期刊文献+
共找到43篇文章
< 1 2 3 >
每页显示 20 50 100
Optimization of Stealthwatch Network Security System for the Detection and Mitigation of Distributed Denial of Service (DDoS) Attack: Application to Smart Grid System
1
作者 Emmanuel S. Kolawole Penrose S. Cofie +4 位作者 John H. Fuller Cajetan M. Akujuobi Emmanuel A. Dada Justin F. Foreman Pamela H. Obiomon 《Communications and Network》 2024年第3期108-134,共27页
The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communicati... The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene. 展开更多
关键词 Smart Grid System Distributed Denial of service (DDoS) Attack Intrusion Detection and Prevention Systems DETECTION Mitigation and Stealthwatch
下载PDF
Distributed generator-based distribution system service restoration strategy and model-free control methods 被引量:8
2
作者 Weijia Liu Yue Chen Fei Ding 《Global Energy Interconnection》 CAS CSCD 2021年第2期126-135,共10页
The rapid growth of distributed generator(DG)capacities has introduced additional controllable assets to improve the performance of distribution systems in terms of service restoration.Renewable DGs are of particular ... The rapid growth of distributed generator(DG)capacities has introduced additional controllable assets to improve the performance of distribution systems in terms of service restoration.Renewable DGs are of particular interest to utility companies,but the stochastic nature of intermittent renewable DGs could have a negative impact on the electric grid if they are not properly handled.In this study,we investigate distribution system service restoration using DGs as the primary power source,and we develop an effective approach to handle the uncertainty of renewable DGs under extreme conditions.The distribution system service restoration problem can be described as a mixed-integer second-order cone programming model by modifying the radial topology constraints and power flow equations.The uncertainty of renewable DGs will be modeled using a chance-constrained approach.Furthermore,the forecast errors and noises in real-time operation are solved using a novel model-free control algorithm that can automatically track the trajectory of real-time DG output.The proposed service restoration strategy and model-free control algorithm are validated using an IEEE 123-bus test system. 展开更多
关键词 distribution system service restoration Distributed generator(DG) Intermittent renewable energy sources Model-free control Power system resilience Uncertainty management
下载PDF
Research on the Spatial Distribution of Ecosystem Service Value in Guangxi and Its Ecological Protection Countermeasure
3
作者 童新芳 周兴 《Meteorological and Environmental Research》 CAS 2010年第1期75-78,92,共5页
90 counties (cities) in Guangxi Province being taken as the tested region,the ecosystem service value of those counties (cities) was measured with the data of land-using in 2005 by means of the Table of Terrestrial Ec... 90 counties (cities) in Guangxi Province being taken as the tested region,the ecosystem service value of those counties (cities) was measured with the data of land-using in 2005 by means of the Table of Terrestrial Ecosystem Services Value in China.The result indicated that the value of the ecosystem services per unit was divided into 3 categories:the first category with high ecosystem services value,the second category with medium ecosystem services value and the third category with low ecosystem services value.The region of the first category was mainly distributed in the mountain area of northern,northwestern,eastern and northeast part of Guangxi;the second category,in the hilly area of southern part and the mountain area in the southwestern part of Guangxi and the third category,in the basin area of central Guangxi,the karst area of western and northwestern Guangxi Province. 展开更多
关键词 Ecosystem service value Spatial distribution of ecosystem service value Ecological protection China
下载PDF
A Machine Learning-Based Distributed Denial of Service Detection Approach for Early Warning in Internet Exchange Points
4
作者 Salem Alhayani Diane R.Murphy 《Computers, Materials & Continua》 SCIE EI 2023年第8期2235-2259,共25页
