Your search keyword '"denial of service"' showing total 1,069 results

1. Cyber Security for Smart Transportation System

Author

Qamar, Roheen, Siraj, Saima, Zardari, Baqar Ali, Kacprzyk, Janusz, Series Editor, Prentkovskis, Olegas, Series Editor, and Khang, Alex, editor

Published

2025

2. Intrusion detection and prevention using Bayesian decision with fuzzy logic system.

Author

Sekar, Satheeshkumar, Parvathy, Palaniraj Rajidurai, Gupta, Gopal Kumar, Rajagopalan, Thiruvenkadachari, Basavaraddi, Chethan Chandra Subhash Chandra Basappa, Padmanaban, Kuppan, and Murugan, Subbiah

Subjects

FUZZY logic, FUZZY systems, DATA packeting, PROBLEM solving, ALGORITHMS, INTRUSION detection systems (Computer security)

Abstract

Nowadays, intrusion detection and prevention method has comprehended the notice to decrease the effect of intruders. Denial of service (DoS) is an attack that formulates malicious traffic is distributed into an exacting network device. These attackers absorb with a valid network device, the valid device will be compromised to insert malicious traffic. To solve these problems, the Bayesian decision model with a fuzzy logic system based on intrusion detection and prevention (BDFL) is introduced. This mechanism separates the DoS packets based on the type of validation, such as packet and flow validation. The BDFL mechanism uses a fuzzy logic system (FLS) for validating the data packets. Also, the key features of the algorithm are excerpted from data packets and categorized into normal, doubtful, and malicious. Furthermore, the Bayesian decision (BD) decide two queues as malicious and normal. The BDFL mechanism is experimental in a network simulator environment, and the operations are measures regarding DoS attacker detection ratio, delay, traffic load, and throughput. [ABSTRACT FROM AUTHOR]

Published

2025

3. Resilient adaptive event-triggered containment control of nonlinear multi-agent system under concurrent DoS attacks and disturbances.

Author

Mousavian, Mohammad and Atrianfar, Hajar

Subjects

*DENIAL of service attacks, *MULTIAGENT systems, *UNDIRECTED graphs, *NONLINEAR systems, *SYSTEM dynamics

Abstract

This paper presents a secure containment control problem of nonlinear Multi-Agent Systems (MASs) under aperiodic Denial of Service (DoS) attacks and external disturbances simultaneously. A novel adaptive neural network (NN)-based event-triggered control is considered that uses the nonlinear estimator to predict the state of other agents. Since data access is denied during DoS attacks, the overall system switches between two modes of stable and unstable containment behaviours. Therefore, the maximum of attack duration and frequency is determined such that the overall system evolution leads to containment convergence in the presence of DoS attacks. We proposed an adaptive NN-based distributed disturbance observer to estimate external disturbances in a nonlinear system's dynamics. The state estimator predicts neighbouring agents' states, and each agent's input and event times are determined without monitoring other agents. The directed graph topology is used to determine data exchange among agents instead of an undirected graph that reduces implementation conditions. Zeno-free behaviour is also proved by analysis of the system. Eventually, the numerical simulation of the proposed approach is shown. Abbreviations: DoS attacks, Containment control of multi-agent system [ABSTRACT FROM AUTHOR]

Published

2025

4. Future Directions for Secure IoT Frameworks: Insights from Blockchain-Based Solutions: A Comprehensive Review and Future Analysis.

Author

Batta, Priya, Ahuja, Sachin, and Kumar, Abhishek

Subjects

BLOCKCHAINS, DATA transmission systems, MACHINE learning, INTERNET of things, EVALUATION methodology, RSA algorithm

Abstract

The main aim of this research is to provide a methodical review of secure frameworks in IoT using blockchain technology. Because of its decentralized security and resistance to attacks, blockchain has emerged as a possible solution to the growing need for secure data transmission in IoT. The work also gives comprehensive look at several algorithms comprising FIEO, Consensus algorithm, RSA asymmetric key algorithm and hash algorithms; and relative frameworks like Ethereum, CoSMOS, Hyperledger Fabric, and RTS-DELM system model. The assessment and analysis were made with reference to the following parameters, which embraced the parametric evaluation of these methodologies. Aided by the analysis of various frameworks, the paper assesses opportunities and dimensions, and in doing so, covers new issues and solutions with analysis in detail. Additional recommendations for the enhancement of IoT devices on blockchain based quality and performance are also outlined. In sum, this research contributes towards the identification of secure frameworks using blockchain technology in IoT systems and provides valuable information regarding future opportunities in this kind of industry. [ABSTRACT FROM AUTHOR]

Published

2024

5. Secure interface architecture for the software defined system on wafer

Author

LI Peijie, SHEN Jianliang, GUO Wei, CAO Zhipeng, and MEI Bo

Subjects

software defined system on wafer, dynamic heterogeneous redundancy, hardware security, denial of service, endogenous safety and security, Telecommunication, TK5101-6720

Abstract

To address the lack of dynamic and heterologous characteristics for interconnect interface in software defined system on wafer, a dynamic heterologous redundancy secure interface (DHR-SI) architecture was proposed to maximize the reuse of functional logic. First, based on software defined interconnect technology, the heterogeneous characteristics were implemented in terms of circuit structure, transmission protocol, and message content. And then an arbitration scheduling mechanism was designed to achieve threat localization and dynamic reconfiguration. Finally, the architecture was validated and tested through a wafer scale chiplet. The experimental analysis shows that the proposed DHR-SI architecture has excellent threat detection, localization, and dynamic defense capabilities with limited overhead.

