy and a communication recovery mechanism are introduced to mitigate the impact of DoS attacks by repairing the paralyzed topology graphs caused by DoS attacks back into the initial connected graph. Under this framework, a distributed resilient finite-time secondary control scheme is proposed such that frequency regulation, active power sharing, and energy level balancing of BESSs can be achieved simultaneously in a finite time; meanwhile, operational constraints can be satisfied at any control transient time. Moreover, based on theoretical analysis, the impact of the duration time of DoS attacks on the convergence time of the control algorithm can be explicitly revealed. Finally, validity and effectiveness of the proposed control scheme are demonstrated by case studies on a modified IEEE 57-bus testing system.

LUCID: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Abstract: Distributed Denial of Service (DDoS) attacks are one of the most harmful threats in today's Internet, disrupting the availability of essential services. The challenge of DDoS detection is the combination of attack approaches coupled with the volume of live traffic to be analysed. In this paper, we present a practical, lightweight deep learning DDoS detection system called LUCID, which exploits the properties of Convolutional Neural Networks (CNNs) to classify traffic flows as either malicious or benign. We make four main contributions; (1) an innovative application of a CNN to detect DDoS traffic with low processing overhead, (2) a dataset-agnostic preprocessing mechanism to produce traffic observations for online attack detection, (3) an activation analysis to explain LUCID's DDoS classification, and (4) an empirical validation of the solution on a resource-constrained hardware platform. Using the latest datasets, LUCID matches existing state-of-the-art detection accuracy whilst presenting a 40x reduction in processing time, as compared to the state-of-the-art. With our evaluation results, we prove that the proposed approach is suitable for effective DDoS detection in resource-constrained operational environments.

A Hierarchical Hybrid Intrusion Detection Approach in IoT Scenarios

Abstract: Internet of Things (IoT) fosters unprecedented network heterogeneity and dynamicity, thus increasing the variety and the amount of related vulnerabilities. Hence, traditional security approaches fall short, also in terms of resulting scalability and privacy. In this paper we propose H2ID, a two-stage hierarchical Network Intrusion Detection approach. H2ID performs (i) anomaly detection via a novel lightweight solution based on a MultiModal Deep AutoEncoder (M2-DAE), and (ii) attack classification, using soft-output classifiers. We validate our proposal using the recently-released Bot-IoT dataset, inferring among four relevant categories of attack (DDoS, DoS, Scan, and Theft) and unknown attacks. Results show gains of the proposed M2-DAE in the case of simple anomaly detection (up to −40% false-positive rate when compared with several baselines at same true positive rate) and for H2ID as a whole when compared to the best-performing misuse detector approach (up to ≈ +5% F1 score). Besides the performance advantages, our system is suitable for distributed and privacy-preserving deployments while limiting re-training necessities, in line with the high efficiency as well as the flexibility required in IoT scenarios.

An Unsupervised Deep Learning Model for Early Network Traffic Anomaly Detection

Abstract: Various attacks have emerged as the major threats to the success of a connected world like the Internet of Things (IoT), in which billions of devices interact with each other to facilitate human life. By exploiting the vulnerabilities of cheap and insecure devices such as IP cameras, an attacker can create hundreds of thousands of zombie devices and then launch massive volume attacks to take down any target. For example, in 2016, a record large-scale DDoS attack launched by millions of Mirai-injected IP cameras and smart printers blocked the accessibility of several high-profile websites. To date, the state-of-the-art defense systems against such attacks rely mostly on pre-defined features extracted from the entire flows or signatures. The feature definitions are manual, and it would be too late to block a malicious flow after extracting the flow features. In this work, we present an effective anomaly traffic detection mechanism, namely D-PACK, which consists of a Convolutional Neural Network (CNN) and an unsupervised deep learning model (e.g., Autoencoder) for auto-profiling the traffic patterns and filtering abnormal traffic. Notably, D-PACK inspects only the first few bytes of the first few packets in each flow for early detection. Our experimental results show that, by examining just the first two packets in each flow, D-PACK still performs with nearly 100% accuracy, while features an extremely low false-positive rate, e.g., 0.83%. The design can inspire the emerging efforts towards online anomaly detection systems that feature reducing the volume of processed packets and blocking malicious flows in time.

