Utilizing Random Forest for DDoS Attack Detection

The “Distributed Denial of Service” (DDoS) attack represents one of the most common forms of cyber assaults. Top of FormThe goal of DDoS is to overwhelm the server machine with an overwhelming number of data packets. This causes the bulk of the network bandwidth and server resources to be used leading to a Distributed denial-of-service problem.  In this paper, we employed a random forest classifier for detecting the DDoS attack. This leads to an improvement in accuracy as well as a reduction in the amount of processing overhead required. Utilizing the CICDDOS2019 dataset, our experimental results showcased an impressive accuracy rate of 99.81%

Засоби на основі модифікованого алгоритму виявлення інформаційних атак на хмарні сервіси

Актуальність теми. Комп’ютерні мережі в сучасну епоху стали основою багатьох установ, включаючи урядові, дослідницькі та оборонні організації. З розвитком інтернету, хмарних обчислень, інтернету речей, сучасних мереж, постало завдання захисту таких ресурсів. Основні проблеми безпеки класифікуються як загрози цілісності, доступності та конфіденційності. Інформація, яка зберігається й обробляється, має бути конфіденційна та цілісна, а ресурси, які використовуються, мають бути доступні. DDoS-атака є основною загрозою доступності ресурсів, оскільки вона намагається запобігти нормальному трафіку між клієнтом і сервером. DDoS-атаки стали звичною практикою в суто конкурентній боротьбі. Піддаватися атакам на замовлення можуть офіційні сайти компаній конкурентів. Іноді хакери займаються прямим шантажем приватних компаній, вимагаючи гроші за те, щоб не атакувати їх сайти. Тому розробка спеціальних інструментів, які зможуть покращити безпеку додатків є актуальною і важливою задачею. Об’єктом дослідження єі приватні або публічні хмарні середовища. Предметом дослідженняі є методи та алгоритми виявлення та запобіганняі інформаційних атак, зокрема DDoS-атак. Мета роботи: створено алгоритм виявлення інформаційних атак, що відрізняється використанням алгоритму Зозулі щодо оптимізації навчання і дозволяє підвищити ефективність розпізнавання DDoS атак на 3,87%.. Наукова новизнаі полягає в наступному: створено модифікований алгоритм виявленняі інформаційних атак, який дозволяє оптимізувати навчання нейронноїі мережі засобами алгоритму Зозулі. Практична цінність отриманихі в роботі результатів полягає в тому, щоі запропонований модифікований алгоритм дасть змогу з більшоюі точністю та швидкістю виявляти та запобігати інформаційнимі атакам, таким як DDoS-атаки. Розроблений десктопі-додаток дасть змогу протестувати оптимізований алгоритм наі практиці. Апробація роботи. Основні положення і результатиі роботи були представлені та обговорювались на науковійі конференції магістрантів та аспірантів «Прикладна математика таі комп’ютинг» ПМК-2021, а ще на VІI Міжнародна науково-технічна Internet-конференція «Сучасні методиі, інформаційне, програмне та технічне забезпечення систем керуванняі організаційно-технічними та технологічними комплексами». Також, результатиі роботи, програмні засоби були впроваджені в діючеі підприємство. Структура та обсяг роботи. Магістерська дисертаціяі складається з вступу, чотирьох розділів та висновківі. У вступі подано загальну характеристику роботи, зробленоі оцінку сучасного стану проблеми, обґрунтовано актуальність напрямкуі досліджень, сформульовано мету і задачі досліджень, показаноі наукову новизну отриманих результатів і практичну цінністьі роботи, наведено відомості про апробацію результатів іі їхнє впровадження. У першому розділі проведено аналізі предметної області, розглянуто існуючі системи захисту віді інформаційних атак, а також проведений аналіз, якийі дає змогу визначити основні переваги та недолікиі розробленого модифікованого алгоритму. У другому розділі аналізі мов програмування та обґрунтування вибору засобів реалізаціїі та модифікації. У третьому розділі приводиться структурноі-алгоритмічна організація розроблюваного десктоп-додатку. У четвертомуі розділі описується аналіз та тестування розробленого оптимізованогоі алгоритму. У висновках представлені результати проведеної роботиі та порівняння з іншими існуючими алгоритмами машинногоі навчання. Робота представлена на 92 аркушах, міститьі посилання на список використаних літературних джерел.Actuality of theme. Computer networks have become the basis of many institutions in the modern era, including government, research, and defense organizations. With the development of the Internet, cloud computing, the Internet of Things, modern networks, the task of protecting such resources has arisen. Major security issues are classified as threats to integrity, accessibility, and confidentiality. The information stored and processed must be confidential and complete, and the resources used must be available. A DDoS attack is a major threat to resource availability as it tries to prevent normal traffic between client and server. DDoS attacks have become common practice in purely competitive competition. Official websites of competing companies can be attacked by order. Sometimes hackers engage in direct blackmail of private companies, demanding money for not attacking their sites. Therefore, the development of special tools that can improve the security of applications is an urgent and important task. The object of research is private or public cloud environments. The subject of research is methods and algorithms for detecting and preventing information attacks, in particular DDoS attacks. Purpose: modification of the existing algorithm for detecting information attacks, to speed up learning and detection; creating a software application to detect and prevent DDoS attacks. The scientific novelty is as follows: a modified algorithm for detecting information attacks has been created, which allows to optimize the learning of the neural network by means of the Cuckoo search algorithm. The practical value of the results obtained in this work is that the proposed modified algorithm will allow with greater accuracy and speed to detect and prevent information attacks, such as DDoS attacks. The developed desktop application will allow to test the optimized algorithm in practice. Approbation of work. The main provisions and results of the work were presented and discussed at the scientific conference of undergraduates and graduate students "Applied Mathematics and Computing" PMK-2021, and at the VII International Scientific and Technical Internet Conference "Modern methods, information, software and hardware control systems organizational, technical and technological complexes ". Also, the results of work, were implemented in the existing enterprise. Structure and scope of work. The master's dissertation consists of an introduction, four chapters and conclusions. The introduction gives a general description of the work, assesses the current state of the problem, substantiates the relevance of the research, formulates the purpose and objectives of research, shows the scientific novelty of the results and practical value of the work, provides information on approbation of results and their implementation. The first section analyzes the subject area, considers the existing systems of protection against information attacks, as well as the analysis, which allows determining the main advantages and disadvantages of the developed modified algorithm. The second section analyzes the programming languages and justifies the choice of implementation and modification tools. The third section presents the structural and algorithmic organization of the developed desktop application. The fourth section describes the analysis and testing of the developed optimized algorithm. The conclusions present the results of the work and comparison with other existing machine learning algorithms. The work is presented on 92і sheets, contains links to a list of used literature sources

