Journal articles on the topic 'Attacks detection'
To see the other types of publications on this topic, follow the link: Attacks detection.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Attacks detection.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
BALIGA, SANDEEP, ETHAN BUENO DE MESQUITA, and ALEXANDER WOLITZKY. "Deterrence with Imperfect Attribution." American Political Science Review 114, no. 4 (August 3, 2020): 1155–78. http://dx.doi.org/10.1017/s0003055420000362.
Abstract:
Motivated by recent developments in cyberwarfare, we study deterrence in a world where attacks cannot be perfectly attributed to attackers. In the model, each of $$ n $$ attackers may attack the defender. The defender observes a noisy signal that probabilistically attributes the attack. The defender may retaliate against one or more attackers and wants to retaliate against the guilty attacker only. We note an endogenous strategic complementarity among the attackers: if one attacker becomes more aggressive, that attacker becomes more “suspect” and the other attackers become less suspect, which leads the other attackers to become more aggressive as well. Despite this complementarity, there is a unique equilibrium. We identify types of improvements in attribution that strengthen deterrence—namely, improving attack detection independently of any effect on the identifiability of the attacker, reducing false alarms, or replacing misidentification with non-detection. However, we show that other improvements in attribution can backfire, weakening deterrence—these include detecting more attacks where the attacker is difficult to identify or pursuing too much certainty in attribution. Deterrence is improved if the defender can commit to a retaliatory strategy in advance, but the defender should not always commit to retaliate more after every signal.
2
Kareem, Mohammed Ibrahim, Mohammad Jawad Kadhim Abood, and Karrar Ibrahim. "Machine learning-based PortScan attacks detection using OneR classifier." Bulletin of Electrical Engineering and Informatics 12, no. 6 (December 1, 2023): 3690–96. http://dx.doi.org/10.11591/eei.v12i6.4142.
Abstract:
PortScan attacks are a common security threat in computer networks, where an attacker systematically scans a range of network ports on a target system to identify potential vulnerabilities. Detecting such attacks in a timely and accurate manner is crucial to ensure network security. Attackers can determine whether a port is open by sending a detective message to it, which helps them find potential vulnerabilities. However, the best methods for spotting and identifying port scanner attacks are those that use machine learning. One of the most dangerous online threats is PortScan attack, according to experts. The research is work on detection while improving detection accuracy. Dataset containing tags from network traffic is used to train machine learning techniques for classification. The JRip algorithm is trained and tested using the CICIDS2017 dataset. As a consequence, the best performance results for JRip-based detection schemes were 99.84%, 99.80%, 99.80%, and 0.09 ms for accuracy, precision, recall, F-score, and detection overhead, respectively. Finally, the comparison with current models demonstrated our model's proficiency and advantage with increased attack discovery speed.
3
O, Belej, Spas N, Artyshchuk I, and Fedastsou M. "Construction of a multi-agent attack detection system based on artificial intelligence models." Artificial Intelligence 26, jai2021.26(1) (June 30, 2021): 22–30. http://dx.doi.org/10.15407/jai2021.01.022.
Abstract:
Statistics of recent years on attacking actions on information systems show both the growth of known attackers and the growth of new models and directions of attacks. In this regard, the task of collecting information about events occurring in the information system and related to the main objects of the information system, and conducting their effective analysis is relevant. The main requirements for the tools of analysis are: speed and ability to adapt to new circumstances - adaptability. Means that meet these requirements are artificial intelligence systems. In particular, there are a number of research that use neural networks as a means of analysis. There are different types of neural networks, which differ depending on the tasks to be solved and are more suitable for different input data. The proposed multi-agent attack detection system collects and analyzes the collected information about the events of the information system using two types of neural networks. A multilayer perceptron is used to analyze various logs of information system objects. The Jordan network is used to analyze directly collected information about the events of information system objects. The use of a multi-agent attack detection system can increase the security of the information system. Features of modern attacks are considered. The urgency of the task of detecting attacks is substantiated. The peculiarities of the attack process were considered. The actions of attackers of different types at different stages of the attack are analyzed. It was shown which methods of detecting attacks should be used at different stages of the attack by an attacker. A model of a multi-agent attack detection system is proposed. An interpretation of the results of the analysis of information system events by the method of detecting attacks was proposed, as well as an algorithm for joint decision-making by agents based on several sources of information about their status. A model of an attack detection system that takes into account these features is proposed. This attack detection system collects information at several levels of the information system and uses it to analyze the artificial intelligence system
4
Sambangi, Swathi, and Lakshmeeswari Gondi. "A Machine Learning Approach for DDoS (Distributed Denial of Service) Attack Detection Using Multiple Linear Regression." Proceedings 63, no. 1 (December 25, 2020): 51. http://dx.doi.org/10.3390/proceedings2020063051.
Abstract:
The problem of identifying Distributed Denial of Service (DDos) attacks is fundamentally a classification problem in machine learning. In relevance to Cloud Computing, the task of identification of DDoS attacks is a significantly challenging problem because of computational complexity that has to be addressed. Fundamentally, a Denial of Service (DoS) attack is an intentional attack attempted by attackers from single source which has an implicit intention of making an application unavailable to the target stakeholder. For this to be achieved, attackers usually stagger the network bandwidth, halting system resources, thus causing denial of access for legitimate users. Contrary to DoS attacks, in DDoS attacks, the attacker makes use of multiple sources to initiate an attack. DDoS attacks are most common at network, transportation, presentation and application layers of a seven-layer OSI model. In this paper, the research objective is to study the problem of DDoS attack detection in a Cloud environment by considering the most popular CICIDS 2017 benchmark dataset and applying multiple regression analysis for building a machine learning model to predict DDoS and Bot attacks through considering a Friday afternoon traffic logfile.
5
Xuan, Cho Do, Duc Duong, and Hoang Xuan Dau. "A multi-layer approach for advanced persistent threat detection using machine learning based on network traffic." Journal of Intelligent & Fuzzy Systems 40, no. 6 (June 21, 2021): 11311–29. http://dx.doi.org/10.3233/jifs-202465.