Published

2024

6. A Methodological Approach to Securing Cyber-Physical Systems for Critical Infrastructures.

Author

Calabrò, Antonello, Cambiaso, Enrico, Cheminod, Manuel, Bertolotti, Ivan Cibrario, Durante, Luca, Forestiero, Agostino, Lombardi, Flavio, Manco, Giuseppe, Marchetti, Eda, Orlando, Albina, and Papuzzo, Giuseppe

Subjects

INFORMATION technology, COMMUNICATION infrastructure, CYBER physical systems, INFRASTRUCTURE (Economics), DENIAL of service attacks

Abstract

Modern ICT infrastructures, i.e., cyber-physical systems and critical infrastructures relying on interconnected IT (Information Technology)- and OT (Operational Technology)-based components and (sub-)systems, raise complex challenges in tackling security and safety issues. Nowadays, many security controls and mechanisms have been made available and exploitable to solve specific security needs, but, when dealing with very complex and multifaceted heterogeneous systems, a methodology is needed on top of the selection of each security control that will allow the designer/maintainer to drive her/his choices to build and keep the system secure as a whole, leaving the choice of the security controls to the last step of the system design/development. This paper aims at providing a comprehensive methodological approach to design and preliminarily implement an Open Platform Architecture (OPA) to secure the cyber-physical systems of critical infrastructures. Here, the Open Platform Architecture (OPA) depicts how an already existing or under-design target system (TS) can be equipped with technologies that are modern or currently under development, to monitor and timely detect possibly dangerous situations and to react in an automatic way by putting in place suitable countermeasures. A multifaceted use case (UC) that is able to show the OPA, starting from the security and safety requirements to the fully designed system, will be developed step by step to show the feasibility and the effectiveness of the proposed methodology. [ABSTRACT FROM AUTHOR]

Published

2024

7. 面向软件定义晶上系统的安全互连接口架构.

Author

李沛杰, 沈剑良, 郭威, 曹志鹏, and 梅波

Abstract

Copyright of Journal on Communication / Tongxin Xuebao is the property of Journal on Communications Editorial Office and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

8. Security establishment using deep convolutional network model in cyber-physical systems.

Author

Meganathan, R., B, Manjunath, Anand, R., and Murugesh, V.

Subjects

RECURRENT neural networks, DENIAL of service attacks, CYBER physical systems, SUPPORT vector machines, DEEP learning, BOTNETS

Abstract

This study develops an active security control strategy for Cyber-Physical Systems (CPSs) that are subject to attacks known as Denial-of-Service (DoS), which can target both channels from the controller to the actuator and from the controller to the sensor. Due to attack cost restrictions, the linked channels are subject to a limit on the number of continuous DoS attacks. A proactive security control method is then developed to combat two-channel DoS attacks, depending on a method for identifying IoT intrusions. Using the CICIDS dataset for attack detection, we examined the effectiveness of the Deep Convolutional Network Model (DCNM), a suggested deep learning model. The addressed CPS can be asymptotically stable against DoS assaults under the security controller's active security control technique without sacrificing control performance. Recent tests and simulations show how effective the security control strategy is active. The proposed model gives better trade-off compared to existing approaches like Deep Belief Networks (DBN), Recurrent Neural Networks (RNN), Support Vector Machines (SVM), Supervised Neural Networks (SNN) and Feed Forward Neural Networks (FNN). The proposed model gives 99.3%, 99.5%, 99.5%, 99.6%, 99%, 98.9%, 99% accuracy with normal attack detection, botnet attack detection, Brute force attack detection, DoS attack detection, Infiltration attack detection, Portscan attack detection and web attack detection respectively. [ABSTRACT FROM AUTHOR]

Published

2024

9. Detection and Mitigation of Denial of Service Attacks in Internet of Things Networks.

Author

Sanlı, Mustafa

Subjects

*DENIAL of service attacks, *INTERNET of things, *FIELD programmable gate arrays, *NETWORK routers, *COMPUTER network security

Abstract

The increasing number of sensors and Internet of Things (IoT) devices have made the Denial of Service (DoS) attacks in IoT networks a significant security threat. The inherent characteristics of IoT networks such as the large number of end nodes, the heterogeneous nature of IoT networks, resource limitations in routers, and the multiplicity of application areas in daily life, make the investigation of attacks in these networks a major and important research problem. This paper presents a new approach for detecting and mitigating DoS attacks in IoT networks. The proposed approach is implemented on an Field Programmable Gate Array (FPGA)-based platform and tested for performance against different types of DoS attacks. The approach can respond quickly to attacks specific to IoT networks and can be easily implemented on hardware with low resource requirements. [ABSTRACT FROM AUTHOR]

Published

2024

10. Internet of Things Enabled DDoS Attack Detection Using Pigeon Inspired Optimization Algorithm with Deep Learning Approach.

Author

Alghamdi, Turki Ali and Alotaibi, Saud S.

Subjects

OPTIMIZATION algorithms, MACHINE learning, RECURRENT neural networks, DENIAL of service attacks, FEATURE selection, DEEP learning

Abstract

Internet of Things (IoTs) provides better solutions in various fields, namely healthcare, smart transportation, home, etc. Recognizing Denial of Service (DoS) outbreaks in IoT platforms is significant in certifying the accessibility and integrity of IoT systems. Deep learning (DL) models outperform in detecting complex, non-linear relationships, allowing them to effectually severe slight deviations from normal IoT activities that may designate a DoS outbreak. The uninterrupted observation and real-time detection actions of DL participate in accurate and rapid detection, permitting proactive reduction events to be executed, hence securing the IoT network's safety and functionality. Subsequently, this study presents pigeon-inspired optimization with a DL-based attack detection and classification (PIODL-ADC) approach in an IoT environment. The PIODL-ADC approach implements a hyperparameter-tuned DL method for Distributed Denial-of-Service (DDoS) attack detection in an IoT platform. Initially, the PIODL-ADC model utilizes Z-score normalization to scale input data into a uniform format. For handling the convolutional and adaptive behaviors of IoT, the PIODL-ADC model employs the pigeon-inspired optimization (PIO) method for feature selection to detect the related features, considerably enhancing the recognition's accuracy. Also, the Elman Recurrent Neural Network (ERNN) model is utilized to recognize and classify DDoS attacks. Moreover, reptile search algorithm (RSA) based hyperparameter tuning is employed to improve the precision and robustness of the ERNN method. A series of investigational validations is made to ensure the accomplishment of the PIODL-ADC method. The experimental outcome exhibited that the PIODL-ADC method shows greater accomplishment when related to existing models, with a maximum accuracy of 99.81%. [ABSTRACT FROM AUTHOR]

Published

2024

11. Denial of Service Attack Prevention and Mitigation for Secure Access in IoT GPS-based Intelligent Transportation Systems.

