Visible to the public Biblio

Found 932 results

Filters: First Letter Of Title is D  [Clear All Filters]
A B C [D] E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
Shafi, Qaisar, Basit, Abdul.  2019.  DDoS Botnet Prevention Using Blockchain in Software Defined Internet of Things. 2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST). :624-628.

Distributed Denial of Service (DDoS) attacks have two defense perspectives firstly, to defend your network, resources and other information assets from this disastrous attack. Secondly, to prevent your network to be the part of botnet (botforce) bondage to launch attacks on other networks and resources mainly be controlled from a control center. This work focuses on the development of a botnet prevention system for Internet of Things (IoT) that uses the benefits of both Software Defined Networking (SDN) and Distributed Blockchain (DBC). We simulate and analyze that using blockchain and SDN, how can detect and mitigate botnets and prevent our devices to play into the hands of attackers.

Luo, Wenliang, Han, Wenzhi.  2019.  DDOS Defense Strategy in Software Definition Networks. 2019 International Conference on Computer Network, Electronic and Automation (ICCNEA). :186–190.
With the advent of the network economy and the network society, the network will enter a ubiquitous and omnipresent situation. Economic, cultural, military and social life will strongly depend on the network, while network security issues have become a common concern of all countries in the world. DDOS attack is undoubtedly one of the greatest threats to network security and the defense against DDOS attack is very important. In this paper, the principle of DDOS attack is summarized from the defensive purpose. Then the attack prevention in software definition network is analyzed, and the source, intermediate network, victim and distributed defense strategies are elaborated.
Das, Saikat, Mahfouz, Ahmed M., Venugopal, Deepak, Shiva, Sajjan.  2019.  DDoS Intrusion Detection Through Machine Learning Ensemble. 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C). :471–477.
Distributed Denial of Service (DDoS) attacks have been the prominent attacks over the last decade. A Network Intrusion Detection System (NIDS) should seamlessly configure to fight against these attackers' new approaches and patterns of DDoS attack. In this paper, we propose a NIDS which can detect existing as well as new types of DDoS attacks. The key feature of our NIDS is that it combines different classifiers using ensemble models, with the idea that each classifier can target specific aspects/types of intrusions, and in doing so provides a more robust defense mechanism against new intrusions. Further, we perform a detailed analysis of DDoS attacks, and based on this domain-knowledge verify the reduced feature set [27, 28] to significantly improve accuracy. We experiment with and analyze NSL-KDD dataset with reduced feature set and our proposed NIDS can detect 99.1% of DDoS attacks successfully. We compare our results with other existing approaches. Our NIDS approach has the learning capability to keep up with new and emerging DDoS attack patterns.
Rahman, Md. Mahmudur, Roy, Shanto, Yousuf, Mohammad Abu.  2019.  DDoS Mitigation and Intrusion Prevention in Content Delivery Networks using Distributed Virtual Honeypots. 2019 1st International Conference on Advances in Science, Engineering and Robotics Technology (ICASERT). :1–6.

Content Delivery Networks(CDN) is a standout amongst the most encouraging innovations that upgrade performance for its clients' websites by diverting web demands from browsers to topographically dispersed CDN surrogate nodes. However, due to the variable nature of CDN, it suffers from various security and resource allocation issues. The most common attack which is used to bring down a whole network as well as CDN without even finding a loophole in the security is DDoS. In this proposal, we proposed a distributed virtual honeypot model for diminishing DDoS attacks and prevent intrusion in securing CDN. Honeypots are specially utilized to imitate the primary server with the goal that the attack is alleviated to the fake rather than the main server. Our proposed layer based model utilizes honeypot to be more effective reducing the cost of the system as well as maintaining the smooth delivery in geographically dispersed servers without performance degradation.

