Securing the Internet of Things Infrastructure - Standards and Techniques

The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed

Securing the internet of things infrastructure – standards and techniques

The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed

Intelligent feature selection for detecting http/2 denial of service attacks

Intrusion-detection systems employ machine learning techniques to classify traffic into attack and legitimate. Network flooding attacks can leverage the new web communications protocol (HTTP/2) to bypass intrusion-detection systems. This creates an urgent demand to understand HTTP/2 characteristics and to devise customised cyber-attack detection schemes. This paper proposes Step Sister; a technique to generate an optimum network traffic feature set for network intrusion detection. The proposed technique demonstrates that a consistent set of features are selected for a given HTTP/2 dataset. This allows intrusion-detection systems to classify previously unseen network traffic samples with fewer false alarm than when techniques used in literature were employed. The results show that the proposed technique yields a set of features that, when used for network traffic classification, yields low numbers of false alarms

Ransomware: Emergence of the cyber-extortion menace

Ransomware is increasingly posing a threat to the security of information resources. Millions of dollars of monetary loss have been afflicted on end-users and corporations alike through unlawful deployment of ransomware. Through malware injection into end-user devices and subsequent extortion of their system or data, ransomware has emerged as a threat requiring immediate attention and containment by the cyber-security community. We conduct a detailed analysis of the steps of execution involved in ransomware deployment to facilitate readiness of the cyber-security community in containing the rapid proliferation of ransomware. This paper examines the evolution of malware over a period of 26 years and the emergence of ransomware in the cyber-threat landscape. Key findings on the evolution of ransomware and its use of emerging technologies are presented

Performance Analysis of an Application-Level Mechanism for Preventing Service Flooding in the Internet

One of the most impacting technological developments during the last few years has been the emergence of the Internet. With rapid growth of the Internet, it is becoming increasingly difficult to provide the necessary services to all users within a designated time period. As the gap between the network-line and application-server rates is growing, it is getting easier to launch Distributed Denial of Service (DDoS) attacks against services on the Internet, and remain undetected within the network. Gligor's rate control scheme is a novel mechanism for providing strong access guarantees to clients for accessing public services, by generating and enforcing simple user-level agreements on dedicated special purpose servers. This thesis studies the results obtained from simulations, when this rate control scheme is applied to two kinds of networks, namely, Content Distribution Networks, and Domain Name Server-based networks. In particular, the server utilization, and client waiting times were studied with the aim of finding bounds on parameters that improve server performance, and of providing clients with reasonable maximum waiting times to service

Ransomware behavioural analysis on windows platforms

Ransomware infections have grown exponentially during the recent past to cause major disruption in operations across a range of industries including the government. Through this research, we present an analysis of 14 strains of ransomware that infect Windows platforms, and we do a comparison of Windows Application Programming Interface (API) calls made through ransomware processes with baselines of normal operating system behaviour. The study identifies and reports salient features of ransomware as referred through the frequencies of API call

Controlled access to cloud resources for mitigating economic denial of sustainability (EDoS) attacks

Cloud computing is a paradigm that provides scalable IT resources as a service over the Internet. Vulnerabilities in the cloud infrastructure have been readily exploited by the adversary class. Therefore, providing the desired level of assurance to all stakeholders through safeguarding data (sensitive or otherwise) which is stored in the cloud, is of utmost importance. In addition, protecting the cloud from adversarial attacks of diverse types and intents, cannot be understated. Economic Denial of Sustainability (EDoS) attack is considered as one of the concerns that has stalled many organizations from migrating their operations and/or data to the cloud. This is because an EDoS attack targets the financial component of the service provider. In this work, we propose a novel and reactive approach based on a rate limit technique, with low overhead, to detect and mitigate EDoS attacks against cloud-based services. Through this reactive scheme, a limited access permission for cloud services is granted to each user. Experiments were conducted in a laboratory cloud setup, to evaluate the performance of the proposed mitigation technique. Results obtained show that the proposed approach is able to detect and prevent such an attack with low cost and overhead. © 2016 Elsevier B.V. All rights reserved

Analysis of attempted intrusions: intelligence gathered from SSH Honeypots

Honeypots are a defensive cyber security countermeasure used to gather data on intruder activities. By analysing the data collected by honeypots, mitigation strategies for cyberattacks launched against cyber-enabled infrastructures can be developed. In this paper, intelligence gathered from six Secure Shell (SSH) honeypots is presented. The paper is part of an ongoing investigation into analysing malicious activities captured by the honeypots. This paper focuses on the time of day attempted intrusions have occurred. The honeypot data has been gathered from 18th July 2012 until 13th January 2016; a period of 1,247 days. All six honeypots have the same hardware and software configurations, located on the same IPv4/24 subnet. Preliminary analysis of the data from all six hosts has been combined to show the number of attempted intrusions recorded by each honeypot and the top 20 countries attacking IP addresses have originated from. However, there is a variation in the number of attempted intrusions recorded on each of the six hosts. Findings from the research conducted suggest, there is a pattern of organised attempted intrusions from attacking IP addresses originating from China and Hong Kong during an 8am to 6pm working day. An additional investigation into the possible use of organised attacking workforces was conducted

Denial of service attack detection through machine learning for the IoT

Sustained Internet of Things (IoT) deployment and functioning are heavily reliant on the use of effective data communication protocols. In the IoT landscape, the publish/subscribe-based Message Queuing Telemetry Transport (MQTT) protocol is popular. Cyber security threats against the MQTT protocol are anticipated to increase at par with its increasing use by IoT manufacturers. In particular, IoT is vulnerable to protocol-based Application layer Denial of Service (DoS) attacks, which have been known to cause widespread service disruption in legacy systems. In this paper, we propose an Application layer DoS attack detection framework for the MQTT protocol and test the scheme on legitimate and protocol compliant DoS attack scenarios. To protect the MQTT message brokers from such attacks, we propose a machine learning-based detection framework developed for the MQTT protocol. Through experiments, we demonstrate the impact of such attacks on various MQTT brokers and evaluate the effectiveness of the proposed framework to detect these malicious attacks. The results obtained indicate that the attackers can overwhelm the server resources even when legitimate access was denied to MQTT brokers and resources have been restricted. In addition, the MQTT features we have identified showed high attack detection accuracy. The field size and length-based features drastically reduced the false-positive rates and are suitable in detecting IoT based attacks

Harnessing Artificial Intelligence Capabilities to Improve Cybersecurity

Cybersecurity is a fast-evolving discipline that is always in the news over the last decade, as the number of threats rises and cybercriminals constantly endeavor to stay a step ahead of law enforcement. Over the years, although the original motives for carrying out cyberattacks largely remain unchanged, cybercriminals have become increasingly sophisticated with their techniques. Traditional cybersecurity solutions are becoming inadequate at detecting and mitigating emerging cyberattacks. Advances in cryptographic and Artificial Intelligence (AI) techniques (in particular, machine learning and deep learning) show promise in enabling cybersecurity experts to counter the ever-evolving threat posed by adversaries. Here, we explore AI\u27s potential in improving cybersecurity solutions, by identifying both its strengths and weaknesses. We also discuss future research opportunities associated with the development of AI techniques in the cybersecurity field across a range of application domains