DDoS prevention architecture using anomaly detection in fog-empowered networks

The world of computation has shown wide variety of wonders in the past decade with Internet of Things (IoT) being one of the most promising technology. Emergence of IoT brings a lot of good to the technology pool with its capability to provide intelligent services to the users. With ease to use, IoT is backed by a strong Cloud based infrastructure which allows the sensory IoT devices to perform specific functions. Important features of cloud are its reliability and security where the latter must be dealt with proper care. Cloud centric systems are susceptible to Denial of Service (DoS) attacks wherein the cloud server is subjected to an overwhelming number of incoming requests by a malicious device. If the same attack is carried out by a network of devices such as IoT devices then it becomes a Distributed DoS (DDoS) attack. A DDoS attack may render the server useless for a long period of time causing the services to crash due to extensive load. This paper proposes a lightweight, efficient and robust method for DDoS attack by detecting the compromised node connected to the Fog node or edge devices before it reaches the cloud by taking advantage of the Fog layer and prevent it from harming any information recorded or from increasing the unnecessary traffic in a network. The chosen technology stack consists of languages and frameworks which allow proposed approach to works in real time complexity for faster execution and is flexible enough to work on low level systems such as the Fog nodes. The proposed approach uses mathematical models for forecasting data points and therefore does not rely on a computationally heavy approach such as neural networks for predicting the expected values. This approach can be easily modelled into the firmware of the system and can help make cloud services more reliable by cutting off rogue nodes that try to attack the cloud at any given point of time.

Download Full-text

AntibIoTic: Protecting IoT Devices Against DDoS Attacks

10.31224/osf.io/vh8ka ◽

2017 ◽

Cited By ~ 3

Author(s):

Michele De Donno ◽

Nicola Dragoni ◽

Alberto Giaretta ◽

Manuel Mazzara

Keyword(s):

Denial Of Service ◽

Main Idea ◽

Denial Of Service Attacks ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

The World ◽

Iot Devices

The 2016 is remembered as the year that showed to the world how dangerous distributed Denial of Service attacks can be. Gauge of the disruptiveness of DDoS attacks is the number of bots involved: the bigger the botnet, the more powerful the attack. This character, along with the increasing availability of connected and insecure IoT devices, makes DDoS and IoT the perfect pair for the malware industry. In this paper we present the main idea behind AntibIoTic, a palliative solution to prevent DoS attacks perpetrated through IoT devices.

Download Full-text

Need to Change Exam Preparation Strategy

International Journal of Indian Psychology ◽

10.25215/0402.190 ◽

2017 ◽

Vol 4 (2) ◽

Author(s):

Akhil Subhash Madankar

Keyword(s):

Learning Process ◽

Educational Tool ◽

Long Period ◽

The Past ◽

Exam Preparation ◽

The World ◽

Examination Methods ◽

Preparation Strategy ◽

Expected Outcomes ◽

The Way

All over the world, there are different students who acquired the different ways of preparation. Every professional graduator having different mindsets or approach towards the examination. Due to this, some student will get good outcomes in minimum time and some will not get expected outcomes even when they were tried a lot. The examination methods have a large impact on how and when student study and what they learn. The examination should not only be used as a control that a student is qualified, but also as an educational tool to influence the learning process. Over a long period of time, students were thinking that exam would the way where we will express our knowledge. But according to some student will be not. Now a day, a number of students adopted different way of learning and attempting the examination. And getting good marks in an exam will not be an issue. Today, the world is practical oriented. They demand not only the base of knowledge but a group of knowledge along with skills. Also, the way of learning is different than the past decade. Now we have to change our mindset regarding exam and way which will be adopting for it.

