Your search keyword '"attack mitigation"' showing total 26 results

1. The Evolution of Federated Learning-Based Intrusion Detection and Mitigation: A Survey

Author

Leo Lavaur, Marc-Oliver Pahl, Yann Busnel, Fabien Autrel, Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD), IMT Atlantique (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT), Objets communicants pour l'Internet du futur (OCIF), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES (IRISA-D2), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS), mEasuRing and ManagIng Network operation and Economic (ERMINE), Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES (IRISA-D2), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), and This research is part of the chair CyberCNI.fr with support of the FEDER development fund of the Brittany region.

Subjects

machine learning, federated learning, network security management, attack mitigation, [INFO.INFO-IT]Computer Science [cs]/Information Theory [cs.IT], Computer Networks and Communications, intrusion detection systems, [INFO.INFO-DS]Computer Science [cs]/Data Structures and Algorithms [cs.DS], collaborative sharing, [INFO.INFO-DC]Computer Science [cs]/Distributed, Parallel, and Cluster Computing [cs.DC], Electrical and Electronic Engineering

Abstract

International audience; In 2016, Google introduced the concept of Federated Learning (FL), enabling collaborative Machine Learning (ML). FL does not share local data but ML models, offering applications in diverse domains. This paper focuses on the application of FL to Intrusion Detection Systems (IDSs). There, common criteria to compare existing solutions are missing. In particular, this survey shows: (i) how FL-based IDSs are used in different domains; (ii) what differences exist between architectures; (iii) the state of the art of FL-based IDS. With a structured literature survey, this work identifies the relevant state of the art in FL-based intrusion detection from its creation in 2016 until 2021. It provides a reference architecture and a taxonomy to serve as guidelines to compare and design FLbased IDSs. Both are validated with the existing works. Finally, it identifies research directions for the application of FL to intrusion detection systems.

Published

2022

2. Trustability for Resilient Internet of Things Services on 5G Multiple Access Edge Cloud Computing

Author

Suleyman Uslu, Davinder Kaur, Mimoza Durresi, and Arjan Durresi

Subjects

Electrical and Electronic Engineering, Biochemistry, Instrumentation, trustworthy and resilient systems, trust management, internet of things sensor security, 5G multiple access edge computing security, attack mitigation, Atomic and Molecular Physics, and Optics, Analytical Chemistry

Abstract

Billions of Internet of Things (IoT) devices and sensors are expected to be supported by fifth-generation (5G) wireless cellular networks. This highly connected structure is predicted to attract different and unseen types of attacks on devices, sensors, and networks that require advanced mitigation strategies and the active monitoring of the system components. Therefore, a paradigm shift is needed, from traditional prevention and detection approaches toward resilience. This study proposes a trust-based defense framework to ensure resilient IoT services on 5G multi-access edge computing (MEC) systems. This defense framework is based on the trustability metric, which is an extension of the concept of reliability and measures how much a system can be trusted to keep a given level of performance under a specific successful attack vector. Furthermore, trustability is used as a trade-off with system cost to measure the net utility of the system. Systems using multiple sensors with different levels of redundancy were tested, and the framework was shown to measure the trustability of the entire system. Furthermore, different types of attacks were simulated on an edge cloud with multiple nodes, and the trustability was compared to the capabilities of dynamic node addition for the redundancy and removal of untrusted nodes. Finally, the defense framework measured the net utility of the service, comparing the two types of edge clouds with and without the node deactivation capability. Overall, the proposed defense framework based on trustability ensures a satisfactory level of resilience for IoT on 5G MEC systems, which serves as a trade-off with an accepted cost of redundant resources under various attacks.

Published

2022

3. An Extendable Software Architecture for Mitigating ARP Spoofing-Based Attacks in SDN Data Plane Layer

Author

Sorin Buzura, Mihaiela Lehene, Bogdan Iancu, and Vasile Dadarlat

Subjects

Computer Networks and Communications, Hardware and Architecture, Control and Systems Engineering, Signal Processing, Electrical and Electronic Engineering, ARP spoofing, attack detection, attack mitigation, network security, software architecture, software-defined networking

Abstract

Software-defined networking (SDN) is an emerging network architecture that brings benefits in network function virtualization, performance, and scalability. However, the scalability feature also increases the number of possible vulnerabilities through multiple entry points in the network. Address Resolution Protocol (ARP) spoofing-based attacks are widely encountered and allow an attacker to assume the identity of a different computer, facilitating other attacks, such as Man in the Middle (MitM). In the SDN context, most solutions employ a controller to detect and mitigate attacks. However, interacting with the control plane involves asynchronous network communication, which causes delayed responses to an attack. The current work avoids these delays by being implemented solely in the data plane through extendable and customizable software architecture. Therefore, faster response times improve network reliability by automatically blocking attackers. As attacks can be generated with a variety of tools and in networks experiencing different traffic patterns, the current solution is created to allow flexibility and extensibility, which can be adapted depending on the running environment. Experiments were run performing ARP spoofing-based attacks using KaliLinux, Mininet, and OpenVSwitch. The presented results are based on traffic pattern analysis offering greater customization capabilities and insight compared to similar work in this area.

