As of 2024, the landscape of infrastructure Distributed Denial of Service (DDoS) attacks continues to evolve with increasing complexity and sophistication. These attacks are not only increasing in volume but also in their ability to evade traditional defenses due to advancements in AI, which enables adversaries to dynamically adapt their attack targets and tactics to maximize damage. The emergence of high-performance botnets utilizing virtual machines allows attackers to launch large-scale attacks with fewer resources. Consequently, defense strategies must adapt by integrating AI-driven anomaly detection and robust multi-layered defenses to keep pace with these evolving threats. In this paper, we introduce a novel deep reinforcement learning (DRL) framework for mitigating Infrastructure DDoS attacks. Our framework features an actor-critic-based DRL network, integrated with variational autoencoders (VAE) to improve learning efficiency and scalability. The VAE assesses the risk of each traffic flow by analyzing various traffic features, while the actor-critic networks use the current link load and the VAE-generated flow risk scores to determine the probability of DDoS mitigation actions, such as traffic limiting, redirecting, or sending puzzles to verify traffic sources. The puzzle inquiry results are fed back to the VAE to refine the risk assessment process.The key strengths of our framework are: (1) the VAE serves as an adaptive anomaly detector, evolving based on DRL agent actions instead of relying on static IDS rules that may quickly become outdated; (2) by separating traffic behavior characterization (handled by VAE) from action selection (handled by DRL), we significantly reduce the DRL state space, enhancing scalability; and (3) the dynamic collaboration between the DRL engine and the VAE allows for real-time adaptation to evolving attack patterns with high efficiency.We show the feasibility and effectiveness of the framework with various attack scenarios. Our approach uniquely integrates an actor-critic learning algorithm with the VAE to understand traffic flow properties and determine optimal actions through a continuous learning process. Our evaluation demonstrates that this framework effectively identifies attack traffic flows, achieving a true positive rate exceeding 95% and a false positive rate below 4%. Additionally, it learns the optimal strategy in a reasonable time, under 20,000 episodes in most experimental settings.
Authored by Qi Duan
It is suggested in this paper that an LSIM model be used to find DDoS attacks, which usually involve patterns of bad traffic that happen over time. The idea for the model comes from the fact that bad IoTdevices often leave traces in network traffic data that can be used to find them. This is what the LSIM model needs to be done before it can spot attacks in real-time. An IoTattack dataset was used to test how well the suggested method works. What the test showed was that the suggested method worked well to find attacks. The suggested method can likely be used to find attacks on the Internet of Things. It s simple to set up and can stop many types of break-ins. This method will only work, though, if the training data are correct.LSIMmodel could be used to find attack detection who are breaking into the Internet of Things. Long short-term memory (LSIM) models are a type of AI that can find trends in data that have been collected over time. The LSIM model learns the difference patterns in network traffic data that are normal and patterns that show an attack. The proposed method to see how well it worked and found that it could achieve a precision of 99.4\%.
Authored by Animesh Srivastava, Vikash Sawan, Kumari Jugnu, Shiv Dhondiyal
DDoS is considered as the most dangerous attack and threat to software defined network (SDN). The existing mitigation technologies include flow capacity method, entropy method and flow analysis method. They rely on traffic sampling to achieve true real-time inline DDoS detection accuracy. However, the cost of the method based on traffic sampling is very high. Early detection of DDoS attacks in the controller is very important, which requires highly adaptive and accurate methods. Therefore, this paper proposes an effective and accurate real-time DDoS attack detection technology based on hurst index. The main detection methods of DDoS attacks and the traffic characteristics when DDoS attacks occur are briefly analyzed. The Hurst exponent estimation method and its application in real-time detection (RTD) of DDoS attacks are discussed. Finally, the simulation experiment test analysis is improved to verify the effectiveness and feasibility of RTD of DDoS attacks based on hurst index.