Abstract:
Advanced Persistent Threat (APT) is a dangerous network attack method that is widely used by attackers nowadays. During the APT attack process, attackers often use advanced techniques and tools, thus, causing many difficulties for information security systems. In fact, to detect the APT attacks, intrusion detection systems cannot rely on one technique or method but often combine multiple techniques and methods. In addition, the approach for APT attack detection using behavior analysis and evaluation techniques is facing many difficulties due to the lack of characteristic data of attack campaigns. For the above reasons, in this paper, we propose a method for APT attack detection based on a multi-layer analysis. The multi-layer analysis technique in our proposal computes and analyzes various events in Network Traffic to detect and synthesize abnormal signs and behaviors in order to make conclusions about the existence of APT in the system. Specifically, in our proposal, we will use serial 3 main layers for the APT attack detection process including i) Detecting APT attacks based on analyzing abnormal connection; ii) Detecting APT attacks based on analyzing and evaluating Suricata log; iii) Detecting APT attacks based on analyzing behavior profiles that are compiled from layers (i) and (ii). To achieve these goals, the multi-layer analysis technique for APT attack detection will perform 2 main tasks: i) Analyzing and evaluating components of Network Traffic based on abnormal signs and behaviors. ii) building and classifying behavior profile based on each component of network traffic. In the experimental section, we will compare and evaluate the effectiveness of the APT attack detection process of each layer in the multi-layer analysis model using machine learning. Experimental results have shown that the APT attack detection method based on analyzing behavior profile has yielded better results than individual detection methods on all metrics. The research results shown in the paper not only demonstrate the effectiveness of the multilayer analysis model for APT attack detection but also provide a novel approach for detecting several other cyber-attack techniques.
6
Haseeb-ur-rehman, Rana M. Abdul, Azana Hafizah Mohd Aman, Mohammad Kamrul Hasan, Khairul Akram Zainol Ariffin, Abdallah Namoun, Ali Tufail, and Ki-Hyung Kim. "High-Speed Network DDoS Attack Detection: A Survey." Sensors 23, no. 15 (August 1, 2023): 6850. http://dx.doi.org/10.3390/s23156850.
Abstract:
Having a large number of device connections provides attackers with multiple ways to attack a network. This situation can lead to distributed denial-of-service (DDoS) attacks, which can cause fiscal harm and corrupt data. Thus, irregularity detection in traffic data is crucial in detecting malicious behavior in a network, which is essential for network security and the integrity of modern Cyber–Physical Systems (CPS). Nevertheless, studies have shown that current techniques are ineffective at detecting DDoS attacks on networks, especially in the case of high-speed networks (HSN), as detecting attacks on the latter is very complex due to their fast packet processing. This review aims to study and compare different approaches to detecting DDoS attacks, using machine learning (ML) techniques such as k-means, K-Nearest Neighbors (KNN), and Naive Bayes (NB) used in intrusion detection systems (IDSs) and flow-based IDSs, and expresses data paths for packet filtering for HSN performance. This review highlights the high-speed network accuracy evaluation factors, provides a detailed DDoS attack taxonomy, and classifies detection techniques. Moreover, the existing literature is inspected through a qualitative analysis, with respect to the factors extracted from the presented taxonomy of irregular traffic pattern detection. Different research directions are suggested to support researchers in identifying and designing the optimal solution by highlighting the issues and challenges of DDoS attacks on high-speed networks.
7
Zhou, Qing Lei, Yan Ke Zhao, and Wei Jun Zhu. "Intrusion Detection for Universal Attack Mode Based on Projection Temporal Logic." Applied Mechanics and Materials 556-562 (May 2014): 2821–24. http://dx.doi.org/10.4028/www.scientific.net/amm.556-562.2821.
Abstract:
Compared with the intrusion detection based on pattern matching, the method which is based on model checking can detect the complex attacks. But all of the existing algorithms are used to detect some specific types of attacks. So, we firstly use the projection temporal logic (PTL) formulae to set up formal sub-models respectively for the five kinds of attackers, the four kinds of attack processes and the eight kinds of attack effects. According to their universal relationship and the semantic relation of variety of PTL logic operators, we obtain the above sub-models together, thus, the universal model described by PTL formula for universal attack is formed. On this base, we implement an intrusion detection method based on projection temporal logic for detecting all types of attacks. Compared with the existing methods, the detecting ability of the new method is more comprehensive.
8
Sravanthi, P. "Machine Learning Methods for Attack Detection in Smart Grid." International Journal for Research in Applied Science and Engineering Technology 12, no. 3 (March 31, 2024): 2257–61. http://dx.doi.org/10.22214/ijraset.2024.59222.
Abstract:
Abstract: In the realm of smart grids attack detection, statistical learning poses challenges across various attack scenarios, whether measurements are obtained either online or in batch mode. This approach categorizes measurements into two groups: secure and attacked, leveraging machine learning algorithms. The suggested method offers a framework for detecting attacks, aiming to address limitations arising from the sparse nature of the problem and leveraging any available past system knowledge. Through decision- and feature-level fusion, established batch and online learning methods are employed to tackle the attack detection challenge. To uncover unobservable attacks using statistical learning techniques, the relationships between the geometric and statistical characteristics of the attack vectors within the attack scenarios and the learning algorithms are scrutinized
9
Gupta, Punit, and Pallavi Kaliyar. "History Aware Anomaly Based IDS for Cloud IaaS." INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY 10, no. 6 (August 30, 2013): 1779–84. http://dx.doi.org/10.24297/ijct.v10i6.3205.
Abstract:
Cloud Computing provides different types of services such as SaaS, PaaS, IaaS. Each of them have their own security challenges, but IaaS undertakes all types of challenges viz., network attack ,behaviour based attack, request based attacks i.e handling the requests from untrusted users, XSS (cross site scripting attack), DDOS and many more. These attacks are independent of each other and consequently the QoS provided by cloud is compromised. This paper proposes a History aware Behaviour based IDS (Intrusion Detection System) BIDS. BIDS provides detection of untrusted users, false requests that may lead to spoofing, XSS or DOS attack and many more such attacks. In addition, certain cases where user login or password is compromised. History aware BIDs can be helpful in detecting such attacks and maintaining the QoS provided to the user in cloud IaaS ( Infrastructure as a service).
10
Qiao, Peng Zhe, Yi Ran Wang, and Yan Ke Zhao. "Intrusion Detection for Universal Attack Mode Based on Linear Temporal Logic with Past Construct." Applied Mechanics and Materials 680 (October 2014): 433–36. http://dx.doi.org/10.4028/www.scientific.net/amm.680.433.