Published

2022

4. Runtime Randomized Relocation of Crypto Libraries for Mitigating Cache Attacks

Author

Youngjoo Shin and Joobeom Yun

Subjects

General Computer Science, business.industry, Computer science, Process (engineering), Cache side-channel attack, General Engineering, Control reconfiguration, Cloud computing, Cryptography, secure cloud computing, Computer security, computer.software_genre, moving target defence, TK1-9971, crypto library, Software bug, attack mitigation, General Materials Science, Electrical engineering. Electronics. Nuclear engineering, Side channel attack, Cache, business, Relocation, computer

Abstract

Crypto libraries such as OpenSSL and Libgcrypt are essential building blocks for implementing secure cloud services. Unfortunately, these libraries are subject to cache side-channel attacks, which are more devastating in cloud environments where inevitable cache contention among different tenants occurs. Previous approaches for mitigating cache side-channel attacks have limitations in terms of the deployability and security; these hinder utilization in cloud services. In this paper, we propose an R2-relocator, a novel library protection technique based on moving target defence. When injected into a running process, the R2-relocator performs randomized relocation of the library during runtime. By doing this, it transforms a vulnerable crypto library into one that randomly changes its memory (cache) location, thereby preventing the delivery of cache side-channel attacks against the library. The proposed technique achieves robust protection against cache side-channel attacks for all crypto libraries, even those containing unpatched critical vulnerabilities, without the need for reconfiguration of the library. Extensive evaluations of security, performance, and deployability of the R2-relocator demonstrate its effectiveness for secure cloud services.

Published

2021

5. Hybrid Multilayer Network Traceback to the Real Sources of Attack Devices

Author

Jia-Ning Luo, Ming-Hour Yang, M. Vijayalakshmi, and S. Mercy Shalinie

Subjects

Spoofing attack, General Computer Science, IP traceback, Computer science, 0211 other engineering and technologies, Core network, 02 engineering and technology, Computer security, computer.software_genre, attack mitigation, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, autonomous system, 021110 strategic, defence & security studies, Network packet, business.industry, General Engineering, 020206 networking & telecommunications, Information security, layer 2 traceback, Network layer, DDoS attack, The Internet, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, computer, attack detection, lcsh:TK1-9971, Data link layer

Abstract

With the advent of the Internet of Things (IoT), there are also major information security risks hidden behind them. There are major information security risks hidden behind them. Attackers can conceal their actual attack locations by spoofing IP addresses to attack IoT devices, law enforcement cannot easily track them. Therefore, a method to trace stealth attacks is required. Conventional IP traceback methods that traceback only attackers on the network layer and cannot infer the path information of a packet traversing the switch. This article proposes a method to simultaneously traceback attack sources at the network layer and the data link layer with only one single packet. Even if the core network contains a switch or if multiple attackers launch attacks from different locations, the method can correctly traceback the true devices responsible for the attacks, and its achievements include a zero false negative rate and a low false positive rate.

Published

2020

6. Decentralized Coordinated Cyber-Attack Detection and Mitigation Strategy in DC Microgrids Based on Artificial Neural Networks

Author

Tomislav Dragicevic, Frede Blaabjerg, Mohammad Reza Habibi, Sebastian Rivera, and Subham Sahoo

Subjects

Artificial Neural Network, Cybersecurity, Computer science, Distributed computing, Voltage control, Energy Engineering and Power Technology, Coordinated Control, DC Microgrids, Power electronics, Injection attacks, Cyber-attack mitigation, DC microgrid, Electrical and Electronic Engineering, Microgrids, MATLAB, FDIAs, computer.programming_language, Neurons, Artificial neural network, Artificial neural networks, Feedforward neural networks, Sensors, Cyber Attacks, False data injection attack (FDIA), Attack Detection, Feedforward neural network, Microgrid, Biological neural networks, computer, Attack Mitigation

Abstract

DC microgrids can be considered as cyber-physical systems (CPSs) and they are vulnerable to cyberattacks. Therefore, it is highly recommended to have effective plans to detect and remove cyberattacks in dc microgrids. This article shows how artificial neural networks can help to detect and mitigate coordinated false data injection attacks (FDIAs) on current measurements as a type of cyberattacks in dc microgrids. FDIAs try to inject the false data into the system to disrupt the control application, which can make the dc microgrid shutdown. The proposed method to mitigate FDIAs is a decentralized approach and it has the capability to estimate the value of the false injected data. In addition, the proposed strategy can remove the FDIAs even for unfair attacks with high domains on all units at the same time. The proposed method is tested on a detailed simulated dc microgrid using the MATLAB/Simulink environment. Finally, real-time simulations by OPAL-RT on the simulated dc microgrid are implemented to evaluate the proposed strategy.

Published

2021

7. Demonstration: A cloud-control system equipped with intrusion detection and mitigation

Author

Akbarian, Fatemeh, Tärneberg, William, Fitzgerald, Emma, and Kihl, Maria

Subjects

Cloud control systems, Test-bed, Computer Systems, Computer Science, Intrusion detection, Cyber security, Attack mitigation

Abstract

The cloud control systems (CCs) are inseparable parts of industry 4.0. The cloud, by providing storage and computing resources, allows the controllers to evaluate complex problems that are too computationally demanding to perform locally. However, connecting physical systems to the cloud through the network can provide an entry point for attackers to infiltrate the system and cause damage with potentially catastrophic consequences. Hence, in this paper, we present a demo of our proposed security framework for CCs and demonstrate how it can detect attacks on this system quickly and mitigate them., Electronic Communications of the EASST, Volume 80: Conference on Networked Systems 2021 (NetSys 2021)

Published

2021

8. A Software-Defined Security Approach for Securing Field Zones in Industrial Control Systems

Author

Chunjie Zhou, Shuang-Hua Yang, Yu-Chu Tian, and Jun Yang

Subjects

General Computer Science, Computer science, Industrial control system, 02 engineering and technology, Computer security, computer.software_genre, Field (computer science), Software, zone protection, attack mitigation, 0202 electrical engineering, electronic engineering, information engineering, Information system, General Materials Science, Isolation (database systems), software-defined security (SDSec), Network packet, business.industry, 020208 electrical & electronic engineering, General Engineering, anomaly detection, 020201 artificial intelligence & image processing, Anomaly detection, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, computer, lcsh:TK1-9971

Abstract

Industrial control systems (ICSs) are facing increasingly severe security threats. Zone isolation, a commonly adopted idea for stopping attack propagation in general information systems, has been investigated for ICS security protection. It is usually implemented through perimeter security techniques. However, anomaly states of the physical processes in a compromised field zone may spread into other zones through the inter-zone information interaction. Due to the coupling of the physical processes between different zones, it is difficult to prevent the propagation of attack impact in ICSs. In this paper, a software-defined security (SDSec) approach is presented to address this problem. It consists of a hybrid anomaly detection module and a multi-level security response module, both of which work together to secure the ICS field zones. The hybrid anomaly detection module inspects anomaly behaviors from the perspectives of network communications and physical process states. The multi-level security response module helps prevent unapproved packets from communications, thus isolating any compromised zone. It also generates attack mitigation strategies to secure physical processes. Hardware-in-the-loop simulations are conducted to demonstrate the effectiveness of the presented approach.

