scholarly journals Study on SDN with Security Issues Using Mininet

2021 ◽  
Author(s):  
Florance G ◽  
R.J Anandhi
Keyword(s):  
Denial Of Service ◽  
Research Work ◽  
High Rate ◽  
Software Defined Network ◽  
Real Network ◽  
Security Issues ◽  
Centralized Management ◽  
Efficient Detection ◽  
Trace Back ◽  
Protection Mechanisms

The internet is faced with many problems daily, one of them is decrement in network bandwidth because of Distributed Denial of Service (DDoS) attack on host server, which deplete host resources. Researchers has been invented many protection mechanisms such as detection, trace back, prevention, reaction, and characterization are in case of DDoS attacks, which will control the number of malicious packets received by the victim. But it does not provide efficient detection technique with high rate in real time network infrastructure. Thus, modern technologies are prepared on Mininet network simulators, which give more impact to simulate the real network. The architecture of Software Defined Networks (SDN) and OpenFlow architecture is used to demonstrate a programmable network model and centralized management of real network. In this research work, we provide design of software defined network (SDN) using mininet simulator and security issues related to the Software Defined Network.

scholarly journals Detection and Prevention Algorithm of DDoS Attack Over the IOT Networks

TEM Journal ◽  
2020 ◽  
pp. 899-906
Keyword(s):  
Denial Of Service ◽  
The Other ◽  
High Rate ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Huge Number ◽  
Security Issues ◽  
Ddos Attack ◽  
Legitimate User ◽  
The Impact

One of the most notorious security issues in the IoT is the Distributed Denial of Service (DDoS) attack. Using a large number of agents, DDoS attack floods the host server with a huge number of requests causing interrupting and blocking the legitimate user requests. This paper proposes a detection and prevention algorithm for DDoS attacks. It is divided into two parts, one for detecting the DDoS attack in the IoT end devices and the other for mitigating the impact of the attack placed on the border router. Also, it has the ability to differentiate the High-rate from the Lowrate DDoS attack accurately and defend against these two types of attacks. It is implemented and tested against different scenarios to dissect their efficiency in detecting and mitigating the DDoS attack.

scholarly journals Hybrid Intrusion Detection System for Internet of Things (IoT)

2020 ◽  
Vol 2 (4) ◽  
pp. 190-199 ◽  
Author(s):  
Dr. S. Smys ◽  
Dr. Abul Basar ◽  
Dr. Haoxiang Wang
Keyword(s):  
Internet Of Things ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Research Work ◽  
Experimental Result ◽  
Security Issues ◽  
Wide Range ◽  
Conventional Machine

Internet of things (IoT) is a promising solution to connect and access every device through internet. Every day the device count increases with large diversity in shape, size, usage and complexity. Since IoT drive the world and changes people lives with its wide range of services and applications. However, IoT provides numerous services through applications, it faces severe security issues and vulnerable to attacks such as sinkhole attack, eaves dropping, denial of service attacks, etc., Intrusion detection system is used to detect such attacks when the network security is breached. This research work proposed an intrusion detection system for IoT network and detect different types of attacks based on hybrid convolutional neural network model. Proposed model is suitable for wide range of IoT applications. Proposed research work is validated and compared with conventional machine learning and deep learning model. Experimental result demonstrate that proposed hybrid model is more sensitive to attacks in the IoT network.

Effective Multi-Layer Security for Campus Network

2015 ◽  
Vol 2 ◽  
pp. 6
Author(s):  
Isiaka Ajewale Alimi
Keyword(s):  
Network Architecture ◽  
Communication Systems ◽  
Denial Of Service ◽  
High Rate ◽  
Campus Network ◽  
Security Measures ◽  
Security Breaches ◽  
Security Technologies ◽  
Network Layers ◽  
Firewall System

The development in different communication systems as well as multimedia applications and services leads to high rate of Internet usage. However, transmission of information over such networks can be compromised and security breaches such as virus, denial of service, unauthorized access, and theft of proprietary information which may have devastating impact on the system may occur if adequate security measures are not employed. Consequently, building viable, effective, and safe network is one of the main technical challenges of information transmission in campus networks. Furthermore, it has been observed that, network threats and attacks exist from the lower layers of network traffic to the application layer; therefore, this paper proposes an effective multi-layer firewall system for augmenting the functionalities of other network security technologies due to the fact that, irrespective of the type of access control being employed, attacks are still bound to occur. The effectiveness of the proposed network architecture is demonstrated using Cisco Packet Tracer. The simulation results show that, implementation of the proposed topology is viable and offers reasonable degree of security at different network layers.