Abstract:
Compared with the intrusion detection based on pattern matching, the method which is based on model checking can detect the complex attacks. But all of the existing algorithms are only used to detect some specific types of attacks. To solve this problem, we firstly use the Linear Temporal Logic with Past Construct (LTLPC) formulae to set up formal sub-models for the five kinds of attackers, the four kinds of attack processes and the eight kinds of attack effects. According to their universal relationship and the semantic relation of variety of LTLPC operators, we obtain the above sub-models together, thus, the universal models described by LTLPC formulae for universal attacks are formed. On this base, we implement an intrusion detection method based on LTLPC for detecting all types of attacks. Compared with the existing methods, the detecting ability of the new method is more comprehensive.
11
Li, Yong Liang, Wei Jun Zhu, and Qing Lei Zhou. "Intrusion Detection for Universal Attack Mode Based on Interval Temporal Logic with Past Construct." Advanced Materials Research 1006-1007 (August 2014): 1047–50. http://dx.doi.org/10.4028/www.scientific.net/amr.1006-1007.1047.
Abstract:
Compared with the intrusion detection based on pattern matching, the method which is based on model checking can detect the complex attacks. But all of the existing algorithms are used to detect some specific types of attacks. So, we firstly use the Interval Temporal Logic with Past Construct (ITLPC) formulae to set up formal sub-models respectively for the five kinds of attackers, the four kinds of attack processes and the eight kinds of attack effects. According to their universal relationship and the semantic relation of variety of ITLPC logic operators, we obtain the above sub-models together, thus, the universal models described by ITLPC formulae for universal attacks are formed. On this base, we implement an intrusion detection method based on ITLPC for detecting all types of attacks. Compared with the existing methods, the detecting ability of the new method is more comprehensive.
12
Sachdev, Rithik, Shreya Mishra, and Shekhar Sharma. "Comparison of Supervised Learning Algorithms for DDOS Attack Detection." International Journal for Research in Applied Science and Engineering Technology 10, no. 8 (August 31, 2022): 1766–72. http://dx.doi.org/10.22214/ijraset.2022.46506.
Abstract:
Abstract: In today’s world, when ubiquitous computing has become quite prevalent, there has been an upsurge in the number of users on the internet. The Distributed Denial of Service attack is the most widespread attack that disrupts the functioning of websites, servers, and services. In such attacks, the resources are exhausted by overwhelming requests from multiple attackers and thus become unavailable to users. Hence, it is essential to detect these attacks and prevent network security breaches. This work presents a supervised learning-based DDoS detection comparison developed using the CIC-IDS 2017 dataset [7]. Various models have been compared on different performance metrics to analyze efficiency in detecting DDoS attacks.
13
Zaini, Nur Sholihah, Deris Stiawan, Mohd Faizal Ab Razak, Ahmad Firdaus, Wan Isni Sofiah Wan Din, Shahreen Kasim, and Tole Sutikno. "Phishing detection system using nachine learning classifiers." Indonesian Journal of Electrical Engineering and Computer Science 17, no. 3 (March 1, 2020): 1165. http://dx.doi.org/10.11591/ijeecs.v17.i3.pp1165-1171.
Abstract:
<span>The increasing development of the Internet, more and more applications are put into websites can be directly accessed through the network. This development has attracted an attacker with phishing websites to compromise computer systems. Several solutions have been proposed to detect a phishing attack. However, there still room for improvement to tackle this phishing threat. This paper aims to investigate and evaluate the effectiveness of machine learning approach in the classification of phishing attack. This paper applied a heuristic approach with machine learning classifier to identify phishing attacks noted in the web site applications. The study compares with five classifiers to find the best machine learning classifiers in detecting phishing attacks. In identifying the phishing attacks, it demonstrates that random forest is able to achieve high detection accuracy with true positive rate value of 94.79% using website features. The results indicate that random forest is effective classifiers for detecting phishing attacks.</span>
14
Deng, Wenping, Ziyu Yang, Peng Xun, Peidong Zhu, and Baosheng Wang. "Advanced Bad Data Injection Attack and Its Migration in Cyber-Physical Systems." Electronics 8, no. 9 (August 26, 2019): 941. http://dx.doi.org/10.3390/electronics8090941.
Abstract:
False data injection (FDI) attack is a hot topic in cyber-physical systems (CPSs). Attackers inject bad data into sensors or return false data to the controller to cause the inaccurate state estimation. Although there exists many detection approaches, such as bad data detector (BDD), sequence pattern mining, and machine learning methods, a smart attacker still can inject perfectly false data to go undetected. In this paper, we focus on the advanced false data injection (AFDI) attack and its detection method. An AFDI attack refers to the attack where a malicious entity accurately and successively changes sensory data, making the normal system state continuously evaluated as other legal system states, causing wrong outflow of controllers. The attack can lead to an automatic and long-term system failure/performance degradation. We first depict the AFDI attack model and analyze limitations of existing detectors for detecting AFDI. Second, we develop an approach based on machine learning, which utilizes the k-Nearest Neighbor (KNN) technique and heterogeneous data including sensory data and system commands to implement a classifier for detecting AFDI attacks. Finally, simulation experiments are given to demonstrate AFDI attack impact and the effectiveness of the proposed method for detecting AFDI attacks.
15
Shang, Fute, Buhong Wang, Fuhu Yan, and Tengyao Li. "Multidevice False Data Injection Attack Models of ADS-B Multilateration Systems." Security and Communication Networks 2019 (March 3, 2019): 1–11. http://dx.doi.org/10.1155/2019/8936784.
Abstract:
Location verification is a promising approach among various ADS-B security mechanisms, which can monitor announced positions in ADS-B messages with estimated positions. Based on common assumption that the attacker is equipped with only a single device, this mechanism can estimate the position state through analysis of time measurements of messages using multilateration algorithm. In this paper, we propose the formal model of multidevice false data injection attacks in the ATC system against the location verification. Assuming that attackers equipped with multiple devices can manipulate the ADS-B messages in distributed receivers without any mutual interference, such attacker can efficiently construct attack vectors to change the results of multilateration. The feasibility of a multidevice false data injection attack is demonstrated experimentally. Compared with previous multidevice attacks, the multidevice false data injection attacks can offer lower cost and more covert attacks. The simulation results show that the proposed attack can reduce the attackers’ cost by half and achieve better time synchronization to bypass the existing anomaly detection. Finally, we discuss the real-world constraints that limit their effectiveness and the countermeasures of these attacks.
