Search Results (306)

The fast growth of the Internet has made network security problems more noticeable, so intrusion detection systems (IDSs) have become a crucial tool for maintaining network security. IDSs guarantee the normal operation of the network by tracking network traffic and spotting possible assaults, thereby safeguarding data security. However, traditional intrusion detection methods encounter several issues such as low detection efficiency and prolonged detection time when dealing with massive and high-dimensional data. Therefore, feature selection (FS) is particularly important in IDSs. By selecting the most representative features, it can not only improve the detection accuracy but also significantly reduce the computational complexity and attack detection time. This work proposes a new FS approach, BPSO-SA, that is based on the Binary Particle Swarm Optimization (BPSO) and Simulated Annealing (SA) algorithms. It combines these with the Gray Wolf Optimization (GWO) algorithm to optimize the LightGBM model, thereby building a new type of reflective Distributed Denial of Service (DDoS) attack detection model. The BPSO-SA algorithm enhances the global search capability of Particle Swarm Optimization (PSO) using the SA mechanism and effectively screens out the optimal feature subset; the GWO algorithm optimizes the hyperparameters of LightGBM by simulating the group hunting behavior of gray wolves to enhance the detection performance of the model. While showing great resilience and generalizing power, the experimental results show that the proposed reflective DDoS attack detection model surpasses conventional methods in terms of detection accuracy, precision, recall, F1-score, and prediction time. Full article

Mirai, an IoT malware that emerged in 2016, has been used for large-scale DDoS attacks. The Mirai source code is publicly available and continues to be a threat with a variety of variants still in existence. In this paper, we propose an implementation system for malicious and white-hat worms created using the Mirai source code, as well as a general and detailed implementation method for white-hat worms that is not limited to the Mirai source code. The white-hat worms have the function of a secondary infection, in which the white-hat worm disinfects the malicious worm by infecting devices already infected by the malicious worm, and two parameters, the values of which can be changed to modify the rate at which the white-hat worms can spread their infection. The values of the parameters of the best white-hat worm for disinfection of the malicious botnet and the impact of the value of each parameter on the disinfection of the malicious botnet were analyzed in detail. The analysis revealed that for a white-hat worm to disinfect a malicious botnet, it must be able to infect at least 80% of all devices and maintain that situation for at least 300 s. Then, by tuning and optimizing the values of the white-hat worm’s parameters, we were able to successfully eliminate the malicious botnet, demonstrating the effectiveness of the white-hat botnet’s function of eliminating the malicious botnet. Full article

In detecting Distributed Denial of Service (DDoS), deep learning faces challenges and difficulties such as high computational demands, long training times, and complex model interpretation. This research focuses on overcoming these challenges by proposing an effective strategy for detecting DDoS attacks in imbalanced network environments. This research employed DBSCAN and SMOTE to increase the class distribution of the dataset by allowing models using LSTM to learn time anomalies effectively when DDoS attacks occur. The experiments carried out revealed significant improvement in the performance of the LSTM model when integrated with DBSCAN and SMOTE. These include validation loss results of 0.048 for LSTM DBSCAN and SMOTE and 0.1943 for LSTM without DBSCAN and SMOTE, with accuracy of 99.50 and 97.50. Apart from that, there was an increase in the F1 score from 93.4% to 98.3%. This research proved that DBSCAN and SMOTE can be used as an effective strategy to improve model performance in detecting DDoS attacks on heterogeneous networks, as well as increasing model robustness and reliability. Full article

With the continuous development of new power systems, the intelligence of distribution networks has been increasingly enhanced. However, network security issues, especially distributed denial-of-service (DDoS) attacks, pose a significant threat to the safe operation of distribution networks. This paper proposes a novel DDoS attack defense mechanism based on software-defined network (SDN) architecture, combining Rényi entropy and multi-level convolutional neural networks, and performs fine-grained analysis and screening of traffic data according to the amount of calculation to improve the accuracy of attack detection and response speed. Experimental verification shows that the proposed method excels in various metrics such as accuracy, precision, recall, and F1-score. It demonstrates significant advantages in dealing with different intensities of DDoS attacks, effectively enhancing the network security of user-side devices in power distribution networks. Full article