Author

Andreica, Gheorghe Romeo, Tabacar, George Lucian, Zinca, Daniel, Ivanciu, Iustin Alexandru, and Dobrota, Virgil

Subjects

DENIAL of service attacks, CYBERTERRORISM, INTELLIGENT transportation systems, GPS receivers, INTERNET of things

Abstract

The widespread use of GPS tracking devices has made them an indispensable solution in various sectors such as transportation, logistics, and security. However, the complexity of cyber attacks such as denial of service (DoS) attacks have made these devices vulnerable, thereby compromising the security of the data and devices. This has a significant impact on business and applicable legislation related to essential services. In this paper, we propose the integration of security mechanisms and algorithms into the Teltonika IoT GPS tracking device's firmware, including DoS protection to detect, prevent, and secure these devices against DoS cyber attacks. [ABSTRACT FROM AUTHOR]

Published

2024

12. DeepLG SecNet: utilizing deep LSTM and GRU with secure network for enhanced intrusion detection in IoT environments.

Author

Nanjappan, Manikandan, Pradeep, K., Natesan, Gobalakrishnan, Samydurai, A., and Premalatha, G.

Subjects

*CYBERTERRORISM, *INDUSTRIAL robots, *SMART cities, *SECURITY systems, *INDUSTRIALISM

Abstract

The rapid proliferation of the Internet of Things (IoT) has led to a significant surge in interconnected devices across diverse domains, ranging from smart homes and healthcare systems to industrial automation and smart cities. However, this exponential growth has exposed IoT devices to a plethora of cyber threats, including illegal access, data breaches, and malicious attacks, primarily due to their inherent limitations in terms of network capabilities, computational power, and memory. To combat these security challenges and ensure the safety of IoT ecosystems, the development of effective intrusion detection systems has become imperative. Such systems play a crucial role in detecting and preventing unauthorized activities within IoT networks. In this context, this article presents a pioneering approach called DeepLG SecNet, which leverages a combination of deep learning techniques, including Long Short-Term Memory (LSTM), gated Secure Network (SecNet), and Crossover Chaos Game Optimization (CCGO), to fortify IoT devices against unauthorized access and potential threats. To validate the efficacy of the proposed DeepLG SecNet method, various samples were collected from the BoT-IoT dataset and the NSL-KDD dataset. Performance evaluation was conducted using essential metrics to assess the model's detection capabilities in an IoT intrusion context. The experimental analysis yielded promising results, highlighting the effectiveness of the DeepLG SecNet method in intrusion detection for IoT environments. Specifically, DeepLG SecNet outperformed existing methods, demonstrating higher accuracy, precision, recall, and F1 score in safeguarding IoT systems from potential security breaches. [ABSTRACT FROM AUTHOR]

Published

2024

13. Detecting DoS Attacks through Synthetic User Behavior with Long Short-Term Memory Network.

Author

Nędza, Patrycja and Domżał, Jerzy

Subjects

*DENIAL of service attacks, *TELEMETRY

Abstract

With the escalation in the size and complexity of modern Denial of Service attacks, there is a need for research in the context of Machine Learning (ML) used in attack execution and defense against such attacks. This paper investigates the potential use of ML in generating behavioral telemetry data using Long Short-Term Memory network and spoofing requests for the analyzed traffic to look legitimate. For this research, a custom testing environment was built that listens for mouse and keyboard events and analyzes them accordingly. While the economic feasibility of this attack currently limits its immediate threat, advancements in technology could make it more cost-effective for attackers in the future. Therefore, proactive development of countermeasures remains essential to mitigate potential risks and stay ahead of evolving attack methods. [ABSTRACT FROM AUTHOR]

Published

2024

14. Simulation of DOS Attacks Mitigation in Software Defined Network Architecture using Load Balancing Algorithm.

Author

Wijaya, Chandra, Wiryasaputra, Rita, Wang, I-Jan, Wu, Ruey-Chyi, and Yang, Chao-Tung

Subjects

*SOFTWARE-defined networking, *COMPUTER networks, *DENIAL of service attacks, *INFORMATION & communication technologies, *TELECOMMUNICATION systems, *OPENFLOW (Computer network protocol)

Abstract

This research investigates the revolutionary influence of Software Defined Networks (SDNs) on traditional network architectures, focusing particularly on their role in mitigating Denial of Service (DoS) attacks. Conventional network setups involve intermediary devices managing both control and data planes, directing network packets. SDNs, however, centralize control functions onto dedicated controllers, effectively segregating control and data planes within network devices. DDoS attacks, orchestrated by distributed networks of compromised computers, aim to disrupt network resources, resulting in abnormal behavior and system incapacitation. This study employs network simulation utilizing SDN technology to evaluate parameters such as CPU load, traffic distribution, and server connections during DoS attacks. The findings suggest that leveraging the SDN Controller for load balancing can enhance the reliability of networks facing DoS attacks. Increased server deployment for managing the attack correlates with reduced packet losses, thus improving the overall reliability of the service provided. [ABSTRACT FROM AUTHOR]

Published

2024

15. Understanding and Classifying Permanent Denial-of-Service Attacks.

Author

Abaimov, Stanislav

Subjects

DENIAL of service attacks, INTERNET security, KNOWLEDGE gap theory, COMPUTER firmware, CYBERTERRORISM

Abstract

In the evolving landscape of cybersecurity threats, permanent denial-of-service (PDoS) attacks have emerged as a particularly damaging form of cyber aggression. Unlike the more well-known denial-of-service (DoS) attacks, which disrupt services temporarily, PDoS attacks aim to inflict irreversible damage to systems, often resulting in significant system overhauls and requiring hardware replacement. To enable the development of effective security measures, but also to address the knowledge gaps, this paper presents an in-depth exploration of PDoS attacks, emphasizing their distinguishing characteristics, underlying mechanisms, and potential further development. Through a comprehensive case study, this research highlights diverse tactics and strategies employed by attackers, from targeting IoT devices to manipulating boot processes and exploiting firmware vulnerabilities. A novel classification of PDoS attack vectors is proposed that also explains the ways in which the systems can be compromised. The findings confirm the pressing need for adaptive and robust defense mechanisms to mitigate the threats posed by PDoS attacks in our interconnected digital world. [ABSTRACT FROM AUTHOR]

Published

2024

16. Predicting DoS-Probe-R2L-U2R Intrusions in Wireless Sensor Networks Using an Ensemble Deep Learning Model

Author

Nzenwata, Uchenna Jeremiah, Eluwa, Jumoke, Olugbohungbe, Rotimi Rufus, Oriyomi, Haruna Ismail, Johnson, Himikaiye, Uchendu, Frank, Kacprzyk, Janusz, Series Editor, Dorigo, Marco, Editorial Board Member, Engelbrecht, Andries, Editorial Board Member, Kreinovich, Vladik, Editorial Board Member, Morabito, Francesco Carlo, Editorial Board Member, Slowinski, Roman, Editorial Board Member, Wang, Yingxu, Editorial Board Member, Jin, Yaochu, Editorial Board Member, Rivera, Gilberto, editor, Pedrycz, Witold, editor, Moreno-Garcia, Juan, editor, and Sánchez-Solís, J. Patricia, editor