The Internet service provider(ISP)is the heart of any country’s Internet infrastructure and plays an important role in connecting to theWorld WideWeb.Internet exchange point(IXP)allows the interconnection of two or m... The Internet service provider(ISP)is the heart of any country’s Internet infrastructure and plays an important role in connecting to theWorld WideWeb.Internet exchange point(IXP)allows the interconnection of two or more separate network infrastructures.All Internet traffic entering a country should pass through its IXP.Thus,it is an ideal location for performing malicious traffic analysis.Distributed denial of service(DDoS)attacks are becoming a more serious daily threat.Malicious actors in DDoS attacks control numerous infected machines known as botnets.Botnets are used to send numerous fake requests to overwhelm the resources of victims and make them unavailable for some periods.To date,such attacks present a major devastating security threat on the Internet.This paper proposes an effective and efficient machine learning(ML)-based DDoS detection approach for the early warning and protection of the Saudi Arabia Internet exchange point(SAIXP)platform.The effectiveness and efficiency of the proposed approach are verified by selecting an accurate ML method with a small number of input features.A chi-square method is used for feature selection because it is easier to compute than other methods,and it does not require any assumption about feature distribution values.Several ML methods are assessed using holdout and 10-fold tests on a public large-size dataset.The experiments showed that the performance of the decision tree(DT)classifier achieved a high accuracy result(99.98%)with a small number of features(10 features).The experimental results confirmthe applicability of using DT and chi-square for DDoS detection and early warning in SAIXP. 展开更多
关键词 Internet exchange point Saudi Arabia IXP(SAIXP) distributed denial of service CHI-SQUARE feature selection machine learning
下载PDF
Adaptive Butterfly Optimization Algorithm(ABOA)Based Feature Selection and Deep Neural Network(DNN)for Detection of Distributed Denial-of-Service(DDoS)Attacks in Cloud
5
作者 S.Sureshkumar G.K.D.Prasanna Venkatesan R.Santhosh 《Computer Systems Science & Engineering》 SCIE EI 2023年第10期1109-1123,共15页
Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualiz... Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches. 展开更多
关键词 Cloud computing distributed denial of service intrusion detection system adaptive butterfly optimization algorithm deep neural network
下载PDF
Iterative Dichotomiser Posteriori Method Based Service Attack Detection in Cloud Computing
6
作者 B.Dhiyanesh K.Karthick +1 位作者 R.Radha Anita Venaik 《Computer Systems Science & Engineering》 SCIE EI 2023年第2期1099-1107,共9页
Cloud computing(CC)is an advanced technology that provides access to predictive resources and data sharing.The cloud environment represents the right type regarding cloud usage model ownership,size,and rights to acces... Cloud computing(CC)is an advanced technology that provides access to predictive resources and data sharing.The cloud environment represents the right type regarding cloud usage model ownership,size,and rights to access.It introduces the scope and nature of cloud computing.In recent times,all processes are fed into the system for which consumer data and cache size are required.One of the most security issues in the cloud environment is Distributed Denial of Ser-vice(DDoS)attacks,responsible for cloud server overloading.This proposed sys-tem ID3(Iterative Dichotomiser 3)Maximum Multifactor Dimensionality Posteriori Method(ID3-MMDP)is used to overcome the drawback and a rela-tively simple way to execute and for the detection of(DDoS)attack.First,the pro-posed ID3-MMDP method calls for the resources of the cloud platform and then implements the attack detection technology based on information entropy to detect DDoS attacks.Since because the entropy value can show the discrete or aggregated characteristics of the current data set,it can be used for the detection of abnormal dataflow,User-uploaded data,ID3-MMDP system checks and read risk measurement and processing,bug ratingfile size changes,orfile name changes and changes in the format design of the data size entropy value.Unique properties can be used whenever the program approaches any data error to detect abnormal data services.Finally,the experiment also verifies the DDoS attack detection capability algorithm. 展开更多