Download Full-text

Intrusion Detection System for AES Encripted Low-Power IoT Networks

10.14210/cotb.v12.p392-399 ◽

2021 ◽

Author(s):

Eduardo De Oliveira Burger Monteiro Luiz ◽

Alessandro Copetti ◽

Luciano Bertini ◽

Juliano Fontoura Kazienko

Keyword(s):

Low Power ◽

Detection System ◽

Denial Of Service ◽

Security Requirements ◽

Power Devices ◽

Dos Attacks ◽

Reflection Attack ◽

Ipv6 Protocol ◽

Iot Devices ◽

High Level

The introduction of the IPv6 protocol solved the problem of providingaddresses to network devices. With the emergence of the Internetof Things (IoT), there was also the need to develop a protocolthat would assist in connecting low-power devices. The 6LoWPANprotocols were created for this purpose. However, such protocolsinherited the vulnerabilities and threats related to Denial of Service(DoS) attacks from the IPv4 and IPv6 protocols. In this paper, weprepare a network environment for low-power IoT devices usingCOOJA simulator and Contiki operating system to analyze theenergy consumption of devices. Besides, we propose an IntrusionDetection System (IDS) associated with the AES symmetric encryptionalgorithm for the detection of reflection DoS attacks. Thesymmetric encryption has proven to be an appropriate methoddue to low implementation overhead, not incurring in large powerconsumption, and keeping a high level of system security. The maincontributions of this paper are: (i) implementation of a reflectionattack algorithm for IoT devices; (ii) implementation of an intrusiondetection system using AES encryption; (iii) comparison ofthe power consumption in three distinct scenarios: normal messageexchange, the occurrence of a reflection attack, and runningIDS algorithm. Finally, the results presented show that the IDSwith symmetric cryptography meets the security requirements andrespects the energy limits of low-power sensors.

Download Full-text

Shield Advanced Mitigation System of Distributed Denial of Service Attack in Integration of Internet of Things and Cloud Computing Environment

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.a4841.129219 ◽

2019 ◽

Vol 9 (2) ◽

pp. 1300-1306

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Denial Of Service ◽

Cloud Services ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Denial Of Service Attack ◽

Ddos Attack ◽

Service Attack ◽

Verification Process

Cloud services among public and business companies have become popular in recent years. For production activities, many companies rely on cloud technology. Distributed Denial of Services (DDoS) attack is an extremely damaging general and critical type of cloud attacks. Several efforts have been made in recent years to identify numerous types of DDoS attacks. This paper discusses the different types of DDoS attacks and their cloud computing consequences. Distributed Denial of Service attack (DDoS) is a malicious attempt to disrupt the normal movement of a targeted server, service or network through influx of internet traffic overwhelming the target or its infrastructure. The use of multiple affected computer systems as a source of attacks makes DDoS attacks effective. Computers and other networked tools, including IoT phones, may be included on exploited machines. A DDoS attack from a high level resembles a traffic jam that is caused by roads that prevents normal travel at their desired destination. So DDoS Attack is a major challenging problem in integrated Cloud and IoT. Hence, this paper proposes Shield Advanced Mitigation System of Distributed Denial of Service Attack in the integration of Internet of Things and Cloud Computing Environment. This secure architecture use two verification process to identify whether user is legitimate or malicious. Dynamic Captcha Testing with Equal Probability test for first verification process, moreover Zigsaw Image Puzzle Test is used for second verification process, and Intrusion Detection Prevention System is used to identify and prevent malicious user, moreover reverse proxy is used to hide server location. These functional components and flow could strengthen security in Client side network to provide cloud services furthermore to overcome distributed denial of service attack in the integration of Internet of Things and Cloud Environment.

Download Full-text

Taxonomy of Distributed Denial of Service (DDoS) Attacks and Defense Mechanisms in Present Era of Smartphone Devices

International Journal of E-Services and Mobile Applications ◽

10.4018/ijesma.2018040104 ◽

2018 ◽

Vol 10 (2) ◽

pp. 58-74 ◽

Cited By ~ 8

Author(s):

Kavita Sharma ◽

B. B. Gupta

Keyword(s):

Defense Mechanisms ◽

Computer Network ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

Network Resources ◽

Common People ◽

Ddos Attack ◽

Legitimate User

This article describes how in the summer of 1999, the Computer Incident Advisory Capability first reported about Distributed Denial of Service (DDoS) attack incidents and the nature of Denial of Service (DoS) attacks in a distributed environment that eliminates the availability of resources or data on a computer network. DDoS attack exhausts the network resources and disturbs the legitimate user. This article provides an explanation on DDoS attacks and nature of these attacks against Smartphones and Wi-Fi Technology and presents a taxonomy of various defense mechanisms. The smartphone is chosen for this study, as they have now become a necessity rather than a luxury item for the common people.

