A Cyber Attack-Resilient Server Using Hybrid Virtualization

AbstractThis paper describes a novel, cyber attack-resilient server using hybrid virtualization that can reduce the downtime of the server and enhance the diversity of operating systems by adding a Linux virtual machine. The hybrid virtualization consists of machine- and application-level virtualization. The prototype system virtualizes a machine using VMware ESXi, while the prototype system virtualizes a server application using Docker on a Linux virtual machine. Docker increases the speed at which a server application starts while requiring fewer resources such as memory and storage. Performance tests showed that the prototype system reduced the downtime of the DNS service by exploiting a vulnerability with no false positive detections compared with our previous work

Software Defined Networks based Smart Grid Communication: A Comprehensive Survey

The current power grid is no longer a feasible solution due to ever-increasing user demand of electricity, old infrastructure, and reliability issues and thus require transformation to a better grid a.k.a., smart grid (SG). The key features that distinguish SG from the conventional electrical power grid are its capability to perform two-way communication, demand side management, and real time pricing. Despite all these advantages that SG will bring, there are certain issues which are specific to SG communication system. For instance, network management of current SG systems is complex, time consuming, and done manually. Moreover, SG communication (SGC) system is built on different vendor specific devices and protocols. Therefore, the current SG systems are not protocol independent, thus leading to interoperability issue. Software defined network (SDN) has been proposed to monitor and manage the communication networks globally. This article serves as a comprehensive survey on SDN-based SGC. In this article, we first discuss taxonomy of advantages of SDNbased SGC.We then discuss SDN-based SGC architectures, along with case studies. Our article provides an in-depth discussion on routing schemes for SDN-based SGC. We also provide detailed survey of security and privacy schemes applied to SDN-based SGC. We furthermore present challenges, open issues, and future research directions related to SDN-based SGC.Comment: Accepte

Steps in Building a Successful Resilient Cyber Protocol

This article aims to help city administrators gain a systematic approach to building resilient cybersecurity protocols. Resilient protocols provide the basic organizational framework that layers employees, processes, and technologies that can address cyber risks to cities. Thus, these protocols provide the solid foundation necessary to protect cities and public institutions from the constant threat of cyberattacks. This article also offers suggestions on how cities can gain information technology (IT) resilience, and discusses boundaries in the layered approach to resilience

Performance of Machine Learning and Big Data Analytics paradigms in Cybersecurity and Cloud Computing Platforms

The purpose of the research is to evaluate Machine Learning and Big Data Analytics paradigms for use in Cybersecurity. Cybersecurity refers to a combination of technologies, processes and operations that are framed to protect information systems, computers, devices, programs, data and networks from internal or external threats, harm, damage, attacks or unauthorized access. The main characteristic of Machine Learning (ML) is the automatic data analysis of large data sets and production of models for the general relationships found among data. ML algorithms, as part of Artificial Intelligence, can be clustered into supervised, unsupervised, semi-supervised, and reinforcement learning algorithms

Enabling digital grid for industrial revolution: self-healing cyber resilient platform

The key market objectives driving digital grid development are to provide sustainable, reliable and secure network systems that can support variety of applications against any potential cyber attacks. Therefore, there is an urgent demand to accelerate the development of intelligent Software-Defined Networking (SDN) platform that can address the tremendous challenges of data protection for digital resiliency. Modern grid technology tends to adopt distributed SDN controllers for further slicing power grid domain and protect the boundaries of electric data at network edges. To accommodate these issues, this article proposes an intelligent secure SDN controller for supporting digital grid resiliency, considering management coordination capability, to enable self-healing features and recovery of network traffic forwarding during service interruptions. A set of advanced features are employed in grid controllers to configure the network elements in response to possible disasters or link failures. In addition, various SDN topology scenarios are introduced for efficient coordination and configurations of network domains. Finally, to justify the potential advantages of intelligent secure SDN system, a case study is presented to evaluate the requirements of secure digital modern grid networks and pave the path towards the next phase of industry revolution

Failure Analysis in Next-Generation Critical Cellular Communication Infrastructures