16
Jaiganesh, M., G. ShivajiRao, P. Dhivya, M. Udhayamoorthi, and A. Vincent Antony Kumar. "Intrusion Optimal Path Attack detection using ACO for Cloud Computing." E3S Web of Conferences 472 (2024): 02009. http://dx.doi.org/10.1051/e3sconf/202447202009.
Abstract:
As the cloud infrastructure is simultaneously shared by millions of consumers, heinous use of cloud resources are also increasing. It makes ways to attackers to set up attacks by exploiting the vulnerabilities. And obviously, these attacks are leading to severe disasters as innocent consumers are unknowingly sharing cloud resources with harmful attackers. To prevent the occurrence of cloud attacks, attack graph based framework is proposed in this paper. Here, an attack path sketches an attack scenario by a streak of threats ranging in severity rating that shows how popular a particular cloud network service is in comparison. In a dynamic cloud environment, the proposed framework can disclose an optimal attack path thereby preventing cloud attacks. In cloud system the infrastructure is shared by potentially millions of users, which benefits the attackers to exploit vulnerabilities of the cloud. An instrument for analyzing multi-stage, multi-host assault scenarios in networks is the attack graph. It might not be possible for the administrator to patch every vulnerability n a large number of assault paths in an attack graph. The administrator might not be able to fix every vulnerability. To identify the most preferred or ideal assault path from a particular attack graph in a setting Ant Colony Optimization (ACO) algorithm is used.
17
Kumavat, Kavita S., and Joanne Gomes. "Common Mechanism for Detecting Multiple DDoS Attacks." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 4 (May 4, 2023): 81–90. http://dx.doi.org/10.17762/ijritcc.v11i4.6390.
Abstract:
An important principle of an internet-based system is information security. Information security is a very important aspect of distributed systems and IoT (Internet of Things) based wireless systems. The attack which is more harmful to the distributed system and IoT-based wireless system is a DDoS (Distributed Denial of Service) attack since in this attack, an attacker can stop the work of all other connected devices or users to the network. For securing distributed applications, various intrusion detection mechanisms are used. But most existing mechanisms are only concentrated on one kind of DDoS attack. This paper focuses on the basic architecture of IoT systems and an overview of single intrusion detection systems. This paper presents a single detection method for different DDoS attacks on distributed systems with an IoT interface. In the future, the system will provide support for detecting and preventing different DDoS attacks in IoT-based systems.
18
Li, Feng, and Hai Ying Wang. "Design on DDoS Attack Detection and Prevention Systems." Applied Mechanics and Materials 530-531 (February 2014): 798–801. http://dx.doi.org/10.4028/www.scientific.net/amm.530-531.798.
Abstract:
For DDoS attacks, it must be sniffing this step, the attacker to be able to successfully launch the final realization of the invasion and attack, we must find a suitable host computer and can be used as hosts puppet machine. In this thesis, a DDoS attack detection technologies, and further proposed based DDoS attack defense system design, the results show that our design can effectively prevent DDoS network attacks.
19
Farane Shradha, Gotane Rutuja, Chandanshive Sakshi, Agrawal Khushi, and Khandekar Srushti. "Detection of cyber-attacks and network attacks using Machine Learning." World Journal of Advanced Engineering Technology and Sciences 12, no. 1 (May 30, 2024): 128–32. http://dx.doi.org/10.30574/wjaets.2024.12.1.0184.
Abstract:
The Internet and computer networks have become an important part of organizations and everyday life. New threats and challenges have emerged to wireless communication systems especially in cyber security and network attacks. The network traffic must be monitored and analysed to detect malicious activities and attacks. Recently, machine learning techniques have been applied toward the detection of network attacks. In cyber security, machine learning approaches have been utilized to handle important concerns such as intrusion detection, malware classification and detection, spam detection, and phishing detection. As a result, effective adaptive methods, such as machine learning techniques, can yield higher detection rates, lower false alarm rates and cheaper computing and transmission costs. Our key goal is detection of cyber security and network attacks such as IDS, phishing and XSS, SQL injection, respectively. The proposed strategy in this study is to employ the structure of deep neural networks for the detection phase, which should tell the system of the attack's existence in the early stages of the attack.
20
Miller, David, Yujia Wang, and George Kesidis. "When Not to Classify: Anomaly Detection of Attacks (ADA) on DNN Classifiers at Test Time." Neural Computation 31, no. 8 (August 2019): 1624–70. http://dx.doi.org/10.1162/neco_a_01209.
Abstract:
A significant threat to the recent, wide deployment of machine learning–based systems, including deep neural networks (DNNs), is adversarial learning attacks. The main focus here is on evasion attacks against DNN-based classifiers at test time. While much work has focused on devising attacks that make small perturbations to a test pattern (e.g., an image) that induce a change in the classifier's decision, until recently there has been a relative paucity of work defending against such attacks. Some works robustify the classifier to make correct decisions on perturbed patterns. This is an important objective for some applications and for natural adversary scenarios. However, we analyze the possible digital evasion attack mechanisms and show that in some important cases, when the pattern (image) has been attacked, correctly classifying it has no utility---when the image to be attacked is (even arbitrarily) selected from the attacker's cache and when the sole recipient of the classifier's decision is the attacker. Moreover, in some application domains and scenarios, it is highly actionable to detect the attack irrespective of correctly classifying in the face of it (with classification still performed if no attack is detected). We hypothesize that adversarial perturbations are machine detectable even if they are small. We propose a purely unsupervised anomaly detector (AD) that, unlike previous works, (1) models the joint density of a deep layer using highly suitable null hypothesis density models (matched in particular to the nonnegative support for rectified linear unit (ReLU) layers); (2) exploits multiple DNN layers; and (3) leverages a source and destination class concept, source class uncertainty, the class confusion matrix, and DNN weight information in constructing a novel decision statistic grounded in the Kullback-Leibler divergence. Tested on MNIST and CIFAR image databases under three prominent attack strategies, our approach outperforms previous detection methods, achieving strong receiver operating characteristic area under the curve detection accuracy on two attacks and better accuracy than recently reported for a variety of methods on the strongest (CW) attack. We also evaluate a fully white box attack on our system and demonstrate that our method can be leveraged to strong effect in detecting reverse engineering attacks. Finally, we evaluate other important performance measures such as classification accuracy versus true detection rate and multiple measures versus attack strength.