Kim, Kyoungmin, You, Youngin, Park, Mookyu, Lee, Kyungho.  2018.  DDoS Mitigation: Decentralized CDN Using Private Blockchain. 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN). :693–696.
Distributed Denial of Service (DDoS) attacks are intense and are targeted to major infrastructure, governments and military organizations in each country. There are a lot of mitigations about DDoS, and the concept of Content Delivery Network (CDN) has been able to avoid attacks on websites. However, since the existing CDN system is fundamentally centralized, it may be difficult to prevent DDoS. This paper describes the distributed CDN Schema using Private Blockchain which solves the problem of participation of existing transparent and unreliable nodes. This will explain DDoS mitigation that can be used by military and government agencies.
M, Suchitra, S M, Renuka, Sreerekha, Lingaraj K..  2018.  DDoS Prevention Using D-PID. 2018 Second International Conference on Intelligent Computing and Control Systems (ICICCS). :453-457.

In recent years, the attacks on systems have increased and among such attack is Distributed Denial of Service (DDoS) attack. The path identifiers (PIDs) used for inter-domain routing are static, which makes it easier the attack easier. To address this vulnerability, this paper addresses the usage of Dynamic Path Identifiers (D-PIDs) for routing. The PID of inter-domain path connector is kept oblivious and changes dynamically, thus making it difficult to attack the system. The prototype designed with major components like client, server and router analyses the outcome of D-PID usage instead of PIDs. The results show that, DDoS attacks can be effectively prevented if Dynamic Path Identifiers (D-PIDs) are used instead of Static Path Identifiers (PIDs).

Keerthana, S., Monisha, C., Priyanka, S., Veena, S..  2017.  De Duplication Scalable Secure File Sharing on Untrusted Storage in Big Data. 2017 International Conference on Information Communication and Embedded Systems (ICICES). :1–6.

Data Deduplication provides lots of benefits to security and privacy issues which can arise as user's sensitive data at risk of within and out of doors attacks. Traditional secret writing that provides knowledge confidentiality is incompatible with knowledge deduplication. Ancient secret writing wants completely different users to encode their knowledge with their own keys. Thus, identical knowledge copies of completely different various users can result in different ciphertexts that makes Deduplication not possible. Convergent secret writing has been planned to enforce knowledge confidentiality whereas creating Deduplication possible. It encrypts/decrypts a knowledge copy with a confluent key, that is obtained by computing the cryptographical hash price of the content of the information copy. Once generation of key and encryption, the user can retain the keys and send ciphertext to cloud.

Ko, Ronny, Mickens, James.  2018.  DeadBolt: Securing IoT Deployments. Proceedings of the Applied Networking Research Workshop. :50–57.

In this paper, we introduce DeadBolt, a new security framework for managing IoT network access. DeadBolt hides all of the devices in an IoT deployment behind an access point that implements deny-by-default policies for both incoming and outgoing traffic. The DeadBolt AP also forces high-end IoT devices to use remote attestation to gain network access; attestation allows the devices to prove that they run up-to-date, trusted software. For lightweight IoT devices which lack the ability to attest, the DeadBolt AP uses virtual drivers (essentially, security-focused virtual network functions) to protect lightweight device traffic. For example, a virtual driver might provide network intrusion detection, or encrypt device traffic that is natively cleartext. Using these techniques, and several others, DeadBolt can prevent realistic attacks while imposing only modest performance costs.

Anselmi, Nicola, Poli, Lorenzo, Oliveri, Giacomo, Rocca, Paolo, Massa, Andrea.  2019.  Dealing with Correlation and Sparsity for an Effective Exploitation of the Compressive Processing in Electromagnetic Inverse Problems. 2019 13th European Conference on Antennas and Propagation (EuCAP). :1–4.
In this paper, a novel method for tomographic microwave imaging based on the Compressive Processing (CP) paradigm is proposed. The retrieval of the dielectric profiles of the scatterers is carried out by efficiently solving both the sampling and the sensing problems suitably formulated under the first order Born approximation. Selected numerical results are presented in order to show the improvements provided by the CP with respect to conventional compressive sensing (CSE) approaches.
Roos, Stefanie, Strufe, Thorsten.  2016.  Dealing with Dead Ends: Efficient Routing in Darknets. ACM Trans. Model. Perform. Eval. Comput. Syst.. 1:4:1–4:30.