Published

2019

9. A Novel and Comprehensive Trust Estimation Clustering Based Approach for Large Scale Wireless Sensor Networks

Author

Karan Singh, Satya P. Singh, Manisha Manjul, Tayyab Ali Khan, Hoang Viet Long, Le Hoang Son, Mohamed Abdel-Basset, and School of Computer Science and Engineering

Subjects

General Computer Science, Computer science, Reliability (computer networking), 02 engineering and technology, Intrusion detection system, Data Trust, Base station, Resource (project management), attack mitigation, 0202 electrical engineering, electronic engineering, information engineering, Dependability, Trust management (information system), Trust management, communication trust, General Materials Science, Cluster analysis, Engineering::Computer science and engineering [DRNTU], business.industry, General Engineering, 020206 networking & telecommunications, Trust Management, 020201 artificial intelligence & image processing, data trust, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, lcsh:TK1-9971, Wireless sensor network, Computer network

Abstract

With the wide applications of wireless sensor networks (WSNs) in various fields, such as environment monitoring, battlefield surveillance, healthcare, and intrusion detection, trust establishment among sensor nodes becomes a vital requirement to improve security, reliability, and successful cooperation. The existing trust management approaches for large-scale WSN are failed due to their low dependability (i.e., cooperation), higher communication, and memory overheads (i.e., resource inefficient). In this paper, we propose a novel and comprehensive trust estimation approach (LTS) for large-scale WSN that employs clustering to improve cooperation, trustworthiness, and security by detecting malicious (faulty or selfish) sensor nodes with reduced resource (memory and power) consumption. The proposed scheme (LTS) operates on two levels, namely, intra-cluster and inter-cluster along with distributed approach and centralized approach, respectively, to make accurate trust decision of sensor nodes with minimum overheads. LTS consists of unique features, such as robust trust estimation function, attack resistant, and efficient trust aggregation at the cluster, head to obtain the global feedback trust value. Data trust along with communication trust plays a significant role to cope with malicious nodes. In LTS, punishment and trust severity can be tuned according to the application requirement, which makes it an innovative LTS. Moreover, dishonest recommendations (outliers) are eliminated before aggregation at the base station by observing the statistical dispersion. The theoretical and mathematical validations along with simulation results exhibit the great performance of our proposed approach in terms of trust evaluation cost, prevention, and detection of malicious nodes as well as communication overhead. Published version

Published

2019

10. Securing a Linux Server Against Cyber Attacks

Author

Hyppönen, Mikko, Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences, and Tampere University

Subjects

Tietotekniikan DI-ohjelma - Master's Programme in Information Technology, attack mitigation, cyber security, Linux, Man-in-the-Middle attack, Denial-of-Service attack, port scanning, cyber attacks

Abstract

Kyberturvallisuuden merkitys on viime vuosien aikana pysynyt tärkeänä ja erilaisten kyberhyökkäysten uhka on pysynyt korkealla. Maailmalla uutisoidaan jatkuvasti erilaisista tietomurroista sekä palvelunestohyökkäyksistä, ja useassa tapauksessa hyökkäys on onnistunut puutteellisen tietoturvan sekä turvattoman palvelimen johdosta. Tässä diplomityössä keskitytään toteuttamaan Linux-käyttöjärjestelmällä toimiva palvelin, joka kykenisi estämään tai lieventämään siihen kohdistettuja kyberhyökkäyksiä. Tässä kontekstissa kyberhyökkäys on hyökkäys, joka kohdistuu tietokonetta tai verkkoa vastaan ja pyrkii väistämään tai rikkomaan järjestelmän tietoturvan ja tietoturvapolitiikan. Lievennys- ja estotekniikat ovat tekniikoita, joiden avulla näiden kyberhyökkäysten vaikutus palvelimeen pyritään minimoimaan tai poistamaan. Tutkimusta varten muodostettiin kolme tutkimuskysymystä.Tutkimuskysymykset liittyvät Linux-palvelimen verkkoteknologiaan liittyviin haavoittuvuuksiin, kyberhyökkäyksiin, jotka voisivat vahingoittaa palvelinta sekä lievennys- ja estotekniikoihin, joilla mahdollisten hyökkäysten vaikutus voitaisiin pienentää tai poistaa. Tutkimuskysymysten lisäksi muodostettiin tutkimustavoitteita, joiden avulla tutkimuksen päämäärä voitaisiin saavuttaa. Palvelimen hyökkäyspinta-alaa pienennetään poistamalla turhat palvelut palvelimelta sekä kovennetaan käyttäen lievennys- ja estotekniikoita. Tietoturvallisen Linux-palvelimen tietoturvan testaus tehdään suorittamalla siihen kohdistuvia kyberhyökkäyksiä ja evaluointi tehdään vertailemalla tuloksia verrokkipalvelimen tulosten kanssa. Työn tuloksena on palvelin, joka kykenee lieventämään tai estämään siihen työssä kohdistuneen palvelunestohyökkäyksen, välistävetohyökkäyksen, sanakirjahyökkäyksen sekä piilottamaan käytössä olevat palvelut ja portit. Työ korostaa palvelintietoturvan sekä palvelinympäristön huomioivan palvelinkonfiguroinnin tärkeyttä, mistä toivottavasti on hyötyä niille tahoille, jotka haluavat turvata oman palvelimensa kyberhyökkäysten varalta. Cybersecurity continues to be an important topic as the threat from different cyber attacks against computer systems remains high. News about new data breaches and Denial-of-Service attacks pop up constantly around the world and in many cases the problem has been in the security of the targeted servers. The aim of this thesis is to create a Linux server, which would be able to resist and mitigate cyber attacks relevant to the system. In this context, a cyber attack is an attack that is aimed against a computer system or network and that attempts to breach or evade security and violate security policies. Attack mitigation is using techniques and tools to resist or prevent the impact of such attacks. Three research questions were formulated for this thesis. The research questions are related to the vulnerabilities of the networking aspects in a Linux server, cyber attacks that can impact the system and mitigation techniques that could prevent such attacks. The research objectives of this thesis are to harden and minimize the operating system on the server in order to make it more secure, use different cyber attacks to test the resulting security of the server and compare and evaluate the results to a baseline server. The result of this thesis is a Linux server, which is configured with the mitigation of cyber attacks in mind, and that is able to withstand network scanning, brute-forcing dictionary attacks, Denial-of-Service and Man-in-the-Middle attacks in comparison to a baseline server with no mitigation configurations. In conclusion, the resulting server and the contrast it provides against the baseline server, highlights the importance of mitigating cyber attacks and configuring a server to work securely based on the surrounding system environment.