scholarly journals Cut-and-Mouse and Ghost Control

2021 ◽  
Vol 2 (1) ◽  
pp. 1-23
Author(s):  
Ziya Alper Genç ◽  
Gabriele Lenzini ◽  
Daniele Sgandurra
Keyword(s):  
Winning Strategy ◽  
Denial Of Service ◽  
Behavioral Analysis ◽  
Full Time ◽  
Standard Code ◽  
Additional Protection ◽  
Protection Mechanisms ◽  
Copy And Paste ◽  
Digital Assets

To protect their digital assets from malware attacks, most users and companies rely on antivirus (AV) software. AVs’ protection is a full-time task against malware: This is similar to a game where malware, e.g., through obfuscation and polymorphism, denial of service attacks, and malformed packets and parameters, tries to circumvent AV defences or make them crash. However, AVs react by complementing signature-based detection with anomaly or behavioral analysis, and by using OS protection, standard code, and binary protection techniques. Further, malware counter-acts, for instance, by using adversarial inputs to avoid detection, and so on. In this cat-and-mouse game, a winning strategy is trying to anticipate the move of the adversary by looking into one’s own weaknesses, seeing how the adversary can penetrate them, and building up appropriate defences or attacks. In this article, we play the role of malware developers and anticipate two novel moves for the malware side to demonstrate the weakness in the AVs and to improve the defences in AVs’ side. The first one consists in simulating mouse events to control AVs, namely, to send them mouse “clicks” to deactivate their protection. We prove that many AVs can be disabled in this way, and we call this class of attacks Ghost Control . The second one consists in controlling whitelisted applications, such as Notepad, by sending them keyboard events (such as “copy-and-paste”) to perform malicious operations on behalf of the malware. We prove that the anti-ransomware protection feature of AVs can be bypassed if we use Notepad as a “puppet” to rewrite the content of protected files as a ransomware would do. Playing with the words, and recalling the cat-and-mouse game, we call this class of attacks Cut-and-Mouse . We tested these two attacks on 29 AVs, and the results show that 14 AVs are vulnerable to Ghost Control attack while all 29 AV programs tested are found vulnerable to Cut-and-Mouse . Furthermore, we also show some weaknesses in additional protection mechanisms of AVs, such as sandboxing and CAPTCHA verification. We have engaged with the affected AV companies, and we reported the disclosure communication with them and their responses.

scholarly journals A centralized secure plan for detecting and mitigation incidents in hybrid SDN

2018 ◽  
Vol 189 ◽  
pp. 10015 ◽  
Author(s):  
Karim Zkik ◽  
Said EL Hajji ◽  
Ghizlane Orhanou
Keyword(s):  
Cloud Computing ◽  
Big Data ◽  
New Technologies ◽  
Software Defined Network ◽  
Centralized Control ◽  
Security Issues ◽  
Technology Sector ◽  
Network Equipment ◽  
Infrastructure Services ◽  
Hybrid Sdn

The information technology sector has experienced phenomenal growth during recent years. To follow this development many new technologies have emerged to satisfy the expectations of businesses and customers, such as Cloud Computing, mobility, virtualization, Internet of things and big data. Traditional network cannot longer support this growth and suffers more and more in terms of misconfiguration,management and configurations complexity. Software defined network (SDN) architectures can be considered as a big revolution in the field of computer networks, because they offer a centralized control on infrastructure, services and the applications deployed which facilitate configuration and management on the network. The implementation of this type of architecture is not obvious and requires great expertise and good handling and management of network equipment. To remedy this problem the SDN architectures have evolved towards distributed and hybrid architectures. Despites the advantages of using SDN, security issues remain a real obstacle in front of the deployment of this type of architecture. The centralized architecture of this type of networks makes it vulnerable to several types of attacks and intrusions, and the implementation of security equipment generally causes a decrease in performance and increase latency.

scholarly journals Public transport payment systems: market survey

2020 ◽  
Vol 9 ◽  
Author(s):  
Aisha Yrgyzbaykyzy Zhubatkhan ◽  
Aigerim Mussina ◽  
Sanzhar Serikovich Aubakirov
Keyword(s):  
Comparative Analysis ◽  
Public Transport ◽  
Research Work ◽  
Market Survey ◽  
Payment Systems ◽  
Security Issues ◽  
The World

In our research work, we study transport card security issues. One of the questions of our study is its relevance in the world and particular in Kazakhstan. Therefore, in this work, we conducted research on the market of transport cards in the world and Kazakhstan. As part of the study, we searched for answers to the following questions: what technologies are used to accept payment by transport cards, in which countries the electronic ticketing system has been introduced, in which cities of Kazakhstan have electronic ticketing systems been implemented, what technologies are used in Kazakhstan. As a result, we showed that the popularity of using NFC payment in the world and in Kazakhstan is growing. We also analyzed the existing electronic ticketing systems in Kazakhstan, made a comparative analysis and got a comparative table.

