Enhancing network-edge connectivity and computation security in drone video analytics

2020 ◽  
Author(s):  
◽  
Alicia Esquivel-Morel
Keyword(s):  
Precision Agriculture ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Network Simulator ◽  
Security Framework ◽  
Dos Attacks ◽  
Video Analytics ◽  
Edge Connectivity ◽  
Decision Algorithm ◽  
Main Research

[ACCESS RESTRICTED TO THE UNIVERSITY OF MISSOURI--COLUMBIA AT REQUEST OF AUTHOR.] Unmanned Aerial Vehicle (UAV) systems with high-resolution video cameras are used for many operations such as aerial imaging, search and rescue, and precision agriculture. Multi-drone systems operating in Flying Ad Hoc Networks (FANETS) are inherently insecure and require efficient and end-to-end security schemes to defend against cyber-attacks (i.e., Man-in-the-middle (MITM), Replay and Denial of Service (DoS) attacks). In this work, we propose a cloud-based, intelligent security framework viz., "DroneNet-Sec" that provides network-edge connectivity and computation security for drone video analytics to defend against common attack vectors in UAV systems. The proposed framework includes three main research thrusts: (i) a secure hybrid testbed management that synergies simulation and emulation via an open-source network simulator (NS3) and a research platform for mobile wireless networks (POWDER), (ii) an intelligent and dynamic decision algorithm based on machine learning to detect anomaly events without decreasing the performance in a real-time FANET deployment, and (iii) a web-based experiment control module that features a graphical user interface to assist experimenters in the execution/visualization of repeatable and high-scale UAV security experiments. Our performance evaluation experiments in a holistic hybrid-testbed show that our proposed security framework successfully detects anomaly events and effectively protects containerized tasks execution in drones video analytics in a light-weight manner.

scholarly journals Low-Rate DoS Attacks Detection Based on MAF-ADM

Sensors ◽  
2019 ◽  
Vol 20 (1) ◽  
pp. 189 ◽  
Author(s):  
Sijia Zhan ◽  
Dan Tang ◽  
Jianping Man ◽  
Rui Dai ◽  
Xiyin Wang
Keyword(s):  
Joint Distribution ◽  
Transmission Control Protocol ◽  
Denial Of Service ◽  
False Negative ◽  
False Negative Rate ◽  
Network Simulator ◽  
Dos Attacks ◽  
Time Frequency ◽  
Anomaly Score ◽  
Low Rate

Low-rate denial of service (LDoS) attacks reduce the quality of network service by sending periodical packet bursts to the bottleneck routers. It is difficult to detect by counter-DoS mechanisms due to its stealthy and low average attack traffic behavior. In this paper, we propose an anomaly detection method based on adaptive fusion of multiple features (MAF-ADM) for LDoS attacks. This study is based on the fact that the time-frequency joint distribution of the legitimate transmission control protocol (TCP) traffic would be changed under LDoS attacks. Several statistical metrics of the time-frequency joint distribution are chosen to generate isolation trees, which can simultaneously reflect the anomalies in time domain and frequency domain. Then we calculate anomaly score by fusing the results of all isolation trees according to their ability to isolate samples containing LDoS attacks. Finally, the anomaly score is smoothed by weighted moving average algorithm to avoid errors caused by noise in the network. Experimental results of Network Simulator 2 (NS2), testbed, and public datasets (WIDE2018 and LBNL) demonstrate that this method does detect LDoS attacks effectively with lower false negative rate.

scholarly journals Securing Infrastructure-as-a-Service Public Clouds Using Security Onion

2019 ◽  
Vol 2 (1) ◽  
pp. 6
Author(s):  
Abdullahi Mikail ◽  
Bernardi Pranggono
Keyword(s):  
Intrusion Detection System ◽  
Detection System ◽  
Cloud Model ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Proof Of Concept ◽  
Dos Attacks ◽  
Infrastructure As A Service ◽  
Effective Manner ◽  
Security Challenges

