Visible to the public Biblio

Filters: Keyword is DDoS Attack  [Clear All Filters]
2021-06-24
Liu, Zhibin, Liu, Ziang, Huang, Yuanyuan, Liu, Xin, Zhou, Xiaokang, Zhou, Rui.  2020.  A Research of Distributed Security and QoS Testing Framework. 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). :174—181.
Since the birth of the Internet, the quality of network service has been a widespread concerned problem. With the continuous development of communication and information technology, people gradually realized that the contradiction between the limited resources and the business requirements of network cannot be fundamentally solved. In this paper, we design and develop a distributed security quality of service testing framework called AweQoS(AwesomeQoS), to adapt to the current complex network environment. This paper puts forward the necessity that some security tests should be closely combined with quality of service testing, and further discusses the basic methods of distributed denial of service attack and defense. We introduce the design idea and working process of AweQoS in detail, and introduce a bandwidth test method based on user datagram protocol. Experimental results show that this new test method has better test performance and potential under the AweQoS framework.
2021-05-13
Gomathi, S., Parmar, Nilesh, Devi, Jyoti, Patel, Namrata.  2020.  Detecting Malware Attack on Cloud using Deep Learning Vector Quantization. 2020 12th International Conference on Computational Intelligence and Communication Networks (CICN). :356—361.

In recent times cloud services are used widely and due to which there are so many attacks on the cloud devices. One of the major attacks is DDos (distributed denial-of-service) -attack which mainly targeted the Memcached which is a caching system developed for speeding the websites and the networks through Memcached's database. The DDoS attack tries to destroy the database by creating a flood of internet traffic at the targeted server end. Attackers send the spoofing applications to the vulnerable UDP Memcached server which even manipulate the legitimate identity of the sender. In this work, we have proposed a vector quantization approach based on a supervised deep learning approach to detect the Memcached attack performed by the use of malicious firmware on different types of Cloud attached devices. This vector quantization approach detects the DDoas attack performed by malicious firmware on the different types of cloud devices and this also classifies the applications which are vulnerable to attack based on cloud-The Hackbeased services. The result computed during the testing shows the 98.2 % as legally positive and 0.034% as falsely negative.

2021-03-09
Lee, T., Chang, L., Syu, C..  2020.  Deep Learning Enabled Intrusion Detection and Prevention System over SDN Networks. 2020 IEEE International Conference on Communications Workshops (ICC Workshops). :1—6.

The Software Defined Network (SDN) provides higher programmable functionality for network configuration and management dynamically. Moreover, SDN introduces a centralized management approach by dividing the network into control and data planes. In this paper, we introduce a deep learning enabled intrusion detection and prevention system (DL-IDPS) to prevent secure shell (SSH) brute-force attacks and distributed denial-of-service (DDoS) attacks in SDN. The packet length in SDN switch has been collected as a sequence for deep learning models to identify anomalous and malicious packets. Four deep learning models, including Multilayer Perceptron (MLP), Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM) and Stacked Auto-encoder (SAE), are implemented and compared for the proposed DL-IDPS. The experimental results show that the proposed MLP based DL-IDPS has the highest accuracy which can achieve nearly 99% and 100% accuracy to prevent SSH Brute-force and DDoS attacks, respectively.