Published

2024

17. Intrusion Detection System Utilizing Machine Learning Classifier Algorithms and Linear Discriminative Analysis

Author

Madhavi, S., Gowthami, Batchu, Gopi, Gollapudi, Pushpini, Guttikonda, Vidhya, Banavath Sri, Jyothi, Veerapaneni Esther, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Goar, Vishal, editor, Kuri, Manoj, editor, Kumar, Rajesh, editor, and Senjyu, Tomonobu, editor

Published

2024

18. An Improved Detection System Using Genetic Algorithm and Decision Tree

Author

Harshadh, Samudrala, Reddy, Mallu Vijay Kiran, Suresh, A., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, E. Balas, Valentina, editor, Prakash, Kolla Bhanu, editor, and Varma, G. P. Saradhi, editor

Published

2024

19. Misdirection Attack in Wireless Sensor Network Using Threshold Method

Author

Sharma, Swedika, Bharti, Vishal, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Abraham, Ajith, editor, Pllana, Sabri, editor, Hanne, Thomas, editor, and Siarry, Patrick, editor

Published

2024

20. A Study on Smart Contract Security Vulnerabilities

Author

Bhajanka, Vaibhav, Pradhan, Nitisha, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Das, Prodipto, editor, Begum, Shahin Ara, editor, and Buyya, Rajkumar, editor

Published

2024

21. A Survey on Anomaly Detection in Network with ML Techniques

Author

Karthika, L., Gunasundari, S., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Kumar, Sandeep, editor, Balachandran, K., editor, Kim, Joong Hoon, editor, and Bansal, Jagdish Chand, editor

Published

2024

22. Performance Evaluation of Machine Learning Models for Intrusion Detection in Wireless Sensor Networks: A Case Study Using the WSN DS Dataset

Author

Rana, Aryan, Prajapat, Sunil, Kumar, Pankaj, Kumar, Kranti, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Verma, Om Prakash, editor, Wang, Lipo, editor, Kumar, Rajesh, editor, and Yadav, Anupam, editor

Published

2024

23. On the Use of Low-Cost IoT Devices to Perpetrate Slow DoS Attacks

Author

Cambiaso, Enrico, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Yang, Xin-She, editor, Sherratt, R. Simon, editor, Dey, Nilanjan, editor, and Joshi, Amit, editor

Published

2024

24. Understanding and Classifying Permanent Denial-of-Service Attacks

Author

Stanislav Abaimov

Subjects

cyber attack, denial of service, exploit, Technology (General), T1-995

Abstract

In the evolving landscape of cybersecurity threats, permanent denial-of-service (PDoS) attacks have emerged as a particularly damaging form of cyber aggression. Unlike the more well-known denial-of-service (DoS) attacks, which disrupt services temporarily, PDoS attacks aim to inflict irreversible damage to systems, often resulting in significant system overhauls and requiring hardware replacement. To enable the development of effective security measures, but also to address the knowledge gaps, this paper presents an in-depth exploration of PDoS attacks, emphasizing their distinguishing characteristics, underlying mechanisms, and potential further development. Through a comprehensive case study, this research highlights diverse tactics and strategies employed by attackers, from targeting IoT devices to manipulating boot processes and exploiting firmware vulnerabilities. A novel classification of PDoS attack vectors is proposed that also explains the ways in which the systems can be compromised. The findings confirm the pressing need for adaptive and robust defense mechanisms to mitigate the threats posed by PDoS attacks in our interconnected digital world.

Published

2024

25. Demoralizing Markets: Vendor Conscience and Impersonalism

Author

Peacock, Mark

Published

2024

26. Securing the Fog Computing Environment and Enhancing Resource Allocation.

Author

Harikrishna, P. and Kaviarasan, R.

Subjects

DENIAL of service attacks, VIRTUAL machine systems, RESOURCE allocation, GAME theory

Abstract

Ever since the advent of computers, the burden of human beings has reduced drastically. But even computers were resource constraint, so cloud computing was born. Cloud computing made sure that the computing resources are properly utilized or there is no underutilization of resources. To make cloud computing much more efficient as well as to eradicate its disadvantages Fog computing was born. The fog computing suffers in allocating resource to the Virtual Machines and the VMs becomes overloaded on many occasions. The Fog also faces threats with respect to Operating Systems like Denial of Service as different Virtual Machine uses different operating system. Many approaches have concentrated on either allocating the resource or securing the Fog network. This paper proposes a novel approach for allocating resources in the Virtual Machines and also proposes a Game Theoretic Approach to mitigate Distributed Denial of Service attack. Game theory provides numerous advantages, such as the ability to predict attacks, make strategic decisions, allocate resources optimally, develop adaptive defense plans, analyze behavior, assess risks, and engage in collaborative defense. The analysis aids in comprehending the dynamics between attackers and defenders, facilitating enhanced allocation of resources and empowering defenders to proactively predict and address alterations in attacker conduct. Based on the merits of Game theoretic approach the proposed Game theory in Fog Computing based Workflow scheduling Algorithm has been designed which has an improved detection accuracy of 44% when compared with its peer compared methods Fuzzy and Taylor-Elephant Herd Optimization, Privacy Identifier forming-Sequence Integrity Data Algorithm, Defender Attacker Security Game Model, Deep Learning-based Distributed Denial of Service has acquired detection accuracy of 34, 30, 22 and 15% respectively which are considerably lesser than the proposed method. [ABSTRACT FROM AUTHOR]

Published

2024

27. Successful intrusion detection with a single deep autoencoder: theory and practice.

Author

Catillo, Marta, Pecchia, Antonio, and Villano, Umberto

Subjects

INTRUSION detection systems (Computer security), PATTERN recognition systems, COMPUTER security, FEATURE selection, MACHINE learning, THEORY-practice relationship