The advent of communication technologies marks a transformative phase in critical infrastructure construction, where the meticulous analysis of failures becomes paramount in achieving the fundamental objectives of continuity, security, and availability. This survey enriches the discourse on failures, failure analysis, and countermeasures in the context of the next-generation critical communication infrastructures. Through an exhaustive examination of existing literature, we discern and categorize prominent research orientations with focuses on, namely resource depletion, security vulnerabilities, and system availability concerns. We also analyze constructive countermeasures tailored to address identified failure scenarios and their prevention. Furthermore, the survey emphasizes the imperative for standardization in addressing failures related to Artificial Intelligence (AI) within the ambit of the sixth-generation (6G) networks, accounting for the forward-looking perspective for the envisioned intelligence of 6G network architecture. By identifying new challenges and delineating future research directions, this survey can help guide stakeholders toward unexplored territories, fostering innovation and resilience in critical communication infrastructure development and failure prevention

Tactical ISR/C2 Integration with AI/ML Augmentation

NPS NRP Project PresentationNAVPLAN 2021 specifies Distributed Maritime Operations (DMO) with a tactical grid to connect distributed nodes with processing at the tactical edge to include Artificial Intelligence/Machine Learning (AI/ML) in support of Expeditionary Advanced Base Operations (EABO) and Littoral Operations in a Contested Environment (LOCE). Joint All-Domain Command and Control (JADC2) is the concept for sensor integration. However, Intelligence, Surveillance and Reconnaissance (ISR) and Command and Control (C2) hardware and software have yet to be fully defined, tools integrated, and configurations tested. This project evaluates options for ISR and C2 integration into a Common Operational Picture (COP) with AI/ML for decision support on tactical clouds in support of DMO, EABO, LOCE and JADC2 objectives.Commander, Naval Surface Forces (CNSF)U.S. Fleet Forces Command (USFF)This research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrpChief of Naval Operations (CNO)Approved for public release. Distribution is unlimited.

Techniques to Detect DoS and DDoS Attacks and an Introduction of a Mobile Agent System to Enhance it in Cloud Computing

Security in cloud computing is the ultimate question that every potential user studies before adopting it. Among the important points that the provider must ensure is that the Cloud will be available anytime the consumer tries to access it. Generally, the Cloud is accessible via the Internet, what makes it subject to a large variety of attacks. Today, the most striking cyber-attacks are the flooding DoS and its variant DDoS. This type of attacks aims to break down the availability of a service to its legitimate clients. In this paper, we underline the most used techniques to stand up against DoS flooading attacks in the Cloud

Packet filter performance monitor (anti-DDOS algorithm for hybrid topologies)

DDoS attacks are increasingly becoming a major problem. According to Arbor Networks, the largest DDoS attack reported by a respondent in 2015 was 500 Gbps. Hacker News stated that the largest DDoS attack as of March 2016 was over 600 Gbps, and the attack targeted the entire BBC website. With this increasing frequency and threat, and the average DDoS attack duration at about 16 hours, we know for certain that DDoS attacks will not be going away anytime soon. Commercial companies are not effectively providing mitigation techniques against these attacks, considering that major corporations face the same challenges. Current security appliances are not strong enough to handle the overwhelming traffic that accompanies current DDoS attacks. There is also a limited research on solutions to mitigate DDoS attacks. Therefore, there is a need for a means of mitigating DDoS attacks in order to minimize downtime. One possible solution is for organizations to implement their own architectures that are meant to mitigate DDoS attacks. In this dissertation, we present and implement an architecture that utilizes an activity monitor to change the states of firewalls based on their performance in a hybrid network. Both firewalls are connected inline. The monitor is mirrored to monitor the firewall states. The monitor reroutes traffic when one of the firewalls become overwhelmed due to a HTTP DDoS flooding attack. The monitor connects to the API of both firewalls. The communication between the rewalls and monitor is encrypted using AES, based on PyCrypto Python implementation. This dissertation is structured in three parts. The first found the weakness of the hardware firewall and determined its threshold based on spike and endurance tests. This was achieved by flooding the hardware firewall with HTTP packets until the firewall became overwhelmed and unresponsive. The second part implements the same test as the first, but targeted towards the virtual firewall. The same parameters, test factors, and determinants were used; however a different load tester was utilized. The final part was the implementation and design of the firewall performance monitor. The main goal of the dissertation is to minimize downtime when network firewalls are overwhelmed as a result of a DDoS attack