The shift to Cloud computing has brought with it its specific security challenges concerning the loss of control, trust and multi-tenancy especially in Infrastructure-as-a-Service (IaaS) Cloud model. This article focuses on the design and development of an intrusion detection system (IDS) that can handle security challenges in IaaS Cloud model using an open source IDS. We have implemented a proof-of-concept prototype on the most deployed hypervisor—VMware ESXi—and performed various real-world cyber-attacks, such as port scanning and denial of service (DoS) attacks to validate the practicality and effectiveness of our proposed IDS architecture. Based on our experimental results we found that our Security Onion-based IDS can provide the required protection in a reasonable and effective manner.

scholarly journals A Methodology to Counter DoS Attacks in Mobile IP Communication

2012 ◽  
Vol 8 (2) ◽  
pp. 127-152
Author(s):  
Sazia Parvin ◽  
Farookh Khadeer Hussain ◽  
Sohrab Ali
Keyword(s):  
Ad Hoc ◽  
Mobile Ip ◽  
Denial Of Service ◽  
Base Station ◽  
Base Stations ◽  
Network Simulator ◽  
Dos Attack ◽  
Dos Attacks ◽  
Denial Of Service Attack ◽  
Ip Communication

Similar to wired communication, Mobile IP communication is susceptible to various kinds of attacks. Of these attacks, Denial of Service (DoS) attack is considered as a great threat to mobile IP communication. The number of approaches hitherto proposed to prevent DoS attack in the area of mobile IP communication is much less compared to those for the wired domain and mobile ad hoc networks. In this work, the effects of Denial of Service attack on mobile IP communication are analyzed in detail. We propose to use packet filtering techniques that work in different domains and base stations of mobile IP communication to detect suspicious packets and to improve the performance. If any packet contains a spoofed IP address which is created by DoS attackers, the proposed scheme can detect this and then filter the suspected packet. The proposed system can mitigate the effect of Denial of Service (DoS) attack by applying three methods: (i) by filtering in the domain periphery router (ii) by filtering in the base station and (iii) by queue monitoring at the vulnerable points of base-station node. We evaluate the performance of our proposed scheme using the network simulator NS-2. The results indicate that the proposed scheme is able to minimize the effects of Denial of Service attacks and improve the performance of mobile IP communication.

scholarly journals An Optimal DoS Attack Strategy Disturbing the Distributed Economic Dispatch of Microgrid

Complexity ◽  
2021 ◽  
Vol 2021 ◽  
pp. 1-16
Author(s):  
Yihe Wang ◽  
Mingli Zhang ◽  
Kun Song ◽  
Tie Li ◽  
Na Zhang
Keyword(s):  
Search Algorithm ◽  
Denial Of Service ◽  
Economic Dispatch ◽  
Cyber Attacks ◽  
Dos Attack ◽  
Dos Attacks ◽  
Attack Model ◽  
Dispatch System ◽  
Attack Strategy ◽  
Bus System

As a promising method with excellent characteristics in terms of resilience and dependability, distributed methods are gradually used in the field of energy management of microgrid. However, these methods have more stringent requirements on the working conditions, which will make the system more sensitive to communication failures and cyberattacks. As a result, it is both theoretical merits and practical values to investigate the malicious effect of cyber attacks on microgrid. This paper studies the distributed economic dispatch problem (EDP) under denial-of-service (DoS) attacks for the microgrid, in which each generator can communicate with its neighbors and has the computational capability to implement local operation. Firstly, a DoS attack model is proposed, in which the DoS attacker intentionally jams the communication channel to deteriorate the performance of the microgrid. Then, the evolution mechanism of the dispatch system of the microgrid under different attack scenarios is adequately discussed. On this basis, an optimal attack strategy based on enumerating-search algorithm is presented to allocate the limited attack resources reasonably, so as to maximize the effect of DoS attacks. Finally, the validity of the theoretical studies about the attack effect under different scenarios and the effectiveness of the proposed enumerating-search-based optimal attack strategy are illustrated through the simulation examples on the IEEE 57-bus system and IEEE 39-bus system, respectively.

scholarly journals Adaptive event-triggered state estimation for complex networks with nonlinearities against hybrid attacks

2022 ◽  
Vol 7 (2) ◽  
pp. 2858-2877
Author(s):  
Yahan Deng ◽  
◽  
Zhenhai Meng ◽  
Hongqian Lu
Keyword(s):  
Complex Networks ◽  
State Estimation ◽  
Denial Of Service ◽  
Sufficient Conditions ◽  
Cyber Attacks ◽  
Linear Matrix ◽  
System State ◽  
Dos Attacks ◽  
Augmented System ◽  
Event Triggered