Abstract

Intrusion detection is a key topic in computer security. Due to the ever-increasing number of network attacks, several accurate anomaly-based techniques have been proposed for intrusion detection, wherein pattern recognition through machine learning techniques is typically used. Many proposals rely on the use of autoencoders, due to their capability to analyze complex, high-dimensional, and large-scale data. They capitalize on composite architectures and accurate learning approaches, possibly in combination with sophisticated feature selection techniques. However, due to their high complexity and lack of transferability of the impressive intrusion detection results, they are hardly ever used in production environments. This paper is developed around the intuition that complexity is not necessarily justified because a single autoencoder is enough to obtain similar, if not better, intrusion detection results compared to related proposals. The wide study presented here addresses the effect of the seed, a deep investigation on the training loss, and feature selection across the use of different hardware platforms. The best practices presented, regarding set-up and training, threshold setting, and possible use of feature selection techniques for performance improvement, can be valuable for any future work on the use of autoencoders for successful intrusion detection purposes. [ABSTRACT FROM AUTHOR]

Published

2024

28. A Denial-of-Service Attack Based on Selfish Mining and Sybil Attack in Blockchain Systems

Author

Jing Zhang, Chunming Zha, Qingbin Zhang, and Shaohua Ma

Subjects

Blockchain, mining attack, selfish mining, Sybil attack, denial of service, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In the field of blockchain security research, especially regarding the core Proof of Work (PoW) consensus mechanism, researchers continue to reveal novel methods of mining attacks. Recently, Wang et al. demonstrated an innovative attack mode: the Selfish Mining-based denial of service (SDoS) attack, revealing how this attack strategy introduces a new threat to the blockchain system through the selfish mining strategy. Expanding upon Wang et al.’s findings, our research refines the mining strategy by integrating the strategy of Equal-Fork Stubborn Mining, a more sophisticated variant of selfish mining that can significantly enhance the attacker’s advantage under certain network conditions. Furthermore, we combine this refined strategy with a Sybil attack aimed at disrupting the normal propagation and confirmation processes of blocks within the blockchain system, effectively reducing the income of honest miners. Therefore, we propose a new mining attack – a denial of service (SSDoS) attack based on selfish mining and sybil attack. Our experimental results indicate that compared to other known mining attacks, the implementation of the SSDoS attack by an attacker drastically reduces the willingness of honest miners to continue their mining activities, leading to a significantly lower level of participation. For an honest miner controlling 10% of the total computational power, the portion of the critical profitability factor calculated in SSDoS that is higher than the one calculated in SDoS accounts for about 25%.

Published

2024

29. An approach for DoS attack detection in cloud computing using sine cosine anti coronavirus optimized deep maxout network

Author

Boopathi, Mythili, Chavan, Meena, J., Jeneetha Jebanazer, and Kumar, Sanjay Nakharu Prasad

Published

2023

30. A Methodological Approach to Securing Cyber-Physical Systems for Critical Infrastructures

Author

Antonello Calabrò, Enrico Cambiaso, Manuel Cheminod, Ivan Cibrario Bertolotti, Luca Durante, Agostino Forestiero, Flavio Lombardi, Giuseppe Manco, Eda Marchetti, Albina Orlando, and Giuseppe Papuzzo

Subjects

cybersecurity, monitoring, firewalling, rule distribution, slow DoS attack, denial of service, Information technology, T58.5-58.64

Abstract

Modern ICT infrastructures, i.e., cyber-physical systems and critical infrastructures relying on interconnected IT (Information Technology)- and OT (Operational Technology)-based components and (sub-)systems, raise complex challenges in tackling security and safety issues. Nowadays, many security controls and mechanisms have been made available and exploitable to solve specific security needs, but, when dealing with very complex and multifaceted heterogeneous systems, a methodology is needed on top of the selection of each security control that will allow the designer/maintainer to drive her/his choices to build and keep the system secure as a whole, leaving the choice of the security controls to the last step of the system design/development. This paper aims at providing a comprehensive methodological approach to design and preliminarily implement an Open Platform Architecture (OPA) to secure the cyber-physical systems of critical infrastructures. Here, the Open Platform Architecture (OPA) depicts how an already existing or under-design target system (TS) can be equipped with technologies that are modern or currently under development, to monitor and timely detect possibly dangerous situations and to react in an automatic way by putting in place suitable countermeasures. A multifaceted use case (UC) that is able to show the OPA, starting from the security and safety requirements to the fully designed system, will be developed step by step to show the feasibility and the effectiveness of the proposed methodology.

Published

2024

31. Exploring the effect of training-time randomness on the performance of deep neural networks for intrusion detection.

Author

Catillo, Marta, Pecchia, Antonio, and Villano, Umberto

Subjects

*ARTIFICIAL neural networks, *SUPERVISED learning, *DEEP learning, *INTRUSION detection systems (Computer security), *SELECTION (Plant breeding), *SEED yield, *MACHINE learning

Abstract

The number of papers on machine learning and deep neural networks applied to intrusion detection systems (IDS) is ever-increasing. Differently from existing work on the topic, this paper explores the effect of training-time randomness of deep neural networks, which is overlooked by the related literature. Training-time randomness is regulated by the seed of the pseudorandom number generator, and affects the performance of IDS models. The seed selection is studied in conjunction with other critical learning parameters: to the best of our knowledge, there are no similar studies in IDS. The experiments are done with a recent and widely consolidated intrusion detection benchmark, which is used to train and test a neural network under different combinations of seeds and parameters both in supervised and semi-supervised learning modes. The results are inferred by a mixture of explorative analysis, design of experiments, and analysis of variance. According to the results, the choice of the seed yields either excellent or scarce detection metrics; more importantly, the seed selection might be as relevant as the other major learning parameters assessed. [ABSTRACT FROM AUTHOR]

Published

2024

32. 列车控制系统的抗拒绝服务攻击弹性控制策略.

