A Multi Agent System for Flow-Based Intrusion Detection

The detection and elimination of threats to cyber security is essential for system functionality, protection of valuable information, and preventing costly destruction of assets. This thesis presents a Mobile Multi-Agent Flow-Based IDS called MFIREv3 that provides network anomaly detection of intrusions and automated defense. This version of the MFIRE system includes the development and testing of a Multi-Objective Evolutionary Algorithm (MOEA) for feature selection that provides agents with the optimal set of features for classifying the state of the network. Feature selection provides separable data points for the selected attacks: Worm, Distributed Denial of Service, Man-in-the-Middle, Scan, and Trojan. This investigation develops three techniques of self-organization for multiple distributed agents in an intrusion detection system: Reputation, Stochastic, and Maximum Cover. These three movement models are tested for effectiveness in locating good agent vantage points within the network to classify the state of the network. MFIREv3 also introduces the design of defensive measures to limit the effects of network attacks. Defensive measures included in this research are rate-limiting and elimination of infected nodes. The results of this research provide an optimistic outlook for flow-based multi-agent systems for cyber security. The impact of this research illustrates how feature selection in cooperation with movement models for multi agent systems provides excellent attack detection and classification

Impact of Distributed Denial-of-Service Attack on Advanced Metering Infrastructure

The age of Internet of Things has brought in new challenges specifically in areas such as security. The evolution of classic power grids to smart grids is a prime example of how everything is now being connected to the Internet. With the power grid becoming smart, the information and communication systems supporting it is subject to both classical and emerging cyber-attacks. The article investigates the vulnerabilities caused by a distributed denial-of-service (DDoS) attack on the smart grid advanced metering infrastructure. Attack simulations have been conducted on a realistic electrical grid topology. The simulated network consisted of smart meters, power plant and utility server. Finally, the impact of large scale DDoS attacks on the distribution system’s reliability is discussed

Simulation for Cybersecurity: State of the Art and Future Directions

In this article, we provide an introduction to simulation for cybersecurity and focus on three themes: (1) an overview of the cybersecurity domain; (2) a summary of notable simulation research efforts for cybersecurity; and (3) a proposed way forward on how simulations could broaden cybersecurity efforts. The overview of cybersecurity provides readers with a foundational perspective of cybersecurity in the light of targets, threats, and preventive measures. The simulation research section details the current role that simulation plays in cybersecurity, which mainly falls on representative environment building; test, evaluate, and explore; training and exercises; risk analysis and assessment; and humans in cybersecurity research. The proposed way forward section posits that the advancement of collecting and accessing sociotechnological data to inform models, the creation of new theoretical constructs, and the integration and improvement of behavioral models are needed to advance cybersecurity efforts

ABS-DDoS: An Agent-Based Simulator about Strategies of Both DDoS Attacks and Their Defenses, to Achieve Efficient Data Forwarding in Sensor Networks and IoT Devices

