Network-Aware AutoML Framework for Software-Defined Sensor Networks

As the current detection solutions of distributed denial of service attacks (DDoS) need additional infrastructures to handle high aggregate data rates, they are not suitable for sensor networks or the Internet of Things. Besides, the security architecture of software-defined sensor networks needs to pay attention to the vulnerabilities of both software-defined networks and sensor networks. In this paper, we propose a network-aware automated machine learning (AutoML) framework which detects DDoS attacks in software-defined sensor networks. Our framework selects an ideal machine learning algorithm to detect DDoS attacks in network-constrained environments, using metrics such as variable traffic load, heterogeneous traffic rate, and detection time while preventing over-fitting. Our contributions are two-fold: (i) we first investigate the trade-off between the efficiency of ML algorithms and network/traffic state in the scope of DDoS detection. (ii) we design and implement a software architecture containing open-source network tools, with the deployment of multiple ML algorithms. Lastly, we show that under the denial of service attacks, our framework ensures the traffic packets are still delivered within the network with additional delays

Cyber deception against DDoS attack using moving target defence framework in SDN IOT-EDGE networks

Software Defined Networking (SDN) networking paradigm advancements are advantageous, but they have also brought new security concerns. The Internet of Things (IoT) Edge Computing servers provide closer access to cloud services and is also a point of target for availability attacks. The Distributed Denial of Service (DDoS) attacks on SDN IoT-Edge Computing caused by botnet of IoT hosts has compromised major services and is still an impending concern due to the Work From Home virtual office shift attributed by Covid19 pandemic. The effectiveness of a Moving Target Defense (MTD) technique based on SDN for combating DDoS attacks in IoT-Edge networks was investigated in this study with a test scenario based on a smart building. An MTD Reactive and Proactive Network Address Shuffling Mechanism was developed, tested, and evaluated with results showing successful defence against UDP, TCP SYN, and LAND DDoS attacks; preventing IoT devices from being botnet compromised due to the short-lived network address; and ensuring reliable system performance

Trends on Computer Security: Cryptography, User Authentication, Denial of Service and Intrusion Detection

The new generation of security threats has beenpromoted by digital currencies and real-time applications, whereall users develop new ways to communicate on the Internet.Security has evolved in the need of privacy and anonymity forall users and his portable devices. New technologies in everyfield prove that users need security features integrated into theircommunication applications, parallel systems for mobile devices,internet, and identity management. This review presents the keyconcepts of the main areas in computer security and how it hasevolved in the last years. This work focuses on cryptography,user authentication, denial of service attacks, intrusion detectionand firewalls

Federated Reinforcement Learning for Private and Collaborative Selection of Moving Target Defense Mechanisms for IoT Device Security

The Internet of Things (IoT) has grown exponentially in recent years and it is predicted that the number of devices will double again to 30 billion by 2030 [24]. At the same time, the number of unpatched, vulnerable and infected devices connected to the Internet is increasing exponentially as well. Famous malware incidents from the past like Mirai have painfully illustrated how vulnerable IoT devices are on a broad scale. This work examines how Moving Target Defense (MTD) can be used in a collaborative framework for defense in depth and to thwart cyberattacks. For this purpose, a system prototype has been implemented that is capable of autonomously learning to defend a set of IoT devices (more specifically Radio Frequency Spectrum Sensors belonging to ElectroSense) from a specific set of malware by selecting and deploying MTDs. In scientific literature, usually individual MTDs optimized against specific attacks are presented, but no collaborative framework that combines and orchestrates a set of MTDs. In the prototypical implementation, an individual local agent is deployed on a set of simulated devices, monitoring the behavior of its host, according to 100 system parameters. In case an attack is detected, the local agent is invoked in order to select from a set of MTDs to ward off the attack. If the post-MTD device behavior can be considered normal again, the local agent receives a reward, which is used to update the local policy. Thanks to the use of FL, all local agents contribute to learning one global defense policy together. The project shows that a good attack mitigation probability can be achieved in nonfederated as well as federated learning setting. Furthermore, the system also proves to be somewhat robust against locally and globally skewed sample distributions. Under certain assumptions it can also be assumed that collaborative learning of an MTD selection policy is faster and more robust than centralized learning. The findings on how FRL can be used in IT security to collaboratively learn an MTD selection policy contribute to the state of the art on MTD

