Using wavelets for compression and detecting events in anomalous network traffic

Monitoring and measuring various metrics of highdata rate networks produces a vast amount of information over a long period of time making the storage of the monitored data a serious issue. Furthermore, for the collected monitoring data to be useful to network analysts, these measurements need to be processed in order to detect interesting characteristics. In this paper wavelet analysis is used as a multi-resolution analysis tool for compression of data rate measurements. Two known thresholds are suggested for lossy compression and event detection purposes. Results show high compression ratios while preserving the quality (quantitative and visual aspects) and the energy of the signal and detection of sudden changes are achievable

Designing a DoS Attack for Wireless Networks

Kablosuz ağların gelişimi ve kullanımlarının artışı ile bu ağların güvenliğinin sağlanması hususu ön plana çıkmıştır. Kablolu ağlarda bu güne dek kullanılagelmiş olan çeşitli saldırı tipleri, aynı şekilde kablosuz ağlarda da kullanılır olmuştur. En sık görülen saldırı tiplerinden biri, DoS (Denial of Service - Hizmet Reddi) şeklinde sınıflandırılmış olan saldırı çeşididir. Kablosuz Ağ donanımı imal eden belli başlı şirketler, bu DoS saldırılarına karşı güvenlik politikaları geliştirmiş ve bunları önlemeye çabalamıştır. Ancak, bu kablosuz cihazların kullanıldığı kimi sahalarda birtakım güvenlik zafiyetleri gözlemlenmiştir. Bu çalışmada ilk olarak DoS saldırı teknikleri sınıflandırılmıştır. Ardından, kamuya açık alanlardaki kablosuz ağların DoS saldırılarına karşı zafiyetlerini test etmek için Vbasic programlama dili kullanılarak bir program yazılmıştır. Gerçekleştirilen saldırı tipleri, TCP (Transmission Control Protocol) Taşma Saldırısı, UDP (User Datagram Protocol) Taşma Saldırısı ve Ping Taşma Saldırısı olmuştur. Neticede, gerçekleştirilen saldırılar başarılı olmuşturWith the development of wireless networks and the increase in their usage, the security of wireless networks has taken the centre stage. Various attack techniques that were previously used in wired networks have started to be used also in wireless networks. One of the major attacks is the one that is generalized as DoS (Denial of Service). Several wireless device producing companies have developed security policies against DoS attacks and tried to prevent them. However, in some of the fields that these devices are used, some security vulnerabilities have been observed. DoS attack techniques have been classified initially in this study. Afterwards, a program has been developed in Vbasic programming language in order to test the vulnerabilities of wireless networks in public places against DoS attacks. The attack types that were realized are TCP (Transmission Control Protocol) Flood, UDP (User Datagram Protocol) Flood and Ping Flood. Consequently, the attacks have been successfu

Cyber Physical System Security — DoS Attacks on Synchrophasor Networks in the Smart Grid

With the rapid increase of network-enabled sensors, switches, and relays, cyber-physical system security in the smart grid has become important. The smart grid operation demands reliable communication. Existing encryption technologies ensures the authenticity of delivered messages. However, commonly applied technologies are not able to prevent the delay or drop of smart grid communication messages. In this dissertation, the author focuses on the network security vulnerabilities in synchrophasor network and their mitigation methods. Side-channel vulnerabilities of the synchrophasor network are identified. Synchrophasor network is one of the most important technologies in the smart grid transmission system. Experiments presented in this dissertation shows that a DoS attack that exploits the side-channel vulnerability against the synchrophasor network can lead to the power system in stability. Side-channel analysis extracts information by observing implementation artifacts without knowing the actual meaning of the information. Synchrophasor network consist of Phasor Measurement Units (PMUs) use synchrophasor protocol to transmit measurement data. Two side-channels are discovered in the synchrophasor protocol. Side-channel analysis based Denial of Service (DoS) attacks differentiate the source of multiple PMU data streams within an encrypted tunnel and only drop selected PMU data streams. Simulations on a power system shows that, without any countermeasure, a power system can be subverted after an attack. Then, mitigation methods from both the network and power grid perspectives are carried out. From the perspective of network security study, side-channel analysis, and protocol transformation has the potential to assist the PMU communication to evade attacks lead with protocol identifications. From the perspective of power grid control study, to mitigate PMU DoS attacks, Cellular Computational Network (CCN) prediction of PMU data is studied and used to implement a Virtual Synchrophasor Network (VSN), which learns and mimics the behaviors of an objective power grid. The data from VSN is used by the Automatic Generation Controllers (AGCs) when the PMU packets are disrupted by DoS attacks. Real-time experimental results show the CCN based VSN effectively inferred the missing data and mitigated the negative impacts of DoS attacks. In this study, industry-standard hardware PMUs and Real-Time Digital Power System Simulator (RTDS) are used to build experimental environments that are as close to actual production as possible for this research. The above-mentioned attack and mitigation methods are also tested on the Internet. Man-In-The-Middle (MITM) attack of PMU traffic is performed with Border Gateway Protocol (BGP) hijacking. A side-channel analysis based MITM attack detection method is also investigated. A game theory analysis is performed to give a broade