关键词 ID3(Iterative dichotomiser 3)maximum multifactor dimensionality posterior method(ID3-MMDP) distributed denial of service(DDoS)attacks detection of abnormal dataflow SK measurement and processing bug ratingfile size
下载PDF
The History, Trend, Types, and Mitigation of Distributed Denial of Service Attacks
7
作者 Richard Kabanda Bertrand Byera +1 位作者 Henrietta Emeka Khaja Taiyab Mohiuddin 《Journal of Information Security》 2023年第4期464-471,共8页
Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global infor... Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat. 展开更多
关键词 DDoS (Distributed Denial of service Attacks) and DoS (Denial of service Attacks) DAC (DDoS Attack Coefficient) Flood SIEM (Security Information and Event Management) CISA (Cybersecurity and Infrastructure Security Agency) NIST (National Institute of Standards and Technology) XDR (Extended Detection and Response) ACK-SYN (Synchronize Acknowledge Packet) ICMP (Internet Control Message Protocol) Cyberwarfare
下载PDF
Adaptive Cloud Intrusion Detection System Based on Pruned Exact Linear Time Technique
8
作者 Widad Elbakri Maheyzah Md.Siraj +2 位作者 Bander Ali Saleh Al-rimy Sultan Noman Qasem Tawfik Al-Hadhrami 《Computers, Materials & Continua》 SCIE EI 2024年第6期3725-3756,共32页
Cloud computing environments,characterized by dynamic scaling,distributed architectures,and complex work-loads,are increasingly targeted by malicious actors.These threats encompass unauthorized access,data breaches,de... Cloud computing environments,characterized by dynamic scaling,distributed architectures,and complex work-loads,are increasingly targeted by malicious actors.These threats encompass unauthorized access,data breaches,denial-of-service attacks,and evolving malware variants.Traditional security solutions often struggle with the dynamic nature of cloud environments,highlighting the need for robust Adaptive Cloud Intrusion Detection Systems(CIDS).Existing adaptive CIDS solutions,while offering improved detection capabilities,often face limitations such as reliance on approximations for change point detection,hindering their precision in identifying anomalies.This can lead to missed attacks or an abundance of false alarms,impacting overall security effectiveness.To address these challenges,we propose ACIDS(Adaptive Cloud Intrusion Detection System)-PELT.This novel Adaptive CIDS framework leverages the Pruned Exact Linear Time(PELT)algorithm and a Support Vector Machine(SVM)for enhanced accuracy and efficiency.ACIDS-PELT comprises four key components:(1)Feature Selection:Utilizing a hybrid harmony search algorithm and the symmetrical uncertainty filter(HSO-SU)to identify the most relevant features that effectively differentiate between normal and anomalous network traffic in the cloud environment.(2)Surveillance:Employing the PELT algorithm to detect change points within the network traffic data,enabling the identification of anomalies and potential security threats with improved precision compared to existing approaches.(3)Training Set:Labeled network traffic data forms the training set used to train the SVM classifier to distinguish between normal and anomalous behaviour patterns.(4)Testing Set:The testing set evaluates ACIDS-PELT’s performance by measuring its accuracy,precision,and recall in detecting security threats within the cloud environment.We evaluate the performance of ACIDS-PELT using the NSL-KDD benchmark dataset.The results demonstrate that ACIDS-PELT outperforms existing cloud intrusion detection techniques in terms of accuracy,precision,and recall.This superiority stems from ACIDS-PELT’s ability to overcome limitations associated with approximation and imprecision in change point detection while offering a more accurate and precise approach to detecting security threats in dynamic cloud environments. 展开更多
关键词 Adaptive cloud IDS harmony search distributed denial of service(DDoS) PELT machine learning SVM ISOTCID NSL-KDD
下载PDF
Threshold-Based Software-Defined Networking(SDN)Solution for Healthcare Systems against Intrusion Attacks
9
作者 Laila M.Halman Mohammed J.F.Alenazi 《Computer Modeling in Engineering & Sciences》 SCIE EI 2024年第2期1469-1483,共15页
The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are ... The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic. 展开更多
关键词 Network resilience network management attack prediction software defined networking(SDN) distributed denial of service(DDoS) healthcare
