The History, Trend, Types, and Mitigation of Distributed Denial of Service Attacks

Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.

Optimization of Stealthwatch Network Security System for the Detection and Mitigation of Distributed Denial of Service (DDoS) Attack: Application to Smart Grid System

The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.

Detecting and Mitigating DDOS Attacks in SDNs Using Deep Neural Network

Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.

Game-theoretical Model for Dynamic Defense Resource Allocation in Cyber-physical Power Systems Under Distributed Denial of Service Attacks

Electric power grids are evolving into complex cyber-physical power systems(CPPSs)that integrate advanced information and communication technologies(ICTs)but face increasing cyberspace threats and attacks.This study considers CPPS cyberspace security under distributed denial of service(DDoS)attacks and proposes a nonzero-sum game-theoretical model with incomplete information for appropriate allocation of defense resources based on the availability of limited resources.Task time delay is applied to quantify the expected utility as CPPSs have high time requirements and incur massive damage DDoS attacks.Different resource allocation strategies are adopted by attackers and defenders under the three cases of attack-free,failed attack,and successful attack,which lead to a corresponding consumption of resources.A multidimensional node value analysis is designed to introduce physical and cybersecurity indices.Simulation experiments and numerical results demonstrate the effectiveness of the proposed model for the appropriate allocation of defense resources in CPPSs under limited resource availability.

A Novel Distributed LDoS Attack Scheme against Internet Routing

LDoS （Low-rate Denial of Service） attack, exploiting the flaws in the congestion avoidance mechanism of TCP protocol,is periodic, stealthy, and with high efficiency. Since BGP uses TCP as a transport protocol, it is subject to LDoS attacks as well. LDoS attacks can cause table reset, route flapping of BGP protocol. A deliberately constructed distributed low-rate DOS attacks can even generate surge of updates throughout the Internet. In this paper, we investigate the promotion of attack efficiency of this novel attack, and then propose an attack model to simulate the LDoS attack. Experiments prove that this attack model can exponentially lower the attack costs and improve the attack effect.

Formalized Description of Distributed Denial of Service Attack

The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(

Iterative Dichotomiser Posteriori Method Based Service Attack Detection in Cloud Computing

Cloud computing(CC)is an advanced technology that provides access to predictive resources and data sharing.The cloud environment represents the right type regarding cloud usage model ownership,size,and rights to access.It introduces the scope and nature of cloud computing.In recent times,all processes are fed into the system for which consumer data and cache size are required.One of the most security issues in the cloud environment is Distributed Denial of Ser-vice(DDoS)attacks,responsible for cloud server overloading.This proposed sys-tem ID3(Iterative Dichotomiser 3)Maximum Multifactor Dimensionality Posteriori Method(ID3-MMDP)is used to overcome the drawback and a rela-tively simple way to execute and for the detection of(DDoS)attack.First,the pro-posed ID3-MMDP method calls for the resources of the cloud platform and then implements the attack detection technology based on information entropy to detect DDoS attacks.Since because the entropy value can show the discrete or aggregated characteristics of the current data set,it can be used for the detection of abnormal dataflow,User-uploaded data,ID3-MMDP system checks and read risk measurement and processing,bug ratingfile size changes,orfile name changes and changes in the format design of the data size entropy value.Unique properties can be used whenever the program approaches any data error to detect abnormal data services.Finally,the experiment also verifies the DDoS attack detection capability algorithm.

R-IDPS: Real Time SDN-Based IDPS System for IoT Security

The advent of the latest technologies like the Internet of things(IoT)transforms the world from a manual to an automated way of lifestyle.Meanwhile,IoT sector open numerous security challenges.In traditional networks,intrusion detection and prevention systems(IDPS)have been the key player in the market to ensure security.The challenges to the conventional IDPS are implementation cost,computing power,processing delay,and scalability.Further,online machine learning model training has been an issue.All these challenges still question the IoT network security.There has been a lot of research for IoT based detection systems to secure the IoT devices such as centralized and distributed architecture-based detection systems.The centralized system has issues like a single point of failure and load balancing while distributed system design has scalability and heterogeneity hassles.In this study,we design and develop an agent-based hybrid prevention system based on software-defined networking(SDN)technology.The system uses lite weight agents with the ability to scaleup for bigger networks and is feasible for heterogeneous IoT devices.The baseline profile for the IoT devices has been developed by analyzing network flows from all the IoT devices.This profile helps in extracting IoT device features.These features help in the development of our dataset that we use for anomaly detection.For anomaly detection,support vector machine has been used to detect internet control message protocol(ICMP)flood and transmission control protocol synchronize(TCP SYN)flood attacks.The proposed system based on machine learning model is fully capable of online and offline training.Other than detection accuracy,the system can fully mitigate the attacks using the software-defined technology SDN technology.The major goal of the research is to analyze the accuracy of the hybrid agent-based intrusion detection systems as compared to conventional centralized only solutions,especially under the flood attack conditions generated by the distributed denial of service(DDoS)attacks.The system shows 97%to 99%accuracy in simulated results with no false-positive alarm.Also,the system shows notable improvement in terms of resource utilization and performance under attack scenarios. The R-IDPS is scalable, and thesystem is suitable for heterogeneous IoT devices and networks.

