Features-Aware DDoS Detection in Heterogeneous Smart Environments based on Fog and Cloud Computing

Nowadays, urban environments are deploying smart environments (SEs) to evolve infrastructures, resources, and services. SEs are composed of a huge amount of heterogeneous devices, i.e., the SEs have both personal devices (smartphones, notebooks, tablets, etc) and Internet of Things (IoT) devices (sensors, actuators, and others). One of the existing problems of the SEs is the detection of Distributed Denial of Service (DDoS) attacks, due to the vulnerabilities of IoT devices. In this way, it is necessary to deploy solutions that can detect DDoS in SEs, dealing with issues like scalability, adaptability, and heterogeneity (distinct protocols, hardware capacity, and running applications). Within this context, this article presents an Intelligent System for DDoS detection in SEs, applying Machine Learning (ML), Fog, and Cloud computing approaches. Additionally, the article presents a study about the most important traffic features for detecting DDoS in SEs, as well as a traffic segmentation approach to improve the accuracy of the system. The experiments performed, using real network traffic, suggest that the proposed system reaches 99% of accuracy, while reduces the volume of data exchanged and the detection time.

Download Full-text

Multi-Aspect DDOS Detection System for Securing Cloud Network

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch096 ◽

2019 ◽

pp. 1952-1983

Author(s):

Pourya Shamsolmoali ◽

Masoumeh Zareapoor ◽

M.Afshar Alam

Keyword(s):

Cloud Computing ◽

Detection System ◽

Denial Of Service ◽

Complex Form ◽

Internet Security ◽

Detection Methods ◽

Ddos Attacks ◽

Dos Attacks ◽

Ddos Detection ◽

Cloud Network

Distributed Denial of Service (DDoS) attacks have become a serious attack for internet security and Cloud Computing environment. This kind of attacks is the most complex form of DoS (Denial of Service) attacks. This type of attack can simply duplicate its source address, such as spoofing attack, which defending methods do not able to disguises the real location of the attack. Therefore, DDoS attack is the most significant challenge for network. In this chapter we present different aspect of security in Cloud Computing, mostly we concentrated on DDOS Attacks. The Authors illustrated all types of Dos Attacks and discussed the most effective detection methods.

Download Full-text

IoT Registration and Authentication in Smart City Applications with Blockchain

Sensors ◽

10.3390/s21041323 ◽

2021 ◽

Vol 21 (4) ◽

pp. 1323

Author(s):

Célio Márcio Soares Ferreira ◽

Charles Tim Batista Garrocho ◽

Ricardo Augusto Rabelo Oliveira ◽

Jorge Sá Silva ◽

Carlos Frederico Marcelo da Cunha Cavalcanti

Keyword(s):

Time Management ◽

Smart Cities ◽

Fog Computing ◽

Denial Of Service ◽

Urban Environments ◽

Edge Computing ◽

Primary Data ◽

Security Challenges ◽

Security Information ◽

Iot Devices

The advent of 5G will bring a massive adoption of IoT devices across our society. IoT Applications (IoT Apps) will be the primary data collection base. This scenario leads to unprecedented scalability and security challenges, with one of the first areas for these applications being Smart Cities (SC). IoT devices in new network paradigms, such as Edge Computing and Fog Computing, will collect data from urban environments, providing real-time management information. One of these challenges is ensuring that the data sent from Edge Computing are reliable. Blockchain has been a technology that has gained the spotlight in recent years, due to its robust security in fintech and cryptocurrencies. Its strong encryption and distributed and decentralized network make it potential for this challenge. Using Blockchain with IoT makes it possible for SC applications to have security information distributed, which makes it possible to shield against Distributed Denial of Service (DDOS). IoT devices in an SC can have a long life, which increases the chance of having security holes caused by outdated firmware. Adding a layer of identification and verification of attributes and signature of messages coming from IoT devices by Smart Contracts can bring confidence in the content. SC Apps that extract data from legacy and outdated appliances, installed in inaccessible, unknown, and often untrusted urban environments can benefit from this work. Our work’s main contribution is the development of API Gateways to be used in IoT devices and network gateway to sign, identify, and authorize messages. For this, keys and essential characteristics of the devices previously registered in Blockchain are used. We will discuss the importance of this implementation while considering the SC and present a testbed that is composed of Blockchain Ethereum and real IoT devices. We analyze the transfer time, memory, and CPU impacts during the sending and processing of these messages. The messages are signed, identified, and validated by our API Gateways and only then collected for an IoT data management application.