下载PDF
Cyberattack Ramifications, The Hidden Cost of a Security Breach
10
作者 Meysam Tahmasebi 《Journal of Information Security》 2024年第2期87-105,共19页
In this in-depth exploration, I delve into the complex implications and costs of cybersecurity breaches. Venturing beyond just the immediate repercussions, the research unearths both the overt and concealed long-term ... In this in-depth exploration, I delve into the complex implications and costs of cybersecurity breaches. Venturing beyond just the immediate repercussions, the research unearths both the overt and concealed long-term consequences that businesses encounter. This study integrates findings from various research, including quantitative reports, drawing upon real-world incidents faced by both small and large enterprises. This investigation emphasizes the profound intangible costs, such as trade name devaluation and potential damage to brand reputation, which can persist long after the breach. By collating insights from industry experts and a myriad of research, the study provides a comprehensive perspective on the profound, multi-dimensional impacts of cybersecurity incidents. The overarching aim is to underscore the often-underestimated scope and depth of these breaches, emphasizing the entire timeline post-incident and the urgent need for fortified preventative and reactive measures in the digital domain. 展开更多
关键词 Artificial Intelligence (AI) Business Continuity Case Studies Copyright Cost-Benefit Analysis Credit Rating Cyberwarfare Cybersecurity Breaches Data Breaches Denial Of service (DOS) Devaluation Of Trade Name Disaster Recovery Distributed Denial of service (DDOS) Identity Theft Increased Cost to Raise Debt Insurance Premium Intellectual Property Operational Disruption Patent Post-Breach Customer Protection Recovery Point Objective (RPO) Recovery Time Objective (RTO) Regulatory Compliance Risk Assessment service Level Agreement Stuxnet Trade Secret
下载PDF
Formalized Description of Distributed Denial of Service Attack 被引量:1
11
作者 杜彦辉 马锐 刘玉树 《Journal of Beijing Institute of Technology》 EI CAS 2004年第4期360-364,共5页
The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and... The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.( 展开更多
关键词 distributed) denial of service(DDoS) attack formalized description framework knowledge (expression)
下载PDF
The Double Edge Sword Based Distributed Executor Service
12
作者 Faisal Bahadur Arif Iqbal Umar +2 位作者 Insaf Ullah Fahad Algarni Muhammad Asghar Khan 《Computer Systems Science & Engineering》 SCIE EI 2022年第8期589-604,共16页
Scalability is one of the most important quality attribute of softwareintensive systems,because it maintains an effective performance parallel to the large fluctuating and sometimes unpredictable workload.In order to ... Scalability is one of the most important quality attribute of softwareintensive systems,because it maintains an effective performance parallel to the large fluctuating and sometimes unpredictable workload.In order to achieve scalability,thread pool system(TPS)(which is also known as executor service)has been used extensively as a middleware service in software-intensive systems.TPS optimization is a challenging problem that determines the optimal size of thread pool dynamically on runtime.In case of distributed-TPS(DTPS),another issue is the load balancing b/w available set of TPSs running at backend servers.Existing DTPSs are overloaded either due to an inappropriate TPS optimization strategy at backend servers or improper load balancing scheme that cannot quickly recover an overload.Consequently,the performance of software-intensive system is suffered.Thus,in this paper,we propose a new DTPS that follows the collaborative round robin load balancing that has the effect of a double-edge sword.On the one hand,it effectively performs the load balancing(in case of overload situation)among available TPSs by a fast overload recovery procedure that decelerates the load on the overloaded TPSs up to their capacities and shifts the remaining load towards other gracefully running TPSs.And on the other hand,its robust load deceleration technique which is applied to an overloaded TPS sets an appropriate upper bound of thread pool size,because the pool size in each TPS is kept equal to the request rate on it,hence dynamically optimizes TPS.We evaluated the results of the proposed system against state of the art DTPSs by a clientserver based simulator and found that our system outperformed by sustaining smaller response times. 展开更多