Author

高 兵 and 步 兵

Abstract

Copyright of Control Theory & Applications / Kongzhi Lilun Yu Yinyong is the property of Editorial Department of Control Theory & Applications and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

33. Build–Launch–Consolidate Framework and Toolkit for Impact Analysis on Wireless Sensor Networks.

Author

Alghofaili, Rakan, Albinali, Hussah, and Azzedin, Farag

Subjects

WIRELESS sensor networks, DENIAL of service attacks, INTERNET of things, RESEARCH personnel

Abstract

The Internet of Things (IoT) and wireless sensor networks (WSNs) utilize their connectivity to enable solutions supporting a spectrum of industries in different and volatile environments. To effectively enhance the security and quality of the service of networks, empirical research should consider a variety of factors and be reproducible. This will not only ensure scalability but also enable the verification of conclusions, leading to more reliable solutions. Cooja offers limited performance analysis capabilities of simulations, which are often extracted and calculated manually. In this paper, we introduce the Build–Launch–Consolidate (BLC) framework and a toolkit that enable researchers to conduct structured and conclusive experiments considering different factors and metrics, experiment design, and results analysis. Furthermore, the toolkit analyzes diverse network metrics across various scenarios. As a proof of concept, this paper studies the flooding attacks on the IoT and illustrates their impact on the network, utilizing the BLC framework and toolkit. [ABSTRACT FROM AUTHOR]

Published

2024

34. Ethical and Legal Considerations in Balancing Mental Health of Sexual and Gender Minority Students and Parental Consent.

Author

Chen, Chun, Nadler, Robby, Sharkey, Jill D., and Yang, Chunyan

Subjects

*SEXUAL minorities, *SEXUAL consent, *MINORITY students, *MENTAL health, *SCHOOL psychologists

Abstract

Navigating the development of attraction ad identity can be particularly stressful for sexual/gender minority (SGM) students—particularly as multiple states have passed legislation targeting SGM rights and culture. School psychologists can mitigate such stress through effective counseling when consent is granted for service provision, but parents who are unsupportive or non-affirming can revoke consent to their child's counseling services at school. Legally and professionally, this creates conflicting responsibilities for school psychologists, who must engage families' legal wishes without compromising students' rights to privacy and well-being. Therefore, to address the legal and ethical challenges of this situation, we present a scenario embedded within a structured seven-step ethical decision-making model. We conclude that while it may not always be possible to support SGM students as desired, there exists practices that can strengthen school psychologists' work with SGM students. [ABSTRACT FROM AUTHOR]

Published

2024

35. Movement Mode Harmony Search Based Multi-objective Firefly Algorithm Feature Selection for Detecting the Security Threats in Virtual Machine.

Author

Kumar, Adalagere Nemirajaiah Naveen, Mallegowda, Madigahalli, Mohan, Atur Venkateshmurthy Krishna, Shreenath, Kannughatta Narasimhamurthy, and Raju, Channa Krishna

Subjects

VIRTUAL machine systems, DIFFERENTIAL evolution, METAHEURISTIC algorithms, FEATURE selection, ALGORITHMS, SERVER farms (Computer network management)

Abstract

The energy-efficient and secure allocation of virtual machines (VMs) plays an important role at the data center. As cloud computing continues to expand rapidly and the number of cloud users increases day by day, the issue of high energy consumption in complex cloud data centers has become a significant concern. To address this challenge, the consolidation of virtual machines (VMs) emerges as a crucial strategy for optimizing cloud resources efficiently. In this study, a novel security evaluation method is proposed to assist the model available for the virtualized system. A multi-objective model-based firefly algorithm (FA) and harmony search (HS) algorithm are used for the system configuration in VM migration is proposed to measure the security threats such as denial of service (DoS), distributed denial of service (DDoS) and Man-in-the-middle attack. The proposed method also decreases the power consumption, network usage and resource wastage in virtual machines. The proposed algorithm achieves better results compared to other existing methods by utilizing the number of virtual machine blocks with cost migration. The experimental results shows that the proposed FA+HS delivers the performance metrics such as makespan, execution cost and resource utilization and achieved at the 1000VMS of 950, 0.001 and 62 respectively, which ensures the better results compared with the existing methods such as whale optimization genetic algorithm (WOGA), multi-objective whale optimization algorithm-based differential evolution (M-WODE) and joint task scheduling and virtual machine placement (JTSVMP). [ABSTRACT FROM AUTHOR]

Published

2024

36. Effective network intrusion detection using stacking-based ensemble approach.

Author

Ali, Muhammad, Haque, Mansoor-ul-, Durad, Muhammad Hanif, Usman, Anila, Mohsin, Syed Muhammad, Mujlid, Hana, and Maple, Carsten

Subjects

*INTRUSION detection systems (Computer security), *COMPUTER network traffic, *FEATURE extraction, *MACHINE learning

Abstract

The increasing demand for communication between networked devices connected either through an intranet or the internet increases the need for a reliable and accurate network defense mechanism. Network intrusion detection systems (NIDSs), which are used to detect malicious or anomalous network traffic, are an integral part of network defense. This research aims to address some of the issues faced by anomaly-based network intrusion detection systems. In this research, we first identify some limitations of the legacy NIDS datasets, including a recent CICIDS2017 dataset, which lead us to develop our novel dataset, CIPMAIDS2023-1. Then, we propose a stacking-based ensemble approach that outperforms the overall state of the art for NIDS. Various attack scenarios were implemented along with benign user traffic on the network topology created using graphical network simulator-3 (GNS-3). Key flow features are extracted using cicflowmeter for each attack and are evaluated to analyze their behavior. Several different machine learning approaches are applied to the features extracted from the traffic data, and their performance is compared. The results show that the stacking-based ensemble approach is the most promising and achieves the highest weighted F1-score of 98.24%. [ABSTRACT FROM AUTHOR]

Published

2023

37. Ethereum Smart Home for Denial of Service and Single Point of Failure.

Author

Syahputra, Bernawan Ikhsan, Marlena, Desi, Priambodo, Dimas Febriyan, and Arizal

Subjects

SMART homes, DENIAL of service attacks, BLOCKCHAINS, INTERNET of things, DIGITAL technology, BLUEGRASSES (Plants)

Abstract

Blockchain is a digital transaction technology adopting the peer-to-peer concept. The implementation of blockchain on Internet of Things (IoT) aims to secure the possibility of potential attacks against devices or transactions taking place on the IoT system. At practical levels, blockchain uses smart contracts to automate programs according to predetermined terms and conditions. This research is aimed at implementing an ethereumbased smart home Smart Contract by modifying the device components, dashboards, and consensus used in Xu et al.'s research. The consensus modification was performed by using Proof of Authority (PoA) aiming to improve block verification performance on the system. The Denial of Service (DoS) attacks and Single Point of Failure (SpoF) vulnerability were performed to evaluate the proposed system. The evaluation was performed with TCP Flood Attack, with request packets of 81,519 packets on port 8545 and ICMP Floods by sending 11,481,703 PING packets. The attack caused some application services running on the Ethereum Node 3 to stop, but did not stop the geth application. As for the Single Point of Failure (SPoF) vulnerability, the Ethereum network is still running and there were no obstacles in the mining process or block verification. [ABSTRACT FROM AUTHOR]