The Role of Deep Learning in Advancing Proactive Cybersecurity Measures for Smart Grid Networks: A Survey

As smart grids (SG) increasingly rely on advanced technologies like sensors and communication systems for efficient energy generation, distribution, and consumption, they become enticing targets for sophisticated cyberattacks. These evolving threats demand robust security measures to maintain the stability and resilience of modern energy systems. While extensive research has been conducted, a comprehensive exploration of proactive cyber defense strategies utilizing Deep Learning (DL) in {SG} remains scarce in the literature. This survey bridges this gap, studying the latest DL techniques for proactive cyber defense. The survey begins with an overview of related works and our distinct contributions, followed by an examination of SG infrastructure. Next, we classify various cyber defense techniques into reactive and proactive categories. A significant focus is placed on DL-enabled proactive defenses, where we provide a comprehensive taxonomy of DL approaches, highlighting their roles and relevance in the proactive security of SG. Subsequently, we analyze the most significant DL-based methods currently in use. Further, we explore Moving Target Defense, a proactive defense strategy, and its interactions with DL methodologies. We then provide an overview of benchmark datasets used in this domain to substantiate the discourse.{ This is followed by a critical discussion on their practical implications and broader impact on cybersecurity in Smart Grids.} The survey finally lists the challenges associated with deploying DL-based security systems within SG, followed by an outlook on future developments in this key field.Comment: To appear in the IEEE internet of Things journa

Autonomous Network Defence Using Multi-Agent Reinforcement Learning and Self-Play

Early threat detection is an increasing part of the cybersecurity landscape, given the growing scale and scope of cyberattacks in the recent years. Increasing exploitation of software vulnerabilities, especially in the manufacturing sector, demonstrates the ongoing need for autonomous network defence. In this work, we model the problem as a zero-sum Markov game between an attacker and defender reinforcement learning agents. Previous methods test their approach on a single topology or limit the agents to a subset of the network. However, real world networks are rarely fixed and often add or remove hosts based on demand, link failures, outages, or other factors. We do not confine our research to a fixed network in terms of size and topology, but instead are interested in larger networks and varied topologies to determine the scalability and robustness of the approach. We consider additional topologies and a robust training curriculum that incorporates network topologies to build more general, capable agents. We also use PPO which offers a good balance of computational complexity and convergence speed

Self-Adaptation in SDN-based IoT Networks

In the digital age, frightening patterns in digital threats are emerging. It is impossible to ignore threats to IoT networks. Threats can take on any of the typical forms, including Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Virus assault, Man-in-the-middle attack (Mitm), Advanced Persistent Threats (APT), Password Assault, and more. It is crucial to eliminate all threats from IoT networks and devices. Reinforcement learning to detect anomalies in an IoT network is seen to be the greatest option for correcting risks in a network, hence fixing the afflicted nodes, according to this thesis, "Self-Adaptation of SDN-based IoT Networks." (Markov) MDP policies and MAPE-K loop properties in Self-aware systems are the bases of the design in this thesis. The network system exhibited self-adaptability features, which makes it self-correcting and self-healing. The objective of this research is to propose a means to secure the devices in an IoT network by protecting them from any form of threats and ensuring that the devices function normally. Even at the advent of abnormal functioning of any node in the network, the system should be able to correct itself. A Software Defined Network (SDN) architecture is proposed for the design in a later section, which explains the kind of SDN that should be in place for the intrusion detection system. Further into the thesis, we dived deep into the general overview of deep reinforcement learning. Then comes the implementation, which talks about the kind of reinforcement learning policy used in the work and how the result was derived. The other section discusses the result and discussion, where the result in this work was compared with the result of the traditional machine learning algorithm