Search Results (9)

With the development of IoT technology, central cloud servers and edge-computing servers together form a cloud–edge communication network to meet the increasing demand for computing tasks. The data transmitted in this network is of high value, so the ability to quickly and accurately predict the traffic load of each link becomes critical to ensuring the security and stable operation of the network. In order to effectively counter the potential threat of flood attacks on network stability, we combine the Bi-directional Gated Recurrent Unit (BiGRU) model with the Dung Beetle Optimizer (DBO) algorithm to design a DBO-BiGRU short-term traffic load prediction model. Experimental validation on a public dataset shows that the proposed model has better prediction accuracy and fit than the mainstream models of RNN, LSTM, and TCN. Full article

As IoT technology advances, the smart grid (SG) has become crucial to industrial infrastructure. However, SG faces security challenges, particularly from distributed denial of service (DDoS) attacks, due to inadequate security mechanisms for IoT devices. Moreover, the extensive deployment of SG exposes communication links to attacks, potentially disrupting communications and power supply. Link flooding attacks (LFAs) targeting congested backbone links have increasingly become a focal point of DDoS attacks. To address LFAs, we propose integrating unmanned aerial vehicles (UAVs) into the Smart Grid (SG) to offer a three-dimensional defense perspective. This strategy includes enhancing the speed and accuracy of attack path tracking as well as alleviating communication congestion. Therefore, our new DDoS tracking scheme leverages UAV mobility and employs beam search with adaptive beam width to reconstruct attack paths and pinpoint attack sources. This scheme features a threshold iterative update mechanism that refines the threshold each round based on prior results, improving attack path reconstruction accuracy. An adaptive beam width method evaluates the number of abnormal nodes based on the current threshold, enabling precise tracking of multiple attack paths and enhancing scheme automation. Additionally, our path-checking and merging method optimizes path reconstruction by merging overlapping paths and excluding previously searched nodes, thus avoiding redundant searches and infinite loops. Simulation results on the Keysight Ixia platform demonstrate a 98.89% attack path coverage with a minimal error tracking rate of 2.05%. Furthermore, simulations on the NS-3 platform show that drone integration not only bolsters security but also significantly enhances network performance, with communication effectiveness improving by 88.05% and recovering to 82.70% of normal levels under attack conditions. Full article

Path hopping serves as an active defense mechanism in network security, yet it encounters challenges like a restricted path switching space, the recurrent use of similar paths and vital nodes, a singular triggering mechanism for path switching, and fixed hopping intervals. This paper introduces an active defense method employing multiple constraints and strategies for path hopping. A depth-first search (DFS) traversal is utilized to compute all possible paths between nodes, thereby broadening the path switching space while simplifying path generation complexity. Subsequently, constraints are imposed on residual bandwidth, selection periods, path similitude, and critical nodes to reduce the likelihood of reusing similar paths and crucial nodes. Moreover, two path switching strategies are formulated based on the weights of residual bandwidth and critical nodes, along with the calculation of path switching periods. This facilitates adaptive switching of path hopping paths and intervals, contingent on the network’s residual bandwidth threshold, in response to diverse attack scenarios. Simulation outcomes illustrate that this method, while maintaining normal communication performance, expands the path switching space effectively, safeguards against eavesdropping and link-flooding attacks, enhances path switching diversity and unpredictability, and fortifies the network’s resilience against malicious attacks. Full article

The Internet of Things (IoT) has become very popular during the last decade by providing new solutions to modern industry and to entire societies. At the same time, the rise of the industrial Internet of Things (IIoT) has provided various benefits by linking infrastructure around the world via sensors, machine learning, and data analytics. However, the security of IoT devices has been proven to be a major concern. Almost a decade ago, the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) was designed to handle routing in IoT and IIoT. Since then, numerous types of attacks on RPL have been published. In this paper, a novel intrusion detection system (IDS) is designed and implemented for RPL-based IoT. The objective is to perform an accurate and efficient detection of various types of routing and denial-of-service (DoS) attacks such as version number attack, blackhole attack, and grayhole attack, and different variations of flooding attacks such as Hello flood attack, DIS attack, and DAO insider attack. To achieve this, different detection strategies are combined, taking advantage of the strengths of each individual strategy. In addition, the proposed IDS is experimentally evaluated by performing a deep analysis of the aforementioned attacks in order to study the impact caused. This evaluation also estimates the accuracy and effectiveness of the IDS performance when confronted with the considered attacks. The obtained results show high detection accuracy. Furthermore, the overhead introduced in terms of CPU usage and power consumption is negligible. In particular, the CPU usage overhead is less than 2% in all cases, whereas the average power consumption increase is no more than 0.5%, which can be considered an insignificant impact on the overall resource utilisation. Full article