Blockchain technology has impacted various sectors and is transforming them through its decentralized, immutable, transparent, smart contracts (automatically executing digital agreements) and traceable attributes. Due to the adoption of blockchain technology in versatile applications, millions of transactions take place globally. These transactions are no exception to adversarial attacks which include data tampering, double spending, data corruption, Sybil attacks, eclipse attacks, DDoS attacks, P2P network partitioning, delay attacks, selfish mining, bribery, fake transactions, fake wallets or phishing, false advertising, malicious smart contracts, and initial coin offering scams. These adversarial attacks result in operational, financial, and reputational losses. Although numerous studies have proposed different blockchain anomaly detection mechanisms, challenges persist. These include detecting anomalies in just a single layer instead of multiple layers, targeting a single anomaly instead of multiple, not encountering adversarial machine learning attacks (for example, poisoning, evasion, and model extraction attacks), and inadequate handling of complex transactional data. The proposed AHEAD model solves the above problems by providing the following: (i) data aggregation transformation to detect transactional and user anomalies at the data and network layers of the blockchain, respectively, (ii) a Three-Layer Hierarchical Ensemble Learning Model (HELM) incorporating stratified random sampling to add resilience against adversarial attacks, and (iii) an advanced preprocessing technique with hybrid feature selection to handle complex transactional data. The performance analysis of the proposed AHEAD model shows that it achieves higher anti-adversarial resistance and detects multiple anomalies at the data and network layers. A comparison of the proposed AHEAD model with other state-of-the-art models shows that it achieves 98.85% accuracy against anomaly detection on data and network layers targeting transaction and user anomalies, along with 95.97% accuracy against adversarial machine learning attacks, which surpassed other models. Full article

Vehicular Ad-Hoc Networks (VANETs) are pivotal to the advancement of intelligent transportation systems (ITS), enhancing safety and efficiency on the road through secure communication networks. However, the integrity of these systems is severely threatened by Distributed Denial-of-Service (DDoS) attacks, which can disrupt the transmission of safety-critical messages and put lives at risk. This research paper focuses on developing robust detection methods and countermeasures to mitigate the impact of DDoS attacks in VANETs. Utilizing a combination of statistical analysis and machine learning techniques (i.e., Autoencoder with Long Short-Term Memory (LSTM), and Clustering with Classification), the study introduces innovative approaches for real-time anomaly detection and system resilience enhancement. Emulation results confirm the effectiveness of the proposed methods in identifying and countering DDoS threats, significantly improving (i.e., 94 percent anomaly detection rate) the security posture of a high mobility-aware ad hoc network. This research not only contributes to the ongoing efforts to secure VANETs against DDoS attacks but also lays the groundwork for more resilient intelligent transportation systems architectures. Full article

As IoT technology advances, the smart grid (SG) has become crucial to industrial infrastructure. However, SG faces security challenges, particularly from distributed denial of service (DDoS) attacks, due to inadequate security mechanisms for IoT devices. Moreover, the extensive deployment of SG exposes communication links to attacks, potentially disrupting communications and power supply. Link flooding attacks (LFAs) targeting congested backbone links have increasingly become a focal point of DDoS attacks. To address LFAs, we propose integrating unmanned aerial vehicles (UAVs) into the Smart Grid (SG) to offer a three-dimensional defense perspective. This strategy includes enhancing the speed and accuracy of attack path tracking as well as alleviating communication congestion. Therefore, our new DDoS tracking scheme leverages UAV mobility and employs beam search with adaptive beam width to reconstruct attack paths and pinpoint attack sources. This scheme features a threshold iterative update mechanism that refines the threshold each round based on prior results, improving attack path reconstruction accuracy. An adaptive beam width method evaluates the number of abnormal nodes based on the current threshold, enabling precise tracking of multiple attack paths and enhancing scheme automation. Additionally, our path-checking and merging method optimizes path reconstruction by merging overlapping paths and excluding previously searched nodes, thus avoiding redundant searches and infinite loops. Simulation results on the Keysight Ixia platform demonstrate a 98.89% attack path coverage with a minimal error tracking rate of 2.05%. Furthermore, simulations on the NS-3 platform show that drone integration not only bolsters security but also significantly enhances network performance, with communication effectiveness improving by 88.05% and recovering to 82.70% of normal levels under attack conditions. Full article