Published

2021

11. Attack Detection and Mitigation Using Supervised Learning and Container-Based VNF Orchestration

Author

Silva, Fernando da and Schaeffer Filho, Alberto Egon

Subjects

Attack mitigation, Redes, Aprendizagem supervisionada, virtualização, Aprendizado de máquina, VNF Orchestration, Container

Abstract

A virtualização de funções de rede (Network Function Virtualization - NFV) desacopla as funções de rede dos dispositivos físicos, simplificando a implantação de novos serviços. Ao contrário das middleboxes tradicionais, as Virtual Network Functions (VNFs) podem ser dinamicamente implementadas e reconfiguradas sob demanda, colocando desafios de gerenciamento rigorosos aos sistemas em rede. Selecionar VNFs de um repositório defi nindo onde elas serão colocadas na rede virtualizada e encadeando-as para obter o com portamento desejado são problemas que precisam ser resolvidos por um orquestrador. Nesse sentido, um conjunto de VNFs podem ser instanciadas para desempenhar diversas tarefas, onde destacamos aqui a possibilidade de utilizar VNFs para a mitigação de ata ques, buscando garantir a resiliência da rede. Neste trabalho é proposto um mecanismo, chamado Intel-OCNF, que através do uso de aprendizado supervisionado e virtualização baseada em contêineres, permite identificar quais funções de rede devem ser instanciadas com base em dados de monitoramento. A solução proposta busca minimizar o uso de recursos, e agilizar o processo de instanciação e gerenciamento das VNFs, de forma a assegurar a resiliência da rede. O protótipo desenvolvido foi integrado ao orquestrador NFVO, e opera de forma automatizada e sem dependência de ações do operador de rede. Os experimentos foram avaliados com base no desempenho dos algoritmos de categori zação do tráfego e de seleção do mitigador, e no desempenho das VNFs em contêineres. Os resultados obtidos nos experimentos demonstraram que com a utilização dos algorit mos propostos é possível alcançar mais de 90% de sucesso na detecção das categorias de ataque. Além disso, com a utilização de virtualização baseada em contêiner é possível provisionar uma VNF com overhead muito menor que o de uma VNF baseada em VM. Network Function Virtualization (NFV) decouples network functions from physical de vices, simplifying the deployment of new services. Unlike traditional middleboxes, Vir tual Network Functions (VNFs) can be dynamically deployed and reconfigured on de mand, posing strict management challenges to networked systems. Selecting VNFs from a repository defining where they will be placed on the virtualized network and chaining them together to get the desired behavior are issues that need to be resolved by an Orches trator. In this sense, a set of VNFs can be instantiated to perform various tasks, where we highlight here the possibility of using VNFs to mitigate attacks, seeking to ensure network resilience. This work proposes a mechanism, called Intel-OCNF, which, through the use of supervised learning and container-based virtualization, allows to identify which net work functions should be instantiated based on monitoring data. The proposed solution seeks to minimize the use of resources, and streamline the process of instantiation and management of VNFs, in order to ensure the resilience of the network. The developed prototype was integrated with the NFVO orchestrator, and it operates in an automated way and without dependence on the actions of the network operator. The experiments were evaluated based on the performance of traffic categorization and mitigator selection algorithms and on the performance of containerized VNFs. The results obtained in the experiments showed that using the proposed algorithms it is possible to reach more than 90% of success in detecting the attack categories. Moreover, by using container-based virtualization, it is possible to provision a VNF with a much smaller overhead than a VM-based VNF.