Authored by Ying Ling, Chunyan Yang, Xin Li, Ming Xie, Shaofeng Ming, Jieke Lu, Fuchuan Tang
Increasing automation in vehicles enabled by increased connectivity to the outside world has exposed vulnerabilities in previously siloed automotive networks like controller area networks (CAN). Attributes of CAN such as broadcast-based communication among electronic control units (ECUs) that lowered deployment costs are now being exploited to carry out active injection attacks like denial of service (DoS), fuzzing, and spoofing attacks. Research literature has proposed multiple supervised machine learning models deployed as Intrusion detection systems (IDSs) to detect such malicious activity; however, these are largely limited to identifying previously known attack vectors. With the ever-increasing complexity of active injection attacks, detecting zero-day (novel) attacks in these networks in real-time (to prevent propagation) becomes a problem of particular interest. This paper presents an unsupervised-learning-based convolutional autoencoder architecture for detecting zero-day attacks, which is trained only on benign (attack-free) CAN messages. We quantise the model using Vitis-AI tools from AMD/Xilinx targeting a resource-constrained Zynq Ultrascale platform as our IDS-ECU system for integration. The proposed model successfully achieves equal or higher classification accuracy (\textgreater 99.5\%) on unseen DoS, fuzzing, and spoofing attacks from a publicly available attack dataset when compared to the state-of-the-art unsupervised learning-based IDSs. Additionally, by cleverly overlapping IDS operation on a window of CAN messages with the reception, the model is able to meet line-rate detection (0.43 ms per window) of high-speed CAN, which when coupled with the low energy consumption per inference, makes this architecture ideally suited for detecting zero-day attacks on critical CAN networks.
Authored by Shashwat Khandelwal, Shanker Shreejith
Envisioned to be the next-generation Internet, the metaverse faces far more security challenges due to its large scale, distributed, and decentralized nature. While traditional third-party security solutions remain certain limitations such as scalability and Single Point of Failure (SPoF), numerous wearable Augmented/Virtual Reality (AR/VR) devices with increasingly computational capacity can contribute underused resource to protect the metaverse. Realizing the potential of Collaborative Intrusion Detection System (CIDS) in the metaverse context, we propose MetaCIDS, a blockchain-based Federated Learning (FL) framework that allows metaverse users to: (i) collaboratively train an adaptable CIDS model based on their collected local data with privacy protection; (ii) utilize such the FL model to detect metaverse intrusion using the locally observed network traffic; (iii) submit verifiable intrusion alerts through blockchain transactions to obtain token-based reward. Security analysis shows that MetaCIDS can tolerate up to 33\% malicious trainers during the training of FL models, while the verifiability of alerts offer resistance to Distributed Denial of Service (DDoS) attacks. Besides, experimental results illustrate the efficiency and feasibility of MetaCIDS.
Authored by Vu Truong, Vu Nguyen, Long Le
The enhancement of big data security in cloud computing has become inevitable dues to factors such as the volume, velocity, veracity, Value, and velocity of the big data. These enhancements of big data and cloud technologies have computing enabled a wide range of vulnerabilities in applications in organizational business environments leading to various attacks such as denial-of-service attacks, injection attacks, and Phishing among others. Deploying big data in cloud computing environments is a rapidly growing technology that significantly impacts organizations and provides benefits such as demand-driven access to computational services, a distorted version of infinite computing capacity, and assistance with demand-driven scaling up, scaling down, and scaling out. To secure cloud computing for big data processing, a variety of encryption techniques such as RSA, and AES can be applied. However, there are several vulnerabilities during processing. The paper aims to explore the enhancement of big data security in cloud computing using the RSA algorithm to improve the deployment and processing of the variety, volume, veracity, velocity and value of the data utilizing RSA encryptions. The novelty contribution of the paper is threefold: First, explore the current challenges and vulnerabilities in securing big data in cloud computing and how the RSA algorithm can be used to address them. Secondly, we implement the RSA algorithm in a cloud computing environment using the AWS cloud platform to secure big data to improve the performance and scalability of the RSA algorithm for big data security in cloud computing. We compare the RSA algorithm to other cryptographic algorithms in terms of its ability to enhance big data security in cloud computing. Finally, we recommend control mechanisms to improve security in the cloud platform. The results show that the RSA algorithm can be used to improve Cloud Security in a network environment.