Published

2023

38. The Impact of ICMP Attacks in Software-Defined Network Environments

Author

Purohit, Kamlesh Chandra, Anand Kumar, M., Saxena, Archita, Mittal, Arpit, Xhafa, Fatos, Series Editor, Chaki, Nabendu, editor, Devarakonda, Nagaraju, editor, and Cortesi, Agostino, editor

Published

2023

39. Trust Monitoring in a Cyber-Physical System for Security Analysis Based on Distributed Computing

Author

Basan, Elena, Lapina, Maria, Lesnikov, Alexander, Basyuk, Anatoly, Mogilny, Anton, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Alikhanov, Anatoly, editor, Lyakhov, Pavel, editor, and Samoylenko, Irina, editor

Published

2023

40. Physical Layer Parameters for Jamming Attack Detection in VANETs: A Long Short Term Memory Approach

Author

El Jakani, Yassin, Boulouz, Abdellah, El Hachemy, Said, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Aboutabit, Noureddine, editor, Lazaar, Mohamed, editor, and Hafidi, Imad, editor

Published

2023

41. Hiatus: Unsupervised Generative Approach for Detection of DoS and DDoS Attacks

Author

Muneeswaran, Sivaanandh, Sachidananda, Vinay, Patil, Rajendra, Peng, Hongyi, Liu, Mingchang, Gurusamy, Mohan, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Li, Fengjun, editor, Liang, Kaitai, editor, Lin, Zhiqiang, editor, and Katsikas, Sokratis K., editor

Published

2023

42. IoT Security Using Machine Learning Techniques

Author

Ganesh Babu, R., Markkandan, S., Vinotha, V., Priyadarshini, S., Kaviya, V., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Maurya, Sudhanshu, editor, Peddoju, Sateesh K., editor, Ahmad, Badlishah, editor, and Chihi, Ines, editor

Published

2023

43. Visual Studio Vulnerabilities and Its Secure Software Development

Author

Verma, Tanu, Ghablani, Yukti, Khurana, Mehak, Bansal, Jagdish Chand, Series Editor, Deep, Kusum, Series Editor, Nagar, Atulya K., Series Editor, Goyal, Dinesh, editor, Kumar, Anil, editor, Piuri, Vincenzo, editor, and Paprzycki, Marcin, editor

Published

2023

44. Intrusion detection in big data environment using hybrid deep learning algorithm (VAE-CNN).

Author

Gokila, R.G. and Kannan, S.

Subjects

*MACHINE learning, *BOOSTING algorithms, *DEEP learning, *CONVOLUTIONAL neural networks, *BIG data, *K-nearest neighbor classification, *NETWORK performance

Abstract

In the internet era, billions of devices are connected to the network generates large volume of data and the generation rate increases exponentially every day. As the data increases, the chances for cyber attackers to exploit the data increases which results into numerous security threats to organizations and network. Fast and accurate detection of attacks in big data environment is difficult due to its volume and variety and velocity. Over a decade, numerous attack detection systems are developed using machine learning. However, most of the traditional detection systems cannot recognize the attack types specifically which reduces the detection performances and network performances. Thus, the intrusion detection model presented in this research which incorporates deep variational auto-encoder and convolutional neural network to detect intrusions. Experimentations using benchmark dataset validated the proposed model better performances over existing machine learning techniques like logistic regression, random forest, extreme gradient boosting, k-nearest neighbor, and self-scalable heuristic artificial neural network algorithms using accuracy, recall, precision, and F1-score. The proposed model outperforms with a maximum precision of 97.48%, Recall of 99.52%, F1-score of 98.49% and accuracy of 98.65% over conventional intrusion detection algorithms. [ABSTRACT FROM AUTHOR]

Published

2023

45. A Wrapper Feature Selection Based Hybrid Deep Learning Model for DDoS Detection in a Network with NFV Behaviors.

Author

Tikhe, Gajanan Nanaji and Patheja, Pushpinder Singh

Subjects

DEEP learning, FEATURE selection, DENIAL of service attacks, RECEIVER operating characteristic curves, WRAPPERS, OPTIMIZATION algorithms

Abstract

Network function virtualization (NFV) is a rapidly growing technology that permits network operators to issue their virtualized network functions (VNFs) with cheaper commodity servers. There are various VNFs, namely firewalls, switches, and virtual routers. However, detecting denial of service (DDoS) attacked VNFs is challenging as VNF behaviors are complicated and dynamic due to network traffic in the cloud. Therefore, the proposed work implemented an intrusion detection system (IDS) to detect DDoS attacks in the network. The proposed IDS is named a wrapper feature selection-based hybrid deep learning model (WF-HDL). The DDoS detection model undergoes three stages: pre-processing, feature selection, and detection. The pre-processing is achieved by the z-score normalization technique, followed by a wrapper-based feature selection achieved using the Pelican optimization algorithm (POA). Finally, the DDoS attacks are detected using deep auto-encoder-convolutional gated recurrent unit (DAE-CGRU). The proposed model detected the network's normal and attacked VNF behaviors more accurately. It can train different kinds of VNF behaviour models. In the proposed work, two VNF models, a virtual firewall and a virtual router are trained using a CIC-DDoS2019 dataset. The proposed attack detection model achieves high accuracy at 99.69%, precision at 99.03%, recall at 99.07%, f1-score at 99.05%, and receiver operating characteristic curve (ROC curve) at 99.85%. [ABSTRACT FROM AUTHOR]

Published

2023

46. Countermeasures of interest flooding attack in named data networking: A survey.

Author

Linjun Yu, Huali Ai, and Dong-Oun Choi

Subjects

*DENIAL of service attacks, *REPUTATION, *SUFFIXES & prefixes (Grammar)

Abstract

Named data networking (NDN) is a typical representation and implementation of information-centric networking and serves as a basis for the next-generation Internet. However, any network architectures will face information security threats. An attack named interest flooding attack (IFA), which is evolved, has becomes a great threat for NDN in recent years. Attackers through insert numerous forged interest packets into an NDN network, making the cache memory of NDN router(s) overrun, interest packets for the intended users. To take a comprehensive understanding of recent IFA detection and mitigation approaches, in this paper, we compared nine typical approaches to resolving IFA attacks for NDN, which are interest traceback, token bucket with per interface fairness, satisfaction-based interest acceptance, satisfactionbased push back, disabling PIT exhaustion, interest flow control method based on user reputation and content name prefixes, interest flow balancing method focused on the number of requests on named data networking, cryptographic route token, Poseidon local, and Poseidon distributed techniques. In addition, we conducted a simulation using Poseidon, a commonly used IFA resolution approach. The results showed that Poseidon could resolve IFA issues effectively. [ABSTRACT FROM AUTHOR]