Published

2021

12. Bayesian Network Model to Distinguish between Intentional Attacks and Accidental Technical Failures: A Case Study of Floodgates

Author

Wolter Pieters, Pieter van Gelder, Sabarathinam Chockalingam, and André Teixeira

Subjects

Water managment, Computer engineering. Computer hardware, Computer Networks and Communications, Computer science, DeMorgan model, Bayesian Belief Network, Bayesiansk Tiltro Nettverk, Trygd, Cyber security, USable, Computer security, computer.software_genre, TK7885-7895, Artificial Intelligence, Floodgate, Intentional attack, Probability elicitation, Kunnskapsakkvisisjon, Sikkerhet, Work, Health and Performance, Block (data storage), Sikkerhet og sårbarhet: 424 [VDP], Computer Sciences, business.industry, Technical failure, Bayesian network, Conditional probability, QA75.5-76.95, Industrial control system, Directed acyclic graph, Security and vulnerability: 424 [VDP], Water management, Datavetenskap (datalogi), Electronic computers. Computer science, Vannforvaltning, Knowledge acquisition, Security, The Internet, Safety, business, computer, Attack Mitigation, Software, Angrepshåndtering, Information Systems

Abstract

Contains fulltext : 237105.pdf (Publisher’s version ) (Open Access) Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by both (intentional) attacks and (accidental) technical failures. When operators notice abnormal behaviour, they should be able to distinguish between those two causes to take appropriate measures, because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector. In the previous work, we developed the attack-failure distinguisher framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two causes, including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models. As a full case study of the attack-failure distinguisher framework, this paper presents a BN model constructed to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates, addressing the problem of floodgate operators. We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model. The constructed BN model is usable in water management infrastructures to distinguish between intentional attacks and accidental technical failures in case of incorrect sensor measurements. This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements. 19 p.

Published

2021

13. A survey on healthcare data security in wireless body area networks

Author

Tallat Jabeen, Ata Ullah, and Humaira Ashraf

Subjects

General Computer Science, Computer science, media_common.quotation_subject, Data security, Computational intelligence, 02 engineering and technology, Computer security, computer.software_genre, SLR, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Hybrid cryptosystem, Quality (business), Relevance (information retrieval), media_common, Original Research, business.industry, Healthcare, 020206 networking & telecommunications, Attack mitigation, 020201 artificial intelligence & image processing, The Internet, WBAN, business, computer

Abstract

Advances in remote interchanges, the internet of nano things have empowered the wireless body area networks (WBAN) to end up a promising systems of networking standard. It involves interconnected tiny sensors to gather ongoing biomedical data and transmit over the network for further analysis. Due to possibility of active and passive number of attacks, the healthcare data security is quite essential and challenging. This paper presents the systematic literature review (SLR) of the multiple security schemes for WBAN. We have identified a research question to analyses the possibility of several attacks while preserving the memory constraints. We have performed quality valuation to ensure the relevance of schemes with the research question. Moreover, the schemes are considered from 2016 to 2020 to focus on recent work. In literature, several existing schemes are explored to identify how the security is enhanced for exchanging patients' healthcare data. The data security schemes using AES, ECC, SHA-1 and hybrid encryption are analyzed based on influential traits. Several methodologies for data security in WBAN are considered and the most appropriate methodologies are appraised. We also analyses the security for different attack scenarios.

Published

2020

14. Advanced metering infrastructures - security risks and mitigation

Author

Konstantinos-Panagiotis Grammatikakis, Stavros Shiaeles, Ioannis Koufos, Gueltoum Bendiab, and Nicholas Kolokotronis

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, Smart meter, Computer science, 0211 other engineering and technologies, Context (language use), 02 engineering and technology, Intrusion detection system, Cyber-security, Computer security, computer.software_genre, Order (exchange), noissn, Graphical security models, 0202 electrical engineering, electronic engineering, information engineering, Intrusion detection, Consumption (economics), 021110 strategic, defence & security studies, 020206 networking & telecommunications, Computer security model, Variety (cybernetics), Attack mitigation, Human-Computer Interaction, Power grid, Software deployment, Malware detection, Computer Vision and Pattern Recognition, computer, Cryptography and Security (cs.CR), Software

Abstract

Energy providers are moving to the smart meter era, encouraging consumers to install, free of charge, these devices in their homes, automating consumption readings submission and making consumers life easier. However, the increased deployment of such smart devices brings a lot of security and privacy risks. In order to overcome such risks, Intrusion Detection Systems are presented as pertinent tools that can provide network-level protection for smart devices deployed in home environments. In this context, this paper is exploring the problems of Advanced Metering Infrastructures (AMI) and proposing a novel Machine Learning (ML) Intrusion Prevention System (IPS) to get optimal decisions based on a variety of factors and graphical security models able to tackle zero-day attacks.

Published

2020

15. Reflective Attenuation of Cyber-Physical Attacks

Author

Jose Rubio-Hernan, Mariana Segovia, Ana Cavalli, Nora Cuppens, Joaquin Garcia-Alfaro, Département Réseaux et Services de Télécommunications (RST), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Institut Polytechnique de Paris (IP Paris), Réseaux, Systèmes, Services, Sécurité (R3S-SAMOVAR), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Centre National de la Recherche Scientifique (CNRS), Département Réseaux et Services Multimédia Mobiles (RS2M), Méthodes et modèles pour les réseaux (METHODES-SAMOVAR), Département Logique des Usages, Sciences sociales et Sciences de l'Information (IMT Atlantique - LUSSI), IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT), and Département Electronique et Physique (EPH)

Subjects

Reflection (computer programming), Computer science, Process (engineering), Computation, Attack detection, Control (management), Cyber-physical system, 020206 networking & telecommunications, Networked control systems, 02 engineering and technology, Computer security, computer.software_genre, Attack mitigation, Critical infrastructures, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Adversarial system, Cyber-physical security, Order (exchange), 0202 electrical engineering, electronic engineering, information engineering, [INFO]Computer Science [cs], 020201 artificial intelligence & image processing, Adversary model, computer

Abstract

International audience; Cyber-physical systems (CPS) integrate computation and networking resources to control a physical process. The adoption of new communication capabilities comes at the cost of introducing new securiy threats that need to be handled properly. Threats must be addressed at cyber and physical domains at the same time in order to detect and automatically mitigate the threats. In this paper, we elaborate an approach to attenuate cyber-physical attacks driven by reflective programmable networking actions, in order to take control of adversarial actions against cyber-physical systems. The approach builds upon the concept of programmable reflection and programmable networking. We validate the approach using experimental work.