Authored by Abel Yeboah-Ofori, Iman Darvishi, Azeez Opeyemi
Internet of Things (IoT) is encroaching in every aspect of our lives. The exponential increase in connected devices has massively increased the attack surface in IoT. The unprotected IoT devices are not only the target for attackers but also used as attack generating elements. The Distributed Denial of Service (DDoS) attacks generated using the geographically distributed unprotected IoT devices as botnet pose a serious threat to IoT. The large-scale DDoS attacks may arise through multiple low-rate DDoS attacks from geographically distributed, compromised IoT devices. This kind of DDoS attacks are difficult to detect with the existing security mechanisms because of the large-scale distributed nature of IoT. The proposed method provides solution to this problem using Fog computing containing fog nodes which are closer to edge IoT devices. The distributed fog nodes detects the low-rate DDoS attacks from IoT devices before it leads to largescale DDoS attack. The effectiveness analysis of the proposed method proves that the real time detection is practical. The experimental results depicts that the lowrate DDoS attacks are detected at faster rate in fog nodes, hence the large-scale DDoS attacks are detected at early stage to protect from massive attack.
Authored by S Prabavathy, I.Ravi Reddy
The big data platform based on cloud computing realizes the storage, analysis and processing of massive data, and provides users with more efficient, accurate and intelligent Internet services. Combined with the characteristics of college teaching resource sharing platform based on cloud computing mode, the multi-faceted security defense strategy of the platform is studied from security management, security inspection and technical means. In the detection module, the optimization of the support vector machine is realized, the detection period is determined, the DDoS data traffic characteristics are extracted, and the source ID blacklist is established; the triggering of the defense mechanism in the defense module, the construction of the forwarder forwarding queue and the forwarder forwarding capability are realized. Reallocation.
Authored by Zhiyi Xing
Envisioned to be the next-generation Internet, the metaverse faces far more security challenges due to its large scale, distributed, and decentralized nature. While traditional third-party security solutions remain certain limitations such as scalability and Single Point of Failure (SPoF), numerous wearable Augmented/Virtual Reality (AR/VR) devices with increasingly computational capacity can contribute underused resource to protect the metaverse. Realizing the potential of Collaborative Intrusion Detection System (CIDS) in the metaverse context, we propose MetaCIDS, a blockchain-based Federated Learning (FL) framework that allows metaverse users to: (i) collaboratively train an adaptable CIDS model based on their collected local data with privacy protection; (ii) utilize such the FL model to detect metaverse intrusion using the locally observed network traffic; (iii) submit verifiable intrusion alerts through blockchain transactions to obtain token-based reward. Security analysis shows that MetaCIDS can tolerate up to 33\% malicious trainers during the training of FL models, while the verifiability of alerts offer resistance to Distributed Denial of Service (DDoS) attacks. Besides, experimental results illustrate the efficiency and feasibility of MetaCIDS.
Authored by Vu Truong, Vu Nguyen, Long Le
Mobile malware is a malicious code specifically designed to target mobile devices to perform multiple types of fraud. The number of attacks reported each day is increasing constantly and is causing an impact not only at the end-user level but also at the network operator level. Malware like FluBot contributes to identity theft and data loss but also enables remote Command & Control (C2) operations, which can instrument infected devices to conduct Distributed Denial of Service (DDoS) attacks. Current mobile device-installed solutions are not effective, as the end user can ignore security warnings or install malicious software. This article designs and evaluates MONDEO-Tactics5G - a multistage botnet detection mechanism that does not require software installation on end-user devices, together with tactics for 5G network operators to manage infected devices. We conducted an evaluation that demonstrates high accuracy in detecting FluBot malware, and in the different adaptation strategies to reduce the risk of DDoS while minimising the impact on the clients satisfaction by avoiding disrupting established sessions.
Authored by Bruno Sousa, Duarte Dias, Nuno Antunes, Javier amara, Ryan Wagner, Bradley Schmerl, David Garlan, Pedro Fidalgo
Summary \& ConclusionsResilience, a system property merging the consideration of stochastic and malicious events focusing on mission success, motivates researchers and practitioners to develop methodologies to support holistic assessments. While established risk assessment methods exist for early and advanced analysis of complex systems, the dynamic nature of security is much more challenging for resilience analysis.The scientific contribution of this paper is a methodology called Trust Loss Effects Analysis (TLEA) for the systematic assessment of the risks to the mission emerging from compromised trust of humans who are part of or are interacting with the system. To make this work more understandable and applicable, the TLEA method follows the steps of Failure Mode, Effects \& Criticality Analysis (FMECA) with a difference in the steps related to the identification of security events. There, the TLEA method uses steps from the Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service (DoS), Elevation of privilege (STRIDE) methodology.The TLEA is introduced using a generic example and is then demonstrated using a more realistic use case of a drone-based system on a reconnaissance mission. After the application of the TLEA method, it is possible to identify different risks related to the loss of trust and evaluate their impact on mission success.