Darknets, membership-concealing peer-to-peer networks, suffer from high message delivery delays due to insufficient routing strategies. They form topologies restricted to a subgraph of the social network of their users by limiting connections to peers with a mutual trust relationship in real life. Whereas centralized, highly successful social networking services entail a privacy loss of their users, Darknets at higher performance represent an optimal private and censorship-resistant communication substrate for social applications. Decentralized routing so far has been analyzed under the assumption that the network resembles a perfect lattice structure. Freenet, currently the only widely used Darknet, attempts to approximate this structure by embedding the social graph into a metric space. Considering the resulting distortion, the common greedy routing algorithm is adapted to account for local optima. Yet the impact of the adaptation has not been adequately analyzed. We thus suggest a model integrating inaccuracies in the embedding. In the context of this model, we show that the Freenet routing algorithm cannot achieve polylog performance. Consequently, we design NextBestOnce, a provable poylog algorithm based only on information about neighbors. Furthermore, we show that the routing length of NextBestOnce is further decreased by more than a constant factor if neighbor-of-neighbor information is included in the decision process.

Abdellatif, Lasbahani, Chhiba, Mostafa, Mjihil, Oussama.  2017.  Deals with Integrating of Security Specifications During Software Design Phase Using MDA Approach. Proceedings of the Second International Conference on Internet of Things, Data and Cloud Computing. :196:1–196:7.
There are many recent propositions treating Model Driven Architecture (MDA) approaches to perform and automate code generation from design models. To the best of our knowledge and research, most of these propositions have been only focused on functional aspect by allowing code generation without considering this the non-functional aspect at the same time so that to generate secure object-oriented software basing on MDA approach. In this context, we are adding further details to integrate the security policies required in the form of secure models. The systems specification models will be enhanced with security requirements at different abstraction levels through a set of transformation models. Improving functional models with security constraints allow us to incorporate the security needs and automating generating secure applications with their security infrastructure using MDA approach. After carrying out a modification on MDA processes and UML meta-model to cover a better representation of security policies of an organization by updating different existing software engineering process to take into account nonfunctional aspect along with their functional aspect. This work presents a new methodology based on MDA approach and existing security technologies for allowing the integration of the proposed security requirements, which are obtained from security experts, during the system design. Within this context, we have focused on the essential elements of security, such as data encryption, Message Integrity, and Access Control in order to express the importance of merging both the functional and non-functional aspects altogether. We have chosen these properties to practically illustrate how to generate secure applications including their security policies. Then the source code will be obtained automatically from Platform Specific Models (PSM) by applying a set of model transformations and using a code generator designed for this mission. In addition, we can inject also other security-related properties, such as Availability, Traceability, non-repudiation, and Scalability issues during the whole development process by following the same methodology. these properties will be treated in the future work.
Reshma, S., Shaila, K., Venugopal, K. R..  2020.  DEAVD - Data Encryption and Aggregation using Voronoi Diagram for Wireless Sensor Networks. 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). :635–638.
Wireless Sensor Networks (WSNs) are applied in environmental monitoring, military surveillance, etc., whereas these applications focuses on providing security for sensed data and the nodes are available for a long time. Hence, we propose DEAVD protocol for secure data exchange with limited usage of energy. The DEAVD protocol compresses data to reduces the energy consumption and implements an energy efficient encryption and decryption technique using voronoi diagram paradigm. Thus, there is an improvement in the proposed protocol with respect to security due to the concept adapted during data encryption and aggregation.
Whittaker, Michael, Teodoropol, Cristina, Alvaro, Peter, Hellerstein, Joseph M..  2018.  Debugging Distributed Systems with Why-Across-Time Provenance. Proceedings of the ACM Symposium on Cloud Computing. :333–346.
Systematically reasoning about the fine-grained causes of events in a real-world distributed system is challenging. Causality, from the distributed systems literature, can be used to compute the causal history of an arbitrary event in a distributed system, but the event's causal history is an over-approximation of the true causes. Data provenance, from the database literature, precisely describes why a particular tuple appears in the output of a relational query, but data provenance is limited to the domain of static relational databases. In this paper, we present wat-provenance: a novel form of provenance that provides the benefits of causality and data provenance. Given an arbitrary state machine, wat-provenance describes why the state machine produces a particular output when given a particular input. This enables system developers to reason about the causes of events in real-world distributed systems. We observe that automatically extracting the wat-provenance of a state machine is often infeasible. Fortunately, many distributed systems components have simple interfaces from which a developer can directly specify wat-provenance using a technique we call wat-provenance specifications. Leveraging the theoretical foundations of wat-provenance, we implement a prototype distributed debugging framework called Watermelon.
Bortolameotti, Riccardo, van Ede, Thijs, Caselli, Marco, Everts, Maarten H., Hartel, Pieter, Hofstede, Rick, Jonker, Willem, Peter, Andreas.  2017.  DECANTeR: DEteCtion of Anomalous outbouNd HTTP TRaffic by Passive Application Fingerprinting. Proceedings of the 33rd Annual Computer Security Applications Conference. :373–386.

