Visible to the public Biblio

Found 210 results

Filters: Keyword is IP networks  [Clear All Filters]
2019-09-11
Xi, W., Suo, S., Cai, T., Jian, G., Yao, H., Fan, L..  2019.  A Design and Implementation Method of IPSec Security Chip for Power Distribution Network System Based on National Cryptographic Algorithms. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :2307–2310.

The target of security protection of the power distribution automation system (the distribution system for short) is to ensure the security of communication between the distribution terminal (terminal for short) and the distribution master station (master system for short). The encryption and authentication gateway (VPN gateway for short) for distribution system enhances the network layer communication security between the terminal and the VPN gateway. The distribution application layer encryption authentication device (master cipher machine for short) ensures the confidentiality and integrity of data transmission in application layer, and realizes the identity authentication between the master station and the terminal. All these measures are used to prevent malicious damage and attack to the master system by forging terminal identity, replay attack and other illegal operations, in order to prevent the resulting distribution network system accidents. Based on the security protection scheme of the power distribution automation system, this paper carries out the development of multi-chip encapsulation, develops IPSec Protocols software within the security chip, and realizes dual encryption and authentication function in IP layer and application layer supporting the national cryptographic algorithm.

Moyne, J., Mashiro, S., Gross, D..  2018.  Determining a Security Roadmap for the Microelectronics Industry. 2018 29th Annual SEMI Advanced Semiconductor Manufacturing Conference (ASMC). :291–294.

The evolution of the microelectronics manufacturing industry is characterized by increased complexity, analysis, integration, distribution, data sharing and collaboration, all of which is enabled by the big data explosion. This evolution affords a number of opportunities in improved productivity and quality, and reduced cost, however it also brings with it a number of risks associated with maintaining security of data systems. The International Roadmap for Devices and System Factory Integration International Focus Team (IRDS FI IFT) determined that a security technology roadmap for the industry is needed to better understand the needs, challenges and potential solutions for security in the microelectronics industry and its supply chain. As a first step in providing this roadmap, the IFT conducted a security survey, soliciting input from users, suppliers and OEMs. Preliminary results indicate that data partitioning with IP protection is the number one topic of concern, with the need for industry-wide standards as the second most important topic. Further, the "fear" of security breach is considered to be a significant hindrance to Advanced Process Control efforts as well as use of cloud-based solutions. The IRDS FI IFT will endeavor to provide components of a security roadmap for the industry in the 2018 FI chapter, leveraging the output of the survey effort combined with follow-up discussions with users and consultations with experts.

