The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communicati...The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.展开更多
Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualiz...Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches.展开更多
The Internet service provider(ISP)is the heart of any country’s Internet infrastructure and plays an important role in connecting to theWorld WideWeb.Internet exchange point(IXP)allows the interconnection of two or m...The Internet service provider(ISP)is the heart of any country’s Internet infrastructure and plays an important role in connecting to theWorld WideWeb.Internet exchange point(IXP)allows the interconnection of two or more separate network infrastructures.All Internet traffic entering a country should pass through its IXP.Thus,it is an ideal location for performing malicious traffic analysis.Distributed denial of service(DDoS)attacks are becoming a more serious daily threat.Malicious actors in DDoS attacks control numerous infected machines known as botnets.Botnets are used to send numerous fake requests to overwhelm the resources of victims and make them unavailable for some periods.To date,such attacks present a major devastating security threat on the Internet.This paper proposes an effective and efficient machine learning(ML)-based DDoS detection approach for the early warning and protection of the Saudi Arabia Internet exchange point(SAIXP)platform.The effectiveness and efficiency of the proposed approach are verified by selecting an accurate ML method with a small number of input features.A chi-square method is used for feature selection because it is easier to compute than other methods,and it does not require any assumption about feature distribution values.Several ML methods are assessed using holdout and 10-fold tests on a public large-size dataset.The experiments showed that the performance of the decision tree(DT)classifier achieved a high accuracy result(99.98%)with a small number of features(10 features).The experimental results confirmthe applicability of using DT and chi-square for DDoS detection and early warning in SAIXP.展开更多
Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global infor...Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.展开更多
The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and...The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(展开更多
本文提出一种面向不平衡数据的DDoS攻击检测模型,提升对DDoS洪泛攻击的检测效果。以OpenStack为核心技术设计网络靶场,并使用Ceph分布式存储替换OpenStack原生存储系统,提出一种OpenStack与Ceph的超融合网络靶场方案,可以实现对计算、...本文提出一种面向不平衡数据的DDoS攻击检测模型,提升对DDoS洪泛攻击的检测效果。以OpenStack为核心技术设计网络靶场,并使用Ceph分布式存储替换OpenStack原生存储系统,提出一种OpenStack与Ceph的超融合网络靶场方案,可以实现对计算、存储、网络资源的统一管理。首先,针对Ceph集群在存储时的数据分布不均情况对平台存储性能的影响,提出一种基于好感度的数据存储优化算法,利用好感度因子约束数据的存储位置,有效提高集群中所有OSD节点存储数据的均衡性。同时,设计了一种基于软件定义网络(Software Defined Network,SDN)的DDoS洪泛攻击检测与缓解方法,有效降低了对物理设备性能的要求,最后结合Ryu控制器的可编程性,实现DDoS洪泛攻击缓解方法。展开更多
针对现有的DDoS(distributed denial of service)攻击检测模型面临大量数据时,呈现出检测效率低的问题。为适应当前网络环境,通过研究DDoS攻击检测模型、提取流量特征、计算攻击密度,提出一种基于融合稀疏注意力机制的DDoS攻击检测模型G...针对现有的DDoS(distributed denial of service)攻击检测模型面临大量数据时,呈现出检测效率低的问题。为适应当前网络环境,通过研究DDoS攻击检测模型、提取流量特征、计算攻击密度,提出一种基于融合稀疏注意力机制的DDoS攻击检测模型GVBNet(global variable block net),使用攻击密度自适应计算稀疏注意力。利用信息熵以及信息增益分析提取攻击流量的连续字节作为特征向量,通过构建基于GVBNet的网络模型在两种数据集上进行训练。实验结果表明,该方法具有良好的识别效果、检测速度以及抗干扰能力,在不同的环境下具有应用价值。展开更多
Electric power grids are evolving into complex cyber-physical power systems(CPPSs)that integrate advanced information and communication technologies(ICTs)but face increasing cyberspace threats and attacks.This study c...Electric power grids are evolving into complex cyber-physical power systems(CPPSs)that integrate advanced information and communication technologies(ICTs)but face increasing cyberspace threats and attacks.This study considers CPPS cyberspace security under distributed denial of service(DDoS)attacks and proposes a nonzero-sum game-theoretical model with incomplete information for appropriate allocation of defense resources based on the availability of limited resources.Task time delay is applied to quantify the expected utility as CPPSs have high time requirements and incur massive damage DDoS attacks.Different resource allocation strategies are adopted by attackers and defenders under the three cases of attack-free,failed attack,and successful attack,which lead to a corresponding consumption of resources.A multidimensional node value analysis is designed to introduce physical and cybersecurity indices.Simulation experiments and numerical results demonstrate the effectiveness of the proposed model for the appropriate allocation of defense resources in CPPSs under limited resource availability.展开更多
为提高分布式拒绝服务(Distributed Denial of Service,DDoS)攻击检出率,设计基于机器学习的无线网络DDoS攻击检测方法。首先,结合攻击时间序列构建无线网络DDoS攻击检测模型,利用深度学习设计无线网络DDoS攻击检测机制;其次,通过异常...为提高分布式拒绝服务(Distributed Denial of Service,DDoS)攻击检出率,设计基于机器学习的无线网络DDoS攻击检测方法。首先,结合攻击时间序列构建无线网络DDoS攻击检测模型,利用深度学习设计无线网络DDoS攻击检测机制;其次,通过异常流量判断,对照相应的流表特征信息完成分类检测;最后,进行实验分析。实验结果表明,该方法的DDoS攻击检出率较低,优于对照组。展开更多
软件定义网络(software defined network,SDN)作为一种新型网络架构,其转控分离及集中控制的架构思想为网络带来了显著的灵活性,同时为感知全局网络状态提供了便利。分布式拒绝服务攻击(distributed denial of service,DDoS)是一种典型...软件定义网络(software defined network,SDN)作为一种新型网络架构,其转控分离及集中控制的架构思想为网络带来了显著的灵活性,同时为感知全局网络状态提供了便利。分布式拒绝服务攻击(distributed denial of service,DDoS)是一种典型的网络攻击方式。针对SDN网络中进行DDoS攻击检测的问题,提出了一种基于条件熵和决策树的DDoS攻击检测方法,利用条件熵判断当前网络状态,通过分析SDN中DDoS攻击特点,提取用于流量检测的6项重要特征,使用C4.5决策树算法进行网络流量分类,实现对SDN中的DDoS攻击的检测。实验表明,相比于其它研究方法,文中提出的方法不仅具有较高检测精确率和召回率,而且明显缩短了检测时间。展开更多
文摘The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.