Distributed denial of service attacks and its defenses in IoT: a survey

Abstract: A distributed denial of service (DDoS) attack is an attempt to partially or completely shut down the targeted server with a flood of internet traffic. The primary aim of this attack is to disrupt regular traffic flow to the victim’s server or network. DDoS attacks are volumetric attacks, and non-legacy IoT devices with low security such as webcams, baby monitoring devices and printers are compromised to form a botnet. High traffic from compromised IoT devices is rerouted to servers to disrupt their regular services. DDoS attacks are to an extent covered in the research literature. However, existing research do not discuss all DDoS attacks on general servers and botnet attacks on IoT devices and suggest few detection and mitigation solutions which are limited to addressing attacks on the cloud environment. Existing survey focuses either on the cloud layer or the IoT layer. A complete survey of DDoS attacks for both IoT and the cloud environment is not present in the current literature. Our survey is a comprehensive approach which includes general DDoS attack motivations and specific reasons why attackers prefer IoT devices to launch DDoS attacks. Various attack methods to compromise IoT devices and tools used to deploy botnet-infected IoT devices for DDoS attacks on the cloud layer are presented. A detailed attack classification on IoT devices and the cloud environment is presented considering that IoT devices are first compromised and then used by attackers against their primary targets on the cloud layer. Various state-of-the-art defense measures in the current literature for defense against DDoS attacks are present. Suggestions to implement an essential first line of defense for IoT devices are suggested. Our paper, to the best of our knowledge, is first to provide a holistic study of DDoS attacks from IoT devices to the cloud environment.

A Machine Learning Security Framework for Iot Systems

Abstract: Internet of Things security is attracting a growing attention from both academic and industry communities. Indeed, IoT devices are prone to various security attacks varying from Denial of Service (DoS) to network intrusion and data leakage. This paper presents a novel machine learning (ML) based security framework that automatically copes with the expanding security aspects related to IoT domain. This framework leverages both Software Defined Networking (SDN) and Network Function Virtualization (NFV) enablers for mitigating different threats. This AI framework combines monitoring agent and AI-based reaction agent that use ML-Models divided into network patterns analysis, along with anomaly-based intrusion detection in IoT systems. The framework exploits the supervised learning, distributed data mining system and neural network for achieving its goals. Experiments results demonstrate the efficiency of the proposed scheme. In particular, the distribution of the attacks using the data mining approach is highly successful in detecting the attacks with high performance and low cost. Regarding our anomaly-based intrusion detection system (IDS) for IoT, we have evaluated the experiment in a real Smart building scenario using one-class SVM. The detection accuracy of anomalies achieved 99.71%. A feasibility study is conducted to identify the current potential solutions to be adopted and to promote the research towards the open challenges.

A Novel Attack Detection Scheme for the Industrial Internet of Things Using a Lightweight Random Neural Network

Abstract: The Industrial Internet of Things (IIoT) brings together many sensors, machines, industrial applications, databases, services, and people at work. The IIoT is improving our lives in several ways including smarter cities, agriculture, and e-healthcare, etc. Although the IIoT shares several characteristics with the consumer IoT, different cybersecurity mechanisms are adopted for both networks. Unlike consumer IoT solutions that are used by an individual user for a single purpose, IIoT solutions tend to be integrated into larger operational systems. As a result, IIoT security solutions require additional planning and awareness to ensure the security and privacy of the system. In this paper, different cybersecurity attacks such as denial of service (DoS), malicious operation, malicious control, data type probing, spying, scan, and wrong setup are predicted by applying machine learning techniques. To predict the aforementioned attacks, a novel lightweight random neural network (RaNN)-based prediction model has been proposed in this article. To investigate the performance of the RaNN-based prediction model, several evaluation parameters such as accuracy, precision, recall, and F1 score were calculated and compared with the traditional artificial neural network (ANN), support vector machine (SVM) and decision tree (DT). The evaluation results show that the proposed RaNN model achieves an accuracy of 99.20% for a learning rate of 0.01, with a prediction time of 34.51 milliseconds. Other performance parameters such as the precision, recall, and F1 score were 99.11%, 99.13%, and 99.20%, respectively. The proposed scheme improves the attack detection accuracy by an average of 5.65% compared to that of state-of-the-art machine learning schemes for IoT security.

Distributed Cyber Attacks Detection and Recovery Mechanism for Vehicle Platooning

Abstract: This paper is concerned with the distributed attack detection and recovery in a vehicle platooning control system, wherein inter-vehicle information is propagated via a wireless communication network. An active adversary may launch malicious cyber attacks to compromise both sensor measurements and control command data due to the openness of the wireless communication. First, a distributed attack detection algorithm is developed to identify any of those attacks. The core of the algorithm lies in that each designed filter can provide two ellipsoidal sets: a state prediction set and a state estimation set. Whether a filter can detect the occurrence of such an attack is determined by the existence of intersection between these two sets. Second, two recovery mechanisms are put forward, through which the adversarial effects of cyber attacks can be mitigated in a timely manner. The recovery mechanisms depend on reliable modifications of the attacked signals required for the computation of the two ellipsoidal sets. Finally, simulation is provided to validate the effectiveness of the proposed method in both detection and recovery phases.

