Central Aggregator Intrusion Detection System for Denial of Service Attacks

Vehicle-to-grid technology is an emerging field that allows unused power from Electric Vehicles(EVs)to be used by the smart grid through the central aggregator.Since the central aggregator is connected to the smart grid through a wireless network,it is prone to cyber-attacks that can be detected and mitigated using an intrusion detection system.However,existing intrusion detection systems cannot be used in the vehicle-to-grid network because of the special requirements and characteristics of the vehicle-to-grid network.In this paper,the effect of denial-of-service attacks of malicious electric vehicles on the central aggregator of the vehicle-to-grid network is investigated and an intrusion detection system for the vehicle-to-grid network is proposed.The proposed system,central aggregator–intrusion detection system(CA-IDS),works as a security gateway for EVs to analyze andmonitor incoming traffic for possible DoS attacks.EVs are registered with a Central Aggregator(CAG)to exchange authenticated messages,and malicious EVs are added to a blacklist for violating a set of predefined policies to limit their interaction with the CAG.A denial of service(DoS)attack is simulated at CAG in a vehicle-to-grid(V2G)network manipulating various network parameters such as transmission overhead,receiving capacity of destination,average packet size,and channel availability.The proposed system is compared with existing intrusion detection systems using different parameters such as throughput,jitter,and accuracy.The analysis shows that the proposed system has a higher throughput,lower jitter,and higher accuracy as compared to the existing schemes.

A Machine Learning-Based Distributed Denial of Service Detection Approach for Early Warning in Internet Exchange Points

The Internet service provider(ISP)is the heart of any country’s Internet infrastructure and plays an important role in connecting to theWorld WideWeb.Internet exchange point(IXP)allows the interconnection of two or more separate network infrastructures.All Internet traffic entering a country should pass through its IXP.Thus,it is an ideal location for performing malicious traffic analysis.Distributed denial of service(DDoS)attacks are becoming a more serious daily threat.Malicious actors in DDoS attacks control numerous infected machines known as botnets.Botnets are used to send numerous fake requests to overwhelm the resources of victims and make them unavailable for some periods.To date,such attacks present a major devastating security threat on the Internet.This paper proposes an effective and efficient machine learning(ML)-based DDoS detection approach for the early warning and protection of the Saudi Arabia Internet exchange point(SAIXP)platform.The effectiveness and efficiency of the proposed approach are verified by selecting an accurate ML method with a small number of input features.A chi-square method is used for feature selection because it is easier to compute than other methods,and it does not require any assumption about feature distribution values.Several ML methods are assessed using holdout and 10-fold tests on a public large-size dataset.The experiments showed that the performance of the decision tree(DT)classifier achieved a high accuracy result(99.98%)with a small number of features(10 features).The experimental results confirmthe applicability of using DT and chi-square for DDoS detection and early warning in SAIXP.

Adaptive Butterfly Optimization Algorithm(ABOA)Based Feature Selection and Deep Neural Network(DNN)for Detection of Distributed Denial-of-Service(DDoS)Attacks in Cloud

Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches.

The History, Trend, Types, and Mitigation of Distributed Denial of Service Attacks

Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.

Resilient Service Authentication for Smart City Application Using IoT

Internet of Things(IoT)support for smart city systems improves ser-vice scales by ignoring various user congestion.People are looking for different security features for reliable and robust applications.Here,the Permanent Denial of Service(PDoS)problem arises from improper user identification.This article introduces the Service-Reliant Application Authentication(SRAA)to prevent PDoS attacks in a smart area of the city.In this authentication method,the security of the application is ensured through the distribution of guarded access.The supervised access distribution uses user interface features and sync with the user device.Abnormality in linking user device,application,and authentication is seen in Back Propagation(BP)readings.BP learning reduces given weights based on abnormalities trained during the access distribution process.The oddity is reflected in the sequence from previous training sessions to ensure consistent syn-chronization of distributed services.From PDoS,the web device displays a few unattended loads on the service,which reduces service failure.The effectiveness of the proposed verification method is verified using delays to verify metric accu-racy,false standard,sync failure,and bit rate.