Potential Security Issues in a Peer-to-Peer Network from a Database Perspective

2011 ◽  
pp. 131-144
Author(s):  
Sridhar Asvathanarayanan
Keyword(s):  
Denial Of Service ◽  
Database Security ◽  
Vital Role ◽  
Peer To Peer ◽  
Peer Networks ◽  
Distributed Denial Of Service ◽  
Security Issues ◽  
Peer Network ◽  
Peer To Peer Networks ◽  
Peer To Peer Network

Computing strategies have constantly undergone changes, from being completely centralized to client-servers and now to peer-to-peer networks. Databases on peer-to-peer networks offer significant advantages in terms of providing autonomy to data owners, to store and manage the data that they work with and, at the same time, allow access to others. The issue of database security becomes a lot more complicated and the vulnerabilities associated with databases are far more pronounced when considering databases on a peer-to-peer network. Issues associated with database security in a peer-to-peer environment could be due to file sharing, distributed denial of service, and so forth, and trust plays a vital role in ensuring security. The components of trust in terms of authentication, authorization, and encryption offer methods to ensure security.

Analysis of Issues in SDN Security and Solutions

2018 ◽  
pp. 217-239
Author(s):  
Ankur Dumka ◽  
Hardwari Lal Mandoria ◽  
Anushree Sah
Keyword(s):  
Network Topology ◽  
Network Architecture ◽  
Denial Of Service ◽  
Network Services ◽  
Software Defined Network ◽  
Denial Of Service Attack ◽  
Man In The Middle ◽  
Service Attack ◽  
Topology Information ◽  
The Given

The chapter surveys the analysis of all the security aspects of software-defined network and determines the areas that are prone to security attacks in the given software-defined network architecture. If the fundamental network topology information is poisoned, all the dependent network services will become immediately affected, causing catastrophic problems like host location hijacking attack, link fabrication attack, denial of service attack, man in the middle attack. These attacks affect the following features of SDN: availability, performance, integrity, and security. The flexibility in the programmability of control plane has both acted as a bane as well as a boon to SDN. Like the ARP poisoning in the legacy networks, there are several other vulnerabilities in the SDN architecture as well.

Visualization Technique for Intrusion Detection

2018 ◽  
pp. 276-290
Author(s):  
Mohamed Cheikh ◽  
Salima Hacini ◽  
Zizette Boufaida
Keyword(s):  
Intrusion Detection ◽  
Computer Security ◽  
Detection System ◽  
Denial Of Service ◽  
High Rate ◽  
False Alarms ◽  
Dos Attacks ◽  
Network Parameter ◽  
A New Technique ◽  
Parameter Values

Intrusion detection system (IDS) plays a vital and crucial role in a computer security. However, they suffer from a number of problems such as low detection of DoS (denial-of-service)/DDoS (distributed denial-of-service) attacks with a high rate of false alarms. In this chapter, a new technique for detecting DoS attacks is proposed; it detects DOS attacks using a set of classifiers and visualizes them in real time. This technique is based on the collection of network parameter values (data packets), which are automatically represented by simple geometric graphs in order to highlight relevant elements. Two implementations for this technique are performed. The first is based on the Euclidian distance while the second is based on KNN algorithm. The effectiveness of the proposed technique has been proven through a simulation of network traffic drawn from the 10% KDD and a comparison with other classification techniques for intrusion detection.

Ensuring Correctness, Completeness, and Freshness for Outsourced Tree-Indexed Data

2010 ◽  
pp. 693-710
Author(s):  
Tran Khanh Dang
Keyword(s):  
Research Work ◽  
Data Integrity ◽  
Experimental Results ◽  
Actual Data ◽  
Service Model ◽  
Security Issues ◽  
Data Owner ◽  
Database Service ◽  
Outsourced Database ◽  
Theoretical Analyses

In an outsourced database service model, query assurance takes an important role among well-known security issues. To the best of our knowledge, however, none of the existing research work has dealt with ensuring the query assurance for outsourced tree-indexed data. To address this issue, the system must prove authenticity and data integrity, completeness, and freshness guarantees for the result set. These objectives imply that data in the result set is originated from the actual data owner and has not been tampered with; the server did not omit any tuples matching the query conditions; and the result set was generated with respect to the most recent snapshot of the database. In this paper, we propose a vanguard solution to provide query assurance for outsourced tree-indexed data on untrusted servers with high query assurance and at reasonable costs. Experimental results with real datasets confirm the effciency of our approach and theoretical analyses.

Sign in / Sign up

Export Citation Format

Share Document