Download Full-text

Hybrid Network Intrusion Detection System for Smart Environments Based on Internet of Things

The Computer Journal ◽

10.1093/comjnl/bxz082 ◽

2019 ◽

Cited By ~ 1

Author(s):

Venkatraman Subbarayalu ◽

B Surendiran ◽

P Arun Raj Kumar

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Denial Of Service ◽

Hybrid Network ◽

Network Intrusion Detection ◽

Smart Device ◽

Smart Environments ◽

Detection Accuracy ◽

Network Intrusion ◽

Iot Devices

Abstract The proliferation of Internet of Things (IoT) devices has led to many applications, including smart homes, smart cities and smart industrial control systems. Attacks like Distributed Denial of Service, event control hijacking, spoofing, event replay and zero day attacks are prevalent in smart environments. Conventional Network Intrusion Detection Systems (NIDSs) are tedious to deploy in the smart environment because of numerous communication architectures, manufacturer policies, technologies, standards and application-specific services. To overcome these challenges, we modeled the operational behavior of IoT network events using timed ACs and proposed a novel hybrid NIDS in this paper. A web server is integrated with IoT devices for remote access, and Constrained Application Protocol is employed in inter- and intra-smart device communication. Experiments are conducted in real time to validate our proposal and achieve 99.17% detection accuracy and 0.01% false positives.

Download Full-text

Multi-Aspect DDOS Detection System for Securing Cloud Network

Handbook of Research on End-to-End Cloud Computing Architecture Design - Advances in Systems Analysis, Software Engineering, and High Performance Computing ◽

10.4018/978-1-5225-0759-8.ch010 ◽

2017 ◽

pp. 222-252

Author(s):

Pourya Shamsolmoali ◽

Masoumeh Zareapoor ◽

M.Afshar Alam

Keyword(s):

Cloud Computing ◽

Detection System ◽

Denial Of Service ◽

Complex Form ◽

Internet Security ◽

Detection Methods ◽

Ddos Attacks ◽

Dos Attacks ◽

Ddos Detection ◽

Cloud Network

Download Full-text

Classification of Cloud Systems Cyber-security Threats and Solutions Directives

Application and Theory of Computer Technology ◽

10.22496/atct20170227147 ◽

2017 ◽

Vol 2 (3) ◽

pp. 1

Author(s):

Hanane Bennasar ◽

Mohammad Essaaidi ◽

Ahmed Bendahmane ◽

Jalel Benothmane

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Data Security ◽

Denial Of Service ◽

Security Threats ◽

Huge Number ◽

Open Problems ◽

Long Period ◽

Near Future

Cloud computing cyber security is a subject that has been in top flight for a long period and even in near future. However, cloud computing permit to stock up a huge number of data in the cloud stockage, and allow the user to pay per utilization from anywhere via any terminal equipment. Among the major issues related to Cloud Computing security, we can mention data security, denial of service attacks, confidentiality, availability, and data integrity. This paper is dedicated to a taxonomic classification study of cloud computing cyber-security. With the main objective to identify the main challenges and issues in this field, the different approaches and solutions proposed to address them and the open problems that need to be addressed.

Download Full-text

Entropy Based Features Distribution for Anti-DDoS Model in SDN

Sustainability ◽

10.3390/su13031522 ◽

2021 ◽

Vol 13 (3) ◽

pp. 1522

Author(s):

Raja Majid Ali Ujjan ◽

Zeeshan Pervez ◽

Keshav Dahal ◽

Wajahat Ali Khan ◽

Asad Masood Khattak ◽

...

