Locally Weighted Classifiers for Detection of Neighbour Discovery Protocol DDoS and Replayed Attacks

The Internet of Thing (IoT) requires more IP addresses than Internet Protocol version 4 can offer. To solve this problem, Internet Protocol version 6 was developed to expand the availability of address spaces. Moreover, it supports hierarchical address allocation methods, which can facilitate route aggregation, thus limiting expansion of routing tables. An important feature of the Internet Protocol version 6 (IPv6) suites is the Neighbour Discovery Protocol (NDP), which is geared towards substitution of the Address Resolution Protocol in router discovery, and function redirection in Internet Protocol version 4. However, NDP is vulnerable to Denial of Service (DoS) attacks. In this contribution, we present a novel detection method for Distributed Denial of Service (DDoS) attacks, launched using NDP in IPv6. The proposed system uses flow-based network representation, instead of packet-based. It exploits the advantages of Locally Weighted Learning techniques, with three different machine learning models as its base learners. Simulation studies demonstrate that the intrusion detection method does not suffer from overfitting issues, offers lower computation costs and complexity, while exhibiting high accuracy rates. In summary, the proposed system uses 6 features, extracted from our bespoke dataset and is capable of detecting DDoS attacks with 99% accuracy and replayed attacks with an accuracy of 91.17%, offering a marked improvement in detection performance over state-of-the-art approaches

Security Policy Monitoring of BPMN-based Service Compositions

Service composition is a key concept of Service-Oriented Architecture that allows for combining loosely coupled services that are offered and operated by different service providers. Such environments are expected to dynamically respond to changes that may occur at runtime, including changes in the environment and individual services themselves. Therefore, it is crucial to monitor these loosely-coupled services throughout their lifetime. In this paper, we present a novel framework for monitoring services at runtime and ensuring that services behave as they have promised. In particular, we focus on monitoring non-functional properties that are specified within an agreed security contract. The novelty of our work is based on the way in which monitoring information can be combined from multiple dynamic services to automate the monitoring of business processes and proactively report compliance violations. The framework enables monitoring of both atomic and composite services and provides a user friendly interface for specifying the monitoring policy. We provide an information service case study using a real composite service to demonstrate how we achieve compliance monitoring. The transformation of security policy into monitoring rules, which is done automatically, makes our framework more flexible and accurate than existing techniques