Distributed Denial of Service (DDoS) attacks disrupt service availability, leading to significant financial setbacks for individuals and businesses. This paper introduces Eye-Net, a deep learning-based system optimized for DDoS attack detection that combines feature selection, balancing methods, Multilayer Perceptron (MLP), and quantization-aware training (QAT) techniques. An Analysis of Variance (ANOVA) algorithm is initially applied to the dataset to identify the most distinctive features. Subsequently, the Synthetic Minority Oversampling Technique (SMOTE) balances the dataset by augmenting samples for under-represented classes. Two distinct MLP models are developed: one for the binary classification of flow packets as regular or DDoS traffic and another for identifying six specific DDoS attack types. We store MLP model weights at 8-bit precision by incorporating the quantization-aware training technique. This adjustment slashes memory use by a factor of four and reduces computational cost similarly, making Eye-Net suitable for Internet of Things (IoT) devices. Both models are rigorously trained and assessed using the CICDDoS2019 dataset. Test results reveal that Eye-Net excels, surpassing contemporary DDoS detection techniques in accuracy, recall, precision, and F1 Score. The multiclass model achieves an impressive accuracy of 96.47% with an error rate of 8.78%, while the binary model showcases an outstanding 99.99% accuracy, maintaining a negligible error rate of 0.02%. Full article

The number of connected devices or Internet of Things (IoT) devices has rapidly increased. According to the latest available statistics, in 2023, there were approximately 17.2 billion connected IoT devices; this is expected to reach 25.4 billion IoT devices by 2030 and grow year over year for the foreseeable future. IoT devices share, collect, and exchange data via the internet, wireless networks, or other networks with one another. IoT interconnection technology improves and facilitates people’s lives but, at the same time, poses a real threat to their security. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are considered the most common and threatening attacks that strike IoT devices’ security. These are considered to be an increasing trend, and it will be a major challenge to reduce risk, especially in the future. In this context, this paper presents an improved framework (SDN-ML-IoT) that works as an Intrusion and Prevention Detection System (IDPS) that could help to detect DDoS attacks with more efficiency and mitigate them in real time. This SDN-ML-IoT uses a Machine Learning (ML) method in a Software-Defined Networking (SDN) environment in order to protect smart home IoT devices from DDoS attacks. We employed an ML method based on Random Forest (RF), Logistic Regression (LR), k-Nearest Neighbors (kNN), and Naive Bayes (NB) with a One-versus-Rest (OvR) strategy and then compared our work to other related works. Based on the performance metrics, such as confusion matrix, training time, prediction time, accuracy, and Area Under the Receiver Operating Characteristic curve (AUC-ROC), it was established that SDN-ML-IoT, when applied to RF, outperforms other ML algorithms, as well as similar approaches related to our work. It had an impressive accuracy of 99.99%, and it could mitigate DDoS attacks in less than 3 s. We conducted a comparative analysis of various models and algorithms used in the related works. The results indicated that our proposed approach outperforms others, showcasing its effectiveness in both detecting and mitigating DDoS attacks within SDNs. Based on these promising results, we have opted to deploy SDN-ML-IoT within the SDN. This implementation ensures the safeguarding of IoT devices in smart homes against DDoS attacks within the network traffic. Full article