21
Hsieh, Chih-Hsiang, Wei-Kuan Wang, Cheng-Xun Wang, Shi-Chun Tsai, and Yi-Bing Lin. "Efficient Detection of Link-Flooding Attacks with Deep Learning." Sustainability 13, no. 22 (November 12, 2021): 12514. http://dx.doi.org/10.3390/su132212514.
Abstract:
The DDoS attack is one of the most notorious attacks, and the severe impact of the DDoS attack on GitHub in 2018 raises the importance of designing effective defense methods for detecting this type of attack. Unlike the traditional network architecture that takes too long to cope with DDoS attacks, we focus on link-flooding attacks that do not directly attack the target. An effective defense mechanism is crucial since as long as a link-flooding attack is undetected, it will cause problems over the Internet. With the flexibility of software-defined networking, we design a novel framework and implement our ideas with a deep learning approach to improve the performance of the previous work. Through rerouting techniques and monitoring network traffic, our system can detect a malicious attack from the adversary. A CNN architecture is combined to assist in finding an appropriate rerouting path that can shorten the reaction time for detecting DDoS attacks. Therefore, the proposed method can efficiently distinguish the difference between benign traffic and malicious traffic and prevent attackers from carrying out link-flooding attacks through bots.
22
Aridoss, Manimaran. "Defensive Mechanism Against DDoS Attack to Preserve Resource Availability for IoT Applications." International Journal of Handheld Computing Research 8, no. 4 (October 2017): 40–51. http://dx.doi.org/10.4018/ijhcr.2017100104.
Abstract:
The major challenge of Internet of Things (IoT) generated data is its hypervisor level vulnerabilities. Malicious VM deployment and termination are so simple due to its multitenant shared nature and distributed elastic cloud features. These features enable the attackers to launch Distributed Denial of Service attacks to degrade cloud server performance. Attack detection techniques are applied to the VMs that are used by malicious tenants to hold the cloud resources by launching DDoS attacks at data center subnets. Traditional dataflow-based attack detection methods rely on the similarities of incoming requests which consist of IP and TCP header information flows. The proposed approach classifies the status patterns of malicious VMs and ideal VMs to identify the attackers. In this article, information theory is used to calculate the entropy value of the malicious virtual machines for detecting attack behaviors. Experimental results prove that the proposed system works well against DDoS attacks in IoT applications.
23
Ghugar, Umashankar, Jayaram Pradhan, Sourav Kumar Bhoi, and Rashmi Ranjan Sahoo. "LB-IDS: Securing Wireless Sensor Network Using Protocol Layer Trust-Based Intrusion Detection System." Journal of Computer Networks and Communications 2019 (January 6, 2019): 1–13. http://dx.doi.org/10.1155/2019/2054298.
Abstract:
Wireless sensor network (WSN) faces severe security problems due to wireless communication between the nodes and open deployment of the nodes. The attacker disrupts the security parameters by launching attacks at different layers of the WSN. In this paper, a protocol layer trust-based intrusion detection system (LB-IDS) is proposed to secure the WSN by detecting the attackers at different layers. The trust value of a sensor node is calculated using the deviation of trust metrics at each layer with respect to the attacks. Mainly, we consider trustworthiness in the three layers such as physical layer trust, media access control (MAC) layer trust, and network layer trust. The trust of a sensor node at a particular layer is calculated by taking key trust metrics of that layer. Finally, the overall trust value of the sensor node is estimated by combining the individual trust values of each layer. By applying the trust threshold, a sensor node is detected as trusted or malicious. The performance of LB-IDS is evaluated by comparing the results of the three performance parameters such as detection accuracy, false-positive rate, and false-negative rate, with the results of Wang’s scheme. We have implemented jamming attack at the physical layer, back-off manipulation attack at the MAC layer, and sinkhole attack at the network layer using simulations. We have also implemented a cross-layer attack using the simulation where an attacker simultaneously attacks the MAC layer and network layer. Simulation results show that the proposed LB-IDS performs better as compared with Wang’s scheme.
24
Gara, Fatma, Leila Ben Saad, and Rahma Ben Ayed. "An Efficient Intrusion Detection System for Selective Forwarding and Clone Attackers in IPv6-based Wireless Sensor Networks under Mobility." International Journal on Semantic Web and Information Systems 13, no. 3 (July 2017): 22–47. http://dx.doi.org/10.4018/ijswis.2017070102.
Abstract:
Security in mobile wireless sensor networks is a big challenge because it adds more complexity to the network in addition to the problems of mobility and the limited sensor node resources. Even with authentication and encryption mechanisms, an attacker can compromise nodes and get all the keying materials. Therefore, an intrusion detection system is necessary to detect and defend against the insider attackers. Currently, there is no intrusion detection system applied to IPv6-based mobile wireless sensor networks. This paper is mainly interested in detecting the selective forwarding and clone attacks because they are considered among the most dangerous attackers. In this work, the authors design, implement, and evaluate a novel intrusion detection system for mobile wireless sensor networks based on IPv6 routing protocol for low power and lossy networks. The new intrusion detection system can be extended to other attacks such as wormhole and sybil attacks. The simulations results show that the detection probability is 100% for selective attackers under some cases.
25
Du, Dajun, Rui Chen, Xue Li, Lei Wu, Peng Zhou, and Minrui Fei. "Malicious data deception attacks against power systems: A new case and its detection method." Transactions of the Institute of Measurement and Control 41, no. 6 (January 8, 2018): 1590–99. http://dx.doi.org/10.1177/0142331217740622.
Abstract:
Power systems usually employ bad data detection (BDD) to avoid faulty measurements caused by their anomalies, and hence can ensure the security of the state estimation of power systems. However, recently BDD has been found vulnerable to malicious data deception attacks submerged in big data. Such attacks can purposely craft sparse measurement values (i.e. attack vectors) to mislead power estimates, while not posing any anomalies to the BDD. Some related work has been proposed to emphasize this attack. In this paper, a new malicious data deception attack by considering a practical attacking situation is investigated, where the attacker has limited resources for corrupting measurements. In this case, attackers generate attack vectors with less sparsity to evade conventional BDD, while using a convex optimization method to balance the sparsity and magnitude of attack vectors. Accordingly, the effects of such an attack on operational costs and the risks of power systems are analysed in detail. Moreover, according to security evaluation for individual measurements, such attacks can be detected with high probability by just securing one critical measurement. Numerical simulations illustrate the effectiveness of the proposed new attack case and its detection method.