Authored by Douglas Van Bossuyt, Nikolaos Papakonstantinou, Britta Hale, Ryan Arlitt
Nowadays, companies, critical infrastructure and governments face cyber attacks every day ranging from simple denial-of-service and password guessing attacks to complex nationstate attack campaigns, so-called advanced persistent threats (APTs). Defenders employ intrusion detection systems (IDSs) among other tools to detect malicious activity and protect network assets. With the evolution of threats, detection techniques have followed with modern systems usually relying on some form of artificial intelligence (AI) or anomaly detection as part of their defense portfolio. While these systems are able to achieve higher accuracy in detecting APT activity, they cannot provide much context about the attack, as the underlying models are often too complex to interpret. This paper presents an approach to explain single predictions (i. e., detected attacks) of any graphbased anomaly detection systems. By systematically modifying the input graph of an anomaly and observing the output, we leverage a variation of permutation importance to identify parts of the graph that are likely responsible for the detected anomaly. Our approach treats the anomaly detection function as a black box and is thus applicable to any whole-graph explanation problems. Our results on two established datasets for APT detection (StreamSpot \& DARPA TC Engagement Three) indicate that our approach can identify nodes that are likely part of the anomaly. We quantify this through our area under baseline (AuB) metric and show how the AuB is higher for anomalous graphs. Further analysis via the Wilcoxon rank-sum test confirms that these results are statistically significant with a p-value of 0.0041\%.
Authored by Felix Welter, Florian Wilkens, Mathias Fischer
The Internet of Things (IoT) refers to the growing network of connected physical objects embedded with sensors, software and connectivity. While IoT has potential benefits, it also introduces new cyber security risks. This paper provides an overview of IoT security issues, vulnerabilities, threats, and mitigation strategies. The key vulnerabilities arising from IoT s scale, ubiquity and connectivity include inadequate authentication, lack of encryption, poor software security, and privacy concerns. Common attacks against IoT devices and networks include denial of service, ransom-ware, man-in-the-middle, and spoofing. An analysis of recent literature highlights emerging attack trends like swarm-based DDoS, IoT botnets, and automated large-scale exploits. Recommended techniques to secure IoT include building security into architecture and design, access control, cryptography, regular patching and upgrades, activity monitoring, incident response plans, and end-user education. Future technologies like blockchain, AI-enabled defense, and post-quantum cryptography can help strengthen IoT security. Additional focus areas include shared threat intelligence, security testing, certification programs, international standards and collaboration between industry, government and academia. A robust multilayered defense combining preventive and detective controls is required to combat rising IoT threats. This paper provides a comprehensive overview of the IoT security landscape and identifies areas for continued research and development.
Authored by Luis Cambosuela, Mandeep Kaur, Rani Astya
Dynamic Infrastructural Distributed Denial of Service (I-DDoS) attacks constantly change attack vectors to congest core backhaul links and disrupt critical network availability while evading end-system defenses. To effectively counter these highly dynamic attacks, defense mechanisms need to exhibit adaptive decision strategies for real-time mitigation. This paper presents a novel Autonomous DDoS Defense framework that employs model-based reinforcement agents. The framework continuously learns attack strategies, predicts attack actions, and dynamically determines the optimal composition of defense tactics such as filtering, limiting, and rerouting for flow diversion. Our contributions include extending the underlying formulation of the Markov Decision Process (MDP) to address simultaneous DDoS attack and defense behavior, and accounting for environmental uncertainties. We also propose a fine-grained action mitigation approach robust to classification inaccuracies in Intrusion Detection Systems (IDS). Additionally, our reinforcement learning model demonstrates resilience against evasion and deceptive attacks. Evaluation experiments using real-world and simulated DDoS traces demonstrate that our autonomous defense framework ensures the delivery of approximately 96 – 98% of benign traffic despite the diverse range of attack strategies.
