Search Results (122)

Automated production lines are increasingly being expanded with Industrial Internet of Things (IIoT) devices, creating complex Cyber-Physical Systems (CPSs) that connect physical production with control and information infrastructure. However, the convergence of Information Technology (IT) and Operational Technology (OT) layers creates new entry points for attacks targeting communication availability. Most existing studies analyze Distributed Denial of Service (DDoS) attacks primarily in simulation or testbed environments, with limited experimental verification of their impact on real-world production systems. This article presents an experimental evaluation of the impact of DDoS and Distributed Reflection Denial of Service (DRDoS) attacks carried out directly on a physical automated production line with integrated IIoT infrastructure during real operation. Three attack scenarios (TCP SYN flood, TCP ACK flood, and ICMP reflected attack) were implemented, targeting Programmable Logic Controllers (PLCs), Radio-Frequency Identification (RFID) subsystems, and selected IIoT devices. The results showed rapid degradation of deterministic PROFINET communication, disruption of the link between the OT and IT layers, loss of digital product representation, and physical interruption of the production process. Based on the findings, a minimally invasive security solution based on perimeter protection was designed and experimentally verified. The results emphasize the need to design IIoT-based manufacturing systems with an emphasis on network segmentation and architectural separation of the IT and OT layers. Full article

The rollout of 5G Standalone networks introduces unprecedented flexibility and performance through service-based architecture (SBA), virtualization, open APIs, and network slicing, while simultaneously expanding the attack surface across control, user, and cross-plane interfaces. This article provides a systematic, vulnerability-prioritized, selective characterization of the current state of weaknesses specific to the 5G control and user planes and transparent risk scoring. Using a PRISMA-aligned methodology, vulnerabilities are mapped explicitly to 3GPP network functions and interfaces (e.g., AMF, SMF, UPF; N2, N4, SBA APIs) and categorized by operational evidence level ranging from theoretical analysis to documented live-network exploitation. A normalized criticality scoring model integrates likelihood, impact, exploitability, and CVSS-derived severity. The analysis shows that control-plane signaling floods, PFCP misuse, and container escapes stand out as the most pressing risks. It also exposes how little attention has been given to securing the user plane and strengthening slice isolation. The paper wraps up with clear, evidence-based hardening priorities for each plane, along with research areas that matter for today’s 5G networks and the shift toward 6G. Full article

Distributed Denial-of-Service (DDoS) attacks remain the most pervasive and operationally disruptive cyber threat and are routinely weaponized in interstate conflict (e.g., Russia–Ukraine and Stuxnet). Although attack-chain models are standard for Advanced Persistent Threat (APT) analysis, they have seldom been applied to DDoS, which is often framed as a single-step volumetric assault. However, ubiquitous intelligence and ambient connectivity increasingly enable DDoS campaigns to unfold as multi-stage operations rather than isolated floods. In parallel, large language models (LLMs) create new opportunities to strengthen traditional DDoS defenses through richer contextual understanding. Reviewing incidents from 2019 to 2024, we propose a three-phase DDoS attack chain—preparation, development, and execution—that captures contemporary tactics and their dependencies on novel hardware, network architectures, and application protocols. We classify these patterns, contrast them with conventional DDoS, survey current defenses (anycast and scrubbing, BGP Flowspec, programmable data planes, adaptive ML detection, API hardening), and outline research directions in cross-layer telemetry, adversarially robust learning, automated mitigation orchestration, and cooperative takedown. Full article

The rapid growth of Artificial Intelligence of Things (AIoT) environments in various sectors has introduced major security challenges, as these smart devices can be exploited by malicious users to form Botnets of Things (BoT). Limited computational resources and weak encryption mechanisms in such devices make them attractive targets for attacks like Distributed Denial of Service (DDoS), Man-in-the-Middle (MitM), and malware distribution. In this paper, we propose a novel multi-layered architecture to mitigate BoT threats in AIoT environments. The system leverages edge traffic inspection, sandboxing, and machine learning techniques to analyze, detect, and prevent suspicious behavior, while uses centralized monitoring and response automation to ensure rapid mitigation. Experimental results demonstrate the necessity and superiority over or parallel to existing models, providing an early detection of botnet activity, reduced false positives, improved forensic capabilities, and scalable protection for large-scale AIoT areas. Overall, this solution delivers a comprehensive, resilient, and proactive framework to protect AIoT assets from evolving cyber threats. Full article

