IoT and Man-in-the-Middle Attacks

This paper provides an overview of the Internet of Things (IoT) and its significance. It discusses the concept of Man-in-the-Middle (MitM) attacks in detail, including their causes, potential solutions, and challenges in detecting and preventing such attacks. The paper also addresses the current issues related to IoT security and explores future methods and facilities for improving detection and prevention mechanisms against MitM

Advance Approach for Detection of DNS Tunneling Attack from Network Packets Using Deep Learning Algorithms

Domain Name System (DNS) is a protocol for converting numeric IP addresses of websites into a human-readable form. With the development of technology, to transfer information, a method like DNS tunneling is used which includes data encryption into DNS queries. The ability of the DNS tunneling method of transferring data attracts attackers to establish bidirectional communication with machines infected with malwares. This can lead to sending instructions in an obfuscated way or can lead to data exfiltration. Since firewalls and intrusion detection systems detect only specific types of tunneling, were as the Machine Learning Algorithms can analyze and predict based on previous data provided to it, it is being adopted by researchers to detect and predict the occurrence of DNS Tunneling. The identification of anomalies in Network packets can be done by using Natural Language Processing (NLP) technique. The experimental test accuracy showed that the feature extraction method in NLP for detecting DNS tunneling in network packets was found to be 98.42% on the generated Dataset. This paper makes a comparative study of 1 Dimensional Convolution Neural Network (1-D CNN), Simple Recurrent Neural Network (Simple RNN), Long Short-Term Memory (LSTM) algorithm, Gated Recurrent Unit (GRU) algorithm for detecting DNS Tunneling over the generated dataset. To detect this threat of DNS tunneling attack, good quality of the dataset is required. This paper also proposes the generation of a good quality dataset that contains network packets, by the recreation of DNS Tunneling attack using tool dnscat2

A Survey on Spoofing and Selective Forwarding Attacks on Zigbee based WSN

The main focus of WSN is to gather data from the physical world. It is often deployed for sensing, processing as well as disseminating information of the targeted physical environments. The main objective of the WSN is to collect data from the target environment using sensors as well as transmit those data to the desired place of choice. In order to achieve an efficient performance, WSN should have efficient as well as reliable networking protocols. The most popular technology behind WSN is Zigbee. In this paper a pilot study is done on important security issues on spoofing and selective forwarding attack on Zigbee based WSN. This paper identifies the security vulnerabilities of Zigbee network and gaps in the existing methodologies to address the security issues and will help the future researchers to narrow down their research in WSN.Keywords: Zigbee, WSN, Protocol Stack, Spoofing and Selective Forwarding

Distributed reflection denial of service attack: A critical review

As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks

Intrusion detection in IoT networks using machine learning

The exponential growth of Internet of Things (IoT) infrastructure has introduced significant security challenges due to the large-scale deployment of interconnected devices. IoT devices are present in every aspect of our modern life; they are essential components of Industry 4.0, smart cities, and critical infrastructures. Therefore, the detection of attacks on this platform becomes necessary through an Intrusion Detection Systems (IDS). These tools are dedicated hardware devices or software that monitors a network to detect and automatically alert the presence of malicious activity. This study aimed to assess the viability of Machine Learning Models for IDS within IoT infrastructures. Five classifiers, encompassing a spectrum from linear models like Logistic Regression, Decision Trees from Trees Algorithms, Gaussian Naïve Bayes from Probabilistic models, Random Forest from ensemble family and Multi-Layer Perceptron from Artificial Neural Networks, were analysed. These models were trained using supervised methods on a public IoT attacks dataset, with three tasks ranging from binary classification (determining if a sample was part of an attack) to multiclassification of 8 groups of attack categories and the multiclassification of 33 individual attacks. Various metrics were considered, from performance to execution times and all models were trained and tuned using cross-validation of 10 k-folds. On the three classification tasks, Random Forest was found to be the model with best performance, at expenses of time consumption. Gaussian Naïve Bayes was the fastest algorithm in all classification¿s tasks, but with a lower performance detecting attacks. Whereas Decision Trees shows a good balance between performance and processing speed. Classifying among 8 attack categories, most models showed vulnerabilities to specific attack types, especially those in minority classes due to dataset imbalances. In more granular 33 attack type classifications, all models generally faced challenges, but Random Forest remained the most reliable, despite vulnerabilities. In conclusion, Machine Learning algorithms proves to be effective for IDS in IoT infrastructure, with Random Forest model being the most robust, but with Decision Trees offering a good balance between speed and performance.Objectius de Desenvolupament Sostenible::9 - Indústria, Innovació i Infraestructur