The development of new technologies has significantly enhanced the monitoring and analysis of network traffic. Modern solutions like the Extended Berkeley Packet Filter (eBPF) demonstrate a clear advancement over traditional techniques, allowing for more customized and efficient filtering. These technologies are crucial for influencing system performance as they operate at the lowest layer of the operating system, such as the kernel. Network-based Intrusion Detection/Prevention Systems (IDPS), including Snort, Suricata, and Bro, passively monitor network traffic from terminal access points. However, most IDPS are signature-based and face challenges on large networks, where the drop rate increases due to limitations in capturing and processing packets. High throughput leads to overheads, causing IDPS buffers to drop packets, which can pose serious threats to network security. Typically, IDPS are targeted by volumetric and multi-vector attacks that overload the network beyond the reception and processing capacity of IDPS, resulting in packet loss due to buffer overflows. To address this issue, the proposed solution, iKern, utilizes eBPF and Virtual Network Functions (VNF) to examine and filter packets at the kernel level before forwarding them to user space. Packet stream inspection is performed within the iKern Engine at the kernel level to detect and mitigate volumetric floods and multi-vector attacks. The iKern detection engine, operating within the Linux kernel, is powered by eBPF bytecode injected from user space. This system effectively handles volumetric Distributed Denial of Service (DDoS) attacks. Real-time implementation of this scheme has been tested on a 1Gbps network and shows significant detection and reduction capabilities against volumetric and multi-vector floods. Full article

Current cloud computing expects to face huge traffic costs, data loads, and high latency due to the explosion of data from devices as the IoT and 5G technology evolve. Fog computing has emerged to overcome these issues. It deploys small fog servers at the edge of the network to process critical data in real time while sending the remaining secondary tasks to the central cloud, instead of sending massive amounts of data to the cloud. With the rise in fog computing, among traditional security threats, distributed denial-of-service (DDoS) attacks have become the major threat to availability. This is especially true for fog computing, where real-time processing is critical; there are many fog servers, and the processing power is relatively low. Distributed reflection denial-of-service (DRDoS), one of the frequently used DDoS attack techniques, is an amplification attack that can be used on a small or large scale. It is widely used in attack tools due to its easy configuration. This study analyzes the characteristics of fog computing, the characteristics of DRDoS attacks, and the advantages and disadvantages of existing countermeasures. Based on these analyses, this study proposes a model that could effectively mitigate attacks even on low-specification fog servers by combining a modified Snort module with reduced functionality, simple pattern matching, and filtering distribution using Anycast. This mitigation algorithm has a simple structure rather than a complex filtering structure. To achieve this goal, this study virtually implemented the corresponding fog IoT environment. In spite of its simple structure, it proved that the fog server could secure availability even under DRDoS attacks by implementing and validating the mitigation model. Full article

The proliferation of IoT services has spurred a surge in network attacks, heightening cybersecurity concerns. Essential to network defense, intrusion detection and prevention systems (IDPSs) identify malicious activities, including denial of service (DoS), distributed denial of service (DDoS), botnet, brute force, infiltration, and Heartbleed. This study focuses on leveraging unsupervised learning for training detection models to counter these threats effectively. The proposed method utilizes basic autoencoders (bAEs) for dimensionality reduction and encompasses a three-stage detection model: one-class support vector machine (OCSVM) and deep autoencoder (dAE) attack detection, complemented by density-based spatial clustering of applications with noise (DBSCAN) for attack clustering. Accurately delineated clusters aid in mapping attack tactics. The MITRE ATT&CK framework establishes a “Cyber Threat Repository”, cataloging attacks and tactics, enabling immediate response based on priority. Leveraging preprocessed and unlabeled normal network traffic data, this approach enables the identification of novel attacks while mitigating the impact of imbalanced training data on model performance. The autoencoder method utilizes reconstruction error, OCSVM employs a kernel function to establish a hyperplane for anomaly detection, while DBSCAN employs a density-based approach to identify clusters, manage noise, accommodate diverse shapes, automatically determining cluster count, ensuring scalability, and minimizing false positives and false negatives. Evaluated on standard datasets such as CIC-IDS2017 and CSECIC-IDS2018, the proposed model outperforms existing state of art methods. Our approach achieves accuracies exceeding 98% for the two datasets, thus confirming its efficacy and effectiveness for application in efficient intrusion detection systems. Full article

