5,303 research outputs found
DDoS Attack Detection Method Based on Network Abnormal Behavior in Big Data Environment
Distributed denial of service (DDoS) attack becomes a rapidly growing problem
with the fast development of the Internet. The existing DDoS attack detection
methods have time-delay and low detection rate. This paper presents a DDoS
attack detection method based on network abnormal behavior in a big data
environment. Based on the characteristics of flood attack, the method filters
the network flows to leave only the 'many-to-one' network flows to reduce the
interference from normal network flows and improve the detection accuracy. We
define the network abnormal feature value (NAFV) to reflect the state changes
of the old and new IP address of 'many-to-one' network flows. Finally, the DDoS
attack detection method based on NAFV real-time series is built to identify the
abnormal network flow states caused by DDoS attacks. The experiments show that
compared with similar methods, this method has higher detection rate, lower
false alarm rate and missing rate
Machine Learning-Based Anomaly Detection in Cloud Virtual Machine Resource Usage
Anomaly detection is an important activity in cloud computing systems because it aids in the identification of odd behaviours or actions that may result in software glitch, security breaches, and performance difficulties. Detecting aberrant resource utilization trends in virtual machines is a typical application of anomaly detection in cloud computing (VMs). Currently, the most serious cyber threat is distributed denial-of-service attacks. The afflicted server\u27s resources and internet traffic resources, such as bandwidth and buffer size, are slowed down by restricting the server\u27s capacity to give resources to legitimate customers.
To recognize attacks and common occurrences, machine learning techniques such as Quadratic Support Vector Machines (QSVM), Random Forest, and neural network models such as MLP and Autoencoders are employed. Various machine learning algorithms are used on the optimised NSL-KDD dataset to provide an efficient and accurate predictor of network intrusions. In this research, we propose a neural network based model and experiment on various central and spiral rearrangements of the features for distinguishing between different types of attacks and support our approach of better preservation of feature structure with image representations. The results are analysed and compared to existing models and prior research. The outcomes of this study have practical implications for improving the security and performance of cloud computing systems, specifically in the area of identifying and mitigating network intrusions
Understanding Security Requirements and Challenges in Internet of Things (IoTs): A Review
Internet of Things (IoT) is realized by the idea of free flow of information
amongst various low power embedded devices that use Internet to communicate
with one another. It is predicted that the IoT will be widely deployed and it
will find applicability in various domains of life. Demands of IoT have lately
attracted huge attention and organizations are excited about the business value
of the data that will be generated by the IoT paradigm. On the other hand, IoT
have various security and privacy concerns for the end users that limit its
proliferation. In this paper we have identified, categorized and discussed
various security challenges and state of the art efforts to resolve these
challenges
Cloud-based DDoS Attacks and Defenses
Safety and reliability are important in the cloud computing environment. This
is especially true today as distributed denial-of-service (DDoS) attacks
constitute one of the largest threats faced by Internet users and cloud
computing services. DDoS attacks target the resources of these services,
lowering their ability to provide optimum usage of the network infrastructure.
Due to the nature of cloud computing, the methodologies for preventing or
stopping DDoS attacks are quite different compared to those used in traditional
networks. In this paper, we investigate the effect of DDoS attacks on cloud
resources and recommend practical defense mechanisms against different types of
DDoS attacks in the cloud environment
Privacy-Preserving DDoS Attack Detection Using Cross-Domain Traffic in Software Defined Networks
Existing distributed denial-of-service attack detection in software defined
networks (SDNs) typically perform detection in a single domain. In reality,
abnormal traffic usually affects multiple network domains. Thus, a cross-domain
attack detection has been proposed to improve detection performance. However,
when participating in detection, the domain of each SDN needs to provide a
large amount of real traffic data, from which private information may be
leaked. Existing multiparty privacy protection schemes often achieve privacy
guarantees by sacrificing accuracy or increasing the time cost. Achieving both
high accuracy and reasonable time consumption is a challenging task. In this
paper, we propose Predis, which is a privacypreserving cross-domain attack
detection scheme for SDNs. Predis combines perturbation encryption and data
encryption to protect privacy and employs a computationally simple and
efficient algorithm k-Nearest Neighbors (kNN) as its detection algorithm. We
also improve kNN to achieve better efficiency. Via theoretical analysis and
extensive simulations, we demonstrate that Predis is capable of achieving
efficient and accurate attack detection while securing sensitive information of
each domain
A Survey of Techniques for Improving Security of GPUs
Graphics processing unit (GPU), although a powerful performance-booster, also
has many security vulnerabilities. Due to these, the GPU can act as a
safe-haven for stealthy malware and the weakest `link' in the security `chain'.