In this paper, we investigate the use of Bent functions, particularly the Maiorana–McFarland (M–M) construction, as a nonlinear preprocessing method to enhance machine learning-based detection systems for Distributed Denial of Service (DDoS) and Cross-Site Scripting (XSS) attacks. Experimental results demonstrated consistent improvements in classification performance following the M–M Bent transformation. In labeled DDoS data, classification performance was maintained at 100% accuracy, with improved Kappa statistics and lower misclassification rates. In labeled XSS data, classification accuracy was reduced from 100% to 87.19% to reduce overfitting. The transformed classifier also mitigated overfitting by increasing feature diversity. In DDoS and XSS unlabeled data, accuracy improved from 99.85% to 99.92% in unsupervised learning cases for DDoS, and accuracy improved from 98.94% to 100% in unsupervised learning cases for XSS, with improved cluster separation also being noted. In summary, the results suggest that Bent functions significantly improve DDoS and XSS detection by enhancing the separation of benign and malicious traffic. All of these aspects, along with increased dataset quality, increase our confidence in resilience detection in a cyber detection pipeline. Full article

Although DNS has been continuously extended to improve usability and security, its centralized, server-based architecture leaves fundamental limitations unresolved, including single points of failure (SPOF), susceptibility to censorship, and exposure to DDoS. This study examines blockchain-based DNS (BDNS) as an alternative proposed to mitigate these structural issues. We first synthesize prior research and systems on BDNS, and then conduct a comparative analysis using practical deployability as the primary criterion. Specifically, we selected seven representative BDNS projects, including Namecoin, Handshake, and Ethereum Name Service (ENS), and evaluated them under a common set of criteria: (i) the record model, finality, and TTL semantics; (ii) friction along real resolution paths involving resolvers, browsers, and gateways; and (iii) interoperability with the legacy DNS, including DNSSEC and DNS over TLS(DoT)/DNS over HTTPS(DoH), together with migration scenarios. The analysis indicates that many systems rely on gateways and client-side extensions, limiting native resolution paths. It further finds that finality latency, dependence on off-chain indexing and availability, and the interplay of key management and tokenomics design increase operational complexity and raise barriers to adoption. Building on these findings, the paper derives operational requirements and proposes a coexistence-first, five-layer migration framework that incrementally integrates BDNS while retaining the legacy DNS. This provides an incremental path toward a more resilient, inclusive, and secure global naming infrastructure. Full article

Distributed Denial-of-Service (DDoS) attacks represent a pervasive and critical threat to autonomous vehicles, jeopardizing their operational functionality and passenger safety. The ease with which these attacks can be launched contrasts sharply with the difficulty of their detection and mitigation, necessitating advanced defensive solutions. This study proposes a novel deep-learning framework for accurate DDoS detection within automotive networks. We implement and compare multiple artificial neural network architectures, including Convolutional Neural Networks, Recurrent Neural Networks, and Deep Neural Networks, enhanced with an active learning component to maximize data efficiency. The most performant model is subsequently deployed within a federated learning paradigm to facilitate collaborative, privacy-preserving training across distributed clients. The study is evaluated against three primary DDoS attack vectors: volumetric, state-exhaustion, and amplification. Experimental results on the CIC-DDoS2019 benchmark dataset demonstrate the efficacy of our approach, achieving a 99.98% accuracy in attack classification. This indicates a promising solution for real-time DDoS detection in the safety-critical context of autonomous driving. Full article

In recent years, the convergence of advanced technologies has enabled real-time data access and sharing across diverse devices and networks, significantly amplifying cybersecurity risks. For organizations with digital infrastructures, network security is crucial for mitigating potential cyber-attacks. They establish security policies to protect systems and data, but employees may intentionally or unintentionally bypass these policies, rendering the network vulnerable to internal and external threats. Detecting these policy violations is challenging, requiring frequent manual system checks for compliance. This paper addresses key challenges in safeguarding digital assets against evolving threats, including rogue access points, man-in-the-middle attacks, denial-of-service (DoS) incidents, unpatched vulnerabilities, and AI-driven automated exploits. We propose a Blockchain-Enhanced Network Scanning and Monitoring (BENSAM) Framework, a multi-layered system that integrates advanced network scanning with a structured database for asset management, policy-driven vulnerability detection, and remediation planning. Key enhancements include device profiling, user activity monitoring, network forensics, intrusion detection capabilities, and multi-format report generation. By incorporating blockchain technology, and leveraging immutable ledgers and smart contracts, the framework ensures tamper-proof audit trails, decentralized verification of policy compliance, and automated real-time responses to violations such as alerts; actual device isolation is performed by external controllers like SDN or NAC systems. The research provides a detailed literature review on blockchain applications in domains like IoT, healthcare, and vehicular networks. A working prototype of the proposed BENSAM framework was developed that demonstrates end-to-end network scanning, device profiling, traffic monitoring, policy enforcement, and blockchain-based immutable logging. This implementation is publicly released and is available on GitHub. It analyzes common network vulnerabilities (e.g., open ports, remote access, and disabled firewalls), attacks (including spoofing, flooding, and DDoS), and outlines policy enforcement methods. Moreover, the framework anticipates emerging challenges from AI-driven attacks such as adversarial evasion, data poisoning, and transformer-based threats, positioning the system for the future integration of adaptive mechanisms to counter these advanced intrusions. This blockchain-enhanced approach streamlines security analysis, extends the framework for AI threat detection with improved accuracy, and reduces administrative overhead by integrating multiple security tools into a cohesive, trustworthy, reliable solution. Full article