26
Shchetinin, Eugeny Yu, and Tatyana R. Velieva. "Detection of cyber-attacks on the power smart grids using semi-supervised deep learning models." Discrete and Continuous Models and Applied Computational Science 30, no. 3 (October 5, 2022): 258–68. http://dx.doi.org/10.22363/2658-4670-2022-30-3-258-268.
Abstract:
Modern smart energy grids combine advanced information and communication technologies into traditional energy systems for a more efficient and sustainable supply of electricity, which creates vulnerabilities in their security systems that can be used by attackers to conduct cyber-attacks that cause serious consequences, such as massive power outages and infrastructure damage. Existing machine learning methods for detecting cyber-attacks in intelligent energy networks mainly use classical classification algorithms, which require data markup, which is sometimes difficult, if not impossible. This article presents a new method for detecting cyber-attacks in intelligent energy networks based on weak machine learning methods for detecting anomalies. Semi-supervised anomaly detection uses only instances of normal events to train detection models, which makes it suitable for searching for unknown attack events. A number of popular methods for detecting anomalies with semisupervised algorithms were investigated in study using publicly available data sets on cyber-attacks on power systems to determine the most effective ones. A performance comparison with popular controlled algorithms shows that semi-controlled algorithms are more capable of detecting attack events than controlled algorithms. Our results also show that the performance of semi-supervised anomaly detection algorithms can be further improved by enhancing deep autoencoder model.
27
Wang, Jing Lei. "Research on the Detection Method of the Malicious Attacks on Campus Network." Applied Mechanics and Materials 644-650 (September 2014): 3291–94. http://dx.doi.org/10.4028/www.scientific.net/amm.644-650.3291.
Abstract:
The problem of malicious attacks detection on campus network is studied to improve the accuracy of detection. When detecting malicious attacks on campus network, a conventional manner is usually conducted in malicious attack detection of campus network. If a malicious signature is mutated into a new feature, the conventional detection method cannot recognize the new malicious signature, resulting in a relative low detection accuracy rate of malicious attacks. To avoid these problems, in this paper, the malicious attacks detection method for campus network based on support vector machine algorithm is proposed. The plane of support vector machine classification is constructed, to complete the malicious attacks detection of campus network. Experiments show that this approach can improve the accuracy rate of the malicious attack detection, and achieve satisfactory results.
28
Aslan, Ömer, Semih Serkant Aktuğ, Merve Ozkan-Okay, Abdullah Asim Yilmaz, and Erdal Akin. "A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions." Electronics 12, no. 6 (March 11, 2023): 1333. http://dx.doi.org/10.3390/electronics12061333.
Abstract:
Internet usage has grown exponentially, with individuals and companies performing multiple daily transactions in cyberspace rather than in the real world. The coronavirus (COVID-19) pandemic has accelerated this process. As a result of the widespread usage of the digital environment, traditional crimes have also shifted to the digital space. Emerging technologies such as cloud computing, the Internet of Things (IoT), social media, wireless communication, and cryptocurrencies are raising security concerns in cyberspace. Recently, cyber criminals have started to use cyber attacks as a service to automate attacks and leverage their impact. Attackers exploit vulnerabilities that exist in hardware, software, and communication layers. Various types of cyber attacks include distributed denial of service (DDoS), phishing, man-in-the-middle, password, remote, privilege escalation, and malware. Due to new-generation attacks and evasion techniques, traditional protection systems such as firewalls, intrusion detection systems, antivirus software, access control lists, etc., are no longer effective in detecting these sophisticated attacks. Therefore, there is an urgent need to find innovative and more feasible solutions to prevent cyber attacks. The paper first extensively explains the main reasons for cyber attacks. Then, it reviews the most recent attacks, attack patterns, and detection techniques. Thirdly, the article discusses contemporary technical and nontechnical solutions for recognizing attacks in advance. Using trending technologies such as machine learning, deep learning, cloud platforms, big data, and blockchain can be a promising solution for current and future cyber attacks. These technological solutions may assist in detecting malware, intrusion detection, spam identification, DNS attack classification, fraud detection, recognizing hidden channels, and distinguishing advanced persistent threats. However, some promising solutions, especially machine learning and deep learning, are not resistant to evasion techniques, which must be considered when proposing solutions against intelligent cyber attacks.
29
Liu, Bo, Hongyu Wu, Qihui Yang, and Hang Zhang. "Random-Enabled Hidden Moving Target Defense against False Data Injection Alert Attackers." Processes 11, no. 2 (January 21, 2023): 348. http://dx.doi.org/10.3390/pr11020348.
Abstract:
Hidden moving target defense (HMTD) is a proactive defense strategy that is kept hidden from attackers by changing the reactance of transmission lines to thwart false data injection (FDI) attacks. However, alert attackers with strong capabilities pose additional risks to the HMTD and thus, it is much-needed to evaluate the hiddenness of the HMTD. This paper first summarizes two existing alert attacker models, i.e., bad-data-detection-based alert attackers and data-driven alert attackers. Furthermore, this paper proposes a novel model-based alert attacker model that uses the MTD operation models to estimate the dispatched line reactance. The proposed attacker model can use the estimated line reactance to construct stealthy FDI attacks against HMTD methods that lack randomness. We propose a novel random-enabled HMTD (RHMTD) operation method, which utilizes random weights to introduce randomness and uses the derived hiddenness operation conditions as constraints. RHMTD is theoretically proven to be kept hidden from three alert attacker models. In addition, we analyze the detection effectiveness of the RHMTD against three alert attacker models. Simulation results on the IEEE 14-bus systems show that traditional HMTD methods fail to detect attacks by the model-based alert attacker, and RHMTD is kept hidden from three alert attackers and is effective in detecting attacks by three alert attackers.
30
D., Glăvan. "DDoS detection and prevention based on artificial intelligence techniques." Scientific Bulletin of Naval Academy XXII, no. 1 (July 15, 2019): 134–43. http://dx.doi.org/10.21279/1454-864x-19-i1-018.
Abstract:
Distributed Denial of Service (DDoS) attacks have been the major threats for the Internet and can bring great loss to companies and governments. With the development of emerging technologies, such as cloud computing, Internet of Things (IoT), artificial intelligence techniques, attackers can launch a huge volume of DDoS attacks with a lower cost, and it is much harder to detect and prevent DDoS attacks, because DDoS traffic is similar to normal traffic. Some artificial intelligence techniques like machine learning algorithms have been used to classify DDoS attack traffic and detect DDoS attacks, such as Naive Bayes and Random forest tree. In the paper, we survey on the latest progress on the DDoS attack detection using artificial intelligence techniques and give recommendations on artificial intelligence techniques to be used in DDoS attack detection and prevention.