Authored by Ashutosh Dutta, Ehab Al-Shaer, Samrat Chatterjee, Qi Duan
Remote Attestation (RA) is a security service by which a Verifier (Vrf) can verify the platform state of a remote Prover (Prv). However, in most existing RA schemes, the Prv might be vulnerable to denial of service (DoS) attacks due to the interactive challenge-response methodology while there is no authentication about the challenge. Worse, many schemes cannot effectively detect mobile malware that can be inactive during the on-demand attestation launched by the Vrf. In this paper, we propose a self-measurement RA for SGX-based platforms, which can effectively mitigate DoS attacks and defend against mobile malware. To this end, a two-way identity authentication is first enforced between the Prv and Vrf with the help of a blockchain system, in which a shared session key is also generated. Secondly, trigger conditions of measurements on the Prv’s side are time points generated by the Prv self instead of Vrf’s requests. The Vrf can retrieve multiple selfmeasurement results during one execution of the protocol to monitor the Prv’s platform over a period of time continuously, which can detect mobile malware effectively. Our scheme utilizes SGX to provide the runtime protection for sensitive information such as session key, self-measurement code, time points of self-measurements, and self-measurement results, making a higher security guarantee. In addition, the session key, time points of self-measurements, and self-measurement code can be changed or upgraded, making our scheme more flexible and scalable. The simulation implementation and results show that our scheme is feasible and practical.
Authored by Zhengwei Ren, Xueting Li, Li Deng, Yan Tong, Shiwei Xu, Jinshan Tang
Remote Attestation (RA) is a security service by which a Verifier (Vrf) can verify the platform state of a remote Prover (Prv). However, in most existing RA schemes, the Prv might be vulnerable to denial of service (DoS) attacks due to the interactive challenge-response methodology while there is no authentication about the challenge. Worse, many schemes cannot effectively detect mobile malware that can be inactive during the on-demand attestation launched by the Vrf. In this paper, we propose a self-measurement RA for SGX-based platforms, which can effectively mitigate DoS attacks and defend against mobile malware. To this end, a two-way identity authentication is first enforced between the Prv and Vrf with the help of a blockchain system, in which a shared session key is also generated. Secondly, trigger conditions of measurements on the Prv’s side are time points generated by the Prv self instead of Vrf’s requests. The Vrf can retrieve multiple selfmeasurement results during one execution of the protocol to monitor the Prv’s platform over a period of time continuously, which can detect mobile malware effectively. Our scheme utilizes SGX to provide the runtime protection for sensitive information such as session key, self-measurement code, time points of self-measurements, and self-measurement results, making a higher security guarantee. In addition, the session key, time points of self-measurements, and self-measurement code can be changed or upgraded, making our scheme more flexible and scalable. The simulation implementation and results show that our scheme is feasible and practical.
Authored by Zhengwei Ren, Xueting Li, Li Deng, Yan Tong, Shiwei Xu, Jinshan Tang
This paper investigates the output feedback security control problem of switched nonlinear systems (SNSs) against denial-of-service (DoS) attacks. A novel switched observer-based neural network (NN) adaptive control algorithm is established, which guarantees that all the signals in the closed-loop system remain bounded. Note that when a DoS attacker is active in the Sensor-Controller channel, the controller cannot acquire accurate information, which leads to the standard backstepping technique not being workable. A set of NN adaptive switching-like observers is designed to tackle the obstacle for each subsystem. Further, by combining the proposed observer with the backstepping technique, an NN adaptive controller is constructed and the dynamic surface control method is borrowed to surmount the complexity explosion phenomenon. Finally, an illustrative example is provided to demonstrate the effectiveness of the proposed control algorithm.
Authored by Hongzhen Xie, Guangdeng Zong, Dong Yang, Yudi Wang
Despite various distributed denial-of-service (DDoS) filtering solutions proposed and deployed throughout the Internet, DDoS attacks continue to evolve and successfully overwhelm the victims with DDoS traffic. While current DDoS solutions in general employ a fixed filtering granularity (e.g., IP address, 4-tuple flow, or service requests) with a specific goal (e.g., maximum coverage of DDoS traffic), in this paper we investigate adaptive DDoS filtering. We design and experiment algorithms that can generate and deploy DDoS-filtering rules that not only adapt to the most suitable and effective filtering granularity (e.g., IP source address and a port number vs. an individual IP address vs. IP prefixes at different lengths), but also adapt to the first priorities of victims (e.g., maximum coverage of DDoS traffic vs. minimum collateral damage from dropping legitimate traffic vs. minimum number of rules). We evaluated our approach through both large-scale simulations based on real-world DDoS attack traces and pilot studies. Our evaluations confirm that our algorithms can generate rules that adapt to every distinct filtering objective and achieve optimal results.
