Common Mechanism for Detecting Multiple DDoS Attacks

An important principle of an internet-based system is information security. Information security is a very important aspect of distributed systems and IoT (Internet of Things) based wireless systems. The attack which is more harmful to the distributed system and IoT-based wireless system is a DDoS (Distributed Denial of Service) attack since in this attack, an attacker can stop the work of all other connected devices or users to the network. For securing distributed applications, various intrusion detection mechanisms are used. But most existing mechanisms are only concentrated on one kind of DDoS attack. This paper focuses on the basic architecture of IoT systems and an overview of single intrusion detection systems. This paper presents a single detection method for different DDoS attacks on distributed systems with an IoT interface. In the future, the system will provide support for detecting and preventing different DDoS attacks in IoT-based systems

A survey on botnets, issues, threats, methods, detection and prevention

Botnets have become increasingly common and progressively dangerous to both business and domestic networks alike. Due to the Covid-19 pandemic, a large quantity of the population has been performing corporate activities from their homes. This leads to speculation that most computer users and employees working remotely do not have proper defences against botnets, resulting in botnet infection propagating to other devices connected to the target network. Consequently, not only did botnet infection occur within the target user’s machine but also neighbouring devices. The focus of this paper is to review and investigate current state of the art and research works for both methods of infection, such as how a botnet could penetrate a system or network directly or indirectly, and standard detection strategies that had been used in the past. Furthermore, we investigate the capabilities of Artificial Intelligence (AI) to create innovative approaches for botnet detection to enable making predictions as to whether there are botnets present within a network. The paper also discusses methods that threat-actors may be used to infect target devices with botnet code. Machine learning algorithms are examined to determine how they may be used to assist AI-based detection and what advantages and disadvantages they would have to compare the most suitable algorithm businesses could use. Finally, current botnet prevention and countermeasures are discussed to determine how botnets can be prevented from corporate and domestic networks and ensure that future attacks can be prevented

A principled approach to measuring the IoT ecosystem

Internet of Things (IoT) devices combine network connectivity, cheap hardware, and actuation to provide new ways to interface with the world. In spite of this growth, little work has been done to measure the network properties of IoT devices. Such measurements can help to inform systems designers and security researchers of IoT networking behavior in practice to guide future research. Unfortunately, properly measuring the IoT ecosystem is not trivial. Devices may have different capabilities and behaviors, which require both active measurements and passive observation to quantify. Furthermore, the IoT devices that are connected to the public Internet may vary from those connected inside home networks, requiring both an external and internal vantage point to draw measurements from. In this thesis, we demonstrate how IoT measurements drawn from a single vantage point or mesaurement technique lead to a biased view of the network services in the IoT ecosystem. To do this, we conduct several real-world IoT measurements, drawn from both inside and outside home networks using active and passive monitoring. First, we leverage active scanning and passive observation in understanding the Mirai botnet---chiefly, we report on the devices it infected, the command and control infrastructure behind the botnet, and how the malware evolved over time. We then conduct active measurements from inside 16M home networks spanning 83M devices from 11~geographic regions to survey the IoT devices installed around the world. We demonstrate how these measurements can uncover the device types that are most at risk and the vendors who manufacture the weakest devices. We compare our measurements with passive external observation by detecting compromised scanning behavior from smart homes. We find that while passive external observation can drive insight about compromised networks, it offers little by way of concrete device attribution. We next compare our results from active external scanning with active internal scanning and show how relying solely on external scanning for IoT measurements under-reports security important IoT protocols, potentially skewing the services investigated by the security community. Finally, we conduct passive measurements of 275~smart home networks to investigate IoT behavior. We find that IoT device behavior varies by type and devices regularly communicate over a myriad of bespoke ports, in many cases to speak standard protocols (e.g., HTTP). Finally, we observe that devices regularly offer active services (e.g., Telnet, rpcbind) that are rarely, if ever, used in actual communication, demonstrating the need for both active and passive measurements to properly compare device capabilities and behaviors. Our results highlight the need for a confluence of measurement perspectives to comprehensively understand IoT ecosystem. We conclude with recommendations for future measurements of IoT devices as well as directions for the systems and security community informed by our work

DDoS: DeepDefence and Machine Learning for identifying attacks

Distributed Denial of Service (DDoS) attacks are very common type of computer attack in the world of internet today. Automatically detecting such type of DDoS attack packets & dropping them before passing through the network is the best prevention method. Conventional solution only monitors and provide the feedforward solution instead of the feedback machine-based learning. A Design of Deep neural network has been suggested in this work and developments have been made on proactive detection of attacks. In this approach, high level features are extracted for representation and inference of the dataset. Experiment has been conducted based on the ISCX dataset published in year 2017,2018 and CICDDoS2019 and program has been developed in Matlab R17b, utilizing Wireshark for features extraction from the datasets. Network Intrusion attacks on critical oil and gas industrial installation become common nowadays, which in turn bring down the giant industrial sites to standstill and suffer financial impacts. This has made the production companies to started investing millions of dollars revenue to protect their critical infrastructure with such attacks with the active and passive solutions available. Our thesis constitutes a contribution to such domain, focusing mainly on security of industrial network, impersonation and attacking with DDoS