2019-09-09
Narantuya, J., Yoon, S., Lim, H., Cho, J., Kim, D. S., Moore, T., Nelson, F..  2019.  SDN-Based IP Shuffling Moving Target Defense with Multiple SDN Controllers. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks – Supplemental Volume (DSN-S). :15–16.
Conventional SDN-based MTD techniques have been mainly developed with a single SDN controller which exposes a single point of failure as well as raises a scalability issue for large-scale networks in achieving both security and performance. The use of multiple SDN controllers has been proposed to ensure both performance and security of SDN-based MTD systems for large-scale networks; however, the effect of using multiple SDN controllers has not been investigated in the state-of-the-art research. In this paper, we propose the SDN based MTD architecture using multiple SDN controllers and validate their security effect (i.e., attack success probability) by implementing an IP shuffling MTD in a testbed using ONOS SDN controllers.
Wang, S., Zhou, Y., Guo, R., Du, J., Du, J..  2018.  A Novel Route Randomization Approach for Moving Target Defense. 2018 IEEE 18th International Conference on Communication Technology (ICCT). :11–15.
Route randomization is an important research focus for moving target defense which seeks to proactively and dynamically change the forwarding routes in the network. In this paper, the difficulties of implementing route randomization in traditional networks are analyzed. To solve these difficulties and achieve effective route randomization, a novel route randomization approach is proposed, which is implemented by adding a mapping layer between routers' physical interfaces and their corresponding logical addresses. The design ideas and the details of proposed approach are presented. The effectiveness and performance of proposed approach are verified and evaluated by corresponding experiments.
Almohaimeed, A., Asaduzzaman, A..  2019.  A Novel Moving Target Defense Technique to Secure Communication Links in Software-Defined Networks. 2019 Fifth Conference on Mobile and Secure Services (MobiSecServ). :1–4.
Software-defined networking (SDN) is a recently developed approach to computer networking that brings a centralized orientation to network control, thereby improving network architecture and management. However, as with any communication environment that involves message transmission among users, SDN is confronted by the ongoing challenge of protecting user privacy. In this “Work in Progress (WIP)” research, we propose an SDN security model that applies the moving target defense (MTD) technique to protect communication links from sensitive data leakages. MTD is a security solution aimed at increasing complexity and uncertainty for attackers by concealing sensitive information that may serve as a gateway from which to launch different types of attacks. The proposed MTD-based security model is intended to protect user identities contained in transmitted messages in a way that prevents network intruders from identifying the real identities of senders and receivers. According to the results from preliminary experiments, the proposed MTD model has potential to protect the identities contained in transmitted messages within communication links. This work will be extended to protect sensitive data if an attacker gets access to the network device.
Zhou, X., Lu, Y., Wang, Y., Yan, X..  2018.  Overview on Moving Target Network Defense. 2018 IEEE 3rd International Conference on Image, Vision and Computing (ICIVC). :821–827.
Moving Target Defense (MTD) is a research hotspot in the field of network security. Moving Target Network Defense (MTND) is the implementation of MTD at network level. Numerous related works have been proposed in the field of MTND. In this paper, we focus on the scope and area of MTND, systematically present the recent representative progress from four aspects, including IP address and port mutation, route mutation, fingerprint mutation and multiple mutation, and put forward the future development directions. Several new perspectives and elucidations on MTND are rendered.
2019-09-05
Belozubova, A., Epishkina, A., Kogos, K..  2018.  Dummy Traffic Generation to Limit Timing Covert Channels. 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :1472-1476.
Covert channels are used to hidden transmit information and violate the security policy. What is more it is possible to construct covert channel in such manner that protection system is not able to detect it. IP timing covert channels are objects for research in the article. The focus of the paper is the research of how one can counteract an information leakage by dummy traffic generation. The covert channel capacity formula has been obtained in case of counteraction. In conclusion, the examples of counteraction tool parameter calculation are given.
2019-08-05
Mai, H. L., Nguyen, T., Doyen, G., Cogranne, R., Mallouli, W., Oca, E. M. de, Festor, O..  2018.  Towards a security monitoring plane for named data networking and its application against content poisoning attack. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. :1–9.

Named Data Networking (NDN) is the most mature proposal of the Information Centric Networking paradigm, a clean-slate approach for the Future Internet. Although NDN was designed to tackle security issues inherent to IP networks natively, newly introduced security attacks in its transitional phase threaten NDN's practical deployment. Therefore, a security monitoring plane for NDN is indispensable before any potential deployment of this novel architecture in an operating context by any provider. We propose an approach for the monitoring and anomaly detection in NDN nodes leveraging Bayesian Network techniques. A list of monitored metrics is introduced as a quantitative measure to feature the behavior of an NDN node. By leveraging the hypothesis testing theory, a micro detector is developed to detect whenever the metric significantly changes from its normal behavior. A Bayesian network structure that correlates alarms from micro detectors is designed based on the expert knowledge of the NDN specification and the NFD implementation. The relevance and performance of our security monitoring approach are demonstrated by considering the Content Poisoning Attack (CPA), one of the most critical attacks in NDN, through numerous experiment data collected from a real NDN deployment.

2019-06-17
Shif, L., Wang, F., Lung, C..  2018.  Improvement of security and scalability for IoT network using SD-VPN. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. :1–5.

The growing interest in the smart device/home/city has resulted in increasing popularity of Internet of Things (IoT) deployment. However, due to the open and heterogeneous nature of IoT networks, there are various challenges to deploy an IoT network, among which security and scalability are the top two to be addressed. To improve the security and scalability for IoT networks, we propose a Software-Defined Virtual Private Network (SD-VPN) solution, in which each IoT application is allocated with its own overlay VPN. The VPN tunnels used in this paper are VxLAN based tunnels and we propose to use the SDN controller to push the flow table of each VPN to the related OpenvSwitch via the OpenFlow protocol. The SD-VPN solution can improve the security of an IoT network by separating the VPN traffic and utilizing service chaining. Meanwhile, it also improves the scalability by its overlay VPN nature and the VxLAN technology.

Yang, J., Jeong, J. P..  2018.  An Automata-based Security Policy Translation for Network Security Functions. 2018 International Conference on Information and Communication Technology Convergence (ICTC). :268–272.