Published

2020

16. A DDoS Attack Detection and Mitigation With Software-Defined Internet of Things Framework

Author

Kun Yang, Lianming Zhang, and Da Yin

Subjects

General Computer Science, business.industry, Computer science, General Engineering, 020206 networking & telecommunications, Cloud computing, Denial-of-service attack, 02 engineering and technology, Computer security, computer.software_genre, distributed denial of service (DDoS), Software, attack mitigation, 0202 electrical engineering, electronic engineering, information engineering, cosine similarity, 020201 artificial intelligence & image processing, General Materials Science, Software-defined Internet of Things (SD-IoT), lcsh:Electrical engineering. Electronics. Nuclear engineering, Internet of Things, business, computer, attack detection, lcsh:TK1-9971

Abstract

With the spread of Internet of Things’ (IoT) applications, security has become extremely important. A recent distributed denial-of-service (DDoS) attack revealed the ubiquity of vulnerabilities in IoT, and many IoT devices unwittingly contributed to the DDoS attack. The emerging software-defined anything (SDx) paradigm provides a way to safely manage IoT devices. In this paper, we first present a general framework for software-defined Internet of Things (SD-IoT) based on the SDx paradigm. The proposed framework consists of a controller pool containing SD-IoT controllers, SD-IoT switches integrated with an IoT gateway, and IoT devices. We then propose an algorithm for detecting and mitigating DDoS attacks using the proposed SD-IoT framework, and in the proposed algorithm, the cosine similarity of the vectors of the packet-in message rate at boundary SD-IoT switch ports is used to determine whether DDoS attacks occur in the IoT. Finally, experimental results show that the proposed algorithm has good performance, and the proposed framework adapts to strengthen the security of the IoT with heterogeneous and vulnerable devices.

Published

2018

17. Source-Load Coordinated Reserve Allocation Strategy Considering Cyber-Attack Risks

Author

Mengya Li, Yi Tang, Qi Wang, and Ming Ni

Subjects

Service (business), Service quality, 021103 operations research, General Computer Science, Computer science, Process (engineering), 020208 electrical & electronic engineering, 0211 other engineering and technologies, General Engineering, Cyber-physical system, Vulnerability, risk assessment, 02 engineering and technology, Attack mitigation, Electric power system, Risk analysis (engineering), Vulnerability assessment, cyber physical system security, 0202 electrical engineering, electronic engineering, information engineering, Cyber-attack, General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, Risk assessment, coordinated control, lcsh:TK1-9971

Abstract

With the developing cyber physical power systems and emerging threat of cyber-attacks, the traditional power services are faced with higher risks of being compromised, as vulnerabilities in cyber infrastructure can be exploited to cause physical damage. Therefore, adjustments need to be made in current control scheme design methods to mitigate the impact of potential attacks on service quality. In this paper, focusing on the service of coordinated source-load participation in primary frequency regulation, a vulnerability analysis is performed with modelling the attack intrusion process, and the risk assessment of the service is made by further modelling the attack impacts on the service's physical effects. On that basis, the traditional coordinated reserve allocation optimization model is modified and the allocation scheme is corrected according to the cyber-attack impacts. The proposed correction methods are validated through a case study, showing effectiveness in defending against the cyber-attack impacts.

Published

2019

18. Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking

Author

Jonker, Mattijs, Sperotto, Anna, Latré, Steven, Charalambides, Marinos, François, Jérôme, Schmitt, Corinna, and Stiller, Burkhard

Subjects

OpenFlow, Computer science, Software Defined Networking, Application layer DDoS attack, Denial-of-service attack, 02 engineering and technology, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Forwarding plane, IR-98390, EWI-26426, business.industry, Domain Name System, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, METIS-315011, 020206 networking & telecommunications, Attack mitigation, Border Gateway Protocol, DDoS attacks, 020201 artificial intelligence & image processing, The Internet, business, Software-defined networking, computer, Computer network

Abstract

Over the last years, Distributed Denial-of-Service (DDoS) attacks have become an increasing threat on the Internet, with recent attacks reaching traffic volumes of up to 500 Gbps. To make matters worse, web-based facilities that offer “DDoS-as-a-service” (i.e., Booters) allow for the layman to launch attacks in the order of tens of Gbps in exchange for only a few euros. A recent development in networking is the principle of Software Defined Networking (SDN), and related technologies such as OpenFlow. In SDN, the control plane and data plane of the network are decoupled. This has several advantages, such as centralized control over forwarding decisions, dynamic updating of forwarding rules, and easier and more flexible network configuration. Given these advantages, we expect SDN to be well-suited for DDoS attack mitigation. Typical mitigation solutions, however, are not built using SDN. In this paper we propose to design and to develop an OpenFlow-based mitigation architecture for DDoS attacks. The research involves looking at the applicability of OpenFlow, as well as studying existing solutions built on other technologies. The research is as yet in its beginning phase and will contribute towards a Ph.D. thesis after four years.

