Packet-Marking Scheme for DDoS Attack Prevention

Abstract One of the main difficulties in the detection and prevention of Distributed Denial of Service (DDoS) attacks is that the incoming packets cannot be traced back to the source of the attack, because (typically) they contain invalid or spoofed source IP address. For that reason, a victim system cannot determine whether an incoming packet is part of a DDoS attack or belongs to a legitimate user. Various methods have been proposed to solve the problem of IP traceback for large packet flows. These methods rely on the assumption that they can gather a sufficient number of packets from the same source, in order to reconstruct the traversed path or to determine the source address. In this paper we introduce a packet marking scheme which enables the unique identification of the path that each incoming packet has traversed, relying only on the information inside that packet. We show how the proposed scheme enables real time identification and filtering of the DDoS attack traffic. The proposed scheme is simple to implement, introduces no bandwidth overhead, low computational overhead and has low fault probability. Using the above metrics, we compare our proposed scheme with existing marking schemes and demonstrate its advantages over them. Finally, we introduce a method that can be used post mortem, in order to determine the source IP address of the attacking systems (up to the nearest router to the source)

An Open Source, Extensible Malware Analysis Platform

A malware (such as viruses, ransomware) is the main source of bringing serious security threats to the IT systems and their users now-adays. In order to protect the systems and their legitimate users from these threats, anti-malware applications are developed as a defense against malware. However, most of these applications detect malware based on signatures or heuristics that are still created manually and are error prune. Some recent applications employ data mining and machine learning techniques to detect malware automatically. However, such applications fail to classify them appropriately mainly because they suffer from high rate of false alarms on the one hand and being retrospective, fail to detect new unknown threats and variants of known malware on the other hand. Since anti-malware vendors receive a huge number of malware samples every day, there is an urgent need for malware analysis tools that can automatically detect malware rigorously, i.e. eliminating false alarms. To address these issues and challenges of current malware detection and analysis approaches, we propose a novel, open source and extensible platform (based on set of tools) that allows to combine various malware detection techniques to automatically detect/classify a malware more rigorously. The developed platform can be fed with malware samples from different providers and will enable the development of effective classification schemes and methods, which are not sufficiently effective without collaboration and the related sample aggregation. Furthermore, such collaborative platforms in cybersecurity enable efficient sharing of information (e.g., about new identified threats) to all collaborators and sharing of appropriate defences against them, if such defences exist

Credit-Flow-Controlled ATM versus Wormhole Routing

: ATMhas been adopted as the main high speed technology in both wide and local area networks. When ATM is combined with credits-the flow control mechanism that is particularly suitable for local data communication- it becomes appropriate for multiprocessor interconnection networks as well. Actually,credit-flowcontrolled ATM has similarities with wormhole routing, one of the most popular architectures for MP networks: they both use credits and fixed size cells/flits, and their hardwarecomplexity is comparable. In this paper,weshow that ATM with credits performs better than wormhole routing, because ATM uses lanes moreefficiently: ATMprovides high throughput and low latency with much less buffer space than that required by wormhole routing; also, ATM demonstrates little sensitivity to bursty traffic, and, unlike wormhole, it is fair in terms of latency in hot-spot configurations. Our simulation uses detailed and realistic switch models, which operate at clock-cycle granularity and track ..

An Open Source, Extensible Malware Analysis Platform

A malware (such as viruses, ransomware) is the main source of bringing serious security threats to the IT systems and their users now-adays. In order to protect the systems and their legitimate users from these threats, anti-malware applications are developed as a defense against malware. However, most of these applications detect malware based on signatures or heuristics that are still created manually and are error prune. Some recent applications employ data mining and machine learning techniques to detect malware automatically. However, such applications fail to classify them appropriately mainly because they suffer from high rate of false alarms on the one hand and being retrospective, fail to detect new unknown threats and variants of known malware on the other hand. Since anti-malware vendors receive a huge number of malware samples every day, there is an urgent need for malware analysis tools that can automatically detect malware rigorously, i.e. eliminating false alarms. To address these issues and challenges of current malware detection and analysis approaches, we propose a novel, open source and extensible platform (based on set of tools) that allows to combine various malware detection techniques to automatically detect/classify a malware more rigorously. The developed platform can be fed with malware samples from different providers and will enable the development of effective classification schemes and methods, which are not sufficiently effective without collaboration and the related sample aggregation. Furthermore, such collaborative platforms in cybersecurity enable efficient sharing of information (e.g., about new identified threats) to all collaborators and sharing of appropriate defences against them, if such defences exist

Neural networks and statistical decision making for fault diagnosis in energy conversion systems

The chapter proposes neural networks and statistical decision making for fault diagnosis in energy conversion systems. It considers the condition monitoring problem for an energy conversion system comprising a solar power unit, a DC-DC converter, and a DC motor. The dynamic model of this energy conversion system is taken to be unknown and is reconstructed from its input and output measurements, being accumulated at different operating conditions, and taking finally the form of a neural network. Actually, the neural model consists of a hidden layer of Gauss-Hermite polynomial activation functions and an output layer of linear weights. The neural network is trained with the use of first-order gradient algorithms and the resulting model is taken to represent the fault-free functioning of the energy conversion system. To conclude about the existence of a fault, the measurements of the real output of the energy conversion system are compared against the estimated outputs which are provided by the neural model. Thus, the residuals’ sequence is generated. It is shown that the sum of the squares of the residuals’ vectors, multiplied with the inverse of the associated covariance matrix, stands for a stochastic variable (statistical test) which follows the χ2 distribution. By selecting the 96% or the 98% confidence intervals of this distribution one can have a precise and almost infallible decision making tool about the appearance of faults in the energy conversion system

Condition monitoring for three-phase inverters with the Derivative-free nonlinear Kalman Filter

A novel method for early fault detection and incipient fault diagnosis is developed, using as application example the model of a three-phase voltage inverter. To accomplish solution of the inverters' condition monitoring problem, a differential flatness theory-based filtering method under the name of Derivative-free nonlinear Kalman Filter is employed. The filter emulates the functioning of the inverter in the fault-free case. It makes use of state-variable transformations (diffeomorphisms) which depend on differential flatness theory. These transformations allow to express the dynamics of the system into the canonical (Bruunovsky) form. For the latter description, the associated filtering problem is solved after using the typical Kalman Filter's recursion. Next, a residuals' sequence is generated by comparing the output of the filter to the output of the voltage inverter. It is proven that the sum of the square of the residuals when multiplied by a weight matrix, results into a stochastic variable (statistical test) that follows the χ2 distribution. Moreover, by using the confidence intervals of the χ2 distribution one can define ranges about the normal functioning of the inverter

Condition monitoring of wind-power units using the Derivative-free nonlinear Kalman Filter

The article proposes a method for diagnosing faults and cyberattacks in electric power generation units that consist of a wind-turbine and of an asynchronous (DFIG) generator. The method relies on a differential flatness theory-based implementation of the nonlinear Kalman Filter, known as Derivative-free nonlinear Kalman Filter. The estimated outputs provided by the Kalman filter are subtracted from the real outputs measured from the power unit, thus generating the residuals sequence. It is proven that the sum of the squares of the residuals vectors, weighted by the inverse of the residuals covariance matrix, stands for a stochastic variable that follows the χ2 distribution. By exploiting the statistical properties of the χ2 distribution one can define confidence intervals which allow for deciding at a high certainty level about the appearance of a fault or cyberattack in the wind-power system