267 research outputs found
Detailed Review on The Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs) and Defense Strategies
The development of Software Defined Networking (SDN) has altered the landscape of computer networking in recent years. Its scalable architecture has become a blueprint for the design of several advanced future networks. To achieve improve and efficient monitoring, control and management capabilities of the network, software defined networks differentiate or decouple the control logic from the data forwarding plane. As a result, logical control is centralized solely in the controller. Due to the centralized nature, SDNs are exposed to several vulnerabilities such as Spoofing, Flooding, and primarily Denial of Service (DoS) and Distributed Denial of Service (DDoS) among other attacks. In effect, the performance of SDN degrades based on these attacks. This paper presents a comprehensive review of several DoS and DDoS defense/mitigation strategies and classifies them into distinct classes with regards to the methodologies employed. Furthermore, suggestions were made to enhance current mitigation strategies accordingly
Optimized Blockchain Model for Internet of Things based Healthcare Applications
There continues to be a recent push to taking the cryptocurrency based ledger
system known as Blockchain and applying its techniques to non-financial
applications. One of the main areas for application remains Internet of Things
(IoT) as we see many areas of improvement as we move into an age of smart
cities. In this paper, we examine an initial look at applying the key aspects
of Blockchain to a health application network where patients health data can be
used to create alerts important to authenticated healthcare providers in a
secure and private manner. This paper also presents the benefits and also
practical obstacles of the blockchain-based security approaches in IoT.Comment: 5 pages, 5 figures. arXiv admin note: text overlap with
arXiv:1806.00555 by other author
Detection Of Insider Attacks In Block Chain Network Using The Trusted Two Way Intrusion Detection System
For data privacy, system reliability, and security, Blockchain technologies
have become more popular in recent years. Despite its usefulness, the
blockchain is vulnerable to cyber assaults; for example, in January 2019 a 51%
attack on Ethereum Classic successfully exposed flaws in the platform's
security. From a statistical point of view, attacks represent a highly unusual
occurrence that deviates significantly from the norm. Blockchain attack
detection may benefit from Deep Learning, a field of study whose aim is to
discover insights, patterns, and anomalies within massive data repositories. In
this work, we define an trusted two way intrusion detection system based on a
Hierarchical weighed fuzzy algorithm and self-organized stacked network (SOSN)
deep learning model, that is trained exploiting aggregate information extracted
by monitoring blockchain activities. Here initially the smart contract handles
the node authentication. The purpose of authenticating the node is to ensure
that only specific nodes can submit and retrieve the information. We implement
Hierarchical weighed fuzzy algorithm to evaluate the trust ability of the
transaction nodes. Then the transaction verification step ensures that all
malicious transactions or activities on the submitted transaction by
self-organized stacked network deep learning model. The whole experimentation
was carried out under matlab environment. Extensive experimental results
confirm that our suggested detection method has better performance over
important indicators such as Precision, Recall, F-Score, overhead
Renforcement de la sécurité à travers les réseaux programmables
La conception originale d’Internet n’a pas pris en compte les aspects de sécurité du réseau; l’objectif prioritaire était de faciliter le processus de communication. Par conséquent, de nombreux protocoles de l’infrastructure Internet exposent un ensemble de vulnérabilités. Ces dernières peuvent être exploitées par les attaquants afin de mener un ensemble
d’attaques. Les attaques par déni de service distribué (Distributed Denial of Service ou DDoS) représentent une grande menace et l’une des attaques les plus dévastatrices causant des dommages collatéraux aux opérateurs de réseau ainsi qu’aux fournisseurs de services Internet.
Les réseaux programmables, dits Software-Defined Networking (SDN), ont émergé comme
un nouveau paradigme promettant de résoudre les limitations de l’architecture réseau actuelle
en découplant le plan de contrôle du plan de données. D’une part, cette séparation permet
un meilleur contrôle du réseau et apporte de nouvelles capacités pour mitiger les attaques
par déni de service distribué. D’autre part, cette séparation introduit de nouveaux défis en
matière de sécurité du plan de contrôle.