Published

2015

19. On the use of watermark-based schemes to detect cyber-physical attacks

Author

Jose Rubio-Hernan, Luca De Cicco, Joaquin Garcia-Alfaro, Réseaux, Systèmes, Services, Sécurité (R3S-SAMOVAR), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Département Réseaux et Services de Télécommunications (RST), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Centre National de la Recherche Scientifique (CNRS), and Politecnico di Bari

Subjects

0209 industrial biotechnology, lcsh:Computer engineering. Computer hardware, Network security, Computer science, Attack detection, lcsh:TK7885-7895, 02 engineering and technology, Watermarking, Asset (computer security), Computer security, computer.software_genre, lcsh:QA75.5-76.95, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 020901 industrial engineering & automation, Control theory, Cyber-physical attacks, 0202 electrical engineering, electronic engineering, information engineering, Adversary model, Networked-control system, Control system security, Cloud computing security, business.industry, Cyber-physical systems, Cyber-physical system, 020207 software engineering, Watermark, Computer security model, Computer Science Applications, Cyber-physical adversary, Attack mitigation, Critical infrastructures, Cyber-physical security, Security service, Signal Processing, lcsh:Electronic computers. Computer science, business, computer

Abstract

International audience; We address security issues in cyber-physical systems (CPSs). We focus on the detection of attacks against cyber-physical systems. Attacks against these systems shall be handled both in terms of safety and security. Networked-control technologies imposed by industrial standards already cover the safety dimension. However, from a security standpoint, using only cyber information to analyze the security of a cyber-physical system is not enough, since the physical malicious actions that can threaten the correct behavior of the systems are ignored. For this reason, the systems have to be protected from threats to their cyber and physical layers. Some authors have handled replay and integrity attacks using, for example, physical attestation to validate the cyber process and to detect the attacks, or watermark-based detectors which uses also physical parameters to ensure the cyber layers. We reexamine the effectiveness of a stationary watermark-based detector. We show that this approach only detects adversaries that do not attempt to get any knowledge about the system dynamics. We analyze the detection ratio of the original design under the presence of new adversaries that are able to infer the system dynamics and are able to evade the detector with high frequency. We propose a new detection scheme which employs several non-stationary watermarks. We validate the detection efficiency of the new strategy via numeric simulations and via running experiments on a laboratory testbed. Results show that the proposed strategy is able to detect adversaries using non-parametric methods, but it is not equally effective against adversaries using parametric identification methods

Published

2017

20. Revisiting a watermark-based detection scheme to handle cyber-physical attacks

Author

Jose Rubio-Hernan, Joaquin Garcia-Alfaro, Luca De Cicco, Département Réseaux et Services de Télécommunications (RST), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Centre National de la Recherche Scientifique (CNRS), Politecnico di Bari, Réseaux, Systèmes, Services, Sécurité (R3S-SAMOVAR), and Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)

Subjects

0209 industrial biotechnology, Authentication, Computer science, Attack detection, Cyber-physical system, 020206 networking & telecommunications, Watermark, 02 engineering and technology, Networked control system, Industrial control system, Adversary, Computer security, computer.software_genre, System model, Critical infrastructures, Attack mitigation, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 020901 industrial engineering & automation, Cyber-physical security, 0202 electrical engineering, electronic engineering, information engineering, Adversary model, computer

Abstract

International audience; We address detection of attacks against cyber-physical systems. Cyber-physical systems are industrial control systems upgraded with novel computing, communication and interconnection capabilities. In this paper we reexamine the security of a detection scheme proposed by Mo and Sinopoli (2009) and Mo et al. (2015). The approach complements the use of Kalman filters and linear quadratic regulators, by adding an authentication watermark signal for the detection of integrity attacks. We show that the approach only detects cyber adversaries, i.e., attackers with the ability to eavesdrop information from the system, but that do not attempt to acquire any knowledge about the system model itself. The detector fails at covering cyber-physical adversaries, i.e., attackers that, in addition to the capabilities of the cyber adversary, are also able to infer the system model to evade the detection. We discuss an enhanced scheme, based on a multi-watermark authentication signal, that properly detects the two adversary models

Published

2016

21. Detection and mitigation of signaling storms in mobile networks

Author

Erol Gelenbe, Gokce Gorbil, Omer H. Abdelrahman, and Commission of the European Communities

Subjects

Novel technique, Engineering, Technology, MODELS, Computer security, computer.software_genre, Signaling Storms, Malware, Computer Science, Theory & Methods, Server, Bandwidth (computing), Cloud server, Mobile Networks, Science & Technology, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Engineering, Electrical & Electronic, Signaling system, RANDOM NEURAL-NETWORKS, Computer Science, Telecommunications, business, computer, Mobile device, Attack Mitigation, Computer network

Abstract

Mobile Networks are subject to "signaling storms" launched by malware or apps, which overload the the bandwidth at the cell, the backbone signaling servers, and Cloud servers, and may also deplete the battery power of mobile devices. This paper reviews the subject and discusses a novel technique to detect and mitigate such signaling storms. Through a mathematical analysis we introduce a technique based on tracking time-out transitions in the signaling system that can substantially reduce both the number of misbehaving mobiles and the signaling overload in the backbone.

Published

2016

22. Economic Denial of Sustainability Mitigation in Cloud Computing

Author

Massimiliano Rak, Massimo Ficco, Ficco, M. , Rak, M., Cecilia Rossignoli, Mauro Gatti,e Rocco Agrifoglio, Ficco, Massimo, and Rak, Massimiliano

Subjects

economic denial of sustainability, Cloud security, service level agreement, economic denial of sustainability, intrusion prevention, attack mitigation, Cloud computing security, Cloud security, service level agreement, intrusion prevention, attack mitigation, business.industry, Denial-of-service attack, Cloud computing, Business model, Computer security, computer.software_genre, Service-level agreement, Elasticity (cloud computing), Self-service, The Internet, business, computer

Abstract

Cloud Computing is a large-set of resources and services offered through the Internet according to a on-demand self service model. In particular, the cloud elasticity allows customers to scale-up their applications in order to provide services to a larger number of end-users. The provided services are charged based on a pay-per-use business model. According to such a model, Distributed Denial of Service attacks can be transformed in a new breed of attacks, which target the cloud flexibility, in order to inflict fraudulent resource consumptions. In this paper, we proposed an approach to mitigate such new kind of threats in Cloud Computing, which have direct effects on the customer costs and not only on the service performance perceived by end-users.