Authored by Jun Li, Devkishen Sisodia, Yebo Feng, Lumin Shi, Mingwei Zhang, Christopher Early, Peter Reiher
IoT technology establishes a platform for automating services by connecting diverse objects through the Internet backbone. However, the integration of IoT networks also introduces security challenges, rendering IoT infrastructure susceptible to cyber-attacks. Notably, Distributed Denial of Service (DDoS) attacks breach the authorization conditions and these attacks have the potential to disrupt the physical functioning of the IoT infrastructure, leading to significant financial losses and even endangering human lives. Yet, maintaining availability even when networking elements malfunction has not received much attention. This research paper introduces a novel Twin eye Architecture, which includes dual gateway connecting every IoT access network to provide reliability even with the failure or inaccessibility of connected gateway. It includes the module called DDoS Manager that is molded into the gateway to recognize the dangling of the gateway. The effectiveness of the proposed model is evaluated using dataset simulated in NS3 environment. The results highlight the outstanding performance of the proposed model, achieving high accuracy rates. These findings demonstrate the proposed network architecture continues to provide critical authentication services even upon the failure of assigned gateway.
Authored by Manjula L, G Raju
Vulnerability Detection 2022 - The increasing number of software vulnerabilities pose serious security attacks and lead to system compromise, information leakage or denial of service. It is a challenge to further improve the vulnerability detection technique. Nowadays most applications are implemented using C/C++. In this paper we focus on the detection of overflow vulnerabilities in C/C++ source code. A novel scheme named VulMiningBGS (Vulnerability Mining Based on Graph Similarity) is proposed. We convert the source code into Top N-Weighted Range Sum Feature Graph (TN-WRSFG), and graph similarity comparisons based on source code level can be effectively carried on to detect possible vulnerabilities. Three categories of vulnerabilities in the Juliet test suite are used, i.e., CWE121, CWE122 and CWE190, with four indicators for performance evaluation (precision, recall, accuracy and F1\_score). Experimental results show that our scheme outperforms the traditional methods, and is effective in the overflow vulnerability detection for C/C++ source code.
Authored by Zihan Yu, Jintao Xue, Xin Sun, Wen Wang, Yubo Song, Liquan Chen, Zhongyuan Qin
Quantum Computing Security 2022 - Geospatial fog computing system offers various benefits as a platform for geospatial computing services closer to the end users, including very low latency, good mobility, precise position awareness, and widespread distribution. In recent years, it has grown quickly. Fog nodes’ security is susceptible to a number of assaults, including denial of service and resource abuse, because to their widespread distribution, complex network environments, and restricted resource availability. This paper proposes a Quantum Key Distribution (QKD)-based geospatial quantum fog computing environment that offers a symmetric secret key negotiation protocol that can preserve informationtheoretic security. In QKD, after being negotiated between any two fog nodes, the secret keys can be given to several users in various locations to maintain forward secrecy and long-term protection. The new geospatial quantum fog computing environment proposed in this work is able to successfully withstand a variety of fog computing assaults and enhances information security.
Authored by Pratyusa Mukherjee, Rabindra Barik
Provable Security - The Industrial Internet of Things (IIoT) has brought about enormous changes in both our individual ways of life and the ways in which our culture works, transforming them into an unique electronic medium. This has enormous implications for almost every facet of life, including clever logistical, smart grids, and smart cities. In particular, the amount of gadgets that are part of the Industrial Internet of Things (IIoT) is increasing at such a fast pace that numerous gadgets and sensors are constantly communicating with one another and exchanging a substantial quantity of data. The potential of spying and hijacked assaults in messaging services has grown as a result of the creation; as a direct consequence of this, protecting data privacy and security has become two key problems at the current moment. In recent years, a protocol known as certificateless signature (LCS), which is both better secured and lighter, has been more popular for use in the development of source of energy IIoT protocols. The Schnorr signature serves as the foundation for this method s underlying mechanism. In spite of this, we found that the vast majority of the currently implemented CLS schemes are susceptible to a number of widespread security flaws. These flaws include man-in-the-middle (MITM) attacks, key generation centre (KGC) compromised attacks, and distributed denial of service (DDoS) attacks. As a potential solution to the issues that have been discussed in the preceding paragraphs, we, the authors of this work, suggest an unique pairing-free provable data approach. In order to develop a revolutionary LCS scheme that is dependable and efficient, this plan takes use of the most cutting-edge blockchain technology as well as smart contracts. After that, in order to verify the dependability of our system, we simulate both Type-I and Type-II adversary and run the results through a series of tests. The findings of a system security and a summative assessment have shown that our design is capable of providing more reliable security assurance at a lower overall cost of computation (for illustration, limited by around 40.0\% at most) and transmission time (for example, reduced by around 94.7\% at most) like other proposed scheme.