The healthcare sector has undergone a profound transformation, owing to the influential role played by Internet of Medical Things (IoMT) technology. However, there are substantial concerns over these devices’ security and privacy-preserving mechanisms. The current literature on IoMT tends to focus on specific security features, rather than wholistic security concerning Confidentiality, Integrity, and Availability (CIA Triad), and the solutions are generally simulated and not tested in a real-world network. The proposed innovative solution is known as Secure-by-Design Real-Time IoMT Architecture for e-Health Population Monitoring (RTPM) and it can manage keys at both ends (IoMT device and IoMT server) to maintain high privacy standards and trust during the monitoring process and enable the IoMT devices to run safely and independently even if the server is compromised. However, the session keys are controlled by the trusted IoMT server to lighten the IoMT devices’ overheads, and the session keys are securely exchanged between the client system and the monitoring server. The proposed RTPM focuses on addressing the major security requirements for an IoMT system, i.e., the CIA Triad, and conducts device authentication, protects from Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, and prevents non-repudiation attacks in real time. A self-healing solution during the network failure of live e-health monitoring is also incorporated in RTPM. The robustness and stress of the system are tested with different data types and by capturing live network traffic. The system’s performance is analysed using different security algorithms with different key sizes of RSA (1024 to 8192 bits), AES (128 to 256 bits), and SHA (256 bits) to support a resource-constraint-powered system when integrating with resource-demanding secure parameters and features. In the future, other security features like intrusion detection and prevention and the user’s experience and trust level of such a system will be tested. Full article

As 5G technology becomes more widespread, the significant improvement in network speed and connection density has introduced more challenges to network security. In particular, distributed denial of service (DDoS) attacks have become more frequent and complex in software-defined network (SDN) environments. The complexity and diversity of 5G networks result in a great deal of unnecessary features, which may introduce noise into the detection process of an intrusion detection system (IDS) and reduce the generalization ability of the model. This paper aims to improve the performance of the IDS in 5G networks, especially in terms of detection speed and accuracy. It proposes an innovative feature selection (FS) method to filter out the most representative and distinguishing features from network traffic data to improve the robustness and detection efficiency of the IDS. To confirm the suggested method’s efficacy, this paper uses four common machine learning (ML) models to evaluate the InSDN, CICIDS2017, and CICIDS2018 datasets and conducts real-time DDoS attack detection on the simulation platform. According to experimental results, the suggested FS technique may match 5G network requirements for high speed and high reliability of the IDS while also drastically cutting down on detection time and preserving or improving DDoS detection accuracy. Full article

The progression of the Internet of Things (IoT) has brought about a complete transformation in the way we interact with the physical world. However, this transformation has brought with it a slew of challenges. The advent of intelligent machines that can not only gather data for analysis and decision-making, but also learn and make independent decisions has been a breakthrough. However, the low-cost requirement of IoT devices requires the use of limited resources in processing and storage, which typically leads to a lack of security measures. Consequently, most IoT devices are susceptible to security breaches, turning them into “Bots” that are used in Distributed Denial of Service (DDoS) attacks. In this paper, we propose a new strategy labeled “Temporary Dynamic IP” (TDIP), which offers effective protection against DDoS attacks. The TDIP solution rotates Internet Protocol (IP) addresses frequently, creating a significant deterrent to potential attackers. By maintaining an “IP lease-time” that is short enough to prevent unauthorized access, TDIP enhances overall system security. Our testing, conducted via OMNET++, demonstrated that TDIP was highly effective in preventing DDoS attacks and, at the same time, improving network efficiency and IoT network protection. Full article