On the Efficacy of Live DDoS Detection with Hadoop

Distributed Denial of Service flooding attacks are one of the biggest challenges to the availability of online services today. These DDoS attacks overwhelm the victim with huge volume of traffic and render it incapable of performing normal communication or crashes it completely. If there are delays in detecting the flooding attacks, nothing much can be done except to manually disconnect the victim and fix the problem. With the rapid increase of DDoS volume and frequency, the current DDoS detection technologies are challenged to deal with huge attack volume in reasonable and affordable response time. In this paper, we propose HADEC, a Hadoop based Live DDoS Detection framework to tackle efficient analysis of flooding attacks by harnessing MapReduce and HDFS. We implemented a counter-based DDoS detection algorithm for four major flooding attacks (TCP-SYN, HTTP GET, UDP and ICMP) in MapReduce, consisting of map and reduce functions. We deployed a testbed to evaluate the performance of HADEC framework for live DDoS detection. Based on the experiments we showed that HADEC is capable of processing and detecting DDoS attacks in affordable time

Input-to-State Stabilizing Control Under Denial-of-Service

The issue of cyber-security has become ever more prevalent in the analysis and design of networked systems. In this paper, we analyze networked control systems in the presence of denial-of-service (DoS) attacks, namely attacks that prevent transmissions over the network. We characterize frequency and duration of the DoS attacks under which input-to-state stability (ISS) of the closed-loop system can be preserved. To achieve ISS, a suitable scheduling of the transmission times is determined. It is shown that the considered framework is flexible enough so as to allow the designer to choose from several implementation options that can be used for trading-off performance versus communication resources. Examples are given to substantiate the analysis

On implementation of efficient inline DDoS detector based on AATAC algorithm

Distributed Denial of Service (DDoS) attacks constitute a major threat in the current Internet. These cyber‑attacks aim to flood the target system with tailored malicious network traffic overwhelming its service capacity and consequently severely limiting legitimate users from using the service. This paper builds on the state-of-the-art AATAC algorithm (Autonomous Algorithm for Traffic Anomaly Detection) and provides a concept of a dedicated inline DDoS detector capable of real-time monitoring of network traffic and near-real-time anomaly detection.The inline DDoS detector consists of two main elements: 1) inline probe(s) responsible for link-rate real-time processing and monitoring of network traffic with custom-built packet feature counters, and 2) an analyser that performs the near-real-time statistical analysis of these counters for anomaly detection. These elements communicate asynchronously via the Redis database, facilitating a wide range of deployment scenarios. The inline probes are based on COTS servers and utilise the DPDK framework (Data Plane Development Kit) and parallel packet processing on multiple CPU cores to achieve link rate traffic analysis, including tailored DPI analysis

INFORMATION SECURITY RISK MANAGEMENT USING OCTAVE ALLEGRO METHOD AT UNIVERSITY

Information is one of the important and valuable assets for the life of an organization's business. Information management is needed to maintain the confidentiality, integrity, and availability of the information from cyber attacks. These cyber attacks can be in form of viruses, malware, phishing, Distributed Denial-of-service (DoS), fraud, and Ransomware.The education sector is a significant contributor to the increase in cyber attacks during the COVID-19 pandemic. The use of ICT in higher education must have right information securityThis study aims to Analysis the risks of information security in higher education. Identification of information security risks necessary for the organization to take appropriate preventive and mitigating actions.OCTAVE Allegro is the framework used to perform risk management in this research. This framework focuses on the information assets owned by the organization. How the asset is used, stored, transferred, occurs and how threats (threats), vulnerabilities (vulnerabilities) and disturbances can be on the asset. The results of this study are recommendations for mitigating approach for identified risks

Cognitive Security Framework For Heterogeneous Sensor Network Using Swarm Intelligence

