DETECTION AND MITIGATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS ON NETWORK ARCHITECTURE SOFTWARE DEFINED NETWORKING USING THE NAIVE BAYES ALGORITHM

DDoS attacks are a form of attack carried out by sending packets continuously to machines and even computer networks. This attack will result in a machine or network resources that cannot be accessed or used by users. DDoS attacks usually originate from several machines operated by users or by bots, whereas Dos attacks are carried out by one person or one system. In this study, the term to be used is the term DDoS to represent a DoS or DDoS attack. In the network world, Software Defined Network (SDN) is a promising paradigm. SDN separates the control plane from forwarding plane to improve network programmability and network management. As part of the network, SDN is not spared from DDoS attacks. In this study, we use the naïve Bayes algorithm as a method to detect DDoS attacks on the Software Defined Network network architecture

ZbSR: A Data Plane Security Model of SR-BE/TE based on Zero-Trust Architecture

Facing the untrusted threats of network elements and PKI/CA faced by SR-BE/TE(Segment Routing-BE/TE) data plane in the zero-trust network environment, firstly, this paper refines it into eight specific security issues. Secondly, an SR-BE/TE data plane security model ZbSR(ZTA-based SR) based on zero-trust architecture is proposed, which reconstructs the original SR control plane into a "trust-agent" two-layer plane based on 4 components of the controller, agent, cryptographic center and information base. On one hand, we distinguish between the two segment list generation modes and proposes corresponding data exchange security algorithms, by introducing north-south security verification based on identity authentication, trust evaluation, and key agreement before the terminal device establishes an east-west access connection, so reliable data exchange between terminal devices can be realized. On the other hand, for the network audit lacking SR-BE/TE, a network audit security algorithm based on solid authentication is proposed. By auditing the fields, behaviors, loops, labels, paths, and SIDs of messages, threats such as stream path tampering, SID tampering, DoS attacks, and loop attacks can be effectively detected. Finally, through the simulation test, the proposed model can provide security protection for the SR data plane with a 19.3% average incremental delay overhead for various threat scenarios.

Adaptive event-triggered state estimation for complex networks with nonlinearities against hybrid attacks

<abstract><p>This paper investigates the event-triggered state estimation problem for a class of complex networks (CNs) suffered by hybrid cyber-attacks. It is assumed that a wireless network exists between sensors and remote estimators, and that data packets may be modified or blocked by malicious attackers. Adaptive event-triggered scheme (AETS) is introduced to alleviate the network congestion problem. With the help of two sets of Bernoulli distribution variables (BDVs) and an arbitrary function related to the system state, a mathematical model of the hybrid cyber-attacks is developed to portray randomly occurring denial-of-service (DoS) attacks and deception attacks. CNs, AETS, hybrid cyber-attacks, and state estimators are then incorporated into a unified architecture. The system state is cascaded with state errors as an augmented system. Furthermore, based on Lyapunov stability theory and linear matrix inequalities (LMIs), sufficient conditions to ensure the asymptotic stability of the augmented system are derived, and the corresponding state estimator is designed. Finally, the effectiveness of the theoretical method is demonstrated by numerical examples and simulations.</p></abstract>