Published

2023

47. Design and analysis of data link impersonation attack for wired LAN application layer services.

Author

ElShafee, Ahmed and El-Shafai, Walid

Abstract

Impersonation attack, also known as MAC spoofing, is widespread in wireless local area networks. Under this attack, the senders cannot control the device that listens to their traffic. On the other hand, the physical layer of the wired local area network is more secure, where the traffic is transmitted through cables and network nodes to the intended receivers. Each network node builds its MAC address table, which states stations that are physically connected (directly or indirectly) to each port, so traffic encryption is an unnecessary process. This paper discusses the design and testing of a new attack called a data link impersonation attack. In this attack, the attacker is considered a hardware intruder that deceives data link layer apparatus like the switches of layer two or three, taking advantage of a vulnerability in the MAC address table of the network nodes. That leads the network switches to send all the network traffic to the intruder instead of the real network device (usually a network service provider under attack). Intruder accepts all incoming requests/traffic from the service requester. If the intruder does not reply to the received requests sent by service requesters, it acts as a black hole intruder, simply causing a denial-of-service attack. If an intruder responds to these requests with fake replies to steal information from service requesters, it acts as a white hole intruder. During the attack, the intruder is transparent for the whole network and does not affect overall network performance and generally the network services, so it is so hard to be discovered by the network software running the network apparatus. Different scenarios were tested using different network simulators and physical networks (CISCO L2/L3 switches). It is demonstrated that the attacker is successfully denied the service/application under attack. The proposed attack reveals the new vulnerability of the wired local area network and opens the door for network scientists to enhance network software that runs the network apparatus immune against the proposed attack. [ABSTRACT FROM AUTHOR]

Published

2023

48. DHCP DoS and starvation attacks on SDN controllers and their mitigation

Author

Ishtiaq, Hafiz Usama, Bhutta, Areeb Ahmed, and Mian, Adnan Noor

Published

2024

49. A Novel Mechanism for Misbehavior Detection in Vehicular Networks

Author

Edivaldo Pastori Valentini, Geraldo Pereira Rocha Filho, Robson Eduardo De Grande, Caetano Mazzoni Ranieri, Lourenco Alves Pereira Junior, and Rodolfo Ipolito Meneguette

Subjects

Cyber attacks, denial of service, Internet of Things, intrusion detection, smart cities, vehicular networks, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Intelligent Transport Systems (ITS) have provided new technologies to protect human life, speed up assistance, and improve traffic, to aid drivers, passengers, and pedestrians. Vehicular Ad-hoc Networks (VANET) are the fundamental elements in an ITS ecosystem. However, its characteristics make the system susceptible to numerous attacks, such as Denial of Service (DoS). In this paper, we proposed a security system based on intrusion detection called Detection of Anomalous Behaviour in Smart Conveyance Operations (DAMASCO). We used a statistical approach to detect anomalies in vehicle-to-vehicle communication (V2V). The anomaly detection module addresses the Medium Access Control (MAC) sublayer to assess the number of packages sent to identify potentially malicious nodes, block their activity, and maintain a reputation list. The algorithm calculates the Median Absolute Deviation (MAD) to identify outliers and characteristics of DoS. Our experiments were performed in a simulated environment using a realistic urban mobility model. The results demonstrate that the proposed security system achieved a 3% false positive rate and no false negatives.

Published

2023

50. Prevention of Controller Area Network (CAN) Attacks on Electric Autonomous Vehicles.

Author

Adly, Salah, Moro, Ahmed, Hammad, Sherif, and Maged, Shady A.

Subjects

MICROCONTROLLERS, AUTONOMOUS vehicles, MESSAGE authentication codes, ELECTRIC vehicles, AUTOMOBILE security measures, DIGITAL signatures, DATA security

Abstract

The importance of vehicle security has increased in recent years in the automotive field, drawing the attention of both the industry and academia. This is due to the rise in cybersecurity threats caused by (1) the increase in vehicle connectivity schemes, such as the Internet of Things, vehicle-to-x communication, and over-the-air updates, and (2) the increased impact of such threats because of the added functionalities that are controlled by vehicle software. These causes and threats are further amplified in autonomous vehicles, which are generally equipped with more electronic control units (ECUs) that are connected through controller area networks (CANs). Due to the holistic nature of CANs, attacks on the networks can affect the functionality of all vehicle ECUs and the whole system. This can lead to a breach of privacy, denial of services, alteration of vehicle performance, and exposure to safety threats. Although cryptographic encryption and authentication algorithms and intrusion detection systems (IDS) are currently being used to detect and prevent CAN bus attacks, they have certain limitations. Therefore, this study proposed a mitigation scheme that can detect and prevent such attacks at the ECU level, which could address the limitations of existing algorithms. This study proposed the usage of a secure boot scheme to detect and prevent the execution of malicious codes, as the presence of one or more ECUs with a malicious code is the root cause of most CAN bus attacks. Secure boot schemes apply cryptographic data integrity algorithms to ensure that only authentic and untampered software can run on the vehicle's ECUs. The selection of an appropriate cryptographic algorithm is important because it affects the secure boot schemes' security level and performance. Therefore, this study also tested and compared the performance of the proposed secure boot scheme with five different data security algorithms implemented using the hardware security module (HSM) of the TC399 32-bit AURIX™ TriCore™ microcontroller through an electric autonomous vehicle's control unit. The tests showed that the two most favorable schemes with the selected hardware are the secure boot scheme with the cipher-based message authentication code (CMAC), because it possesses the highest performance with an execution rate of 26.07 (ms/MB), and the secure boot scheme with the elliptic curve digital signature algorithm (ECDSA), because it provides a higher security level with an acceptable compromise in speed. This study also introduced and tested a novel variation of the ECDSA algorithm based on the CMAC algorithm, which was found to have a 19% performance gain over the standard ECDSA-based secure boot scheme. [ABSTRACT FROM AUTHOR]

Published

2023