Keyword(s):

Network Security ◽

False Positive ◽

Denial Of Service ◽

Network Services ◽

Detection Accuracy ◽

Data Sets ◽

Traffic Patterns ◽

Average Accuracy ◽

Ddos Detection ◽

Quantitative Results

In modern network infrastructure, Distributed Denial of Service (DDoS) attacks are considered as severe network security threats. For conventional network security tools it is extremely difficult to distinguish between the higher traffic volume of a DDoS attack and large number of legitimate users accessing a targeted network service or a resource. Although these attacks have been widely studied, there are few works which collect and analyse truly representative characteristics of DDoS traffic. The current research mostly focuses on DDoS detection and mitigation with predefined DDoS data-sets which are often hard to generalise for various network services and legitimate users’ traffic patterns. In order to deal with considerably large DDoS traffic flow in a Software Defined Networking (SDN), in this work we proposed a fast and an effective entropy-based DDoS detection. We deployed generalised entropy calculation by combining Shannon and Renyi entropy to identify distributed features of DDoS traffic—it also helped SDN controller to effectively deal with heavy malicious traffic. To lower down the network traffic overhead, we collected data-plane traffic with signature-based Snort detection. We then analysed the collected traffic for entropy-based features to improve the detection accuracy of deep learning models: Stacked Auto Encoder (SAE) and Convolutional Neural Network (CNN). This work also investigated the trade-off between SAE and CNN classifiers by using accuracy and false-positive results. Quantitative results demonstrated SAE achieved relatively higher detection accuracy of 94% with only 6% of false-positive alerts, whereas the CNN classifier achieved an average accuracy of 93%.

Download Full-text

HomeTec Software for Security Aspects of Smart Home Devices Based on IoT

10.54216/jcim.050101 ◽

2021 ◽

pp. 5-16

Author(s):

Parth Rustagi ◽

◽

...

Keyword(s):

Smart Home ◽

Denial Of Service ◽

Security Protocols ◽

The Internet ◽

Security Threats ◽

Deep Dive ◽

Cost Cutting ◽

Full Control ◽

Iot Devices ◽

Service Data

As useful as it gets to connect devices to the internet to make life easier and more comfortable, it also opens the gates to various cyber threats. The connection of Smart Home devices to the internet makes them vulnerable to malicious hackers that infiltrate the system. Hackers can penetrate these systems and have full control over devices. This can lead to denial of service, data leakage, invasion of privacy, etc. Thus security is a major aspect of Smart home devices. However, many companies manufacturing these Smart Home devices have little to no security protocols in their devices. In the process of making the IoT devices cheaper, various cost-cutting is done on the security protocols in IoT devices. In some way, many manufactures of the devices don’t even consider this as a factor to build upon. This leaves the devices vulnerable to attacks. Various authorities have worked upon to standardize the security aspects for the IoT and listed out guidelines for manufactures to follow, but many fail to abide by them. This paper introduces and talks about the various threats, various Security threats to Smart Home devices. It takes a deep dive into the solutions for the discussed threats. It also discusses their prevention. Lastly, it discusses various preventive measures and good practices to be incorporated to protect devices from any future attacks.

Download Full-text

Proposed Back Propagation Deep Neural Network for Intrusion Detection in Internet of Things Fog Computing