Authored by Meenakshi Garg, Krishan Sharma
Identifying Evolution of Software Metrics by Analyzing Vulnerability History in Open Source Projects
Predictive Security Metrics - Software developers mostly focus on functioning code while developing their software paying little attention to the software security issues. Now a days, security is getting priority not only during the development phase, but also during other phases of software development life cycle (starting from requirement specification till maintenance phase). To that end, research have been expanded towards dealing with security issues in various phases. Current research mostly focused on developing different prediction models and most of them are based on software metrics. The metrics based models showed higher precision but poor recall rate in prediction. Moreover, they did not analyze the roles of individual software metric on the occurrences of vulnerabilities separately. In this paper, we target to track the evolution of metrics within the life-cycle of a vulnerability starting from its born version through the last affected version till fixed version. In particular, we studied a total of 250 files from three major releases of Apache Tomcat (8, 9 , and 10). We found that four metrics: AvgCyclomatic, AvgCyclomaticStrict, CountDeclM ethod, and CountLineCodeExe show significant changes over the vulnerability history of Tomcat. In addition, we discovered that Tomcat team prioritizes in fixing threatening vulnerabilities such as Denial of Service than less severe vulnerabilities. The results of our research will potentially motivate further research on building more accurate vulnerability prediction models based on the appropriate software metrics. It will also help to assess developer’s mindset about fixing different types of vulnerabilities in open source projects.
Authored by Erik Maza, Kazi Sultana
Neural Network Security - Software-Defined Network (SDN) is a new networking paradigm that adopts centralized control logic and provides more control to the network operators over the network infrastructure to meet future network requirements. SDN controller known as operation system, which is responsible for running network applications and maintaining the different network services and functionalities. Despite all its great capabilities, SDN is facing different security threats due to its various architectural entities and centralized nature. Distributed Denial of Service (DDoS) is a promptly growing attack and becomes a major threat for the SDN. To date, most of the studies focus on detecting high-rate DDoS attacks at the control layer of SDN and low-rate DDoS attacks are high concealed because they are difficult to detect. Furthermore, the existing methods are useful for the detection of high-rate DDoS, so need to focus on low-rate DDoS attacks separately. Hence, the use of machine learning algorithms is growing for the detection of low-rate DDoS attacks in the SDN, but they achieved low accuracy against this attack. To improve the detection accuracy, this paper first describes the attack s mechanism and then proposes a Recurrent Neural Network (RNN) based method. The extracted features from the flow rules are used by the RNN for the detection of low-rate attacks. The experimental results show that the proposed method intelligently detects the attack, and its detection accuracy reaches 98.59\%. The proposed method achieves good detection accuracy as compared to existing studies.
Authored by Muhammad Nadeem, Hock Goh, Yichiet Aun, Vasaki Ponnusamy
Network Security Resiliency - Trending towards autonomous transportation systems, modern vehicles are equipped with hundreds of sensors and actuators that increase the intelligence of the vehicles with a higher level of autonomy, as well as facilitate increased communication with entities outside the in-vehicle network.However, increase in a contact point with the outside world has exposed the controller area network (CAN) of a vehicle to remote security vulnerabilities. In particular, an attacker can inject fake high priority messages within the CAN through the contact points, while preventing legitimate messages from controlling the CAN (Denial-of-Service (DoS) attack). In this paper, we propose a Moving Target Defense (MTD) based mechanism to provide resiliency against DoS attack, where we shuffle the message priorities at different communication cycles, opposed to the state-of-the-art message priority setup, to nullify the attacker’s knowledge of message priorities for a given time. The performance and efficacy of the proposed shuffling algorithm has been analyzed under different configuration, and compared against the state-of-the-art solutions. It is observed that the proposed mechanism is successful in denying DoS attack when the attacker is able to bypass preemptive strategies and inject messages within the in-vehicle network.
Authored by Ayan Roy, Sanjay Madria