The rapid proliferation of Internet of Things (IoT) devices has increased the attack surface for cyber threats. Traditional intrusion detection systems often struggle to keep pace with novel or evolving threats. This study proposes an end-to-end generative AI-based intrusion detection and response pipeline designed for automated threat mitigation in smart home IoT environments. It leverages a Variational Autoencoder (VAE) trained on benign traffic to flag anomalies, a fine-tuned Bidirectional Encoder Representations from Transformers (BERT) model to classify anomalies into five attack categories (C&C, DDoS, Okiru, PortScan, and benign), and Grok3—a large language model—to generate tailored countermeasure recommendations. Using the Aposemat IoT-23 dataset, the VAE model achieves a recall of 0.999 and a precision of 0.961 for anomaly detection. The BERT model achieves an overall accuracy of 99.90% with per-class F1 scores exceeding 0.99. End-to-end prototype simulation involving 10,000 network traffic samples demonstrate a 98% accuracy in identifying cyber attacks and generating countermeasures to mitigate them. The pipeline integrates generative models for improved detection and automated security policy formulation in IoT settings, enhancing detection and enabling quicker and actionable security responses to mitigate cyber threats targeting smart home environments. Full article

Cloud-native microservice architectures offer scalability and resilience but introduce complex interdependencies and new attack surfaces, making them vulnerable to resource-exhaustion Distributed Denial-of-Service (DDoS) attacks. These attacks propagate along service call chains, closely mimic legitimate traffic, and evade traditional detection and mitigation techniques, resulting in cascading bottlenecks and degraded Quality of Service (QoS). Existing Moving Target Defense (MTD) approaches lack adaptive, cost-aware policy guidance and are often ineffective against spatiotemporally adaptive adversaries. To address these challenges, this paper proposes ScaleShield, an adaptive MTD framework powered by Deep Reinforcement Learning (DRL) that learns coordinated, attack-aware defense policies for microservices. ScaleShield formulates defense as a Markov Decision Process (MDP) over multi-dimensional discrete actions, leveraging a Multi-Dimensional Double Deep Q-Network (MD3QN) to optimize service availability and minimize operational overhead. Experimental results demonstrate that ScaleShield achieves near 100% defense success rates and reduces compromised nodes to zero within approximately 5 steps, significantly outperforming state-of-the-art baselines. It lowers service latency by up to 72% under dynamic attacks while maintaining over 94% resource efficiency, providing robust and cost-effective protection against resource-exhaustion DDoS attacks in cloud-native environments. Full article

Software-defined Networking (SDN) has immense potential for network security due to its centralized control and programmability. However, this concentration provides an attractive attack vector for Distributed Denial-of-Service (DDoS), particularly in small and medium-sized enterprises (SMEs) with limited budget and network security resources. This study presents a systematic review of the articles reporting SDN-based DDoS detection and mitigation, focusing on SMEs. Querying eight major databases (2020–2025) resulted in 59 articles (14 reviews, 45 experimental). Two distinct models emerged: (i) lightweight and efficient models and (ii) high-accuracy hybrid deep learning models, with lower resource efficiency. These models were predominantly validated through simulations, raising concerns around their overfitting as SME traffic is heterogeneous and bursty. Mitigation of the attacks leveraged the programmability of SDN but has been rarely evaluated alongside detection models and almost never in live SDN-SME settings. This study’s findings highlighted a lightweight screening solution at the network edge, which is resource-aware and employs a minimal trigger interface to the controller for mitigation rule insertion. This conceptual design aligns well with the constraints of SMEs by minimising the computational load on the central controller while enabling an efficient and rapid response to network security. Full article