关键词 Software-intensive systems distributed executor service load balancing overload monitoring MULTI-THREADING thread pool performance
下载PDF
Establishment and implementation of a spoke-like service network for collecting and distributing blood
13
《中国输血杂志》 CAS CSCD 2001年第S1期356-,共1页
关键词 Establishment and implementation of a spoke-like service network for collecting and distributing blood
下载PDF
A Novel Framework for DDoS Attacks Detection Using Hybrid LSTM Techniques 被引量:2
14
作者 Anitha Thangasamy Bose Sundan Logeswari Govindaraj 《Computer Systems Science & Engineering》 SCIE EI 2023年第6期2553-2567,共15页
The recent development of cloud computing offers various services on demand for organization and individual users,such as storage,shared computing space,networking,etc.Although Cloud Computing provides various advanta... The recent development of cloud computing offers various services on demand for organization and individual users,such as storage,shared computing space,networking,etc.Although Cloud Computing provides various advantages for users,it remains vulnerable to many types of attacks that attract cyber criminals.Distributed Denial of Service(DDoS)is the most common type of attack on cloud computing.Consequently,Cloud computing professionals and security experts have focused on the growth of preventive processes towards DDoS attacks.Since DDoS attacks have become increasingly widespread,it becomes difficult for some DDoS attack methods based on individual network flow features to distinguish various types of DDoS attacks.Further,the monitoring pattern of traffic changes and accurate detection of DDoS attacks are most important and urgent.In this research work,DDoS attack detection methods based on deep belief network feature extraction and Hybrid Long Short-Term Memory(LSTM)model have been proposed with NSL-KDD dataset.In Hybrid LSTM method,the Particle Swarm Optimization(PSO)technique,which is combined to optimize the weights of the LSTM neural network,reduces the prediction error.This deep belief network method is used to extract the features of IP packets,and it identifies DDoS attacks based on PSO-LSTM model.Moreover,it accurately predicts normal network traffic and detects anomalies resulting from DDoS attacks.The proposed PSO-LSTM architecture outperforms the classification techniques including standard Support Vector Machine(SVM)and LSTM in terms of attack detection performance along with the results of the measurement of accuracy,recall,f-measure,precision. 展开更多
关键词 Cloud computing distributed denial of service particle swarm optimization long short-term memory attack detection
下载PDF
Game-theoretical Model for Dynamic Defense Resource Allocation in Cyber-physical Power Systems Under Distributed Denial of Service Attacks 被引量:1
15
作者 Bingjing Yan Pengchao Yao +2 位作者 Tao Yang Boyang Zhou Qiang Yang 《Journal of Modern Power Systems and Clean Energy》 SCIE EI CSCD 2024年第1期41-51,共11页
Electric power grids are evolving into complex cyber-physical power systems(CPPSs)that integrate advanced information and communication technologies(ICTs)but face increasing cyberspace threats and attacks.This study c... Electric power grids are evolving into complex cyber-physical power systems(CPPSs)that integrate advanced information and communication technologies(ICTs)but face increasing cyberspace threats and attacks.This study considers CPPS cyberspace security under distributed denial of service(DDoS)attacks and proposes a nonzero-sum game-theoretical model with incomplete information for appropriate allocation of defense resources based on the availability of limited resources.Task time delay is applied to quantify the expected utility as CPPSs have high time requirements and incur massive damage DDoS attacks.Different resource allocation strategies are adopted by attackers and defenders under the three cases of attack-free,failed attack,and successful attack,which lead to a corresponding consumption of resources.A multidimensional node value analysis is designed to introduce physical and cybersecurity indices.Simulation experiments and numerical results demonstrate the effectiveness of the proposed model for the appropriate allocation of defense resources in CPPSs under limited resource availability. 展开更多