DDoS Attack Detection Method Based on Improved KNN With the Degree of DDoS Attack in Software-Defined Networks

Abstract: The Distributed Denial of Service (DDoS) attack has seriously impaired network availability for decades and still there is no effective defense mechanism against it. However, the emerging Software Defined Networking (SDN) provides a new way to reconsider the defense against DDoS attacks. In this paper, we propose two methods to detect the DDoS attack in SDN. One method adopts the degree of DDoS attack to identify the DDoS attack. The other method uses the improved K-Nearest Neighbors (KNN) algorithm based on Machine Learning (ML) to discover the DDoS attack. The results of the theoretical analysis and the experimental results on datasets show that our proposed methods can better detect the DDoS attack compared with other methods.

LSTM-Based Intrusion Detection System for In-Vehicle Can Bus Communications

Abstract: The modern automobile is a complex piece of technology that uses the Controller Area Network (CAN) bus system as a central system for managing the communication between the electronic control units (ECUs). Despite its central importance, the CAN bus system does not support authentication and authorization mechanisms, i.e., CAN messages are broadcast without basic security features. As a result, it is easy for attackers to launch attacks at the CAN bus network system. Attackers can compromise the CAN bus system in several ways including Denial of Service (DoS), Fuzzing and Spoofing attacks. It is imperative to devise methodologies to protect modern cars against the aforementioned attacks. In this paper, we propose a Long Short-Term Memory (LSTM)-based Intrusion Detection System (IDS) to detect and mitigate the CAN bus network attacks. We generate our own dataset by first extracting attack-free data from our experimental car and by injecting attacks into the latter and collecting the dataset. We use the dataset for testing and training our model. With our selected hyper-parameter values, our results demonstrate that our classifier is efficient in detecting the CAN bus network attacks, we achieved an overall detection accuracy of 99.995%. We also compare the proposed LSTM method with the Survival Analysis for automobile IDS dataset which is developed by the Hacking and Countermeasure Research Lab, Korea. Our proposed LSTM model achieves a higher detection rate than the Survival Analysis method.

Integrating complex event processing and machine learning: An intelligent architecture for detecting IoT security attacks

Abstract: The Internet of Things (IoT) is growing globally at a fast pace: people now find themselves surrounded by a variety of IoT devices such as smartphones and wearables in their everyday lives. Additionally, smart environments, such as smart healthcare systems, smart industries and smart cities, benefit from sensors and actuators interconnected through the IoT. However, the increase in IoT devices has brought with it the challenge of promptly detecting and combating the cybersecurity attacks and threats that target them, including malware, privacy breaches and denial of service attacks, among others. To tackle this challenge, this paper proposes an intelligent architecture that integrates Complex Event Processing (CEP) technology and the Machine Learning (ML) paradigm in order to detect different types of IoT security attacks in real time. In particular, such an architecture is capable of easily managing event patterns whose conditions depend on values obtained by ML algorithms. Additionally, a model-driven graphical tool for security attack pattern definition and automatic code generation is provided, hiding all the complexity derived from implementation details from domain experts. The proposed architecture has been applied in the case of a healthcare IoT network to validate its ability to detect attacks made by malicious devices. The results obtained demonstrate that this architecture satisfactorily fulfils its objectives.

A New Framework for DDoS Attack Detection and Defense in SDN Environment

Abstract: While software defined network (SDN) brings more innovation to the development of future networks, it also faces a more severe threat from DDoS attacks. In order to deal with the single point of failure on SDN controller caused by DDoS attacks, we propose a framework for detection and defense of DDoS attacks in the SDN environment. Firstly, we deploy a trigger mechanism of DDoS attack detection on data plane to screen for abnormal flows in the network. Then, we use a combined machine learning algorithm based on K-Means and KNN to exploit the rate characteristics and asymmetry characteristics of the flows and to detect the suspicious flows determined by the detection trigger mechanism. Finally, the controller will take corresponding actions to defense against the attacks. In this paper, we propose a new framework of cooperative detection methods of control plane and data plane, which effectively improve the detection accuracy and efficiency, and prevent DDoS attacks on SDN.

Event-Triggered H∞ Filtering for T-S Fuzzy-Model-Based Nonlinear Networked Systems With Multisensors Against DoS Attacks.

Abstract: This article focuses on the problem of resilient H∞ filtering for Takagi-Sugeno fuzzy-model-based nonlinear networked systems with multisensors. A weighted fusion approach is adopted before information from multisensors is transmitted over the network. A novel event-triggered mechanism is proposed, which allows us not only to reduce the data-releasing rate but also to prevent abnormal data being potentially transmitted over the network due to sensor measurement or other practical factors. The problem of denial-of-service (DoS) attacks, which often occurs in a communication network, is also considered, where the DoS attack model is based on an assumption that the periodic attack includes active periods and sleeping periods. By employing the idea of the switching model for filtering error systems to deal with DoS attacks, sufficient conditions are derived to guarantee that the filtering error system is exponentially stable. Simulation results are given to demonstrate the effectiveness of the theoretical analysis and design method.