In this paper, we present a survey of techniques for analyzing and improving
GPU security. We classify the works on key attributes to highlight their
similarities and differences. More than informing users and researchers about
GPU security techniques, this survey aims to increase their awareness about GPU
security vulnerabilities and potential countermeasures
Cyberattack Detection in Mobile Cloud Computing: A Deep Learning Approach
With the rapid growth of mobile applications and cloud computing, mobile
cloud computing has attracted great interest from both academia and industry.
However, mobile cloud applications are facing security issues such as data
integrity, users' confidentiality, and service availability. A preventive
approach to such problems is to detect and isolate cyber threats before they
can cause serious impacts to the mobile cloud computing system. In this paper,
we propose a novel framework that leverages a deep learning approach to detect
cyberattacks in mobile cloud environment. Through experimental results, we show
that our proposed framework not only recognizes diverse cyberattacks, but also
achieves a high accuracy (up to 97.11%) in detecting the attacks. Furthermore,
we present the comparisons with current machine learning-based approaches to
demonstrate the effectiveness of our proposed solution.Comment: 6 pages, 3 figures, 1 table, WCNC 2018 conferenc
Memory DoS Attacks in Multi-tenant Clouds: Severity and Mitigation
In cloud computing, network Denial of Service (DoS) attacks are well studied
and defenses have been implemented, but severe DoS attacks on a victim's
working memory by a single hostile VM are not well understood. Memory DoS
attacks are Denial of Service (or Degradation of Service) attacks caused by
contention for hardware memory resources on a cloud server. Despite the strong
memory isolation techniques for virtual machines (VMs) enforced by the software
virtualization layer in cloud servers, the underlying hardware memory layers
are still shared by the VMs and can be exploited by a clever attacker in a
hostile VM co-located on the same server as the victim VM, denying the victim
the working memory he needs. We first show quantitatively the severity of
contention on different memory resources. We then show that a malicious cloud
customer can mount low-cost attacks to cause severe performance degradation for
a Hadoop distributed application, and 38X delay in response time for an
E-commerce website in the Amazon EC2 cloud.
Then, we design an effective, new defense against these memory DoS attacks,
using a statistical metric to detect their existence and execution throttling
to mitigate the attack damage. We achieve this by a novel re-purposing of
existing hardware performance counters and duty cycle modulation for security,
rather than for improving performance or power consumption. We implement a full
prototype on the OpenStack cloud system. Our evaluations show that this defense
system can effectively defeat memory DoS attacks with negligible performance
overhead.Comment: 18 page
Mitigating Data Exfiltration in Storage-as-a-Service Clouds
Existing processes and methods for incident handling are geared towards
infrastructures and operational models that will be increasingly outdated by
cloud computing. Research has shown that to adapt incident handling to cloud
computing environments, cloud customers must establish clarity about their
requirements on Cloud Service Providers (CSPs) for successful handling of
incidents and contract CSPs accordingly. Secondly, CSPs must strive to support
these requirements and mirror them in their Service Level Agreements. Intrusion
Detection Systems (IDS) have been used widely to detect malicious behaviors in
network communication and hosts. Facing new application scenarios in Cloud
Computing, the IDS approaches yield several problems since the operator of the
IDS should be the user, not the administrator of the Cloud infrastructure.
Cloud providers need to enable possibilities to deploy and configure IDS for
the user - which poses its own challenges. Current research and commercial
solutions primarily focus on protecting against Denial of Service attacks and
attacks against the Cloud's virtual infrastructure. To counter these
challenges, we propose a capability that aims to both detect and prevent the
potential of data exfiltration by using a novel deception-based methodology. We
also introduce a method of increasing the data protection level based on
various threat conditions
IoT-KEEPER: Securing IoT Communications in Edge Networks
The increased popularity of IoT devices have made them lucrative targets for
attackers. Due to insecure product development practices, these devices are
often vulnerable even to very trivial attacks and can be easily compromised.
Due to the sheer number and heterogeneity of IoT devices, it is not possible to
secure the IoT ecosystem using traditional endpoint and network security
solutions. To address the challenges and requirements of securing IoT devices
in edge networks, we present IoT-Keeper, which is a novel system capable of
securing the network against any malicious activity, in real time. The proposed
system uses a lightweight anomaly detection technique, to secure both
device-to-device and device-to-infrastructure communications, while using
limited resources available on the gateway. It uses unlabeled network data to
distinguish between benign and malicious traffic patterns observed in the
network. A detailed evaluation, done with real world testbed, shows that
IoT-Keeper detects any device generating malicious traffic with high accuracy
(0.982) and low false positive rate (0.01). The results demonstrate that
IoT-Keeper is lightweight, responsive and can effectively handle complex D2D
interactions without requiring explicit attack signatures or sophisticated
hardware.Comment: 20 pages, 9 figures, 4 table
- …