[EN] Sensor networks and Internet of Things (IoT) are useful for many purposes such as military defense, sensing in smart homes, precision agriculture, underwater monitoring in aquaculture, and ambient-assisted living for healthcare. Efficient and secure data forwarding is essential to maintain seamless communications and to provide fast services. However, IoT devices and sensors usually have low processing capabilities and vulnerabilities. For example, attacks such as the Distributed Denial of Service (DDoS) can easily hinder sensor networks and IoT devices. In this context, the current approach presents an agent-based simulation solution for exploring strategies for defending from different DDoS attacks. The current work focuses on obtaining low-consuming defense strategies in terms of processing capabilities, so that these can be applied in sensor networks and IoT devices. The experimental results show that the simulator was useful for (a) defining defense and attack strategies, (b) assessing the effectiveness of defense strategies against attack ones, and (c) defining efficient defense strategies with low response times.The authors acknowledge the research project "Construccion de un Framework para Agilizar el Desarrollo de Aplicaciones Moviles en el Ambito de la Salud" funded by University of Zaragoza and Foundation Ibercaja with Grant Reference JIUZ-2017-TEC-03. This work has been supported by the program "Estancias de Movilidad en el Extranjero Jose Castillejo para Jovenes Doctores" funded by the Spanish Ministry of Education, Culture and Sport with Reference CAS17/00005. The authors also acknowledge support from "Universidad de Zaragoza", "Fundacion Bancaria Ibercaja", and "Fundacion CAI" in the "Programa Ibercaja-CAI de Estancias de Investigacion" with Reference IT1/18. This work acknowledges the research project "Desarrollo Colaborativo de Soluciones AAL" with reference TIN2014-57028-R funded by the Spanish Ministry of Economy and Competitiveness. It has also been supported by "Organismo Autonomo Programas Educativos Europeos" with Reference 2013-1-CZ1-GRU06-14277. Furthermore, they acknowledge the "Fondo Social Europeo" and the "Departamento de Tecnologia y Universidad del Gobierno de Aragon" for their joint support with Grant no. Ref-T81.González-Landero, F.; García-Magariño, I.; Lacuesta Gilabert, R.; Lloret, J. (2018). ABS-DDoS: An Agent-Based Simulator about Strategies of Both DDoS Attacks and Their Defenses, to Achieve Efficient Data Forwarding in Sensor Networks and IoT Devices. Wireless Communications and Mobile Computing. 2018:1-11. https://doi.org/10.1155/2018/7264269S1112018García-Magariño, I., Lacuesta, R., & Lloret, J. (2017). ABS-FishCount: An Agent-Based Simulator of Underwater Sensors for Measuring the Amount of Fish. Sensors, 17(11), 2606. doi:10.3390/s17112606Garcia-Magarino, I., Lacuesta, R., & Lloret, J. (2018). Agent-Based Simulation of Smart Beds With Internet-of-Things for Exploring Big Data Analytics. IEEE Access, 6, 366-379. doi:10.1109/access.2017.2764467Anagnostopoulos, T., Kolomvatsos, K., Anagnostopoulos, C., Zaslavsky, A., & Hadjiefthymiades, S. (2015). Assessing dynamic models for high priority waste collection in smart cities. Journal of Systems and Software, 110, 178-192. doi:10.1016/j.jss.2015.08.049Alomari, E., Manickam, S., B. Gupta, B., Karuppayah, S., & Alfaris, R. (2012). Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art. International Journal of Computer Applications, 49(7), 24-32. doi:10.5120/7640-0724Anwar, Z., & Malik, A. W. (2014). Can a DDoS Attack Meltdown My Data Center? A Simulation Study and Defense Strategies. IEEE Communications Letters, 18(7), 1175-1178. doi:10.1109/lcomm.2014.2328587Huda, S., Islam, R., Abawajy, J., Yearwood, J., Hassan, M. M., & Fortino, G. (2018). A hybrid-multi filter-wrapper framework to identify run-time behaviour for fast malware detection. Future Generation Computer Systems, 83, 193-207. doi:10.1016/j.future.2017.12.037García-Magariño, I., Palacios-Navarro, G., & Lacuesta, R. (2017). TABSAOND: A technique for developing agent-based simulation apps and online tools with nondeterministic decisions. Simulation Modelling Practice and Theory, 77, 84-107. doi:10.1016/j.simpat.2017.05.006García-Magariño, I., Gómez-Rodríguez, A., González-Moreno, J. C., & Palacios-Navarro, G. (2015). PEABS: A Process for developing Efficient Agent-Based Simulators. Engineering Applications of Artificial Intelligence, 46, 104-112. doi:10.1016/j.engappai.2015.09.003Akhunzada, A., Sookhak, M., Anuar, N. B., Gani, A., Ahmed, E., Shiraz, M., … Khurram Khan, M. (2015). Man-At-The-End attacks: Analysis, taxonomy, human aspects, motivation and future directions. Journal of Network and Computer Applications, 48, 44-57. doi:10.1016/j.jnca.2014.10.009Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges. IEEE Communications Surveys & Tutorials, 18(1), 602-622. doi:10.1109/comst.2015.248736

MFIRE-2: A Multi Agent System for Flow-based Intrusion Detection Using Stochastic Search

Detecting attacks targeted against military and commercial computer networks is a crucial element in the domain of cyberwarfare. The traditional method of signature-based intrusion detection is a primary mechanism to alert administrators to malicious activity. However, signature-based methods are not capable of detecting new or novel attacks. This research continues the development of a novel simulated, multiagent, flow-based intrusion detection system called MFIRE. Agents in the network are trained to recognize common attacks, and they share data with other agents to improve the overall effectiveness of the system. A Support Vector Machine (SVM) is the primary classifier with which agents determine an attack is occurring. Agents are prompted to move to different locations within the network to find better vantage points, and two methods for achieving this are developed. One uses a centralized reputation-based model, and the other uses a decentralized model optimized with stochastic search. The latter is tested for basic functionality. The reputation model is extensively tested in two configurations and results show that it is significantly superior to a system with non-moving agents. The resulting system, MFIRE-2, demonstrates exciting new network defense capabilities, and should be considered for implementation in future cyberwarfare applications

A critical review of cyber-physical security for building automation systems

Modern Building Automation Systems (BASs), as the brain that enables the smartness of a smart building, often require increased connectivity both among system components as well as with outside entities, such as optimized automation via outsourced cloud analytics and increased building-grid integrations. However, increased connectivity and accessibility come with increased cyber security threats. BASs were historically developed as closed environments with limited cyber-security considerations. As a result, BASs in many buildings are vulnerable to cyber-attacks that may cause adverse consequences, such as occupant discomfort, excessive energy usage, and unexpected equipment downtime. Therefore, there is a strong need to advance the state-of-the-art in cyber-physical security for BASs and provide practical solutions for attack mitigation in buildings. However, an inclusive and systematic review of BAS vulnerabilities, potential cyber-attacks with impact assessment, detection & defense approaches, and cyber-secure resilient control strategies is currently lacking in the literature. This review paper fills the gap by providing a comprehensive up-to-date review of cyber-physical security for BASs at three levels in commercial buildings: management level, automation level, and field level. The general BASs vulnerabilities and protocol-specific vulnerabilities for the four dominant BAS protocols are reviewed, followed by a discussion on four attack targets and seven potential attack scenarios. The impact of cyber-attacks on BASs is summarized as signal corruption, signal delaying, and signal blocking. The typical cyber-attack detection and defense approaches are identified at the three levels. Cyber-secure resilient control strategies for BASs under attack are categorized into passive and active resilient control schemes. Open challenges and future opportunities are finally discussed.Comment: 38 pages, 7 figures, 6 tables, submitted to Annual Reviews in Contro