This paper proposes the design of a security policy translator in Interface to Network Security Functions (I2NSF) framework. Also, this paper shows the benefits of designing security policy translations. I2NSF is an architecture for providing various Network Security Functions (NSFs) to users. I2NSF user should be able to use NSF even if user has no overall knowledge of NSFs. Generally, policies which are generated by I2NSF user contain abstract data because users do not consider the attributes of NSFs when creating policies. Therefore, the I2NSF framework requires a translator that automatically finds the NSFs which is required for policy when Security Controller receives a security policy from the user and translates it for selected NSFs. We satisfied the above requirements by modularizing the translator through Automata theory.

2019-06-10
Ponmaniraj, S., Rashmi, R., Anand, M. V..  2018.  IDS Based Network Security Architecture with TCP/IP Parameters Using Machine Learning. 2018 International Conference on Computing, Power and Communication Technologies (GUCON). :111-114.

This computer era leads human to interact with computers and networks but there is no such solution to get rid of security problems. Securities threats misleads internet, we are sometimes losing our hope and reliability with many server based access. Even though many more crypto algorithms are coming for integrity and authentic data in computer access still there is a non reliable threat penetrates inconsistent vulnerabilities in networks. These vulnerable sites are taking control over the user's computer and doing harmful actions without user's privileges. Though Firewalls and protocols may support our browsers via setting certain rules, still our system couldn't support for data reliability and confidentiality. Since these problems are based on network access, lets we consider TCP/IP parameters as a dataset for analysis. By doing preprocess of TCP/IP packets we can build sovereign model on data set and clump cluster. Further the data set gets classified into regular traffic pattern and anonymous pattern using KNN classification algorithm. Based on obtained pattern for normal and threats data sets, security devices and system will set rules and guidelines to learn by it to take needed stroke. This paper analysis the computer to learn security actions from the given data sets which already exist in the previous happens.

Arsalan, A., Rehman, R. A..  2018.  Prevention of Timing Attack in Software Defined Named Data Network with VANETs. 2018 International Conference on Frontiers of Information Technology (FIT). :247–252.

Software Defined Network (SDN) is getting popularity both from academic and industry. Lot of researches have been made to combine SDN with future Internet paradigms to manage and control networks efficiently. SDN provides better management and control in a network through decoupling of data and control plane. Named Data Networking (NDN) is a future Internet technique with aim to replace IPv4 addressing problems. In NDN, communication between different nodes done on the basis of content names rather than IP addresses. Vehicular Ad-hoc Network (VANET) is a subtype of MANET which is also considered as a hot area for future applications. Different vehicles communicate with each other to form a network known as VANET. Communication between VANET can be done in two ways (i) Vehicle to Vehicle (V2V) (ii) Vehicle to Infrastructure (V2I). Combination of SDN and NDN techniques in future Internet can solve lot of problems which were hard to answer by considering a single technique. Security in VANET is always challenging due to unstable topology of VANET. In this paper, we merge future Internet techniques and propose a new scheme to answer timing attack problem in VANETs named as Timing Attack Prevention (TAP) protocol. Proposed scheme is evaluated through simulations which shows the superiority of proposed protocol regarding detection and mitigation of attacker vehicles as compared to normal timing attack scenario in NDN based VANET.

2019-05-01
Naik, N., Shang, C., Shen, Q., Jenkins, P..  2018.  Vigilant Dynamic Honeypot Assisted by Dynamic Fuzzy Rule Interpolation. 2018 IEEE Symposium Series on Computational Intelligence (SSCI). :1731–1738.

Dynamic Fuzzy Rule Interpolation (D-FRI) offers a dynamic rule base for fuzzy systems which is especially useful for systems with changing requirements and limited prior knowledge. This suggests a possible application of D-FRI in the area of network security due to the volatility of the traffic. A honeypot is a valuable tool in the field of network security for baiting attackers and collecting their information. However, typically designed with fewer resources they are not considered as a primary security tool for use in network security. Consequently, such honeypots can be vulnerable to many security attacks. One such attack is a spoofing attack which can cause severe damage to the honeypot, making it inefficient. This paper presents a vigilant dynamic honeypot based on the D-FRI approach for use in predicting and alerting of spoofing attacks on the honeypot. First, it proposes a technique for spoofing attack identification based on the analysis of simulated attack data. Then, the paper employs the identification technique to develop a D-FRI based vigilant dynamic honeypot, allowing the honeypot to predict and alert that a spoofing attack is taking place in the absence of matching rules. The resulting system is capable of learning and maintaining a dynamic rule base for more accurate identification of potential spoofing attacks with respect to the changing traffic conditions of the network.