<abstract><p>This paper investigates the event-triggered state estimation problem for a class of complex networks (CNs) suffered by hybrid cyber-attacks. It is assumed that a wireless network exists between sensors and remote estimators, and that data packets may be modified or blocked by malicious attackers. Adaptive event-triggered scheme (AETS) is introduced to alleviate the network congestion problem. With the help of two sets of Bernoulli distribution variables (BDVs) and an arbitrary function related to the system state, a mathematical model of the hybrid cyber-attacks is developed to portray randomly occurring denial-of-service (DoS) attacks and deception attacks. CNs, AETS, hybrid cyber-attacks, and state estimators are then incorporated into a unified architecture. The system state is cascaded with state errors as an augmented system. Furthermore, based on Lyapunov stability theory and linear matrix inequalities (LMIs), sufficient conditions to ensure the asymptotic stability of the augmented system are derived, and the corresponding state estimator is designed. Finally, the effectiveness of the theoretical method is demonstrated by numerical examples and simulations.</p></abstract>

scholarly journals 5G NB-IoT: Efficient Network Traffic Filtering for Multitenant IoT Cellular Networks

2018 ◽  
Vol 2018 ◽  
pp. 1-21 ◽  
Author(s):  
Pablo Salva-Garcia ◽  
Jose M. Alcaraz-Calero ◽  
Qi Wang ◽  
Jorge Bernal Bernabe ◽  
Antonio Skarmeta
Keyword(s):  
Mobile Networks ◽  
Large Scale ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Security Framework ◽  
Iot Security ◽  
Iot Applications ◽  
Fifth Generation ◽  
Self Protection ◽  
5G Mobile Networks

Internet of Things (IoT) is a key business driver for the upcoming fifth-generation (5G) mobile networks, which in turn will enable numerous innovative IoT applications such as smart city, mobile health, and other massive IoT use cases being defined in 5G standards. To truly unlock the hidden value of such mission-critical IoT applications in a large scale in the 5G era, advanced self-protection capabilities are entailed in 5G-based Narrowband IoT (NB-IoT) networks to efficiently fight off cyber-attacks such as widespread Distributed Denial of Service (DDoS) attacks. However, insufficient research has been conducted in this crucial area, in particular, few if any solutions are capable of dealing with the multiple encapsulated 5G traffic for IoT security management. This paper proposes and prototypes a new security framework to achieve the highly desirable self-organizing networking capabilities to secure virtualized, multitenant 5G-based IoT traffic through an autonomic control loop featured with efficient 5G-aware traffic filtering. Empirical results have validated the design and implementation and demonstrated the efficiency of the proposed system, which is capable of processing thousands of 5G-aware traffic filtering rules and thus enables timely protection against large-scale attacks.

scholarly journals Generator of Slow Denial-of-Service Cyber Attacks

Sensors ◽  
2021 ◽  
Vol 21 (16) ◽  
pp. 5473
Author(s):  
Marek Sikora ◽  
Radek Fujdiak ◽  
Karel Kuchar ◽  
Eva Holasova ◽  
Jiri Misurec
Keyword(s):  
Cyber Security ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Future Research ◽  
The Internet ◽  
Small Data ◽  
Dos Attacks ◽  
Network Systems ◽  
Internet Service ◽  
Detection Techniques

In today’s world, the volume of cyber attacks grows every year. These attacks can cause many people or companies high financial losses or loss of private data. One of the most common types of attack on the Internet is a DoS (denial-of-service) attack, which, despite its simplicity, can cause catastrophic consequences. A slow DoS attack attempts to make the Internet service unavailable to users. Due to the small data flows, these attacks are very similar to legitimate users with a slow Internet connection. Accurate detection of these attacks is one of the biggest challenges in cybersecurity. In this paper, we implemented our proposal of eleven major and most dangerous slow DoS attacks and introduced an advanced attack generator for testing vulnerabilities of protocols, servers, and services. The main motivation for this research was the absence of a similarly comprehensive generator for testing slow DoS vulnerabilities in network systems. We built an experimental environment for testing our generator, and then we performed a security analysis of the five most used web servers. Based on the discovered vulnerabilities, we also discuss preventive and detection techniques to mitigate the attacks. In future research, our generator can be used for testing slow DoS security vulnerabilities and increasing the level of cyber security of various network systems.

