1,069 research outputs found
A Multi Agent System for Flow-Based Intrusion Detection
The detection and elimination of threats to cyber security is essential for system functionality, protection of valuable information, and preventing costly destruction of assets. This thesis presents a Mobile Multi-Agent Flow-Based IDS called MFIREv3 that provides network anomaly detection of intrusions and automated defense. This version of the MFIRE system includes the development and testing of a Multi-Objective Evolutionary Algorithm (MOEA) for feature selection that provides agents with the optimal set of features for classifying the state of the network. Feature selection provides separable data points for the selected attacks: Worm, Distributed Denial of Service, Man-in-the-Middle, Scan, and Trojan. This investigation develops three techniques of self-organization for multiple distributed agents in an intrusion detection system: Reputation, Stochastic, and Maximum Cover. These three movement models are tested for effectiveness in locating good agent vantage points within the network to classify the state of the network. MFIREv3 also introduces the design of defensive measures to limit the effects of network attacks. Defensive measures included in this research are rate-limiting and elimination of infected nodes. The results of this research provide an optimistic outlook for flow-based multi-agent systems for cyber security. The impact of this research illustrates how feature selection in cooperation with movement models for multi agent systems provides excellent attack detection and classification
Impact of Distributed Denial-of-Service Attack on Advanced Metering Infrastructure
The age of Internet of Things has brought in new challenges specifically in areas such as security. The evolution of classic power grids to smart grids is a prime example of how everything is now being connected to the Internet. With the power grid becoming smart, the information and communication systems supporting it is subject to both classical and emerging cyber-attacks. The article investigates the vulnerabilities caused by a distributed denial-of-service (DDoS) attack on the smart grid advanced metering infrastructure. Attack simulations have been conducted on a realistic electrical grid topology. The simulated network consisted of smart meters, power plant and utility server. Finally, the impact of large scale DDoS attacks on the distribution system’s reliability is discussed
Simulation for Cybersecurity: State of the Art and Future Directions
In this article, we provide an introduction to simulation for cybersecurity and focus on three themes: (1) an overview of the cybersecurity domain; (2) a summary of notable simulation research efforts for cybersecurity; and (3) a proposed way forward on how simulations could broaden cybersecurity efforts. The overview of cybersecurity provides readers with a foundational perspective of cybersecurity in the light of targets, threats, and preventive measures. The simulation research section details the current role that simulation plays in cybersecurity, which mainly falls on representative environment building; test, evaluate, and explore; training and exercises; risk analysis and assessment; and humans in cybersecurity research. The proposed way forward section posits that the advancement of collecting and accessing sociotechnological data to inform models, the creation of new theoretical constructs, and the integration and improvement of behavioral models are needed to advance cybersecurity efforts
ABS-DDoS: An Agent-Based Simulator about Strategies of Both DDoS Attacks and Their Defenses, to Achieve Efficient Data Forwarding in Sensor Networks and IoT Devices
[EN] Sensor networks and Internet of Things (IoT) are useful for many purposes such as military defense, sensing in smart homes, precision agriculture, underwater monitoring in aquaculture, and ambient-assisted living for healthcare. Efficient and secure data forwarding is essential to maintain seamless communications and to provide fast services. However, IoT devices and sensors usually have low processing capabilities and vulnerabilities. For example, attacks such as the Distributed Denial of Service (DDoS) can easily hinder sensor networks and IoT devices. In this context, the current approach presents an agent-based simulation solution for exploring strategies for defending from different DDoS attacks. The current work focuses on obtaining low-consuming defense strategies in terms of processing capabilities, so that these can be applied in sensor networks and IoT devices. The experimental results show that the simulator was useful for (a) defining defense and attack strategies, (b) assessing the effectiveness of defense strategies against attack ones, and (c) defining efficient defense strategies with low response times.The authors acknowledge the research project "Construccion de un Framework para Agilizar el Desarrollo de Aplicaciones Moviles en el Ambito de la Salud" funded by University of Zaragoza and Foundation Ibercaja with Grant Reference JIUZ-2017-TEC-03. This work has been supported by the program "Estancias de Movilidad en el Extranjero Jose Castillejo para Jovenes Doctores" funded by the Spanish Ministry of Education, Culture and Sport with Reference CAS17/00005. The authors also acknowledge support from "Universidad de Zaragoza", "Fundacion Bancaria Ibercaja", and "Fundacion CAI" in the "Programa Ibercaja-CAI de Estancias de Investigacion" with Reference IT1/18. This work acknowledges the research project "Desarrollo Colaborativo de Soluciones AAL" with reference TIN2014-57028-R funded by the Spanish Ministry of Economy and Competitiveness. It has also been supported by "Organismo Autonomo Programas Educativos Europeos" with Reference 2013-1-CZ1-GRU06-14277. Furthermore, they acknowledge the "Fondo Social Europeo" and the "Departamento de Tecnologia y Universidad del Gobierno de Aragon" for their joint support with Grant no. Ref-T81.González-Landero, F.; GarcĂa-Magariño, I.; Lacuesta Gilabert, R.; Lloret, J. (2018). ABS-DDoS: An Agent-Based Simulator about Strategies of Both DDoS Attacks and Their Defenses, to Achieve Efficient Data Forwarding in Sensor Networks and IoT Devices. Wireless Communications and Mobile Computing. 