Download Full-text

Intrusion Detection in IoT Networks Using Deep Learning Algorithm

Information ◽

10.3390/info11050279 ◽

2020 ◽

Vol 11 (5) ◽

pp. 279 ◽

Cited By ~ 1

Author(s):

Bambang Susilo ◽

Riri Fitri Sari

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Learning Strategies ◽

Learning Algorithm ◽

Human Life ◽

Denial Of Service ◽

The Internet ◽

Dos Attacks ◽

Deep Learning Algorithm ◽

Iot Devices

The internet has become an inseparable part of human life, and the number of devices connected to the internet is increasing sharply. In particular, Internet of Things (IoT) devices have become a part of everyday human life. However, some challenges are increasing, and their solutions are not well defined. More and more challenges related to technology security concerning the IoT are arising. Many methods have been developed to secure IoT networks, but many more can still be developed. One proposed way to improve IoT security is to use machine learning. This research discusses several machine-learning and deep-learning strategies, as well as standard datasets for improving the security performance of the IoT. We developed an algorithm for detecting denial-of-service (DoS) attacks using a deep-learning algorithm. This research used the Python programming language with packages such as scikit-learn, Tensorflow, and Seaborn. We found that a deep-learning model could increase accuracy so that the mitigation of attacks that occur on an IoT network is as effective as possible.

Download Full-text

Denial of Service (DoS) Attacks Over Cloud Environment

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch026 ◽

2021 ◽

pp. 491-521

Author(s):

Thangavel M. ◽

Nithya S ◽

Sindhuja R

Keyword(s):

Cloud Computing ◽

Capacity Planning ◽

Denial Of Service ◽

Cloud Services ◽

The Other ◽

Complete Analysis ◽

Cloud Environment ◽

Dos Attack ◽

Dos Attacks ◽

The Impact

Cloud computing is the fastest growing technology in today's world. Cloud services provide pay as go models on capacity or usage. For providing better cloud services, capacity planning is very important. Proper capacity planning will maximize efficiency and on the other side proper control over the resources will help to overcome from attacks. As the technology develops in one side, threats and vulnerabilities to security also increases on the other side. A complete analysis of Denial of Service (DOS) attacks in cloud computing and how are they done in the cloud environment and the impact of reduced capacity in cloud causes greater significance. Among all the cloud computing attacks, DOS is a major threat to the cloud environment. In this book chapter, we are going to discuss DOS attack in the cloud and its types, what are the tools used to perform DOS attack and how they are detected and prevented. Finally it deals with the measures to protect the cloud services from DOS attack and also penetration testing for DOS attack.

Download Full-text

A Virtual Firewall Mechanism Using Army Nodes to Protect Cloud Infrastructure from DDoS Attacks

Cybernetics and Information Technologies ◽

10.2478/cait-2014-0034 ◽

2014 ◽

Vol 14 (3) ◽

pp. 71-85 ◽

Cited By ~ 6

Author(s):

N Jeyanthi ◽

P. C. Mogankumar

Keyword(s):