文摘Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches.
文摘The Internet service provider(ISP)is the heart of any country’s Internet infrastructure and plays an important role in connecting to theWorld WideWeb.Internet exchange point(IXP)allows the interconnection of two or more separate network infrastructures.All Internet traffic entering a country should pass through its IXP.Thus,it is an ideal location for performing malicious traffic analysis.Distributed denial of service(DDoS)attacks are becoming a more serious daily threat.Malicious actors in DDoS attacks control numerous infected machines known as botnets.Botnets are used to send numerous fake requests to overwhelm the resources of victims and make them unavailable for some periods.To date,such attacks present a major devastating security threat on the Internet.This paper proposes an effective and efficient machine learning(ML)-based DDoS detection approach for the early warning and protection of the Saudi Arabia Internet exchange point(SAIXP)platform.The effectiveness and efficiency of the proposed approach are verified by selecting an accurate ML method with a small number of input features.A chi-square method is used for feature selection because it is easier to compute than other methods,and it does not require any assumption about feature distribution values.Several ML methods are assessed using holdout and 10-fold tests on a public large-size dataset.The experiments showed that the performance of the decision tree(DT)classifier achieved a high accuracy result(99.98%)with a small number of features(10 features).The experimental results confirmthe applicability of using DT and chi-square for DDoS detection and early warning in SAIXP.
文摘Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.
文摘The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(
文摘本文提出一种面向不平衡数据的DDoS攻击检测模型,提升对DDoS洪泛攻击的检测效果。以OpenStack为核心技术设计网络靶场,并使用Ceph分布式存储替换OpenStack原生存储系统,提出一种OpenStack与Ceph的超融合网络靶场方案,可以实现对计算、存储、网络资源的统一管理。首先,针对Ceph集群在存储时的数据分布不均情况对平台存储性能的影响,提出一种基于好感度的数据存储优化算法,利用好感度因子约束数据的存储位置,有效提高集群中所有OSD节点存储数据的均衡性。同时,设计了一种基于软件定义网络(Software Defined Network,SDN)的DDoS洪泛攻击检测与缓解方法,有效降低了对物理设备性能的要求,最后结合Ryu控制器的可编程性,实现DDoS洪泛攻击缓解方法。
基金supported by the“Pioneer”and“Leading Goose”R&D Program of Zhejiang(No.2022C01239)National Natural Science Foundation of China(No.52177119)Fundamental Research Funds for the Central Universities(Zhejiang University NGICS Platform).
文摘Electric power grids are evolving into complex cyber-physical power systems(CPPSs)that integrate advanced information and communication technologies(ICTs)but face increasing cyberspace threats and attacks.This study considers CPPS cyberspace security under distributed denial of service(DDoS)attacks and proposes a nonzero-sum game-theoretical model with incomplete information for appropriate allocation of defense resources based on the availability of limited resources.Task time delay is applied to quantify the expected utility as CPPSs have high time requirements and incur massive damage DDoS attacks.Different resource allocation strategies are adopted by attackers and defenders under the three cases of attack-free,failed attack,and successful attack,which lead to a corresponding consumption of resources.A multidimensional node value analysis is designed to introduce physical and cybersecurity indices.Simulation experiments and numerical results demonstrate the effectiveness of the proposed model for the appropriate allocation of defense resources in CPPSs under limited resource availability.
文摘为提高分布式拒绝服务(Distributed Denial of Service,DDoS)攻击检出率,设计基于机器学习的无线网络DDoS攻击检测方法。首先,结合攻击时间序列构建无线网络DDoS攻击检测模型,利用深度学习设计无线网络DDoS攻击检测机制;其次,通过异常流量判断,对照相应的流表特征信息完成分类检测;最后,进行实验分析。实验结果表明,该方法的DDoS攻击检出率较低,优于对照组。
文摘软件定义网络(software defined network,SDN)作为一种新型网络架构,其转控分离及集中控制的架构思想为网络带来了显著的灵活性,同时为感知全局网络状态提供了便利。分布式拒绝服务攻击(distributed denial of service,DDoS)是一种典型的网络攻击方式。针对SDN网络中进行DDoS攻击检测的问题,提出了一种基于条件熵和决策树的DDoS攻击检测方法,利用条件熵判断当前网络状态,通过分析SDN中DDoS攻击特点,提取用于流量检测的6项重要特征,使用C4.5决策树算法进行网络流量分类,实现对SDN中的DDoS攻击的检测。实验表明,相比于其它研究方法,文中提出的方法不仅具有较高检测精确率和召回率,而且明显缩短了检测时间。