2021-02-16
Nandi, S., Phadikar, S., Majumder, K..  2020.  Detection of DDoS Attack and Classification Using a Hybrid Approach. 2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP). :41—47.
In the area of cloud security, detection of DDoS attack is a challenging task such that legitimate users use the cloud resources properly. So in this paper, detection and classification of the attacking packets and normal packets are done by using various machine learning classifiers. We have selected the most relevant features from NSL KDD dataset using five (Information gain, gain ratio, chi-squared, ReliefF, and symmetrical uncertainty) commonly used feature selection methods. Now from the entire selected feature set, the most important features are selected by applying our hybrid feature selection method. Since all the anomalous instances of the dataset do not belong to DDoS category so we have separated only the DDoS packets from the dataset using the selected features. Finally, the dataset has been prepared and named as KDD DDoS dataset by considering the selected DDoS packets and normal packets. This KDD DDoS dataset has been discretized using discretize tool in weka for getting better performance. Finally, this discretize dataset has been applied on some commonly used (Naive Bayes, Bayes Net, Decision Table, J48 and Random Forest) classifiers for determining the detection rate of the classifiers. 10 fold cross validation has been used here for measuring the robustness of the system. To measure the efficiency of our hybrid feature selection method, we have also applied the same set of classifiers on the NSL KDD dataset, where it gives the best anomaly detection rate of 99.72% and average detection rate 98.47% similarly, we have applied the same set of classifiers on NSL DDoS dataset and obtain the average DDoS detection of 99.01% and the best DDoS detection rate of 99.86%. In order to compare the performance of our proposed hybrid method, we have also applied the existing feature selection methods and measured the detection rate using the same set of classifiers. Finally, we have seen that our hybrid approach for detecting the DDoS attack gives the best detection rate compared to some existing methods.
Saxena, U., Sodhi, J., Singh, Y..  2020.  A Comprehensive Approach for DDoS Attack Detection in Smart Home Network Using Shortest Path Algorithm. 2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). :392—395.
A Distributed Denial of Service (DDoS) attack is an attack that compromised the bandwidth of the whole network by choking down all the available network resources which are publically available, thus makes access to that resource unavailable. The DDoS attack is more vulnerable than a normal DoS attack because here the sources of attack origin are more than one, so users cannot even estimate how to detect and where to take actions so that attacks can be dissolved. This paper proposed a unique approach for DDoS detection using the shortest path algorithm. This Paper suggests that the remedy that must be taken in order to counter-affect the DDoS attack in a smart home network.
Abdulkarem, H. S., Dawod, A..  2020.  DDoS Attack Detection and Mitigation at SDN Data Plane Layer. 2020 2nd Global Power, Energy and Communication Conference (GPECOM). :322—326.
In the coming future, Software-defined networking (SDN) will become a technology more responsive, fully automated, and highly secure. SDN is a way to manage networks by separate the control plane from the forwarding plane, by using software to manage network functions through a centralized control point. A distributed denial-of-service (DDoS) attack is the most popular malicious attempt to disrupt normal traffic of a targeted server, service, or network. The problem of the paper is the DDoS attack inside the SDN environment and how could use SDN specifications through the advantage of Open vSwitch programmability feature to stop the attack. This paper presents DDoS attack detection and mitigation in the SDN data-plane by applying a written SDN application in python language, based on the malicious traffic abnormal behavior to reduce the interference with normal traffic. The evaluation results reveal detection and mitigation time between 100 to 150 sec. The work also sheds light on the programming relevance with the open daylight controller over an abstracted view of the network infrastructure.
Yeom, S., Kim, K..  2020.  Improving Performance of Collaborative Source-Side DDoS Attack Detection. 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS). :239—242.
Recently, as the threat of Distributed Denial-of-Service attacks exploiting IoT devices has spread, source-side Denial-of-Service attack detection methods are being studied in order to quickly detect attacks and find their locations. Moreover, to mitigate the limitation of local view of source-side detection, a collaborative attack detection technique is required to share detection results on each source-side network. In this paper, a new collaborative source-side DDoS attack detection method is proposed for detecting DDoS attacks on multiple networks more correctly, by considering the detecting performance on different time zone. The results of individual attack detection on each network are weighted based on detection rate and false positive rate corresponding to the time zone of each network. By gathering the weighted detection results, the proposed method determines whether a DDoS attack happens. Through extensive evaluation with real network traffic data, it is confirmed that the proposed method reduces false positive rate by 35% while maintaining high detection rate.
2020-10-06
Kalwar, Abhishek, Bhuyan, Monowar H., Bhattacharyya, Dhruba K., Kadobayashi, Youki, Elmroth, Erik, Kalita, Jugal K..  2019.  TVis: A Light-weight Traffic Visualization System for DDoS Detection. 2019 14th International Joint Symposium on Artificial Intelligence and Natural Language Processing (iSAI-NLP). :1—6.

With rapid growth of network size and complexity, network defenders are facing more challenges in protecting networked computers and other devices from acute attacks. Traffic visualization is an essential element in an anomaly detection system for visual observations and detection of distributed DoS attacks. This paper presents an interactive visualization system called TVis, proposed to detect both low-rate and highrate DDoS attacks using Heron's triangle-area mapping. TVis allows network defenders to identify and investigate anomalies in internal and external network traffic at both online and offline modes. We model the network traffic as an undirected graph and compute triangle-area map based on incidences at each vertex for each 5 seconds time window. The system triggers an alarm iff the system finds an area of the mapped triangle beyond the dynamic threshold. TVis performs well for both low-rate and high-rate DDoS detection in comparison to its competitors.