Formalized Description of Distributed Denial of Service Attack

The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(

Denial of Service Due to Direct and Indirect ARP Storm Attacks in LAN Environment

ARP-based Distributed Denial of Service (DDoS) attacks due to ARP-storms can happen in local area networks where many computer systems are infected by worms such as Code Red or by DDoS agents. In ARP attack, the DDoS agents constantly send a barrage of ARP requests to the gateway, or to a victim computer within the same sub-network, and tie up the resource of attacked gateway or host. In this paper, we set to measure the impact of ARP-attack on resource exhaustion of computers in a local area network. Based on attack experiments, we measure the exhaustion of processing and memory resources of a victim computer and also other computers, which are located on the same network as the victim computer. Interestingly enough, it is observed that an ARP-attack not only exhausts resource of the victim computer but also significantly exhausts processing resource of other non-victim computers, which happen to be located on the same local area network as the victim computer.

Iterative Dichotomiser Posteriori Method Based Service Attack Detection in Cloud Computing

Cloud computing(CC)is an advanced technology that provides access to predictive resources and data sharing.The cloud environment represents the right type regarding cloud usage model ownership,size,and rights to access.It introduces the scope and nature of cloud computing.In recent times,all processes are fed into the system for which consumer data and cache size are required.One of the most security issues in the cloud environment is Distributed Denial of Ser-vice(DDoS)attacks,responsible for cloud server overloading.This proposed sys-tem ID3(Iterative Dichotomiser 3)Maximum Multifactor Dimensionality Posteriori Method(ID3-MMDP)is used to overcome the drawback and a rela-tively simple way to execute and for the detection of(DDoS)attack.First,the pro-posed ID3-MMDP method calls for the resources of the cloud platform and then implements the attack detection technology based on information entropy to detect DDoS attacks.Since because the entropy value can show the discrete or aggregated characteristics of the current data set,it can be used for the detection of abnormal dataflow,User-uploaded data,ID3-MMDP system checks and read risk measurement and processing,bug ratingfile size changes,orfile name changes and changes in the format design of the data size entropy value.Unique properties can be used whenever the program approaches any data error to detect abnormal data services.Finally,the experiment also verifies the DDoS attack detection capability algorithm.

Experimental Evaluation of Cisco ASA-5510 Intrusion Prevention System against Denial of Service Attacks

Cyber attacks are continuing to hamper working of Internet services despite increase in the use of network security systems such as, firewalls and Intrusion protection systems (IPS). Recent Denial of Service (DoS) attack on Independence Day weekend, on July 4th, 2009 launched to debilitate the US and South Korean governments’ websites is indicative of the fact that the security systems may not have been adequately deployed to counteract such attacks. IPS is a vital security device which is commonly used as a front line defense mechanism to defend against such DoS attacks. Before deploying a firewall or an IPS device for network protection, in many deployments, the performance of firewalls is seldom evaluated for their effectiveness. Many times, these IPS’s can become bottleneck to the network performance and they may not be effective in stopping DoS attacks. In this paper, we intend to drive the point that deploying IPS may not always be effective in stopping harmful effects of DoS attacks. It is important to evaluate the capability of IPS before they are deployed to protect a network or a server against DoS attacks. In this paper, we evaluate performance of a commercial grade IPS Cisco ASA-5510 IPS to measure its effectiveness in stopping a DoS attacks namely TCP-SYN, UDP Flood, Ping Flood and ICMP Land Attacks. This IPS comes with features to counteract and provide security against these attacks. Performance of the IPS is measured under these attacks protection and compared with its performance when these protection features were not available (i.e. disabled). It was found that the IPS was unable to provide satisfactory protection despite the availability of the protection features against these flooding attacks. It is important for the network managers to measure the actual capabilities of an IPS system before its deployment to protect critical information infrastructure.

A Novel Formal Theory for Security Protocol Analysis of Denial of Service Based on Extended Strand Space Model

Denial of Service (DoS) attack,especially Distributed Denial of Service (DDoS) attack,is one of the greatest threats to Internet.Much research has been done for it by now,however,it is always concentrated in the behaviors of the network and can not deal with the problem exactly.In this paper,we start from the security of the protocol,then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack.We first introduce the conception of weighted graph to extend the strand space model,then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol,finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service.Our new formal theory is applied in two example protocols.It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks,and the efficient DoS-resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server,respectively.