We present DECANTeR, a system to detect anomalous outbound HTTP communication, which passively extracts fingerprints for each application running on a monitored host. The goal of our system is to detect unknown malware and backdoor communication indicated by unknown fingerprints extracted from a host's network traffic. We evaluate a prototype with realistic data from an international organization and datasets composed of malicious traffic. We show that our system achieves a false positive rate of 0.9% for 441 monitored host machines, an average detection rate of 97.7%, and that it cannot be evaded by malware using simple evasion techniques such as using known browser user agent values. We compare our solution with DUMONT [24], the current state-of-the-art IDS which detects HTTP covert communication channels by focusing on benign HTTP traffic. The results show that DECANTeR outperforms DUMONT in terms of detection rate, false positive rate, and even evasion-resistance. Finally, DECANTeR detects 96.8% of information stealers in our dataset, which shows its potential to detect data exfiltration.

Shayan, Mohammed, Bhattacharjee, Sukanta, Song, Yong-Ak, Chakrabarty, Krishnendu, Karri, Ramesh.  2019.  Deceive the Attacker: Thwarting IP Theft in Sieve-Valve-based Biochips. 2019 Design, Automation Test in Europe Conference Exhibition (DATE). :210—215.

Researchers develop bioassays following rigorous experimentation in the lab that involves considerable fiscal and highly-skilled-person-hour investment. Previous work shows that a bioassay implementation can be reverse engineered by using images or video and control signals of the biochip. Hence, techniques must be devised to protect the intellectual property (IP) rights of the bioassay developer. This study is the first step in this direction and it makes the following contributions: (1) it introduces use of a sieve-valve as a security primitive to obfuscate bioassay implementations; (2) it shows how sieve-valves can be used to obscure biochip building blocks such as multiplexers and mixers; (3) it presents design rules and security metrics to design and measure obfuscated biochips. We assess the cost-security trade-offs associated with this solution and demonstrate practical sieve-valve based obfuscation on real-life biochips.

Psaras, Ioannis.  2018.  Decentralised Edge-Computing and IoT Through Distributed Trust. Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services. :505–507.
The emerging Internet of Things needs edge-computing - this is an established fact. In turn, edge computing needs infrastructure decentralisation. What is not necessarily established yet is that infrastructure decentralisation needs a distributed model of Internet governance and decentralised trust schemes. We discuss the features of a decentralised IoT and edge-computing ecosystem and list the components that need to be designed, as well the challenges that need to be addressed.
Lou, Jian, Vorobeychik, Yevgeniy.  2016.  Decentralization and Security in Dynamic Traffic Light Control. Proceedings of the Symposium and Bootcamp on the Science of Security. :90–92.

Complex traffic networks include a number of controlled intersections, and, commonly, multiple districts or municipalities. The result is that the overall traffic control problem is extremely complex computationally. Moreover, given that different municipalities may have distinct, non-aligned, interests, traffic light controller design is inherently decentralized, a consideration that is almost entirely absent from related literature. Both complexity and decentralization have great bearing both on the quality of the traffic network overall, as well as on its security. We consider both of these issues in a dynamic traffic network. First, we propose an effective local search algorithm to efficiently design system-wide control logic for a collection of intersections. Second, we propose a game theoretic (Stackelberg game) model of traffic network security in which an attacker can deploy denial-of-service attacks on sensors, and develop a resilient control algorithm to mitigate such threats. Finally, we propose a game theoretic model of decentralization, and investigate this model both in the context of baseline traffic network design, as well as resilient design accounting for attacks. Our methods are implemented and evaluated using a simple traffic network scenario in SUMO.