2020-09-04
Asish, Madiraju Sairam, Aishwarya, R..  2019.  Cyber Security at a Glance. 2019 Fifth International Conference on Science Technology Engineering and Mathematics (ICONSTEM). 1:240—245.
The privacy of people on internet is getting reduced day by day. Data records of many prestigious organizations are getting corrupted due to computer malwares. Computer viruses are becoming more advanced. Hackers are able penetrate into a network and able to manipulate data. In this paper, describes the types of malwares like Trojans, boot sector virus, polymorphic virus, etc., and some of the hacking techniques which include DOS attack, DDoS attack, brute forcing, man in the middle attack, social engineering, information gathering tools, spoofing, sniffing. Counter measures for cyber attacks include VPN, proxy, tor (browser), firewall, antivirus etc., to understand the need of cyber security.
2020-08-24
Islam, Chadni, Babar, Muhammad Ali, Nepal, Surya.  2019.  An Ontology-Driven Approach to Automating the Process of Integrating Security Software Systems. 2019 IEEE/ACM International Conference on Software and System Processes (ICSSP). :54–63.

A wide variety of security software systems need to be integrated into a Security Orchestration Platform (SecOrP) to streamline the processes of defending against and responding to cybersecurity attacks. Lack of interpretability and interoperability among security systems are considered the key challenges to fully leverage the potential of the collective capabilities of different security systems. The processes of integrating security systems are repetitive, time-consuming and error-prone; these processes are carried out manually by human experts or using ad-hoc methods. To help automate security systems integration processes, we propose an Ontology-driven approach for Security OrchestrAtion Platform (OnSOAP). The developed solution enables interpretability, and interoperability among security systems, which may exist in operational silos. We demonstrate OnSOAP's support for automated integration of security systems to execute the incident response process with three security systems (Splunk, Limacharlie, and Snort) for a Distributed Denial of Service (DDoS) attack. The evaluation results show that OnSOAP enables SecOrP to interpret the input and output of different security systems, produce error-free integration details, and make security systems interoperable with each other to automate and accelerate an incident response process.