L’enjeu de cette thèse est double. D’une part, étudier et explorer l’apport de SDN
à la sécurité afin de concevoir des solutions efficaces qui vont mitiger plusieurs vecteurs
d’attaques. D’autre part, protéger SDN contre ces attaques. À travers ce travail de
recherche, nous contribuons à la mitigation des attaques par déni de service distribué sur
deux niveaux (intra-domaine et inter-domaine), et nous contribuons au renforcement de
l’aspect sécurité dans les réseaux programmables.The original design of Internet did not take into consideration security aspects of the
network; the priority was to facilitate the process of communication. Therefore, many of the
protocols that are part of the Internet infrastructure expose a set of vulnerabilities that can
be exploited by attackers to carry out a set of attacks. Distributed Denial-of-Service (DDoS)
represents a big threat and one of the most devastating and destructive attacks plaguing
network operators and Internet service providers (ISPs) in a stealthy way.
Software defined networks (SDN), an emerging technology, promise to solve the limitations
of the conventional network architecture by decoupling the control plane from the data
plane. On one hand, the separation of the control plane from the data plane allows for more
control over the network and brings new capabilities to deal with DDoS attacks. On the
other hand, this separation introduces new challenges regarding the security of the control
plane.
This thesis aims to deal with various types of attacks including DDoS attacks while
protecting the resources of the control plane. In this thesis, we contribute to the mitigation
of both intra-domain and inter-domain DDoS attacks, and to the reinforcement of security
aspects in SDN
基于区块链的网络安全技术综述
随着移动互联网与物联网技术的发展,网络空间承载了海量数据,必须保证其安全性和隐私性。基于区块链的网络安全机制具有去中心化、不可篡改、可追溯、高可信和高可用的特性,有利于提升网络安全性。探讨了区块链在网络安全方面的应用方案,分析了基于区块链的网络安全机制的主要技术特点和方法以及未来研究方向。首先探讨了数据管理体系应用区块链进行数据管理的方法,利用区块链不可篡改的特性提高数据的真实性和可靠性。其次分析了物联网应用区块链进行设备管理的方案,通过区块链记录和执行设备控制指令,强化物联网设备权限和通信管理。最后研究了域名系统应用区块链的部署方案,利用区块链的去中心化结构抵抗针对中心节点的分布式拒绝服务攻击。国家自然科学基金资助项目(No.61671396);;东南大学移动通信国家重点实验室开放基金资助项目(No.2018D08);;佛山市科技创新项目(No.2015IT100095)~
TRIDEnT: Building Decentralized Incentives for Collaborative Security
Sophisticated mass attacks, especially when exploiting zero-day
vulnerabilities, have the potential to cause destructive damage to
organizations and critical infrastructure. To timely detect and contain such
attacks, collaboration among the defenders is critical. By correlating
real-time detection information (alerts) from multiple sources (collaborative
intrusion detection), defenders can detect attacks and take the appropriate
defensive measures in time. However, although the technical tools to facilitate
collaboration exist, real-world adoption of such collaborative security
mechanisms is still underwhelming. This is largely due to a lack of trust and
participation incentives for companies and organizations. This paper proposes
TRIDEnT, a novel collaborative platform that aims to enable and incentivize
parties to exchange network alert data, thus increasing their overall detection
capabilities. TRIDEnT allows parties that may be in a competitive relationship,
to selectively advertise, sell and acquire security alerts in the form of
(near) real-time peer-to-peer streams. To validate the basic principles behind
TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is
of independent interest, and show that collaboration is bound to take place
infinitely often. Furthermore, to demonstrate the feasibility of our approach,
we instantiate our design in a decentralized manner using Ethereum smart
contracts and provide a fully functional prototype.Comment: 28 page
P-IOTA: A Cloud-Based Geographically Distributed Threat Alert System That Leverages P4 and IOTA
The recent widespread novel network technologies for programming data planes are remarkably enhancing the customization of data packet processing. In this direction, the Programming Protocol-independent Packet Processors (P4) is envisioned as a disruptive technology, capable of configuring network devices in a highly customizable way. P4 enables network devices to adapt their behaviors to mitigate malicious attacks (e.g., denial of service). Distributed ledger technologies (DLTs), such as blockchain, allow secure reporting alerts on malicious actions detected across different areas. However, the blockchain suffers from major scalability concerns due to the consensus protocols needed to agree on a global state of the network. To overcome these limitations, new solutions have recently emerged. IOTA is a next-generation distributed ledger engineered to tackle the scalability limits while still providing the same security capabilities such as immutability, traceability, and transparency. This article proposes an architecture that integrates a P4-based data plane software-defined network (SDN) and an IOTA layer employed to notify about networking attacks. Specifically, we propose a fast, secure, and energy-efficient DLT-enabled architecture that combines the IOTA data structure, named Tangle, with the SDN layer to detect and notify about network threats