2018:1-11. https://doi.org/10.1155/2018/7264269S1112018GarcĂa-Magariño, I., Lacuesta, R., & Lloret, J. (2017). ABS-FishCount: An Agent-Based Simulator of Underwater Sensors for Measuring the Amount of Fish. Sensors, 17(11), 2606. doi:10.3390/s17112606Garcia-Magarino, I., Lacuesta, R., & Lloret, J. (2018). Agent-Based Simulation of Smart Beds With Internet-of-Things for Exploring Big Data Analytics. IEEE Access, 6, 366-379. doi:10.1109/access.2017.2764467Anagnostopoulos, T., Kolomvatsos, K., Anagnostopoulos, C., Zaslavsky, A., & Hadjiefthymiades, S. (2015). Assessing dynamic models for high priority waste collection in smart cities. Journal of Systems and Software, 110, 178-192. doi:10.1016/j.jss.2015.08.049Alomari, E., Manickam, S., B. Gupta, B., Karuppayah, S., & Alfaris, R. (2012). Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art. International Journal of Computer Applications, 49(7), 24-32. doi:10.5120/7640-0724Anwar, Z., & Malik, A. W. (2014). Can a DDoS Attack Meltdown My Data Center? A Simulation Study and Defense Strategies. IEEE Communications Letters, 18(7), 1175-1178. doi:10.1109/lcomm.2014.2328587Huda, S., Islam, R., Abawajy, J., Yearwood, J., Hassan, M. M., & Fortino, G. (2018). A hybrid-multi filter-wrapper framework to identify run-time behaviour for fast malware detection. Future Generation Computer Systems, 83, 193-207. doi:10.1016/j.future.2017.12.037GarcĂa-Magariño, I., Palacios-Navarro, G., & Lacuesta, R. (2017). TABSAOND: A technique for developing agent-based simulation apps and online tools with nondeterministic decisions. Simulation Modelling Practice and Theory, 77, 84-107. doi:10.1016/j.simpat.2017.05.006GarcĂa-Magariño, I., GĂłmez-RodrĂguez, A., González-Moreno, J. C., & Palacios-Navarro, G. (2015). PEABS: A Process for developing Efficient Agent-Based Simulators. Engineering Applications of Artificial Intelligence, 46, 104-112. doi:10.1016/j.engappai.2015.09.003Akhunzada, A., Sookhak, M., Anuar, N. B., Gani, A., Ahmed, E., Shiraz, M., … Khurram Khan, M. (2015). Man-At-The-End attacks: Analysis, taxonomy, human aspects, motivation and future directions. Journal of Network and Computer Applications, 48, 44-57. doi:10.1016/j.jnca.2014.10.009Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges. IEEE Communications Surveys & Tutorials, 18(1), 602-622. doi:10.1109/comst.2015.248736
MFIRE-2: A Multi Agent System for Flow-based Intrusion Detection Using Stochastic Search
Detecting attacks targeted against military and commercial computer networks is a crucial element in the domain of cyberwarfare. The traditional method of signature-based intrusion detection is a primary mechanism to alert administrators to malicious activity. However, signature-based methods are not capable of detecting new or novel attacks. This research continues the development of a novel simulated, multiagent, flow-based intrusion detection system called MFIRE. Agents in the network are trained to recognize common attacks, and they share data with other agents to improve the overall effectiveness of the system. A Support Vector Machine (SVM) is the primary classifier with which agents determine an attack is occurring. Agents are prompted to move to different locations within the network to find better vantage points, and two methods for achieving this are developed. One uses a centralized reputation-based model, and the other uses a decentralized model optimized with stochastic search. The latter is tested for basic functionality. The reputation model is extensively tested in two configurations and results show that it is significantly superior to a system with non-moving agents. The resulting system, MFIRE-2, demonstrates exciting new network defense capabilities, and should be considered for implementation in future cyberwarfare applications
A critical review of cyber-physical security for building automation systems
Modern Building Automation Systems (BASs), as the brain that enables the
smartness of a smart building, often require increased connectivity both among
system components as well as with outside entities, such as optimized
automation via outsourced cloud analytics and increased building-grid
integrations. However, increased connectivity and accessibility come with
increased cyber security threats. BASs were historically developed as closed
environments with limited cyber-security considerations. As a result, BASs in
many buildings are vulnerable to cyber-attacks that may cause adverse
consequences, such as occupant discomfort, excessive energy usage, and
unexpected equipment downtime. Therefore, there is a strong need to advance the
state-of-the-art in cyber-physical security for BASs and provide practical
solutions for attack mitigation in buildings. However, an inclusive and
systematic review of BAS vulnerabilities, potential cyber-attacks with impact
assessment, detection & defense approaches, and cyber-secure resilient control
strategies is currently lacking in the literature. This review paper fills the
gap by providing a comprehensive up-to-date review of cyber-physical security
for BASs at three levels in commercial buildings: management level, automation
level, and field level. The general BASs vulnerabilities and protocol-specific
vulnerabilities for the four dominant BAS protocols are reviewed, followed by a
discussion on four attack targets and seven potential attack scenarios. The
impact of cyber-attacks on BASs is summarized as signal corruption, signal
delaying, and signal blocking. The typical cyber-attack detection and defense
approaches are identified at the three levels. Cyber-secure resilient control
strategies for BASs under attack are categorized into passive and active
resilient control schemes. Open challenges and future opportunities are finally
discussed.Comment: 38 pages, 7 figures, 6 tables, submitted to Annual Reviews in Contro
- …