2020-06-29
Jamader, Asik Rahaman, Das, Puja, Acharya, Biswa Ranjan.  2019.  BcIoT: Blockchain based DDos Prevention Architecture for IoT. 2019 International Conference on Intelligent Computing and Control Systems (ICCS). :377–382.
The Internet of Things (IoT) visualizes a massive network with billions of interaction among smart things which are capable of contributing all sorts of services. Self-configuring things (nodes) are connected dynamically with a global network in IoT scenario. The small things are widely spread in a real world paradigm with minimal processing capacity and limited storage. The recent IoT technologies have more concerns about the security, privacy and reliability. Sharing personal data over the centralized system still remains as a challenging task. If the infrastructure is able to provide the assurance for transferring the data but for now it requires special attention on security and data consistency. Because, centralized system and infrastructure is viewed as a more attractive point for hacker or cyber-attacker. To solve this we present a secured smart contract based on Blockchain to develop a secured communicative network. A Hash based secret key is used for encryption and decryption purposes. A demo attack is done for developing a better understanding on blockchain technology in terms of their comparison and calculation.
Luo, Wenliang, Han, Wenzhi.  2019.  DDOS Defense Strategy in Software Definition Networks. 2019 International Conference on Computer Network, Electronic and Automation (ICCNEA). :186–190.
With the advent of the network economy and the network society, the network will enter a ubiquitous and omnipresent situation. Economic, cultural, military and social life will strongly depend on the network, while network security issues have become a common concern of all countries in the world. DDOS attack is undoubtedly one of the greatest threats to network security and the defense against DDOS attack is very important. In this paper, the principle of DDOS attack is summarized from the defensive purpose. Then the attack prevention in software definition network is analyzed, and the source, intermediate network, victim and distributed defense strategies are elaborated.
Giri, Nupur, Jaisinghani, Rahul, Kriplani, Rohit, Ramrakhyani, Tarun, Bhatia, Vinay.  2019.  Distributed Denial Of Service(DDoS) Mitigation in Software Defined Network using Blockchain. 2019 Third International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). :673–678.
A DDoS attack is a spiteful attempt to disrupt legitimate traffic to a server by overwhelming the target with a flood of requests from geographically dispersed systems. Today attackers prefer DDoS attack methods to disrupt target services as they generate GBs to TBs of random data to flood the target. In existing mitigation strategies, because of lack of resources and not having the flexibility to cope with attacks by themselves, they are not considered to be that effective. So effective DDoS mitigation techniques can be provided using emerging technologies such as blockchain and SDN(Software-Defined Networking). We propose an architecture where a smart contract is deployed in a private blockchain, which facilitates a collaborative DDoS mitigation architecture across multiple network domains. Blockchain application is used as an additional security service. With Blockchain, shared protection is enabled among all hosts. With help of smart contracts, rules are distributed among all hosts. In addition, SDN can effectively enable services and security policies dynamically. This mechanism provides ASes(Autonomous Systems) the possibility to deploy their own DPS(DDoS Prevention Service) and there is no need to transfer control of the network to the third party. This paper focuses on the challenges of protecting a hybridized enterprise from the ravages of rapidly evolving Distributed Denial of Service(DDoS) attack.
Yadav, Sanjay Kumar, Suguna, P, Velusamy, R. Leela.  2019.  Entropy based mitigation of Distributed-Denial-of-Service (DDoS) attack on Control Plane in Software-Defined-Network (SDN). 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1–7.
SDN is new networking concept which has revolutionized the network architecture in recent years. It decouples control plane from data plane. Architectural change provides re-programmability and centralized control management of the network. At the same time it also increases the complexity of underlying physical infrastructure of the network. Unfortunately, the centralized control of the network introduces new vulnerabilities and attacks. Attackers can exploit the limitation of centralized control by DDoS attack on control plane. The entire network can be compromised by DDoS attack. Based on packet entropy, a solution for mitigation of DDoS attack provided in the proposed scheme.
2020-06-01
Luo, Xupeng, Yan, Qiao, Wang, Mingde, Huang, Wenyao.  2019.  Using MTD and SDN-based Honeypots to Defend DDoS Attacks in IoT. 2019 Computing, Communications and IoT Applications (ComComAp). :392–395.
With the rapid development of Internet of Things (IoT), distributed denial of service (DDoS) attacks become the important security threat of the IoT. Characteristics of IoT, such as large quantities and simple function, which have easily caused the IoT devices or servers to be attacked and be turned into botnets for launching DDoS attacks. In this paper, we use software-defined networking (SDN) to develop moving target defense (MTD) architecture that increases uncertainty because of ever changing attack surface. In addition, we deploy SDN-based honeypots to mimic IoT devices, luring attackers and malwares. Finally, experimental results show that combination of MTD and SDN-based honeypots can effectively hide network asset from scanner and defend against DDoS attacks in IoT.
2020-05-15
Fleck, Daniel, Stavrou, Angelos, Kesidis, George, Nasiriani, Neda, Shan, Yuquan, Konstantopoulos, Takis.  2018.  Moving-Target Defense Against Botnet Reconnaissance and an Adversarial Coupon-Collection Model. 2018 IEEE Conference on Dependable and Secure Computing (DSC). :1—8.

We consider a cloud based multiserver system consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We study a proactive moving-target defense to thwart a DDoS attacker's reconnaissance phase and consequently reduce the attack's impact. The defense is effectively a moving-target (motag) technique in which the proxies dynamically change. The system is evaluated using an AWS prototype of HTTP redirection and by numerical evaluations of an “adversarial” coupon-collector mathematical model, the latter allowing larger-scale extrapolations.

2019-12-18
Kirti, Agrawal, Namrata, Kumar, Sunil, Sah, D.K..  2018.  Prevention of DDoS Attack through Harmonic Homogeneity Difference Mechanism on Traffic Flow. 2018 4th International Conference on Recent Advances in Information Technology (RAIT). :1-6.

The ever rising attacks on IT infrastructure, especially on networks has become the cause of anxiety for the IT professionals and the people venturing in the cyber-world. There are numerous instances wherein the vulnerabilities in the network has been exploited by the attackers leading to huge financial loss. Distributed denial of service (DDoS) is one of the most indirect security attack on computer networks. Many active computer bots or zombies start flooding the servers with requests, but due to its distributed nature throughout the Internet, it cannot simply be terminated at server side. Once the DDoS attack initiates, it causes huge overhead to the servers in terms of its processing capability and service delivery. Though, the study and analysis of request packets may help in distinguishing the legitimate users from among the malicious attackers but such detection becomes non-viable due to continuous flooding of packets on servers and eventually leads to denial of service to the authorized users. In the present research, we propose traffic flow and flow count variable based prevention mechanism with the difference in homogeneity. Its simplicity and practical approach facilitates the detection of DDoS attack at the early stage which helps in prevention of the attack and the subsequent damage. Further, simulation result based on different instances of time has been shown on T-value including generation of simple and harmonic homogeneity for observing the real time request difference and gaps.