Consortium blockchain management with a peer reputation system for critical information sharing
Blockchain technology based applications are emerging to establish distributed trust amongst organizations who want to share critical information for mutual benefit amongst their peers. There is a growing need for consortium based blockchain schemes that avoid issues such as false reporting and free riding that impact cooperative behavior between multiple domains/entities. Specifically, customizable mechanisms need to be developed to setup and manage consortiums with economic models and cloud-based data storage schemes to suit various application requirements. In this MS Thesis, we address the above issues by proposing a novel consortium blockchain architecture and related protocols that allow critical information sharing using a reputation system that manages co-operation amongst peers using off-chain cloud data storage and on-chain transaction records. We show the effectiveness of our consortium blockchain management approach for two use cases: (i) threat information sharing for cyber defense collaboration system viz., DefenseChain, and (ii) protected data sharing in healthcare information system viz., HonestChain. DefenseChain features a consortium Blockchain architecture to obtain threat data and select suitable peers to help with cyber attack (e.g., DDoS, Advance Persistent Threat, Cryptojacking) detection and mitigation. As part of DefenseChain, we propose a novel economic model for creation and sustenance of the consortium with peers through a reputation estimation scheme that uses 'Quality of Detection' and 'Quality of Mitigation' metrics. Similarly, HonestChain features a consortium Blockchain architecture to allow protected data sharing between multiple domains/entities (e.g., health data service providers, hospitals and research labs) with incentives and in a standards-compliant manner (e.g., HIPAA, common data model) to enable predictive healthcare analytics. Using an OpenCloud testbed with configurations with Hyperledger Composer as well as a simulation setup, our evaluation experiments for DefenseChain and HonestChain show that our reputation system outperforms state-of-the-art solutions and our consortium blockchain approach is highly scalableIncludes bibliographical references (pages 45-52)
On the Integration of Blockchain and SDN: Overview, Applications, and Future Perspectives
Blockchain (BC) and Software-Defined Networking (SDN) are leading
technologies which have recently found applications in several network-related
scenarios and have consequently experienced a growing interest in the research
community. Indeed, current networks connect a massive number of objects over
the Internet and in this complex scenario, to ensure security, privacy,
confidentiality, and programmability, the utilization of BC and SDN have been
successfully proposed. In this work, we provide a comprehensive survey
regarding these two recent research trends and review the related
state-of-the-art literature. We first describe the main features of each
technology and discuss their most common and used variants. Furthermore, we
envision the integration of such technologies to jointly take advantage of
these latter efficiently. Indeed, we consider their group-wise utilization --
named BC-SDN -- based on the need for stronger security and privacy.
Additionally, we cover the application fields of these technologies both
individually and combined. Finally, we discuss the open issues of reviewed
research and describe potential directions for future avenues regarding the
integration of BC and SDN.
To summarize, the contribution of the present survey spans from an overview
of the literature background on BC and SDN to the discussion of the benefits
and limitations of BC-SDN integration in different fields, which also raises
open challenges and possible future avenues examined herein. To the best of our
knowledge, compared to existing surveys, this is the first work that analyzes
the aforementioned aspects in light of a broad BC-SDN integration, with a
specific focus on security and privacy issues in actual utilization scenarios.Comment: 42 pages, 14 figures, to be published in Journal of Network and
Systems Management - Special Issue on Blockchains and Distributed Ledgers in
Network and Service Managemen
- …