Gundabolu, S., Wang, X..  2018.  On-chip Data Security Against Untrustworthy Software and Hardware IPs in Embedded Systems. 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). :644–649.

State-of-the-art system-on-chip (SoC) field programmable gate arrays (FPGAs) integrate hard powerful ARM processor cores and the reconfigurable logic fabric on a single chip in addition to many commonly needed high performance and high-bandwidth peripherals. The increasing reliance on untrustworthy third-party IP (3PIP) cores, including both hardware and software in FPGA-based embedded systems has made the latter increasingly vulnerable to security attacks. Detection of trojans in 3PIPs is extremely difficult to current static detection methods since there is no golden reference model for 3PIPs. Moreover, many FPGA-based embedded systems do not have the support of security services typically found in operating systems. In this paper, we present our run-time, low-cost, and low-latency hardware and software based solution for protecting data stored in on-chip memory blocks, which has attracted little research attention. The implemented memory protection design consists of a hierarchical top-down structure and controls memory access from software IPs running on the processor and hardware IPs running in the FPGA, based on a set of rules or access rights configurable at run time. Additionally, virtual addressing and encryption of data for each memory help protect confidentiality of data in case of a failure of the memory protection unit, making it hard for the attacker to gain access to the data stored in the memory. The design is implemented and tested on the Intel (Altera) DE1-SoC board featuring a SoC FPGA that integrates a dual-core ARM processor with reconfigurable logic and hundreds of memory blocks. The experimental results and case studies show that the protection model is successful in eliminating malicious IPs from the system without need for reconfiguration of the FPGA. It prevents unauthorized accesses from untrusted IPs, while arbitrating access from trusted IPs generating legal memory requests, without incurring a serious area or latency penalty.

Pratama, R. F., Suwastika, N. A., Nugroho, M. A..  2018.  Design and Implementation Adaptive Intrusion Prevention System (IPS) for Attack Prevention in Software-Defined Network (SDN) Architecture. 2018 6th International Conference on Information and Communication Technology (ICoICT). :299-304.

Intrusion Prevention System (IPS) is a tool for securing networks from any malicious packet that could be sent from specific host. IPS can be installed on SDN network that has centralized logic architecture, so that IPS doesnt need to be installed on lots of nodes instead it has to be installed alongside the controller as center of logic network. IPS still has a flaw and that is the block duration would remain the same no matter how often a specific host attacks. For this reason, writer would like to make a system that not only integrates IPS on the SDN, but also designs an adaptive IPS by utilizing a fuzzy logic that can decide how long blocks are based on the frequency variable and type of attacks. From the results of tests that have been done, SDN network that has been equipped with adaptive IPS has the ability to detect attacks and can block the attacker host with the duration based on the frequency and type of attacks. The final result obtained is to make the SDN network safer by adding 0.228 milliseconds as the execute time required for the fuzzy algorithm in one process.

2019-04-05
Lysenko, S., Bobrovnikova, K., Savenko, O..  2018.  A Botnet Detection Approach Based on the Clonal Selection Algorithm. 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT). :424-428.
The paper presents a new technique for the botnets' detection in the corporate area networks. It is based on the usage of the algorithms of the artificial immune systems. Proposed approach is able to distinguish benign network traffic from malicious one using the clonal selection algorithm taking into account the features of the botnet's presence in the network. An approach present the main improvements of the BotGRABBER system. It is able to detect the IRC, HTTP, DNS and P2P botnets.
Nan, Z., Zhai, L., Zhai, L., Liu, H..  2018.  Botnet Homology Method Based on Symbolic Approximation Algorithm of Communication Characteristic Curve. 2018 15th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS). :1-6.
The IRC botnet is the earliest and most significant botnet group that has a significant impact. Its characteristic is to control multiple zombies hosts through the IRC protocol and constructing command control channels. Relevant research analyzes the large amount of network traffic generated by command interaction between the botnet client and the C&C server. Packet capture traffic monitoring on the network is currently a more effective detection method, but this information does not reflect the essential characteristics of the IRC botnet. The increase in the amount of erroneous judgments has often occurred. To identify whether the botnet control server is a homogenous botnet, dynamic network communication characteristic curves are extracted. For unequal time series, dynamic time warping distance clustering is used to identify the homologous botnets by category, and in order to improve detection. Speed, experiments will use SAX to reduce the dimension of the extracted curve, reducing the time cost without reducing the accuracy.
Chen, S., Chen, Y., Tzeng, W..  2018.  Effective Botnet Detection Through Neural Networks on Convolutional Features. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :372-378.