Rapid development of sensor technology has led to applications ranging from academic to military in a short time span. These tiny sensors are deployed in environments where security for data or hardware cannot be guaranteed. Due to resource constraints, traditional security schemes cannot be directly applied. Unfortunately, due to minimal or no communication security schemes, the data, link and the sensor node can be easily tampered by intruder attacks. This dissertation presents a security framework applied to a sensor network that can be managed by a cohesive sensor manager. A simple framework that can support security based on situation assessment is best suited for chaotic and harsh environments. The objective of this research is designing an evolutionary algorithm with controllable parameters to solve existing and new security threats in a heterogeneous communication network. An in-depth analysis of the different threats and the security measures applied considering the resource constrained network is explored. Any framework works best, if the correlated or orthogonal performance parameters are carefully considered based on system goals and functions. Hence, a trade-off between the different performance parameters based on weights from partially ordered sets is applied to satisfy application specific requirements and security measures. The proposed novel framework controls heterogeneous sensor network requirements,and balance the resources optimally and efficiently while communicating securely using a multi-objection function. In addition, the framework can measure the affect of single or combined denial of service attacks and also predict new attacks under both cooperative and non-cooperative sensor nodes. The cognitive intuition of the framework is evaluated under different simulated real time scenarios such as Health-care monitoring, Emergency Responder, VANET, Biometric security access system, and Battlefield monitoring. The proposed three-tiered Cognitive Security Framework is capable of performing situation assessment and performs the appropriate security measures to maintain reliability and security of the system. The first tier of the proposed framework, a crosslayer cognitive security protocol defends the communication link between nodes during denial-of-Service attacks by re-routing data through secure nodes. The cognitive nature of the protocol balances resources and security making optimal decisions to obtain reachable and reliable solutions. The versatility and robustness of the protocol is justified by the results obtained in simulating health-care and emergency responder applications under Sybil and Wormhole attacks. The protocol considers metrics from each layer of the network model to obtain an optimal and feasible resource efficient solution. In the second tier, the emergent behavior of the protocol is further extended to mine information from the nodes to defend the network against denial-of-service attack using Bayesian models. The jammer attack is considered the most vulnerable attack, and therefore simulated vehicular ad-hoc network is experimented with varied types of jammer. Classification of the jammer under various attack scenarios is formulated to predict the genuineness of the attacks on the sensor nodes using receiver operating characteristics. In addition to detecting the jammer attack, a simple technique of locating the jammer under cooperative nodes is implemented. This feature enables the network in isolating the jammer or the reputation of node is affected, thus removing the malicious node from participating in future routes. Finally, a intrusion detection system using `bait\u27 architecture is analyzed where resources is traded-off for the sake of security due to sensitivity of the application. The architecture strategically enables ant agents to detect and track the intruders threateningthe network. The proposed framework is evaluated based on accuracy and speed of intrusion detection before the network is compromised. This process of detecting the intrusion earlier helps learn future attacks, but also serves as a defense countermeasure. The simulated scenarios of this dissertation show that Cognitive Security Framework isbest suited for both homogeneous and heterogeneous sensor networks

A Robust Mechanism for Defending Distributed Denial OF Service Attacks on Web Servers

Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.Comment: 18 pages, 3 figures, 5 table

Detecting network attacks using high-resolution time series

Research in the detection of cyber-attacks has sky-rocketed in the recent past. However, there remains a striking gap between usage of the proposed algorithms in academic research versus industrial applications. Leading researchers have argued that efforts toward the understanding of proposed detectors are lacking. By digging deeper into their inner workings and critically evaluating their underlying assumptions, better detectors may be built. The aim of this thesis is therefore to provide an underlying theory for understanding a single class of detection algorithms, in particular, anomaly-based network intrusion detection algorithms that utilise high-resolution time series data. A framework is proposed to deconstruct the algorithms into their constituent components (windows, representations, and deviations). The framework is applied to a class of algorithms, allowing to construct a “space” of algorithms spanned by five variables: windowing procedure, information availability, single- or multi-aggregated representation, marginal distribution model, and deviation. The detection of a simple class of Denial-of-Service (DoS) attacks is modelled as a detection theoretic problem. It is shown that the effect of incomplete information is greatest when detecting low-intensity attacks (less than 5%), however, the effect slowly decays as the attack intensity increases. Next, the representation and deviation components are jointly analysed via a proposed experimental procedure using network traffic from two publicly available datasets: the Measurement and Analysis on the WIDE Internet (MAWI) archive, and the Booters dataset. The experimental analysis shows that varying the representation (single- versus multi-aggregated) has little effect on detection accuracy, and that the likelihood deviation is superior to the L2 distance deviation, although the difference is negligible for large-intensity attacks (approximately 80%)

Event-based security control for discrete-time stochastic systems

This study is concerned with the event-based security control problem for a class of discrete-time stochastic systems with multiplicative noises subject to both randomly occurring denial-of-service (DoS) attacks and randomly occurring deception attacks. An event-triggered mechanism is adopted with hope to reduce the communication burden, where the measurement signal is transmitted only when a certain triggering condition is violated. A novel attack model is proposed to reflect the randomly occurring behaviours of the DoS attacks as well as the deception attacks within a unified framework via two sets of Bernoulli distributed white sequences with known conditional probabilities. A new concept of mean-square security domain is put forward to quantify the security degree. The authors aim to design an output feedback controller such that the closed-loop system achieves the desired security. By using the stochastic analysis techniques, some sufficient conditions are established to guarantee the desired security requirement and the control gain is obtained by solving some linear matrix inequalities with nonlinear constraints. A simulation example is utilised to illustrate the usefulness of the proposed controller design scheme.This work was supported in part by Royal Society of the UK, the National Natural Science Foundation of China under Grants 61329301, 61573246 and 61374039, the Shanghai Rising-Star Programme of China under Grant 16QA1403000, the Program for Capability Construction of Shanghai Provincial Universities under Grant 15550502500 and the Alexander von Humboldt Foundation of Germany