关键词 Game theory complex cyber-physical power system(CPPS) multidimensional evaluation distributed denial of service(DDoS)attack
原文传递
Smart Contract Based DDoS Attack Traceability Audit Mechanism in Intelligent IoT
16
作者 Zhuohao Wang Weiting Zhang +3 位作者 Runhu Wang Ying Liu Chenyang Xu Chengxiao Yu 《China Communications》 SCIE CSCD 2023年第8期54-64,共11页
In this paper,we focus on providing data provenance auditing schemes for distributed denial of service(DDoS)defense in intelligent internet of things(IoT).To achieve effective DDoS defense,we introduce a two-layer col... In this paper,we focus on providing data provenance auditing schemes for distributed denial of service(DDoS)defense in intelligent internet of things(IoT).To achieve effective DDoS defense,we introduce a two-layer collaborative blockchain framework to support data auditing.Specifically,using data scattered among intelligent IoT devices,switch gateways self-assemble a layer of blockchain in the local autonomous system(AS),and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle,to obtain a global security model.To optimize the processing delay of the security model,we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements.Since the flood of identity spoofing packets,it is difficult to solve the identity consistency of data with traditional detection methods,and accountability cannot be pursued afterwards.Thus,we proposed a Packet Traceback Telemetry(PTT)scheme,based on in-band telemetry,to solve the problem.Specifically,the PTT scheme is executed on the distributed switch side,the controller to schedule and select routing policies.Moreover,a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources.Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path,reduce the resource consumption compared with existing tracing scheme.Data tracing audit method has fine-grained detection and feasible performance. 展开更多
关键词 smart contract Internet of Things distributed denial of service TELEMETRY AUDIT
下载PDF
DDoS Attack Detection in Cloud Computing Based on Ensemble Feature Selection and Deep Learning
17
作者 Yousef Sanjalawe Turke Althobaiti 《Computers, Materials & Continua》 SCIE EI 2023年第5期3571-3588,共18页
Intrusion Detection System(IDS)in the cloud Computing(CC)environment has received paramount interest over the last few years.Among the latest approaches,Deep Learning(DL)-based IDS methods allow the discovery of attac... Intrusion Detection System(IDS)in the cloud Computing(CC)environment has received paramount interest over the last few years.Among the latest approaches,Deep Learning(DL)-based IDS methods allow the discovery of attacks with the highest performance.In the CC environment,Distributed Denial of Service(DDoS)attacks are widespread.The cloud services will be rendered unavailable to legitimate end-users as a consequence of the overwhelming network traffic,resulting in financial losses.Although various researchers have proposed many detection techniques,there are possible obstacles in terms of detection performance due to the use of insignificant traffic features.Therefore,in this paper,a hybrid deep learning mode based on hybridizing Convolutional Neural Network(CNN)with Long-Short-Term Memory(LSTM)is used due to its robustness and efficiency in detecting normal and attack traffic.Besides,the ensemble feature selection,mutualization aggregation between Particle Swarm Optimizer(PSO),Grey Wolf Optimizer(PSO),Krill Hird(KH),andWhale Optimization Algorithm(WOA),is used to select the most important features that would influence the detection performance in detecting DDoS attack in CC.A benchmark dataset proposed by the Canadian Institute of Cybersecurity(CIC),called CICIDS 2017 is used to evaluate the proposed IDS.The results revealed that the proposed IDS outperforms the state-of-the-art IDSs,as it achieved 97.9%,98.3%,97.9%,98.1%,respectively.As a result,the proposed IDS achieves the requirements of getting high security,automatic,efficient,and self-decision detection of DDoS attacks. 展开更多
关键词 CIC IDS 2017 cloud computing distributed denial of service ensemble feature selection intrusion detection system
下载PDF
Toward Secure Software-Defined Networks Using Machine Learning: A Review, Research Challenges, and Future Directions
18