scholarly journals A Secure Protocol against Selfish and Pollution Attacker Misbehavior in Clustered WSNs

Electronics ◽  
2021 ◽  
Vol 10 (11) ◽  
pp. 1244
Author(s):  
Hana Rhim ◽  
Damien Sauveron ◽  
Ryma Abassi ◽  
Karim Tamine ◽  
Sihem Guemara
Keyword(s):  
Denial Of Service ◽  
Base Station ◽  
Hierarchical Organization ◽  
Secure Routing ◽  
Sensor Nodes ◽  
Dos Attacks ◽  
Linear Network ◽  
Secure Protocol ◽  
Misbehaving Nodes ◽  
Pollution Attacks

Wireless sensor networks (WSNs) have been widely used for applications in numerous fields. One of the main challenges is the limited energy resources when designing secure routing in such networks. Hierarchical organization of nodes in the network can make efficient use of their resources. In this case, a subset of nodes, the cluster heads (CHs), is entrusted with transmitting messages from cluster nodes to the base station (BS). However, the existence of selfish or pollution attacker nodes in the network causes data transmission failure and damages the network availability and integrity. Mainly, when critical nodes like CH nodes misbehave by refusing to forward data to the BS, by modifying data in transit or by injecting polluted data, the whole network becomes defective. This paper presents a secure protocol against selfish and pollution attacker misbehavior in clustered WSNs, known as (SSP). It aims to thwart both selfish and pollution attacker misbehaviors, the former being a form of a Denial of Service (DoS) attack. In addition, it maintains a level of confidentiality against eavesdroppers. Based on a random linear network coding (NC) technique, the protocol uses pre-loaded matrices within sensor nodes to conceive a larger number of new packets from a set of initial data packets, thus creating data redundancy. Then, it transmits them through separate paths to the BS. Furthermore, it detects misbehaving nodes among CHs and executes a punishment mechanism using a control counter. The security analysis and simulation results demonstrate that the proposed solution is not only capable of preventing and detecting DoS attacks as well as pollution attacks, but can also maintain scalable and stable routing for large networks. The protocol means 100% of messages are successfully recovered and received at the BS when the percentage of lost packets is around 20%. Moreover, when the number of misbehaving nodes executing pollution attacks reaches a certain threshold, SSP scores a reception rate of correctly reconstructed messages equal to 100%. If the SSP protocol is not applied, the rate of reception of correctly reconstructed messages is reduced by 90% at the same case.

scholarly journals Secure and DoS-Resilient Fragment Authentication in CCN-Based Vehicular Networks

2018 ◽  
Vol 2018 ◽  
pp. 1-12
Author(s):  
Sangwon Hyun ◽  
Hyoungshick Kim
Keyword(s):  
Vehicular Networks ◽  
Denial Of Service ◽  
Content Delivery ◽  
Dos Attacks ◽  
Promising Alternative ◽  
Content Centric Networking ◽  
Transmission Unit ◽  
Communication Environments ◽  
Maximum Transmission

Content-Centric Networking (CCN) is considered as a promising alternative to traditional IP-based networking for vehicle-to-everything communication environments. In general, CCN packets must be fragmented and reassembled based on the Maximum Transmission Unit (MTU) size of the content delivery path. It is thus challenging to securely protect fragmented packets against attackers who intentionally inject malicious fragments to disrupt normal services on CCN-based vehicular networks. This paper presents a new secure content fragmentation method that is resistant to Denial-of-Service (DoS) attacks in CCN-based vehicular networks. Our approach guarantees the authenticity of each fragment through the immediate fragment verification at interim nodes on the routing path. Our experiment results demonstrate that the proposed approach provides much stronger security than the existing approach named FIGOA, without imposing a significant overhead in the process. The proposed method achieves a high immediate verification probability of 98.2% on average, which is 52% higher than that of FIGOA, while requiring only 14% more fragments than FIGOA.

Sign in / Sign up

Export Citation Format

Share Document