Distributed denial of service (DDoS) attacks pose a serious risk to the operational stability of a network for companies, often leading to service disruptions and financial damage and a loss of trust and credibility. The increasing sophistication and scale of these threats highlight the pressing need for advanced mitigation strategies. Despite the numerous existing studies on DDoS detection, many rely on large, redundant feature sets and lack validation for real-time applicability, leading to high computational complexity and limited generalization across diverse network conditions. This study addresses this gap by proposing a feature-optimized and computationally efficient ML framework for DDoS detection and mitigation using benchmark dataset. The proposed approach serves as a foundational step toward developing a low complexity model suitable for future real-time and hardware-based implementation. The dataset was systematically preprocessed to identify critical parameters, such as packet length Min, Total Backward Packets, Avg Fwd Segment Size, and others. Several ML algorithms, involving Logistic Regression, Decision Tree, Random Forest, Gradient Boosting, and Cat-Boost, are applied to develop models for detecting and mitigating abnormal network traffic. The developed ML model demonstrates high performance, achieving 99.78% accuracy with Decision Tree and 99.85% with Random Forest, representing improvements of 1.53% and 0.74% compared to previous work, respectively. In addition, the Decision Tree algorithm achieved 99.85% accuracy for mitigation. with an inference time as low as 0.004 s, proving its suitability for identifying DDoS attacks in real time. Overall, this research presents an effective approach for DDoS detection, emphasizing the integration of ML models into existing security systems to enhance real-time threat mitigation. Full article

Cloud infrastructure supports modern services across different sectors, such as business, education, lifestyle, government and so on. With the high demand for cloud computing, the security of network communication is also an important consideration. Distributed denial-of-service (DDoS) attacks pose a significant threat. Therefore, detection and mitigation are critically important for reliable operation of cloud-based systems. Intrusion detection systems (IDS) play a vital role in detecting and preventing attacks to avoid damage to reliability. This article presents DDoS detection using a convolutional neural network (CNN) and recurrent neural network (RNN) model enhancement with a multi-head attention mechanism for cloud infrastructure protection enhances the contextual relevance and accuracy of the DDoS detection. Preprocessing techniques were applied to optimize model performance, such as information gained to identify important features, normalization, and synthetic minority oversampling technique (SMOTE) to address class imbalance issues. The results were evaluated using confusion metrics. Based on the performance indicators, our proposed method achieves an accuracy of 97.78%, precision of 98.66%, recall of 94.53%, and F1-score of 96.49%. The hybrid model with multi-head attention achieved the best results among the other deep learning models. The model parameter size was moderately lightweight at 413,057 parameters with an inference time in a cloud environment of less than 6 milliseconds, making it suitable for application to cloud infrastructure. Full article

Software-defined networking (SDN) has reformed the traditional approach to managing and configuring networks by isolating the data plane from control plane. This isolation helps enable centralized control over network resources, enhanced programmability, and the ability to dynamically apply and enforce security and traffic policies. The shift in architecture offers numerous advantages such as increased flexibility, scalability, and improved network management but also introduces new and notable security challenges such as Distributed Denial-of-Service (DDoS) attacks. Such attacks focus on affecting the target with malicious traffic and even short-lived DDoS incidents can drastically impact the entire network’s stability, performance and availability. This comprehensive review paper provides a detailed investigation of SDN principles, the nature of DDoS threats in such environments and the strategies used to detect/mitigate these attacks. It provides novelty by offering an in-depth categorization of state-of-the-art detection techniques, utilizing machine learning, deep learning, and federated learning in domain-specific and general-purpose SDN scenarios. Each method is analyzed for its effectiveness. The paper further evaluates the strengths and weaknesses of these techniques, highlighting their applicability in different SDN contexts. In addition, the paper outlines the key performance metrics used in evaluating these detection mechanisms. Moreover, the novelty of the study is classifying the datasets commonly used for training and validating DDoS detection models into two major categories: legacy-compatible datasets that are adapted from traditional network environments, and SDN-contextual datasets that are specifically generated to reflect the characteristics of modern SDN systems. Finally, the paper suggests a few directions for future research. These include enhancing the robustness of detection models, integrating privacy-preserving techniques in collaborative learning, and developing more comprehensive and realistic SDN-specific datasets to improve the strength of SDN infrastructures against DDoS threats. Full article

Distributed denial-of-service (DDoS) attacks are a prevalent threat to resource-constrained IoT deployments. We present an edge-based detection and mitigation system integrated with the oneM2M architecture. By using a Raspberry Pi 4 client and five Raspberry Pi 3 attack nodes in a smart-home testbed, we collected 200,000 packets with 19 features across four traffic states (normal, SYN/UDP/ICMP floods), trained Decision Tree, 2D-CNN, and LSTM models, and deployed the best model on an edge computer for real-time inference. The edge node classifies traffic and triggers per-attack defenses on the device (SYN cookies, UDP/ICMP iptables rules). On a held-out test set, the 2D-CNN achieved 98.45% accuracy, outperforming the LSTM (96.14%) and Decision Tree (93.77%). In end-to-end trials, the system sustained service during SYN floods (time to capture 200 packets increased from 5.05 s to 5.51 s after enabling SYN cookies), mitigated ICMP floods via rate limiting, and flagged UDP floods for administrator intervention due to residual performance degradation. These results show that lightweight, edge-deployed learning with targeted controls can harden oneM2M-based IoT systems against common DDoS vectors. Full article