作者 Muhammad Waqas Nadeem Hock Guan Goh +1 位作者 Yichiet Aun Vasaki Ponnusamy 《Computer Systems Science & Engineering》 SCIE EI 2023年第11期2201-2217,共17页
Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively ... Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively manage,optimize,and maintain these systems.Due to their distributed nature,machine learning models are challenging to deploy in traditional networks.However,Software-Defined Networking(SDN)presents an opportunity to integrate intelligence into networks by offering a programmable architecture that separates data and control planes.SDN provides a centralized network view and allows for dynamic updates of flow rules and softwarebased traffic analysis.While the programmable nature of SDN makes it easier to deploy machine learning techniques,the centralized control logic also makes it vulnerable to cyberattacks.To address these issues,recent research has focused on developing powerful machine-learning methods for detecting and mitigating attacks in SDN environments.This paper highlighted the countermeasures for cyberattacks on SDN and how current machine learningbased solutions can overcome these emerging issues.We also discuss the pros and cons of using machine learning algorithms for detecting and mitigating these attacks.Finally,we highlighted research issues,gaps,and challenges in developing machine learning-based solutions to secure the SDN controller,to help the research and network community to develop more robust and reliable solutions. 展开更多
关键词 Botnet attack deep learning distributed denial of service machine learning network security software-defined network
下载PDF
Detecting and Mitigating DDOS Attacks in SDNs Using Deep Neural Network
19
作者 Gul Nawaz Muhammad Junaid +5 位作者 Adnan Akhunzada Abdullah Gani Shamyla Nawazish Asim Yaqub Adeel Ahmed Huma Ajab 《Computers, Materials & Continua》 SCIE EI 2023年第11期2157-2178,共22页
Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks... Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems. 展开更多
关键词 Distributed denial of service(DDoS)attacks software-defined networking(SDN) classification deep neural network(DNN)
下载PDF
Unweighted Voting Method to Detect Sinkhole Attack in RPL-Based Internet of Things Networks
20
作者 Shadi Al-Sarawi Mohammed Anbar +2 位作者 Basim Ahmad Alabsi Mohammad Adnan Aladaileh Shaza Dawood Ahmed Rihan 《Computers, Materials & Continua》 SCIE EI 2023年第10期491-515,共25页
The Internet of Things(IoT)consists of interconnected smart devices communicating and collecting data.The Routing Protocol for Low-Power and Lossy Networks(RPL)is the standard protocol for Internet Protocol Version 6(... The Internet of Things(IoT)consists of interconnected smart devices communicating and collecting data.The Routing Protocol for Low-Power and Lossy Networks(RPL)is the standard protocol for Internet Protocol Version 6(IPv6)in the IoT.However,RPL is vulnerable to various attacks,including the sinkhole attack,which disrupts the network by manipulating routing information.This paper proposes the Unweighted Voting Method(UVM)for sinkhole node identification,utilizing three key behavioral indicators:DODAG Information Object(DIO)Transaction Frequency,Rank Harmony,and Power Consumption.These indicators have been carefully selected based on their contribution to sinkhole attack detection and other relevant features used in previous research.The UVM method employs an unweighted voting mechanism,where each voter or rule holds equal weight in detecting the presence of a sinkhole attack based on the proposed indicators.The effectiveness of the UVM method is evaluated using the COOJA simulator and compared with existing approaches.Notably,the proposed approach fulfills power consumption requirements for constrained nodes without increasing consumption due to the deployment design.In terms of detection accuracy,simulation results demonstrate a high detection rate ranging from 90%to 100%,with a low false-positive rate of 0%to 0.2%.Consequently,the proposed approach surpasses Ensemble Learning Intrusion Detection Systems by leveraging three indicators and three supporting rules. 展开更多
关键词 Internet of Things IPv6 over low power wireless personal area networks Routing Protocol for Low-Power and Lossy Networks Internet Protocol Version 6 distributed denial of service wireless sensor networks
下载PDF
上一页 1 2 3 下一页 到第
使用帮助 返回顶部