Guleria, Akshit, Kalra, Evneet, Gupta, Kunal.  2019.  Detection and Prevention of DoS Attacks on Network Systems. 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon). :544-548.

Distributed Denial of Service (DDoS) strike is a malevolent undertaking to irritate regular action of a concentrated on server, organization or framework by overwhelming the goal or its incorporating establishment with a flood of Internet development. DDoS ambushes achieve feasibility by utilizing different exchanged off PC structures as wellsprings of strike action. Mishandled machines can join PCs and other masterminded resources, for instance, IoT contraptions. From an anomalous express, a DDoS attack looks like a vehicle convergence ceasing up with the road, shielding standard action from meeting up at its pined for objective.

Dincalp, Uygar, Güzel, Mehmet Serdar, Sevine, Omer, Bostanci, Erkan, Askerzade, Iman.  2018.  Anomaly Based Distributed Denial of Service Attack Detection and Prevention with Machine Learning. 2018 2nd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT). :1-4.

Everyday., the DoS/DDoS attacks are increasing all over the world and the ways attackers are using changing continuously. This increase and variety on the attacks are affecting the governments, institutions, organizations and corporations in a bad way. Every successful attack is causing them to lose money and lose reputation in return. This paper presents an introduction to a method which can show what the attack and where the attack based on. This is tried to be achieved with using clustering algorithm DBSCAN on network traffic because of the change and variety in attack vectors.

Saharan, Shail, Gupta, Vishal.  2019.  Prevention and Mitigation of DNS Based DDoS Attacks in SDN Environment. 2019 11th International Conference on Communication Systems Networks (COMSNETS). :571-573.

Denial-of-Service attack (DoS attack) is an attack on network in which an attacker tries to disrupt the availability of network resources by overwhelming the target network with attack packets. In DoS attack it is typically done using a single source, and in a Distributed Denial-of-Service attack (DDoS attack), like the name suggests, multiple sources are used to flood the incoming traffic of victim. Typically, such attacks use vulnerabilities of Domain Name System (DNS) protocol and IP spoofing to disrupt the normal functioning of service provider or Internet user. The attacks involving DNS, or attacks exploiting vulnerabilities of DNS are known as DNS based DDOS attacks. Many of the proposed DNS based DDoS solutions try to prevent/mitigate such attacks using some intelligent non-``network layer'' (typically application layer) protocols. Utilizing the flexibility and programmability aspects of Software Defined Networks (SDN), via this proposed doctoral research it is intended to make underlying network intelligent enough so as to prevent DNS based DDoS attacks.

Misono, Masanori, Yoshida, Kaito, Hwang, Juho, Shinagawa, Takahiro.  2018.  Distributed Denial of Service Attack Prevention at Source Machines. 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech). :488-495.

Distributed denial of service (DDoS) attacks is a serious cyberattack that exhausts target machine's processing capacity by sending a huge number of packets from hijacked machines. To minimize resource consumption caused by DDoS attacks, filtering attack packets at source machines is the best approach. Although many studies have explored the detection of DDoS attacks, few studies have proposed DDoS attack prevention schemes that work at source machines. We propose a reliable, lightweight, transparent, and flexible DDoS attack prevention scheme that works at source machines. In this scheme, we employ a hypervisor with a packet filtering mechanism on each managed machine to allow the administrator to easily and reliably suppress packet transmissions. To make the proposed scheme lightweight and transparent, we exploit a thin hypervisor that allows pass-through access to hardware (except for network devices) from the operating system, thereby reducing virtualization overhead and avoiding compromising user experience. To make the proposed scheme flexible, we exploit a configurable packet filtering mechanism with a guaranteed safe code execution mechanism that allows the administrator to provide a filtering policy as executable code. In this study, we implemented the proposed scheme using BitVisor and the Berkeley Packet Filter. Experimental results show that the proposed scheme can suppress arbitrary packet transmissions with negligible latency and throughput overhead compared to a bare metal system without filtering mechanisms.