Denial Of Service ◽

Threat Detection ◽

Distributed Denial Of Service ◽

Distributed Network ◽

Cloud Infrastructure ◽

Ddos Attack ◽

Cloud Server ◽

Simulation Results ◽

The Cost ◽

Attack Mitigation

Abstract Cloud is not exempted from the vulnerability of Distributed Denial of Service (DDoS) attack, a serious threat to any distributed network and has considerably less effective solutions to deploy in the network. This paper introduces a novel mechanism to protect and prevent the cloud from the spurious packets targeting the depletion of server resources. The army nodes called “Cloud DDoS Attack Protection” (CDAP) nodes are installed at the cloud server farm/ Datacenter (DC). These army nodes act as virtual firewall without destroying the Cloud Infrastructure and improve the availability of DC, even at the time of DDoS attack. By continuously monitoring the incoming packets, CDAP filters the attack packets intruding the Cloud DC. Availability is further improved by handing over the threat detection and attack mitigation to CDAP nodes and by redirecting the malicious user requests to the dump network. The simulation results prove that the introduction of CDAP nodes improve the availability and reduce the response time and the cost incurred.

Download Full-text

A Framework for Mitigating DDoS and DOS Attacks in IoT Environment Using Hybrid Approach

Electronics ◽

10.3390/electronics10111282 ◽

2021 ◽

Vol 10 (11) ◽

pp. 1282

Author(s):

Abdulrahman Aminu Ghali ◽

Rohiza Ahmad ◽

Hitham Alhussian

Keyword(s):

High Speed ◽

Oil And Gas ◽

Denial Of Service ◽

Hybrid Approach ◽

Social Engineering ◽

Specific Method ◽

Dos Attacks ◽

Man In The Middle ◽

Intelligent Devices ◽

Iot Devices

The Internet of Things (IoT) has gained remarkable acceptance from millions of individuals. This is evident in the extensive use of intelligent devices such as smartphones, smart television, speakers, air conditioning, lighting, and high-speed networks. The general application area of IoT includes industries, hospitals, schools, homes, sports, oil and gas, automobile, and entertainment, to mention a few. However, because of the unbounded connection of IoT devices and the lack of a specific method for overseeing communication, security concerns such as distributed denial of service (DDoS), denial of service (DoS), replay, botnet, social engineering, man-in-the-middle, and brute force attacks have posed enormous challenges in the IoT environment. Regarding these enormous challenges, this study focuses on DDoS and DoS attacks. These two attacks have the most severe consequences in the IoT environment. The solution proposed in this study can also help future researchers tackle the expansion of IoT security threats. Moreover, the study conducts rigorous experiments to assess the efficiency of the proposed approach. In summary, the experimental results show that the proposed hybrid approach mitigates data exfiltration caused by DDoS and DoS attacks by 95.4%, with average network lifetime, energy consumption, and throughput improvements of 15%, 25%, and 60%, respectively.

Download Full-text

IFACNN: efficient DDoS attack detection based on improved firefly algorithm to optimize convolutional neural networks

Mathematical Biosciences and Engineering ◽

10.3934/mbe.2022059 ◽

2021 ◽

Vol 19 (2) ◽

pp. 1280-1303

Author(s):

Jiushuang Wang ◽

◽

Ying Liu ◽

Huifen Feng

Keyword(s):

Internet Of Things ◽

Firefly Algorithm ◽

Denial Of Service ◽

Attack Detection ◽

Ddos Attacks ◽

Detection Scheme ◽

Ddos Attack ◽

Improved Firefly Algorithm ◽

Iot Devices ◽

Ddos Attack Detection

<abstract><p>Network security has become considerably essential because of the expansion of internet of things (IoT) devices. One of the greatest hazards of today's networks is distributed denial of service (DDoS) attacks, which could destroy critical network services. Recent numerous IoT devices are unsuspectingly attacked by DDoS. To securely manage IoT equipment, researchers have introduced software-defined networks (SDN). Therefore, we propose a DDoS attack detection scheme to secure the real-time in the software-defined the internet of things (SD-IoT) environment. In this article, we utilize improved firefly algorithm to optimize the convolutional neural network (CNN), to provide detection for DDoS attacks in our proposed SD-IoT framework. Our results demonstrate that our scheme can achieve higher than 99% DDoS behavior and benign traffic detection accuracy.</p></abstract>

Download Full-text