Botnet is one of the major threats on the Internet for committing cybercrimes, such as DDoS attacks, stealing sensitive information, spreading spams, etc. It is a challenging issue to detect modern botnets that are continuously improving for evading detection. In this paper, we propose a machine learning based botnet detection system that is shown to be effective in identifying P2P botnets. Our approach extracts convolutional version of effective flow-based features, and trains a classification model by using a feed-forward artificial neural network. The experimental results show that the accuracy of detection using the convolutional features is better than the ones using the traditional features. It can achieve 94.7% of detection accuracy and 2.2% of false positive rate on the known P2P botnet datasets. Furthermore, our system provides an additional confidence testing for enhancing performance of botnet detection. It further classifies the network traffic of insufficient confidence in the neural network. The experiment shows that this stage can increase the detection accuracy up to 98.6% and decrease the false positive rate up to 0.5%.

2019-03-18
Demirci, S., Sagiroglu, S..  2018.  Software-Defined Networking for Improving Security in Smart Grid Systems. 2018 7th International Conference on Renewable Energy Research and Applications (ICRERA). :1021–1026.

This paper presents a review on how to benefit from software-defined networking (SDN) to enhance smart grid security. For this purpose, the attacks threatening traditional smart grid systems are classified according to availability, integrity, and confidentiality, which are the main cyber-security objectives. The traditional smart grid architecture is redefined with SDN and a conceptual model for SDN-based smart grid systems is proposed. SDN based solutions to the mentioned security threats are also classified and evaluated. Our conclusions suggest that SDN helps to improve smart grid security by providing real-time monitoring, programmability, wide-area security management, fast recovery from failures, distributed security and smart decision making based on big data analytics.