International Journal of Emerging Trends in Engineering Research ◽

10.30534/ijeter/2021/23942021 ◽

2021 ◽

Vol 9 (4) ◽

pp. 464-469

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Intrusion Detection ◽

Fog Computing ◽

Denial Of Service ◽

Back Propagation ◽

Security And Privacy ◽

Brute Force ◽

Iot Platform ◽

Proposed Model

Internet of things (IoT) is an emerging concept which aims to connect billions of devices with each other anytime regardless of their location. Sadly, these IoT devices do not have enough computing resources to process huge amount of data. Therefore, Cloud computing is relied on to provide these resources. However, cloud computing based architecture fails in applications that demand very low and predictable latency, therefore the need for fog computing which is a new paradigm that is regarded as an extension of cloud computing to provide services between end users and the cloud user. Unfortunately, Fog-IoT is confronted with various security and privacy risks and prone to several cyberattacks which is a serious challenge. The purpose of this work is to present security and privacy threats towards Fog-IoT platform and discuss the security and privacy requirements in fog computing. We then proceed to propose an Intrusion Detection System (IDS) model using Standard Deep Neural Network's Back Propagation algorithm (BPDNN) to mitigate intrusions that attack Fog-IoT platform. The experimental Dataset for the proposed model is obtained from the Canadian Institute for Cybersecurity 2017 Dataset. Each instance of the attack in the dataset is separated into separate files, which are DoS (Denial of Service), DDoS (Distributed Denial of Service), Web Attack, Brute Force FTP, Brute Force SSH, Heartbleed, Infiltration and Botnet (Bot Network) Attack. The proposed model is trained using a 3-layer BP-DNN

Download Full-text

A SURVEY ON CLOUD-DENIAL OF SERVICE

American Journal of Advanced Computing ◽

10.15864/ajac.1205 ◽

2020 ◽

Vol 1 (2) ◽

pp. 1-5

Author(s):

Bibek Naha ◽

Siddhartha Banerjee ◽

Sayanti Mondal

Keyword(s):

Cloud Computing ◽

Comparative Study ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Cloud Environment ◽

Dos Attack ◽

Huge Amount ◽

Denial Of Service Attack ◽

Service Attack ◽

Insight Into

Cloud Computing is one of the most nurtured as well as debated topic in today’s world. Billions of data of various fields ranging from personal users to large business enterprises reside in Cloud. Therefore, availability of this huge amount of data and services is of immense importance. The DOS (Denial of Service) attack is a well-known threat to the availability of data in a smaller premise. Whenever, it’s a Cloud environment this simple DOS attack takes the form of DDOS (Distributed Denial of Service) attack. This paper provides a generic insight into the various kinds of DOS as well as DDOS attacks. Moreover, a handful of countermeasures have also been depicted here. In a nutshell, it aims at raising an awareness by outlining a clear picture of the Cloud availability issues.Our paper gives a comparative study of different techniques of detecting DOS.

Download Full-text

Survey on DDoS Attacks and Defense Mechanisms in Cloud and Fog Computing

International Journal of E-Services and Mobile Applications ◽

10.4018/ijesma.2018070104 ◽

2018 ◽

Vol 10 (3) ◽

pp. 61-83 ◽

Cited By ~ 10

Author(s):

Deepali Chaudhary ◽

Kriti Bhushan ◽

B.B. Gupta

Keyword(s):

Cloud Computing ◽

Defense Mechanisms ◽

Low Cost ◽

Fog Computing ◽

Smart Devices ◽

Cloud Environment ◽

Security Issue ◽

Process Data ◽

Ddos Attack ◽

Iot Devices

This article describes how cloud computing has emerged as a strong competitor against traditional IT platforms by offering low-cost and “pay-as-you-go” computing potential and on-demand provisioning of services. Governments, as well as organizations, have migrated their entire or most of the IT infrastructure to the cloud. With the emergence of IoT devices and big data, the amount of data forwarded to the cloud has increased to a huge extent. Therefore, the paradigm of cloud computing is no longer sufficient. Furthermore, with the growth of demand for IoT solutions in organizations, it has become essential to process data quickly, substantially and on-site. Hence, Fog computing is introduced to overcome these drawbacks of cloud computing by bringing intelligence to the edge of the network using smart devices. One major security issue related to the cloud is the DDoS attack. This article discusses in detail about the DDoS attack, cloud computing, fog computing, how DDoS affect cloud environment and how fog computing can be used in a cloud environment to solve a variety of problems.

Download Full-text