Skarmeta, A.F., Hernández-Ramos, J.L., Moreno, M.V..  2014.  A decentralized approach for security and privacy challenges in the Internet of Things. Internet of Things (WF-IoT), 2014 IEEE World Forum on. :67-72.

The strong development of the Internet of Things (IoT) is dramatically changing traditional perceptions of the current Internet towards an integrated vision of smart objects interacting with each other. While in recent years many technological challenges have already been solved through the extension and adaptation of wireless technologies, security and privacy still remain as the main barriers for the IoT deployment on a broad scale. In this emerging paradigm, typical scenarios manage particularly sensitive data, and any leakage of information could severely damage the privacy of users. This paper provides a concise description of some of the major challenges related to these areas that still need to be overcome in the coming years for a full acceptance of all IoT stakeholders involved. In addition, we propose a distributed capability-based access control mechanism which is built on public key cryptography in order to cope with some of these challenges. Specifically, our solution is based on the design of a lightweight token used for access to CoAP Resources, and an optimized implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) inside the smart object. The results obtained from our experiments demonstrate the feasibility of the proposal and show promising in order to cover more complex scenarios in the future, as well as its application in specific IoT use cases.

Härer, Felix, Fill, Hans-Georg.  2019.  Decentralized Attestation of Conceptual Models Using the Ethereum Blockchain. 2019 IEEE 21st Conference on Business Informatics (CBI). 01:104–113.
Decentralized attestation methods for blockchains are currently being discussed and standardized for use cases such as certification, identity and existence proofs. In a blockchain-based attestation, a claim made about the existence of information can be cryptographically verified publicly and transparently. In this paper we explore the attestation of models through globally unique identifiers as a first step towards decentralized applications based on models. As a proof-of-concept we describe a prototypical implementation of a software connector for the ADOxx metamodeling platform. The connector allows for (a.) the creation of claims bound to the identity of an Ethereum account and (b.) their verification on the blockchain by anyone at a later point in time. For evaluating the practical applicability, we demonstrate the application on the Ethereum network and measure and evaluate limiting factors related to transaction cost and confirmation times.
Municio, Esteban, Latré, Steven.  2016.  Decentralized Broadcast-based Scheduling for Dense Multi-hop TSCH Networks. Proceedings of the Workshop on Mobility in the Evolving Internet Architecture. :19–24.

Wireless Sensor Networks (WSNs) are becoming more and more popular to support a wide range of Internet of Things (IoT) applications. Time-Slotted Channel Hopping (TSCH) is a technique to enable ultra reliable and ultra low-power wireless multi-hop networks. TSCH consist of a channel hopping scheme for sending link-layer frames in different time slots and frequencies in order to efficiently combat external interference and multi-path fading. The keystone of TSCH is the scheduling algorithm, which determines for every node at which opportunity (a combination of time slots and channels) it is allowed to send. However, current scheduling algorithms are not suited for dense deployments and have important scalability limitations. In this paper, we investigate TSCH's scheduling performance in dense deployments and show how the scheduling can be improved for such environments. We performed an extensive analysis of the scalability for different scheduling approaches showing the performance drops as the number of nodes increases. Moreover, we propose a novel textlessutextgreaterDetextless/utextgreatercentralized textlessutextgreaterBrtextless/utextgreateroadcast-based textlessutextgreaterStextless/utextgreatercheduling algorithm called DeBraS, based on selective broadcasting to inform nodes about each other's schedule. Through extensive simulations, we show that DeBraS is highly more scalable than centralized solutions and that it outperforms the current decentralized 6Tisch algorithms in up to 88.5% in terms of throughput for large network sizes.

Anshuman Mishra, University of Illinois at Urbana-Champaign, Cedric Langbort, University of Illinois at Urbana-Champaign, Geir Dullerud, University of Illinois at Urbana-Champaign.  2015.  Decentralized Control of Linear Switched Nested Systms With l2-Induced Norm Performance.

