LAMP: Prompt Layer 7 Attack Mitigation with Programmable Data Planes

While there are various methods to detect application layer attacks or intrusion attempts on an individual end host, it is not efficient to provide all end hosts in the network with heavy-duty defense systems or software firewalls. In this work, we leverage a new concept of programmable data planes, to directly react on alerts raised by a victim and prevent further attacks on the whole network by blocking the attack at the network edge. We call our design LAMP, Layer 7 Attack Mitigation with Programmable data planes. We implemented LAMP using the P4 data plane programming language and evaluated its effectiveness and efficiency in the Behavioral Model (bmv2) environment

Telephony Denial of Service Defense at Data Plane (TDoSD@DP)

The Session Initiation Protocol (SIP) is an application-layer control protocol used to establish and terminate calls that are deployed globally. A flood of SIP INVITE packets sent by an attacker causes a Telephony Denial of Service (TDoS) incident, during which legitimate users are unable to use telephony services. Legacy TDoS defense is typically implemented as network appliances and not sufficiently deployed to enable early detection. To make TDoS defense more widely deployed and yet affordable, this paper presents TDoSD@DP where TDoS detection and mitigation is programmed at the data plane so that it can be enabled on every switch port and therefore serves as distributed SIP sensors. With this approach, the damage is isolated at a particular switch and bandwidth saved by not sending attack packets further upstream. Experiments have been performed to track the SIP state machine and to limit the number of active SIP session per port. The results show that TDoSD@DP was able to detect and mitigate ongoing INVITE flood attack, protecting the SIP server, and limiting the damage to a local switch. Bringing the TDoS defense function to the data plane provides a novel data plane application that operates at the SIP protocol and a novel approach for TDoS defense implementation.Final Accepted Versio

Mobile Firewall System For Distributed Denial Of Service Defense In Internet Of Things Networks

Internet of Things (IoT) has seen unprecedented growth in the consumer space over the past ten years. The majority of IoT device manufacturers do not, however, build their products with cybersecurity in mind. The goal of the mobile firewall system is to move mitigation of network-diffused attacks closer to their source. Attack detection and mitigation is enforced using a machine that physically traverses the area. This machine uses a suite of security tools to protect the network. Our system provides advantages over current network attack mitigation techniques. Mobile firewalls can be deployed when there is no access to the network gateway or when no gateway exists, such as in IoT mesh networks. The focus of this thesis is to refine an explicit implementation for the mobile firewall system and evaluate its effectiveness. Evaluation of the mobile firewall system is analyzed using three simulated distributed denial of service case studies. Mobility is shown to be a great benefit when defending against physically distant attackers – the system takes no more than 131 seconds to fully nullify a worst-case attack

Near real-time security system applied to SDN environments in IoT networks using convolutional neural network

[EN] The Internet of Things (IoT) paradigm brings new and promising possibilities for services and products. The heterogeneity of IoT devices highlights the inefficiency of traditional networks' structures to support their specific requirements due to their lack of flexibility. Thus, Software-defined Networking (SDN) is commonly associated with IoT since this architecture provides a more flexible and manageable network environment. As shown by recent events, IoT devices may be used for large scale Distributed Denial of Service (DDoS) attacks due to their lack of security. This kind of attack is commonly detected and mitigated at the destination-end network but, due to the massive volume of information that IoT botnets generate, this approach is becoming impracticable. We propose in this paper a near real-time SDN security system that both prevents DDoS attacks on the source-end network and protects the sources SDN controller against traffic impairment. For this, we apply and test a Convolutional Neural Network (CNN) for DDoS detection, and describe how the system could mitigate the detected attacks. The performance outcomes were performed in two test scenarios, and the results pointed out that the proposed SDN security system is promising against next-generation DDoS attacks. (C) 2020 Published by Elsevier Ltd.This study was financed in part by the National Council for Scientific and Technological Development (CNPq) of Brazil under Grants 310668/2019-0 and 309335/2017-5; by the Ministerio de Economia y Competitividad in the "Programa Estatal de Fomento de la Investigacion Cientifica y Tecnica de Excelencia, Subprograma Estatal de Generacion de Conocimiento" within the project under Grant TIN2017-84802-C2-1-P; by FCT/MCTES through national funds and when applicable co-funded EU funds under the Project UIDB/EEA/50008/2020; and by the Coordenacao de Aperfeicoamento de Pessoal de Nivel Superior (CAPES) by the granting of a scholarship through the "Programa de Doutorado Sanduche no Exterior (PDSE) 2019". Finally, this work was supported by Federal University of Parana(UFPR) under Project Banpesq/2014016797.De Assis, MVO.; Carvalho, LF.; Rodrigues, JJPC.; Lloret, J.; Proenca Jr, ML. (2020). Near real-time security system applied to SDN environments in IoT networks using convolutional neural network. Computers & Electrical Engineering. 86:1-16. https://doi.org/10.1016/j.compeleceng.2020.1067381168

Cyber deception against DDoS attack using moving target defence framework in SDN IOT-EDGE networks

Software Defined Networking (SDN) networking paradigm advancements are advantageous, but they have also brought new security concerns. The Internet of Things (IoT) Edge Computing servers provide closer access to cloud services and is also a point of target for availability attacks. The Distributed Denial of Service (DDoS) attacks on SDN IoT-Edge Computing caused by botnet of IoT hosts has compromised major services and is still an impending concern due to the Work From Home virtual office shift attributed by Covid19 pandemic. The effectiveness of a Moving Target Defense (MTD) technique based on SDN for combating DDoS attacks in IoT-Edge networks was investigated in this study with a test scenario based on a smart building. An MTD Reactive and Proactive Network Address Shuffling Mechanism was developed, tested, and evaluated with results showing successful defence against UDP, TCP SYN, and LAND DDoS attacks; preventing IoT devices from being botnet compromised due to the short-lived network address; and ensuring reliable system performance