Authoritative and Unbiased Responses to Geographic Queries

Trust in information systems stem from two key properties of responses to queries regarding the state of the system, viz., i) authoritativeness, and ii) unbiasedness. That the response is authoritative implies that i) the provider (source) of the response, and ii) the chain of delegations through which the provider obtained the authority to respond, can be verified. The property of unbiasedness implies that no system data relevant to the query is deliberately or accidentally suppressed. The need for guaranteeing these two important properties stem from the impracticality for the verifier to exhaustively verify the correctness of every system process, and the integrity of the platform on which system processes are executed. For instance, the integrity of a process may be jeopardized by i) bugs (attacks) in computing hardware like Random Access Memory (RAM), input/output channels (I/O), and Central Processing Unit( CPU), ii) exploitable defects in an operating system, iii) logical bugs in program implementation, and iv) a wide range of other embedded malfunctions, among others. A first step in ensuing AU properties of geographic queries is the need to ensure AU responses to a specific type of geographic query, viz., point-location. The focus of this dissertation is on strategies to leverage assured point-location, for i) ensuring authoritativeness and unbiasedness (AU) of responses to a wide range of geographic queries; and ii) useful applications like Secure Queryable Dynamic Maps (SQDM) and trustworthy redistricting protocol. The specific strategies used for guaranteeing AU properties of geographic services include i) use of novel Merkle-hash tree- based data structures, and ii) blockchain networks to guarantee the integrity of the processes

A patient agent controlled customized blockchain based framework for internet of things