This paper considers a decentralized switched control problem where exact conditions for controller synthesis are obtained in the form of semidefinite programming (SDP). The formulation involves a discrete-time switched linear plant that has a nested structure, and whose system matrices switch between a finite number of values according to finite-state automation. The goal of this paper is to synthesize a commensurately nested switched controller to achieve a desired level of 2-induced norm performance. The nested structures of both plant and controller are characterized by block lower-triangular system matrices. For this setup, exact conditions are provided for the existence of a finite path-dependent synthesis. These include conditions for the completion of scaling matrices obtained through an extended matrix completion lemma.When individual controller dimensions are chosen at least as large as the plant, these conditions reduce to a set of linear matrix inequalities. The completion lemma also provides an algorithm to complete closed-loop scaling matrices, leading to inequalities for  ontroller synthesis that are solvable either algebraically or numerically through SDP.

Published in IEEE Transactions on Control of Network Systems, volume 2, issue 4, December 2015.

Joao Jansch Porto, Geir Dullerud, University of Illinois at Urbana-Champaign.  2017.  Decentralized Control with Moving-Horizon Linear Switched Systems: Synthesis and Testbed Implementation. American Control Conference 2017.

In this paper, we improve recent results on the decentralized switched control problem to include the moving horizon case and apply it to a testbed system. Using known derivations for a centralized controller with look-ahead, we were able to extend the decentralized problem with finite memory to include receding horizon modal information. We then compare the performance of a switched controller with finite memory and look-ahead horizon to that of a linear time independent (LTI) controller using a simulation. The decentralized controller is further tested with a real-world system comprised of multiple model-sized hovercrafts.

Wang, Zan-Jun, Lin, Ching-Hua Vivian, Yuan, Yang-Hao, Huang, Ching-Chun Jim.  2019.  Decentralized Data Marketplace to Enable Trusted Machine Economy. 2019 IEEE Eurasia Conference on IOT, Communication and Engineering (ECICE). :246–250.
Transacting IoT data must be different in many from traditional approaches in order to build much-needed trust in data marketplaces, trust that will be the key to their sustainability. Data generated internally to an organization is usually not enough to remain competitive, enhance customer experiences, or improve strategic decision-making. In this paper, we propose a decentralized and trustless architecture through the posting of trade records while including the transaction process on distributed ledgers. This approach can efficiently enhance the degree of transparency, as all contract-oriented interactions will be written on-chain. Storage via an end-to-end encrypted message channel allows transmitting and accessing trusted data streams over distributed ledgers regardless of the size or cost of the device, while simultaneously making a verifiable Auth-compliant request to the platform. Furthermore, the platform will complete matching, trading and refunding processes with-out human intervention, and it also protects the rights of data providers and consumers through trading policies which apply revolutionary game theory to the machine economy.
Kurbatov, Oleksandr, Shapoval, Oleksiy, Poluyanenko, Nikolay, Kuznetsova, Tetiana, Kravchenko, Pavel.  2019.  Decentralized Identification and Certification System. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S T). :507–510.
This article describes an approach to identification and certification in decentralized environment. The protocol proposes a way of integration for blockchain technology and web-of-trust concept to create decentralized public key infrastructure with flexible management for user identificators. Besides changing the current public key infrastructure, this system can be used in the Internet of Things (IoT). Each individual IoT sensor must correctly communicate with other components of the system it's in. To provide safe interaction, components should exchange encrypted messages with ability to check their integrity and authenticity, which is presented by this scheme.
Krohmer, D., Schotten, H. D..  2020.  Decentralized Identifier Distribution for Moving Target Defense and Beyond. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1—8.
In this work, we propose a novel approach for decentralized identifier distribution and synchronization in networks. The protocol generates network entity identifiers composed of timestamps and cryptographically secure random values with a significant reduction of collision probability. The distribution is inspired by Unique Universal Identifiers and Timestamp-based Concurrency Control algorithms originating from database applications. We defined fundamental requirements for the distribution, including: uniqueness, accuracy of distribution, optimal timing behavior, scalability, small impact on network load for different operation modes and overall compliance to common network security objectives. An implementation of the proposed approach is evaluated and the results are presented. Originally designed for a domain of proactive defense strategies known as Moving Target Defense, the general architecture of the protocol enables arbitrary applications where identifier distributions in networks have to be decentralized, rapid and secure.