2019-03-04
[Anonymous].  2018.  A Systems Approach to Indicators of Compromise Utilizing Graph Theory. 2018 IEEE International Symposium on Technologies for Homeland Security (HST). :1–6.
It is common to record indicators of compromise (IoC) in order to describe a particular breach and to attempt to attribute a breach to a specific threat actor. However, many network security breaches actually involve multiple diverse modalities using a variety of attack vectors. Measuring and recording IoC's in isolation does not provide an accurate view of the actual incident, and thus does not facilitate attribution. A system's approach that describes the entire intrusion as an IoC would be more effective. Graph theory has been utilized to model complex systems of varying types and this provides a mathematical tool for modeling systems indicators of compromise. This current paper describes the applications of graph theory to creating systems-based indicators of compromise. A complete methodology is presented for developing systems IoC's that fully describe a complex network intrusion.
Han, C., Zhao, C., Zou, Z., Tang, H., You, J..  2018.  PATIP-TREE: An Efficient Method to Look up the Network Address Attribution Information. 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :466–473.
The IP address attribution information includes the geographical information, the network routing information, the agency information, Internet Content Provider (ICP) information, etc. Nowadays, the attribution information is important to the network traffic engineering, which needs to be obtained in real time in network traffic analysis system. The existing proposed methods for IP address attribution information lookup cannot be employed in actual systems efficiently due to their low scalability or bad performance. They cannot address the backbone network's requirements for real-time IP address attribution information lookup, and most lookup methods do not support custom IP address attribution lookup. In response to these challenges, we propose a novel high-speed approach for IP address attribution information lookup. We first devise a data structure of IP address attribution information search tree (PATIP-TREE) to store custom IP address attribution information. Based on the PATIP-TREE, an effective algorithm for IP information lookup is proposed, which can support custom IP addresses attribution information lookup in real time. The experimental results show that our method outperforms the existing methods in terms of higher efficiency. Our approach also provides high scalability, which is suitable for many kinds network address such as IPv4 address, IPv6 address, named data networking address, etc.
2019-02-14
Kelkar, S., Kraus, T., Morgan, D., Zhang, J., Dai, R..  2018.  Analyzing HTTP-Based Information Exfiltration of Malicious Android Applications. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :1642-1645.
Exfiltrating sensitive information from smartphones has become one of the most significant security threats. We have built a system to identify HTTP-based information exfiltration of malicious Android applications. In this paper, we discuss the method to track the propagation of sensitive information in Android applications using static taint analysis. We have studied the leaked information, destinations to which information is exfiltrated, and their correlations with types of sensitive information. The analysis results based on 578 malicious Android applications have revealed that a significant portion of these applications are interested in identity-related sensitive information. The vast majority of malicious applications leak multiple types of sensitive information. We have also identified servers associated with three country codes including CN, US, and SG are most active in collecting sensitive information. The analysis results have also demonstrated that a wide range of non-default ports are used by suspicious URLs.
2019-02-13
Rashidi, B., Fung, C., Rahman, M..  2018.  A scalable and flexible DDoS mitigation system using network function virtualization. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. :1–6.
Distributed Denial of Service (DDoS) attacks remain one of the top threats to enterprise networks and ISPs nowadays. It can cause tremendous damage by bringing down online websites or services. Existing DDoS defense solutions either brings high cost such as upgrading existing firewall or IPS, or bring excessive traffic delay by using third-party cloud-based DDoS filtering services. In this work, we propose a DDoS defense framework that utilizes Network Function Virtualization (NFV) architecture to provide low cost and highly flexible solutions for enterprises. In particular, the system uses virtual network agents to perform attack traffic filtering before they are forwarded to the target server. Agents are created on demand to verify the authenticity of the source of packets, and drop spoofed packets in order protect the target server. Furthermore, we design a scalable and flexible dispatcher to forward packets to corresponding agents for processing. A bucket-based forwarding mechanism is used to improve the scalability of the dispatcher through batching forwarding. The dispatcher can also adapt to agent addition and removal. Our simulation results demonstrate that the dispatcher can effectively serve a large volume of traffic with low dropping rate. The system can successfully mitigate SYN flood attack by introducing minimal performance degradation to legitimate traffic.
2019-02-08
Arifianto, R. M., Sukarno, P., Jadied, E. M..  2018.  An SSH Honeypot Architecture Using Port Knocking and Intrusion Detection System. 2018 6th International Conference on Information and Communication Technology (ICoICT). :409-415.
This paper proposes an architecture of Secure Shell (SSH) honeypot using port knocking and Intrusion Detection System (IDS) to learn the information about attacks on SSH service and determine proper security mechanisms to deal with the attacks. Rapid development of information technology is directly proportional to the number of attacks, destruction, and data theft of a system. SSH service has become one of the popular targets from the whole vulnerabilities which is existed. Attacks on SSH service have various characteristics. Therefore, it is required to learn these characteristics by typically utilizing honeypots so that proper mechanisms can be applied in the real servers. Various attempts to learn the attacks and mitigate them have been proposed, however, attacks on SSH service are kept occurring. This research proposes a different and effective strategy to deal with the SSH service attack. This is done by combining port knocking and IDS to make the server keeps the service on a closed port and open it under user demand by sending predefined port sequence as an authentication process to control the access to the server. In doing so, it is evident that port knocking is effective in protecting SSH service. The number of login attempts obtained by using our proposed method is zero.
Venkatesan, R., Kumar, G. Ashwin, Nandhan, M. R..  2018.  A NOVEL APPROACH TO DETECT DDOS ATTACK THROUGH VIRTUAL HONEYPOT. 2018 IEEE International Conference on System, Computation, Automation and Networking (ICSCA). :1-6.
Distributed denial-of-service (DDoS) attack remains an exceptional security risk, alleviating these digital attacks are for all intents and purposes extremely intense to actualize, particularly when it faces exceptionally well conveyed attacks. The early disclosure of these attacks, through testing, is critical to ensure safety of end-clients and the wide-ranging expensive network resources. With respect to DDoS attacks - its hypothetical establishment, engineering, and calculations of a honeypot have been characterized. At its core, the honeypot consists of an intrusion prevention system (Interruption counteractive action framework) situated in the Internet Service Providers level. The IPSs then create a safety net to protect the hosts by trading chosen movement data. The evaluation of honeypot promotes broad reproductions and an absolute dataset is introduced, indicating honeypot's activity and low overhead. The honeypot anticipates such assaults and mitigates the servers. The prevailing IDS are generally modulated to distinguish known authority level system attacks. This spontaneity makes the honeypot system powerful against uncommon and strange vindictive attacks.