31
Soe, Yan Naung, Yaokai Feng, Paulus Insap Santosa, Rudy Hartanto, and Kouichi Sakurai. "Machine Learning-Based IoT-Botnet Attack Detection with Sequential Architecture." Sensors 20, no. 16 (August 5, 2020): 4372. http://dx.doi.org/10.3390/s20164372.
Abstract:
With the rapid development and popularization of Internet of Things (IoT) devices, an increasing number of cyber-attacks are targeting such devices. It was said that most of the attacks in IoT environments are botnet-based attacks. Many security weaknesses still exist on the IoT devices because most of them have not enough memory and computational resource for robust security mechanisms. Moreover, many existing rule-based detection systems can be circumvented by attackers. In this study, we proposed a machine learning (ML)-based botnet attack detection framework with sequential detection architecture. An efficient feature selection approach is adopted to implement a lightweight detection system with a high performance. The overall detection performance achieves around 99% for the botnet attack detection using three different ML algorithms, including artificial neural network (ANN), J48 decision tree, and Naïve Bayes. The experiment result indicates that the proposed architecture can effectively detect botnet-based attacks, and also can be extended with corresponding sub-engines for new kinds of attacks.
32
Fadlil, Abdul, Imam Riadi, and Sukma Aji. "Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Network Forensics." Bulletin of Electrical Engineering and Informatics 6, no. 2 (June 1, 2017): 140–48. http://dx.doi.org/10.11591/eei.v6i2.605.
Abstract:
Distributed Denial of Service (DDoS) is a type of attack using the volume, intensity, and more costs mitigation to increase in this era. Attackers used many zombie computers to exhaust the resources available to a network, application or service so that authorize users cannot gain access or the network service is down, and it is a great loss for Internet users in computer networks affected by DDoS attacks. In the Network Forensic, a crime that occurs in the system network services can be sued in the court and the attackers will be punished in accordance with law. This research has the goal to develop a new approach to detect DDoS attacks based on network traffic activity were statistically analyzed using Naive Bayes method. Data were taken from the training and testing of network traffic in a core router in Master of Information Technology Research Laboratory University of Ahmad Dahlan Yogyakarta. The new approach in detecting DDoS attacks is expected to be a relation with Intrusion Detection System (IDS) to predict the existence of DDoS attacks.
33
Watson, Lauren, Anupam Mediratta, Tariq Elahi, and Rik Sarkar. "Privacy Preserving Detection of Path Bias Attacks in Tor." Proceedings on Privacy Enhancing Technologies 2020, no. 4 (October 1, 2020): 111–30. http://dx.doi.org/10.2478/popets-2020-0065.
Abstract:
AbstractAnonymous communication networks like Tor are vulnerable to attackers that control entry and exit nodes. Such attackers can compromise the essential anonymity and privacy properties of the network. In this paper, we consider the path bias attack– where the attacker induces a client to use compromised nodes and thus links the client to their destination. We describe an efficient scheme that detects such attacks in Tor by collecting routing telemetry data from nodes in the network. The data collection is differentially private and thus does not reveal behaviour of individual users even to nodes within the network. We show provable bounds for the sample complexity of the scheme and describe methods to make it resilient to introduction of false data by the attacker to subvert the detection process. Simulations based on real configurations of the Tor network show that the method works accurately in practice.
34
Hairab, Belal Ibrahim, Heba K. Aslan, Mahmoud Said Elsayed, Anca D. Jurcut, and Marianne A. Azer. "Anomaly Detection of Zero-Day Attacks Based on CNN and Regularization Techniques." Electronics 12, no. 3 (January 23, 2023): 573. http://dx.doi.org/10.3390/electronics12030573.
Abstract:
The rapid development of cyberattacks in the field of the Internet of things (IoT) introduces new security challenges regarding zero-day attacks. Intrusion-detection systems (IDS) are usually trained on specific attacks to protect the IoT application, but the attacks that are yet unknown for IDS (i.e., zero-day attacks) still represent challenges and concerns regarding users’ data privacy and security in those applications. Anomaly-detection methods usually depend on machine learning (ML)-based methods. Under the ML umbrella are classical ML-based methods, which are known to have low prediction quality and detection rates with regard to data that it has not yet been trained on. DL-based methods, especially convolutional neural networks (CNNs) with regularization methods, address this issue and give a better prediction quality with unknown data and avoid overfitting. In this paper, we evaluate and prove that the CNNs have a better ability to detect zero-day attacks, which are generated from nonbot attackers, compared to classical ML. We use classical ML, normal, and regularized CNN classifiers (L1, and L2 regularized). The training data consists of normal traffic data, and DDoS attack data, as it is the most common attack in the IoT. In order to give the full picture of this evaluation, the testing phase of those classifiers will include two scenarios, each having data with different attack distribution. One of these is the backdoor attack, and the other is the scanning attack. The results of the testing proves that the regularized CNN classifiers still perform better than the classical ML-based methods in detecting zero-day IoT attacks.
35
Xia, Kui Liang. "Modeling and Simulation of Low Rate of Denial of Service Attacks." Applied Mechanics and Materials 484-485 (January 2014): 1063–66. http://dx.doi.org/10.4028/www.scientific.net/amm.484-485.1063.
Abstract:
The low-rate denial of service attack is more applicable to the network in recent years as a means of attack, which is different from the traditional field type DoS attacks at the network end system or network using adaptive mechanisms exist loopholes flow through the low-rate periodic attacks on the implementation of high-efficiency attacked by an intruder and not be found, resulting in loss of user data or a computer deadlock. LDos attack since there has been extensive attention of researchers, the attack signature analysis and detection methods to prevent network security have become an important research topic. Some have been proposed for the current attacks were classified LDoS describe and model, and then in NS-2 platform for experimental verification, and then LDoS attack detection to prevent difficulties are discussed and summarized for the future such attacks detection method research work to provide a reference.
36
Alansari, Zainab, Nor Badrul Anuar, Amirrudin Kamsin, and Mohammad Riyaz Belgaum. "A systematic review of routing attacks detection in wireless sensor networks." PeerJ Computer Science 8 (October 21, 2022): e1135. http://dx.doi.org/10.7717/peerj-cs.1135.