The detection method of low-rate DoS attack based on multi-feature fusion

As a new type of Denial of Service(DoS)attacks,the Low-rate Denial of Service(LDoS)attacks make the traditional method of detecting Distributed Denial of Service Attack(DDoS)attacks useless due to the characteristics of a low average rate and concealment.With features extracted from the network traffic,a new detection approach based on multi-feature fusion is proposed to solve the problem in this paper.An attack feature set containing the Acknowledge character(ACK)sequence number,the packet size,and the queue length is used to classify normal and LDoS attack traffics.Each feature is digitalized and preprocessed to fit the input of the K-Nearest Neighbor(KNN)classifier separately,and to obtain the decision contour matrix.Then a posteriori probability in the matrix is fused,and the fusion decision index D is used as the basis of detecting the LDoS attacks.Experiments proved that the detection rate of the multi-feature fusion algorithm is higher than those of the single-based detection method and other algorithms.

Game-theoretical Model for Dynamic Defense Resource Allocation in Cyber-physical Power Systems Under Distributed Denial of Service Attacks

Electric power grids are evolving into complex cyber-physical power systems(CPPSs)that integrate advanced information and communication technologies(ICTs)but face increasing cyberspace threats and attacks.This study considers CPPS cyberspace security under distributed denial of service(DDoS)attacks and proposes a nonzero-sum game-theoretical model with incomplete information for appropriate allocation of defense resources based on the availability of limited resources.Task time delay is applied to quantify the expected utility as CPPSs have high time requirements and incur massive damage DDoS attacks.Different resource allocation strategies are adopted by attackers and defenders under the three cases of attack-free,failed attack,and successful attack,which lead to a corresponding consumption of resources.A multidimensional node value analysis is designed to introduce physical and cybersecurity indices.Simulation experiments and numerical results demonstrate the effectiveness of the proposed model for the appropriate allocation of defense resources in CPPSs under limited resource availability.

Dynamic Threshold-Based Approach to Detect Low-Rate DDoS Attacks on Software-Defined Networking Controller

The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,security,and network management.However,the SDN is vulnerable to security threats that target its controller,such as low-rate Distributed Denial of Service(DDoS)attacks,The low-rate DDoS attack is one of the most prevalent attacks that poses a severe threat to SDN network security because the controller is a vital architecture component.Therefore,there is an urgent need to propose a detection approach for this type of attack with a high detection rate and low false-positive rates.Thus,this paper proposes an approach to detect low-rate DDoS attacks on the SDN controller by adapting a dynamic threshold.The proposed approach has been evaluated using four simulation scenarios covering a combination of low-rate DDoS attacks against the SDN controller involving(i)a single host attack targeting a single victim;(ii)a single host attack targeting multiple victims;(iii)multiple hosts attack targeting a single victim;and(iv)multiple hosts attack targeting multiple victims.The proposed approach’s average detection rates are 96.65%,91.83%,96.17%,and 95.33%for the above scenarios,respectively;and its average false-positive rates are 3.33%,8.17%,3.83%,and 4.67%for similar scenarios,respectively.The comparison between the proposed approach and two existing approaches showed that it outperformed them in both categories.

Low-Rate DoS Attack Flows Filtering Based on Frequency Spectral Analysis

In frequency domain,the power spectrum of Low-rate denial of service(LDoS) attacks is totally spread into the spectrum of normal traffic.It is a challenging task to detect and filter LDoS attack flows from the normal traffic.Based on the analysis of LDoS attack flows and legitimate TCP traffic in time and frequency domains,the periodicity of the TCP traffic and LDoS attack flows is explored to facilitate the research of network traffic processing.Hence,an approach of LDoS attack flow filtering based on frequency spectrum analysis is proposed.In this approach,the TCP traffic and LDoS attack flows are transformed from the time domain into the frequency domain.Then the round-trip time(RTT) is estimated by using frequency domain search method.Analysis of amplitude spectrum shows that TCP traffic energy is mainly concentrated on the points of n/RTT.Therefore,a comb filter using infinite impulse response(IIR) filter is designed to filter out the LDoS attack flows in frequency domain,while most legitimate TCP traffic energy at the points of n/RTT are pass through.Experimental results show that the maximum pass rate for legitimate TCP traffic reaches 92.55%,while the maximum filtration rate of LDoS attack flows reaches 81.36%.The proposed approach can effectively filter the LDoS attack flows while less impact on the legitimate TCP traffic.