Software-defined networking (SDN) is a new networking paradigm that provides centralized control, programmability, and a global view of topology in the controller. SDN is becoming more popular due to its high audibility, which also raises security and privacy concerns. SDN must be outfitted with the best security scheme to counter the evolving security attacks. A Distributed Denial-of-Service (DDoS) attack is a network attack that floods network links with illegitimate data using high-rate packet transmission. Illegitimate data traffic can overload network links, causing legitimate data to be dropped and network services to be unavailable. Low-rate Distributed Denial-of-Service (LDDoS) is a recent evolution of DDoS attack that has been emerged as one of the most serious vulnerabilities for the Internet, cloud computing platforms, the Internet of Things (IoT), and large data centers. Moreover, LDDoS attacks are more challenging to detect because this attack sends a large amount of illegitimate data that are disguised as legitimate traffic. Thus, traditional security mechanisms such as symmetric/asymmetric detection schemes that have been proposed to protect SDN from DDoS attacks may not be suitable or inefficient for detecting LDDoS attacks. Therefore, more research studies are needed in this domain. There are several survey papers addressing the detection mechanisms of DDoS attacks in SDN, but these studies have focused mainly on high-rate DDoS attacks. Alternatively, in this paper, we present an extensive survey of different detection mechanisms proposed to protect the SDN from LDDoS attacks using machine learning approaches. Our survey describes vulnerability issues in all layers of the SDN architecture that LDDoS attacks can exploit. Current challenges and future directions are also discussed. The survey can be used by researchers to explore and develop innovative and efficient techniques to enhance SDN’s protection against LDDoS attacks. Full article

Emergency situations such as wildfires, water floods, or even terrorist attacks require continuous communication between the coordination centres, the several on-the-field teams, and their respective devices to properly address the adverse circumstances. From a technological point of view, this can be best seen as a live Ubiquitous Sensor Network—composed of human beings (e.g., first responders, victims) and devices (e.g., drones, environmental sensors, radios)—with stringent and special communication requirements in terms of flexibility, mobility, reliability, bandwidth, heterogeneity, and speed of deployment. However, for this specific use case, most of the already deployed and well-known communication technologies (e.g., satellite, 4G/5G) might become unusable and hard to repair due to the associated effects of the disaster itself. The purpose of this paper is (1) to review the emergency communications challenges, (2) to analyse the existing surveys on technologies for emergency situations, (3) to conduct a more updated, extensive, and systematic review of the emergency communications’ technologies, and (4) to propose a heterogeneous communication architecture able to communicate between moving agents in harsh conditions. The proposed approach is conceived to link the relocating agents that constitute a Ubiquitous Sensor Network spanning a large-scale area (i.e., hundreds of square kilometres) by combining Near Vertical Incidence Skywave technologies with Drone-Based Wireless Mesh Networks. The conclusions derived from this research aim to set up the fundamentals of a rapidly deployable Emergency Communications System inspired by the Ubiquitous Sensor Network paradigm. Full article

The DDoS attack is one of the most notorious attacks, and the severe impact of the DDoS attack on GitHub in 2018 raises the importance of designing effective defense methods for detecting this type of attack. Unlike the traditional network architecture that takes too long to cope with DDoS attacks, we focus on link-flooding attacks that do not directly attack the target. An effective defense mechanism is crucial since as long as a link-flooding attack is undetected, it will cause problems over the Internet. With the flexibility of software-defined networking, we design a novel framework and implement our ideas with a deep learning approach to improve the performance of the previous work. Through rerouting techniques and monitoring network traffic, our system can detect a malicious attack from the adversary. A CNN architecture is combined to assist in finding an appropriate rerouting path that can shorten the reaction time for detecting DDoS attacks. Therefore, the proposed method can efficiently distinguish the difference between benign traffic and malicious traffic and prevent attackers from carrying out link-flooding attacks through bots. Full article

(1) Background: Link flooding attacks (LFA) are a spatiotemporal attack pattern of distributed denial-of-service (DDoS) that arranges bots to send low-speed traffic to backbone links and paralyze servers in the target area. (2) Problem: The traditional methods to defend against LFA are heuristic and cannot reflect the changing characteristics of LFA over time; the AI-based methods only detect the presence of LFA without considering the spatiotemporal series attack pattern and defense suggestion. (3) Methods: This study designs a deep ensemble learning model (Stacking-based integrated Convolutional neural network–Long short term memory model, SCL) to defend against LFA: (a) combining continuous network status as an input to represent “continuous/combination attacking action” and to help CNN operation to extract features of spatiotemporal attack pattern; (b) applying LSTM to periodically review the current evolved LFA patterns and drop the obsolete ones to ensure decision accuracy and confidence; (c) stacking System Detector and LFA Mitigator module instead of only one module to couple with LFA detection and mediation at the same time. (4) Results: The simulation results show that the accuracy rate of SCL successfully blocking LFA is 92.95%, which is 60.81% higher than the traditional method. (5) Outcomes: This study demonstrates the potential and suggested development trait of deep ensemble learning on network security. Full article

For many sensor network applications such as military or homeland security, it is essential for users (sinks) to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODEplus. It is a significant extension of our previous study in five aspects: (1) Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2) The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3) The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4) Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5) No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODEplus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully. Full article