HDLIDP: A Hybrid Deep Learning Intrusion Detection and Prevention Framework

Distributed denial-of-service(DDoS)attacks are designed to interrupt network services such as email servers and webpages in traditional computer networks.Furthermore,the enormous number of connected devices makes it difficult to operate such a network effectively.Software defined networks(SDN)are networks that are managed through a centralized control system,according to researchers.This controller is the brain of any SDN,composing the forwarding table of all data plane network switches.Despite the advantages of SDN controllers,DDoS attacks are easier to perpetrate than on traditional networks.Because the controller is a single point of failure,if it fails,the entire network will fail.This paper offers a Hybrid Deep Learning Intrusion Detection and Prevention(HDLIDP)framework,which blends signature-based and deep learning neural networks to detect and prevent intrusions.This framework improves detection accuracy while addressing all of the aforementioned problems.To validate the framework,experiments are done on both traditional and SDN datasets;the findings demonstrate a significant improvement in classification accuracy.

Round-robin differential quadrature phase-shift quantum key distribution

Recently,a round-robin differential phase-shift（RRDPS） protocol was proposed[Nature 509,475（2014）],in which the amount of leakage is bounded without monitoring the signal disturbance.Introducing states of the phase-encoded Bennett-Brassard 1984 protocol（PE-BB84） to the RRDPS,this paper presents another quantum key distribution protocol called round-robin differential quadrature phase-shift（RRDQPS） quantum key distribution.Regarding a train of many pulses as a single packet,the sender modulates the phase of each pulse by one of {0,π/2,π,3π/2},then the receiver measures each packet with a Mach-Zehnder interferometer having a phase basis of 0 or π/2.The RRDQPS protocol can be implemented with essential similar hardware to the PE-BB84,so it has great compatibility with the current quantum system.Here we analyze the security of the RRDQPS protocol against the intercept-resend attack and the beam-splitting attack.Results show that the proposed protocol inherits the advantages arising from the simplicity of the RRDPS protocol and is more robust against these attacks than the original protocol.

Cooperative Guidance Law Design for Simultaneous Attack with Multiple Missiles Against a Maneuvering Target

This paper considers the simultaneous attack problem of multiple missiles against a maneuvering target. Different from most of the existing literature in which the simultaneous attack problem is formulated as a consensus problem of missiles＇ time-to-go estimates, this paper formulates it as the consensus problem of missiles＇ ranges-to-go. Based on this strategy, novel distributed guidance laws are proposed to solve the simultaneous attack problem with the target of unknown maneuverability.Adaptive control method is introduced to estimate the upper bound of the target＇s acceleration. The effectiveness of the proposed guidance laws is verified both theoretically and numerically.

TIFAflow: Enhancing Traffic Archiving System with Flow Granularity for Forensic Analysis in Network Security

The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves storage and analysis of network flow statistic. However, this approach loses much valuable information within the Internet traffic. With the advancement of commodity hardware, in particular the volume of storage devices and the speed of interconnect technologies used in network adapter cards and multi-core processors, it is now possible to capture 10 Gbps and beyond real-time network traffic using a commodity computer, such as n2disk. Also with the advancement of distributed file system （such as Hadoop, ZFS, etc.） and open cloud computing platform （such as OpenStack, CloudStack, and Eucalyptus, etc.）, it is practical to store such large volume of traffic data and fully in-depth analyse the inside communication within an acceptable latency. In this paper, based on well- known TimeMachine, we present TIFAflow, the design and implementation of a novel system for archiving and querying network flows. Firstly, we enhance the traffic archiving system named TImemachine＋FAstbit （TIFA） with flow granularity, i.e., supply the system with flow table and flow module. Secondly, based on real network traces, we conduct performance comparison experiments of TIFAflow with other implementations such as common database solution, TimeMachine and TIFA system. Finally, based on comparison results, we demonstrate that TIFAflow has a higher performance improvement in storing and querying performance than TimeMachine and TIFA, both in time and space metrics.

Critical Analysis of DDoS-An Emerging Security Threat over IoT Networks

Ubiquitous computing facilitated by Internet of things(IoT)devices has made modern day life easier across many areas.It offers capabilities to measure parameters associated with the devices,to infer from their results,and to understand and control millions of such devices in various application domains.The enormous potential of IoT systems enables each and every device to communicate with each other,thereby providing more productivity.In this scenario,heterogeneity of technologies in use is expected to intensify the security threats.Policy enforcement for the assurance of privacy and security plays a key role in these systems.Fulfillment of privacy and security related requirements include con-fidentiality of data,user and device authentication,access control,and trust assurance among the things.However,recent reported events related to security attacks show colossal vulnerabilities among IoT devices capable of bringing security risks to the whole environment.One of the common uses of these devices by the attackers is to generate powerful distributed denial of service(DDoS)at-tacks.It is one of the most prominent attacking behaviors over a network by a group of geographically distributed zombie computers that interrupt and block legitimate users to use the network resources and hence,requires great attention.In this regard,the current work being novel in the field puts concentration on variants of DDoS attacks and their impact on IoT networks along with some of the existing countermeasures to defend against these attacks.The paper also discusses the detailed working mechanism of these attacks and highlights some of the commonly used tools that are deployed in such attack scenarios.