Vulnerabilities of LDAP As An Authentication Service

Lightweight Directory Access Protocol (LDAP) servers are widely used to authenticate users in enterprise level networks. Organizations such as universities and small to medium-sized businesses use LDAP for a variety of applications including e-mail clients, SSH, and workstation authentication. Since many organizations build dependencies on the LDAP service, a Denial-of-Service (DoS) attack to the service can cause a greater number of services disrupted. This paper examines the danger in the use of LDAP for user authentication by executing a DoS attack exploiting the TCP three-way handshake required when initializing a connection to an LDAP server.

基于合约熵判决算法的区块链网络DDoS防御优化

为针对多域协同联合防御分布式拒绝服务(DDoS)更有效发挥区块链网络优势,该文提出智能合约熵检测(SCED)算法。基于Hyperledger Fabric区块链架构,首先,通过智能合约技术构建多域协作机制,建立智能合约协作子算法;然后,针对受害域内非法流量IP生成IP黑名单,并通知所有协作域,协同防御DDoS;其次,在各单域内部署由监测、比对、分类及防御模块组成的熵判决防御子算法,检测处理域内非法流量;最后,结合多域智能合约协作和单域熵判决防御,实现区块链网络中受害域、中间域及攻击域协同防御DDoS。仿真结果表明,对比ChainSecure等算法,SCED算法在精度和效率方面有较好的表现。

面向网络靶场的DDoS攻击缓解方法研究

本文提出一种面向不平衡数据的DDoS攻击检测模型,提升对DDoS洪泛攻击的检测效果。以OpenStack为核心技术设计网络靶场,并使用Ceph分布式存储替换OpenStack原生存储系统,提出一种OpenStack与Ceph的超融合网络靶场方案,可以实现对计算、存储、网络资源的统一管理。首先,针对Ceph集群在存储时的数据分布不均情况对平台存储性能的影响,提出一种基于好感度的数据存储优化算法,利用好感度因子约束数据的存储位置,有效提高集群中所有OSD节点存储数据的均衡性。同时,设计了一种基于软件定义网络(Software Defined Network,SDN)的DDoS洪泛攻击检测与缓解方法,有效降低了对物理设备性能的要求,最后结合Ryu控制器的可编程性,实现DDoS洪泛攻击缓解方法。

列车控制系统的抗拒绝服务攻击弹性控制策略

当遭受拒绝服务(DoS)攻击时,分布式列车控制系统的弹性控制问题受到广泛关注.本文提出了一种基于分布式领导车状态观测器和障碍李雅普诺夫函数的弹性控制策略,不仅可以避免列车碰撞,同时实现了编队控制的目标.首先,给出了一种分布式的领导车状态观测器设计方法,用于实时估计领导车的状态.理论分析表明,在DoS攻击满足一定约束的条件下,该状态观测器的估计误差具有指数稳定特性.在此基础上,通过将列车碰撞避免问题转化为状态受限问题,提出一种基于障碍李雅普诺夫函数的状态受限控制律,解决了DoS攻击下确保碰撞避免的车队控制问题.最后,数值仿真证实了本文方法的有效性.

面向边缘计算的TCA1C DDoS检测模型

边缘计算弥补了传统云计算数据传输开销大的不足,但边缘网络中存储和计算资源受限的特殊性限制了其部署复杂安全算法的能力,更易受到分布式拒绝服务(DDoS)攻击。针对目前边缘网络中DDoS攻击检测方法性能不高、未对卸载任务分类处理、对多属性的流量处理能力弱的问题,提出一种基于任务分类的Attention-1D-CNN DDoS检测模型TCA1C,对通信链路中的流量按不同的卸载任务进行分类,使单个任务受到攻击时不会影响整个链路中计算任务卸载的安全性,再对同一任务下的流量提取属性值并进行归一化处理。处理后的数据输入到Attention-1D-CNN,通道Attention和空间Attention学习数据特征对DDoS检测的贡献度,利用筛选函数剔除低于特征阈值的冗余信息,降低模型学习过程的复杂度,使模型快速收敛。仿真结果表明:TCA1C模型在缩短DDoS检测所用时间的情况下,检测准确率高达99.73%,检测性能优于DT、ELM、LSTM和CNN;当多个卸载任务在面临特定攻击概率时,卸载任务分类能有效降低不同任务的相互影响,使终端设备的计算任务在卸载过程中保持较高的安全性。