PREDICTING INTERNET TRAFFIC BURSTS USING EXTREME VALUE THEORY

Computer networks play an important role in today’s organization and people life. These interconnected devices share a common medium and they tend to compete for it. Quality of Service (QoS) comes into play as to define what level of services users get. Accurately defining the QoS metrics is thus important. Bursts and serious deteriorations are omnipresent in Internet and considered as an important aspects of it. This thesis examines bursts and serious deteriorations in Internet traffic and applies Extreme Value Theory (EVT) to their prediction and modelling. EVT itself is a field of statistics that has been in application in fields like hydrology and finance, with only a recent introduction to the field of telecommunications. Model fitting is based on real traces from Belcore laboratory along with some simulated traces based on fractional Gaussian noise and linear fractional alpha stable motion. QoS traces from University of Napoli are also used in the prediction stage. Three methods from EVT are successfully used for the bursts prediction problem. They are Block Maxima (BM) method, Peaks Over Threshold (POT) method, and RLargest Order Statistics (RLOS) method. Bursts in internet traffic are predicted using the above three methods. A clear methodology was developed for the bursts prediction problem. New metrics for QoS are suggested based on Return Level and Return Period. Thus, robust QoS metrics can be defined. In turn, a superior QoS will be obtained that would support mission critical applications

IoT-MQTT based denial of service attack modelling and detection

Internet of Things (IoT) is poised to transform the quality of life and provide new business opportunities with its wide range of applications. However, the bene_ts of this emerging paradigm are coupled with serious cyber security issues. The lack of strong cyber security measures in protecting IoT systems can result in cyber attacks targeting all the layers of IoT architecture which includes the IoT devices, the IoT communication protocols and the services accessing the IoT data. Various IoT malware such as Mirai, BASHLITE and BrickBot show an already rising IoT device based attacks as well as the usage of infected IoT devices to launch other cyber attacks. However, as sustained IoT deployment and functionality are heavily reliant on the use of e_ective data communication protocols, the attacks on other layers of IoT architecture are anticipated to increase. In the IoT landscape, the publish/- subscribe based Message Queuing Telemetry Transport (MQTT) protocol is widely popular. Hence, cyber security threats against the MQTT protocol are projected to rise at par with its increasing use by IoT manufacturers. In particular, the Internet exposed MQTT brokers are vulnerable to protocolbased Application Layer Denial of Service (DoS) attacks, which have been known to cause wide spread service disruptions in legacy systems. In this thesis, we propose Application Layer based DoS attacks that target the authentication and authorisation mechanism of the the MQTT protocol. In addition, we also propose an MQTT protocol attack detection framework based on machine learning. Through extensive experiments, we demonstrate the impact of authentication and authorisation DoS attacks on three opensource MQTT brokers. Based on the proposed DoS attack scenarios, an IoT-MQTT attack dataset was generated to evaluate the e_ectiveness of the proposed framework to detect these malicious attacks. The DoS attack evaluation results obtained indicate that such attacks can overwhelm the MQTT brokers resources even when legitimate access to it was denied and resources were restricted. The evaluations also indicate that the proposed DoS attack scenarios can signi_cantly increase the MQTT message delay, especially in QoS2 messages causing heavy tail latencies. In addition, the proposed MQTT features showed high attack detection accuracy compared to simply using TCP based features to detect MQTT based attacks. It was also observed that the protocol _eld size and length based features drastically reduced the false positive rates and hence, are suitable for detecting IoT based attacks