Although Blockchain implementations have emerged as revolutionary technologies for various industrial applications including cryptocurrencies, they have not been widely deployed to store data streaming from sensors to remote servers in architectures known as Internet of Things. New Blockchain for the Internet of Things models promise secure solutions for eHealth, smart cities, and other applications. These models pave the way for continuous monitoring of patient’s physiological signs with wearable sensors to augment traditional medical practice without recourse to storing data with a trusted authority. However, existing Blockchain algorithms cannot accommodate the huge volumes, security, and privacy requirements of health data. In this thesis, our first contribution is an End-to-End secure eHealth architecture that introduces an intelligent Patient Centric Agent. The Patient Centric Agent executing on dedicated hardware manages the storage and access of streams of sensors generated health data, into a customized Blockchain and other less secure repositories. As IoT devices cannot host Blockchain technology due to their limited memory, power, and computational resources, the Patient Centric Agent coordinates and communicates with a private customized Blockchain on behalf of the wearable devices. While the adoption of a Patient Centric Agent offers solutions for addressing continuous monitoring of patients’ health, dealing with storage, data privacy and network security issues, the architecture is vulnerable to Denial of Services(DoS) and single point of failure attacks. To address this issue, we advance a second contribution; a decentralised eHealth system in which the Patient Centric Agent is replicated at three levels: Sensing Layer, NEAR Processing Layer and FAR Processing Layer. The functionalities of the Patient Centric Agent are customized to manage the tasks of the three levels. Simulations confirm protection of the architecture against DoS attacks. Few patients require all their health data to be stored in Blockchain repositories but instead need to select an appropriate storage medium for each chunk of data by matching their personal needs and preferences with features of candidate storage mediums. Motivated by this context, we advance third contribution; a recommendation model for health data storage that can accommodate patient preferences and make storage decisions rapidly, in real-time, even with streamed data. The mapping between health data features and characteristics of each repository is learned using machine learning. The Blockchain’s capacity to make transactions and store records without central oversight enables its application for IoT networks outside health such as underwater IoT networks where the unattended nature of the nodes threatens their security and privacy. However, underwater IoT differs from ground IoT as acoustics signals are the communication media leading to high propagation delays, high error rates exacerbated by turbulent water currents. Our fourth contribution is a customized Blockchain leveraged framework with the model of Patient-Centric Agent renamed as Smart Agent for securely monitoring underwater IoT. Finally, the smart Agent has been investigated in developing an IoT smart home or cities monitoring framework. The key algorithms underpinning to each contribution have been implemented and analysed using simulators.Doctor of Philosoph

Trustworthy Knowledge Planes For Federated Distributed Systems

In federated distributed systems, such as the Internet and the public cloud, the constituent systems can differ in their configuration and provisioning, resulting in significant impacts on the performance, robustness, and security of applications. Yet these systems lack support for distinguishing such characteristics, resulting in uninformed service selection and poor inter-operator coordination. This thesis presents the design and implementation of a trustworthy knowledge plane that can determine such characteristics about autonomous networks on the Internet. A knowledge plane collects the state of network devices and participants. Using this state, applications infer whether a network possesses some characteristic of interest. The knowledge plane uses attestation to attribute state descriptions to the principals that generated them, thereby making the results of inference more trustworthy. Trustworthy knowledge planes enable applications to establish stronger assumptions about their network operating environment, resulting in improved robustness and reduced deployment barriers. We have prototyped the knowledge plane and associated devices. Experience with deploying analyses over production networks demonstrate that knowledge planes impose low cost and can scale to support Internet-scale networks

The Severity and Effects of Cyber-breaches in SMEs: a Machine Learning Approach

In this paper, we investigate cyber breaches and their effects on small and medium entreprises (SMEs). This is an important gap that exists in the literature, considering the controversial role that SMEs play with cybersecurity and the importance that SMEs have in the economy. For the empirical study, we make use of the Cyber Security Breaches Survey data, which collects information on the management of cybersecurity in UK companies (Cyber Security Breaches Survey, 2016, 2017). The final sample consists of 1,348 UK SMEs in the period 2016–2017. From a cybersecurity point of view, our first group of contributions extends the literature on SMEs’ security. We extend previous works confirming that SMEs receive a wide variety of breaches, through malware in automated and non-automated attacks, followed by attacks of social enginering, exploiting staff vulnerabilities, even those derived from the misuse of the information systems (IS) in SMEs. Secondly, unlike previous works, we have characterized the degree of severity of breaches in SMEs, based on disruption time and their cost. Our last contribution consists of determining the effect and severity of breaches in SMEs in terms of economic, financial and management impacts, highlighting the differential aspects with large companies