Mohan, K Manju.  2018.  An Efficient system to stumble on and Mitigate DDoS attack in cloud Environment. 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT). :1855–1857.
Cloud computing is an assured progression inside the future of facts generation. It's far a sub-domain of network security. These days, many huge or small organizations are switching to cloud which will shop and arrange their facts. As a result, protection of cloud networks is the want of the hour. DDoS is a killer software for cloud computing environments on net today. It is a distributed denial of carrier. we will beat the ddos attacks if we have the enough assets. ddos attacks can be countered by means of dynamic allocation of the assets. In this paper the attack is detected as early as possible and prevention methods is done and also mitigation method is also implemented thus attack can be avoided before it may occur.
Guleria, Charu, Verma, Harsh Kumar.  2018.  Improved Detection and Mitigation of DDoS Attack in Vehicular ad hoc Network. 2018 4th International Conference on Computing Communication and Automation (ICCCA). :1–4.
Vehicular ad hoc networks (VANETs) are eminent type of Mobile ad hoc Networks. The network created in VANETs is quite prone to security problem. In this work, a new mechanism is proposed to study the security of VANETs against DDoS attack. The proposed mechanism focuses on distributed denial of service attacks. The main idea of the paper is to detect the DDoS attack and mitigate it. The work consists of two stages, initially attack topology and network congestion is created. The second stage is to detect and mitigate the DDoS attack. The existing method is compared with the proposed method for mitigating DDoS attacks in VANETs. The existing solutions presented by the various researchers are also compared and analyzed. The solution for such kind of problem is provided which is used to detect and mitigate DDoS attack by using greedy approach. The network environment is created using NS-2. The results of simulation represent that the proposed approach is better in the terms of network packet loss, routing overhead and network throughput.
2019-09-09
Kesidis, G., Shan, Y., Fleck, D., Stavrou, A., Konstantopoulos, T..  2018.  An adversarial coupon-collector model of asynchronous moving-target defense against botnet reconnaissance*. 2018 13th International Conference on Malicious and Unwanted Software (MALWARE). :61–67.

We consider a moving-target defense of a proxied multiserver tenant of the cloud where the proxies dynamically change to defeat reconnaissance activity by a botnet planning a DDoS attack targeting the tenant. Unlike the system of [4] where all proxies change simultaneously at a fixed rate, we consider a more “responsive” system where the proxies may change more rapidly and selectively based on the current session request intensity, which is expected to be abnormally large during active reconnaissance. In this paper, we study a tractable “adversarial” coupon-collector model wherein proxies change after a random period of time from the latest request, i.e., asynchronously. In addition to determining the stationary mean number of proxies discovered by the attacker, we study the age of a proxy (coupon type) when it has been identified (requested) by the botnet. This gives us the rate at which proxies change (cost to the defender) when the nominal client request load is relatively negligible.

2019-03-22
Kumar, A., Abdelhadi, A., Clancy, C..  2018.  Novel Anomaly Detection and Classification Schemes for Machine-to-Machine Uplink. 2018 IEEE International Conference on Big Data (Big Data). :1284-1289.

Machine-to-Machine (M2M) networks being connected to the internet at large, inherit all the cyber-vulnerabilities of the standard Information Technology (IT) systems. Since perfect cyber-security and robustness is an idealistic construct, it is worthwhile to design intrusion detection schemes to quickly detect and mitigate the harmful consequences of cyber-attacks. Volumetric anomaly detection have been popularized due to their low-complexity, but they cannot detect low-volume sophisticated attacks and also suffer from high false-alarm rate. To overcome these limitations, feature-based detection schemes have been studied for IT networks. However these schemes cannot be easily adapted to M2M systems due to the fundamental architectural and functional differences between the M2M and IT systems. In this paper, we propose novel feature-based detection schemes for a general M2M uplink to detect Distributed Denial-of-Service (DDoS) attacks, emergency scenarios and terminal device failures. The detection for DDoS attack and emergency scenarios involves building up a database of legitimate M2M connections during a training phase and then flagging the new M2M connections as anomalies during the evaluation phase. To distinguish between DDoS attack and emergency scenarios that yield similar signatures for anomaly detection schemes, we propose a modified Canberra distance metric. It basically measures the similarity or differences in the characteristics of inter-arrival time epochs for any two anomalous streams. We detect device failures by inspecting for the decrease in active M2M connections over a reasonably large time interval. Lastly using Monte-Carlo simulations, we show that the proposed anomaly detection schemes have high detection performance and low-false alarm rate.