Published

2015

23. Defending Vulnerable Security Protocols by Means of Attack Interference in Non-collaborative Scenarios

Author

Luca Viganò, Michele Peroli, and Maria Camilla Fiazza

Subjects

security protocols, Exploit, Computer Networks and Communications, Computer science, Security protocol analysis, Data_CODINGANDINFORMATIONTHEORY, Computer security, computer.software_genre, Interference (wave propagation), attacker personality, lcsh:QA75.5-76.95, Pre-play attack, Artificial Intelligence, Vulnerability (computing), attack interference, business.industry, Cryptographic protocol, 16. Peace & justice, Attack mitigation, Hardware and Architecture, ICT, non-collaborative attackers, lcsh:Electronic computers. Computer science, business, computer, Ciphertext-only attack, Software, Information Systems, Computer network

Abstract

In security protocol analysis, the traditional choice to consider a single Dolev–Yao attacker is supported by the fact that models with multiple collaborating Dolev–Yao attackers are reducible to models with one Dolev–Yao attacker. In this paper, we take a fundamentally different approach and investigate the case of multiple non-collaborating attackers. We formalize a framework for multi-attacker scenarios and show, through a detailed case study, that concurrent competitive attacks can interfere with each other. It is then possible to exploit interference to provide a form of defense to vulnerable protocols.

Published

2015

24. Efficient DHT attack mitigation through peers' ID distribution

Author

Isabelle Chrisment, Thibault Cholez, Olivier Festor, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), IEEE International Parallel & Distributed Processing Symposium, ANR-07-TCOM-0024,MAPE,Measurement and Analysis of Peer-to-peer Exchanges for paedocriminality fighting and traffic profiling(2007), MAPE, ANR-07-TLCOM-24,MAPE, ANR-07-TLCOM-24, Cholez, Thibault, and Télécommunications - Measurement and Analysis of Peer-to-peer Exchanges for paedocriminality fighting and traffic profiling - - MAPE2007 - ANR-07-TCOM-0024 - TCOM - VALID

Subjects

Routing protocol, DHT, Computer science, Sybil attack, 02 engineering and technology, Intrusion detection system, Computer security, computer.software_genre, Distributed hash table, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], attack mitigation, 0202 electrical engineering, electronic engineering, information engineering, Divergence (statistics), KAD, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Geometric distribution, Filter (video), IDs distribution, 020201 artificial intelligence & image processing, Routing (electronic design automation), business, computer, attack detection, Computer network

Abstract

International audience; We present a new solution to protect the widely deployed KAD DHT against localized attacks which can take control over DHT entries. We show through measurements that the IDs distribution of the best peers found after a lookup process follows a geometric distribution. We then use this result to detect DHT attacks by comparing real peers' ID distributions to the theoretical one thanks to the Kullback-Leibler divergence. When an attack is detected, we propose countermeasures that progressively remove suspicious peers from the list of possible contacts to provide a safe DHT access. Evaluations show that our method detects the most efficient attacks with a very small false-negative rate, while countermeasures successfully filter almost all malicious peers involved in an attack. Moreover, our solution completely fits the current design of the KAD network and introduces no network overhead.

Published

2010

25. Intrusion detection system for denial-of-service flooding attacks in SIP communication networks

Author

Sven Ehlert, Thomas Magedanz, Yacine Rebahi, and Publica

Subjects

Computer Networks and Communications, computer.internet_protocol, Computer science, IP Multimedia Subsystem, Denial-of-service attack, Intrusion detection system, IDS, Computer security, computer.software_genre, IP multimedia subsystem, law.invention, state machine, law, attack mitigation, Internet Protocol, Electrical and Electronic Engineering, DOS, Safety, Risk, Reliability and Quality, Session Initiation Protocol, Voice over IP, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, session initiation protocol, denial-of-service, voice over IP, security thread, Flooding (computer networking), VoIP, SIP, intrusion detection system, flooding attack, business, Communications protocol, computer, Computer network

Abstract

Security threats to Voice-over IP (VoIP) or IP Multimedia Subsystem (IMS) networks are becoming a major concern as their popularity increases. New attacks are being developed that directly target the underlying SIP protocol. To detect such kinds of attacks we are presenting a specification-based Intrusion Detection System (IDS) to recognise deviation from its expected protocol behaviour. We will present an implementation and show with measurements that this method is capable of attack detection and mitigation for different kinds of attacks directed towards a SIP infrastructure, with a focus on Denial-of-Service (DoS) message flooding.

Published

2009

26. Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version)

Author

Michele Peroli, Matteo Zavatteri, and Luca Viganò

Subjects

FOS: Computer and information sciences, Protocol (science), Computer Science - Cryptography and Security, Computer science, Inference, Cryptographic protocol, Computer security, computer.software_genre, Network topology, Security protocols, Task (project management), Attack mitigation, Attack interference, Software deployment, Defense, Security through obscurity, Graph (abstract data type), Topological advantage, Non-collaborative attackers, Cryptography and Security (cs.CR), computer

Abstract

Security protocols are often found to be flawed after their deployment. We present an approach that aims at the neutralization or mitigation of the attacks to flawed protocols: it avoids the complete dismissal of the interested protocol and allows honest agents to continue to use it until a corrected version is released. Our approach is based on the knowledge of the network topology, which we model as a graph, and on the consequent possibility of creating an interference to an ongoing attack of a Dolev-Yao attacker, by means of non-collaboration actuated by ad-hoc benign attackers that play the role of network guardians. Such guardians, positioned in strategical points of the network, have the task of monitoring the messages in transit and discovering at runtime, through particular types of inference, whether an attack is ongoing, interrupting the run of the protocol in the positive case. We study not only how but also where we can attempt to defend flawed security protocols: we investigate the different network topologies that make security protocol defense feasible and illustrate our approach by means of concrete examples., 29 pages