Abstract:
Wireless sensor networks (WSNs) consist of hundreds, or thousands of sensor nodes distributed over a wide area and used as the Internet of Things (IoT) devices to benefit many home users and autonomous systems industries. With many users adopting WSN-based IoT technology, ensuring that the sensor’s information is protected from attacks is essential. Many attacks interrupt WSNs, such as Quality of Service (QoS) attacks, malicious nodes, and routing attacks. To combat these attacks, especially on the routing attacks, we need to detect the attacker nodes and prevent them from any access to WSN. Although some survey studies on routing attacks have been published, a lack of systematic studies on detecting WSN routing attacks can be seen in the literature. This study enhances the topic with a taxonomy of current and emerging detection techniques for routing attacks in wireless sensor networks to improve QoS. This article uses a PRISMA flow diagram for a systematic review of 87 articles from 2016 to 2022 based on eight routing attacks: wormhole, sybil, Grayhole/selective forwarding, blackhole, sinkhole, replay, spoofing, and hello flood attacks. The review also includes an evaluation of the metrics and criteria used to evaluate performance. Researchers can use this article to fill in any information gaps within the WSN routing attack detection domain.
37
Han, Dezhi, Kun Bi, Han Liu, and Jianxin Jia. "A DDoS attack detection system based on spark framework." Computer Science and Information Systems 14, no. 3 (2017): 769–88. http://dx.doi.org/10.2298/csis161217028h.
Abstract:
There are many problems in traditional Distributed Denial of Service (DDoS) attack detection such as low accuracy, low detection speed and so on, which is not suitable for the real time detecting and processing of DDoS attacks in big data environment. This paper proposed a novel DDoS attack detection system based on Spark framework including 3 main algorithms. Based on information entropy, the first one can effectively warn all kinds of DDoS attacks in advance according to the information entropy change of data stream source IP address and destination IP address; With the help of designed dynamic sampling K-Means algorithm, this new detection system improves the attack detection accuracy effectively; Through running dynamic sampling K-Means parallelization algorithm, which can quickly and effectively detect a variety of DDoS attacks in big data environment. The experiment results show that this system can not only early warn DDoS attacks effectively, but also can detect all kinds of DDoS attacks in real time, with low false rate.
38
Wu, Kongpei, Huiqin Qu, and Conggui Huang. "A Network Intrusion Detection Method Incorporating Bayesian Attack Graph and Incremental Learning Part." Future Internet 15, no. 4 (March 28, 2023): 128. http://dx.doi.org/10.3390/fi15040128.
Abstract:
For the current stage of complex and changing network environments and correlated and synchronized vulnerability attacks, this study first fuses attack graph technology and Bayesian networks and constructs Bayesian attack graphs toportray the correlation relationships between vulnerabilities and discovering attackers’ intentions. Meanwhile, improving the Bayesian attack graph is difficult because it is difficult to achieve active updates and adapt to the changing network environment and other problems. The study proposed a detection method that integrated the Bayesian attack graph and the XGBoost incremental learning (IL) approach. Experiments showed that the IL model had an accuracy of 0.951, an accuracy of 0.999, a recall of 0.815, an F1 value of 0.898, and an Area Under Curve (AUC) value of 0.907. The prediction ability of this method was better than that of the base model. Bayesian attack graphs fused with IL can detect attacks in the network more efficiently and accurately, so the probability of each node in the network system being attacked can be updated in real time.
39
dos Santos, Rodrigo, Ashwitha Kassetty, and Shirin Nilizadeh. "Disrupting Audio Event Detection Deep Neural Networks with White Noise." Technologies 9, no. 3 (September 6, 2021): 64. http://dx.doi.org/10.3390/technologies9030064.
Abstract:
Audio event detection (AED) systems can leverage the power of specialized algorithms for detecting the presence of a specific sound of interest within audio captured from the environment. More recent approaches rely on deep learning algorithms, such as convolutional neural networks and convolutional recurrent neural networks. Given these conditions, it is important to assess how vulnerable these systems can be to attacks. As such, we develop AED-suited convolutional neural networks and convolutional recurrent neural networks, and attack them next with white noise disturbances, conceived to be simple and straightforward to be implemented and employed, even by non-tech savvy attackers. We develop this work under a safety-oriented scenario (AED systems for safety-related sounds, such as gunshots), and we show that an attacker can use such disturbances to avoid detection by up to 100 percent success. Prior work has shown that attackers can mislead image classification tasks; however, this work focuses on attacks against AED systems by tampering with their audio rather than image components. This work brings awareness to the designers and manufacturers of AED systems, as these solutions are vulnerable, yet may be trusted by individuals and families.
40
Gavrić, Nikola, and Živko Bojović. "Security Concerns in MMO Games—Analysis of a Potent Application Layer DDoS Threat." Sensors 22, no. 20 (October 14, 2022): 7791. http://dx.doi.org/10.3390/s22207791.
Abstract:
The application layer in the Internet protocol suite offers a significant degree of freedom regarding the orchestration of distributed denial-of-service attacks due to many different and unstandardized protocols. The primary focus of defending against application-layer distributed denial-of-service attacks has traditionally been Hypertext Transfer Protocols oriented while observing individual users’ actions independently from one another. In this paper, we present and analyze a novel application-layer DDoS attack in massively multiplayer online games that utilize the cooperative efforts of the attackers to deplete the server’s or players’ bandwidth. The attack exploits in-game dependencies between players to cause a massive spike in bandwidth while the attackers’ traffic remains legitimate. We introduce a multiplayer-relations graph to model user behavior on a game server. Additionally, we demonstrate the attack’s devastating capabilities on an emulated World of Warcraft server. Lastly, we discuss flaws of the existing defense mechanisms and possible approaches for the detection of these attacks using graph theory and multiplayer-relations graphs.
41
Lee, Kyungroul, Jaehyuk Lee, and Kangbin Yim. "Classification and Analysis of Malicious Code Detection Techniques Based on the APT Attack." Applied Sciences 13, no. 5 (February 23, 2023): 2894. http://dx.doi.org/10.3390/app13052894.
Abstract:
According to the Fire-eye’s M-Trends Annual Threat Report 2022, there are many advanced persistent threat (APT) attacks that are currently in use, and such continuous and specialized APT attacks cause serious damages attacks. As APT attacks continue to be active, there is a need for countermeasures to detect new and existing malicious codes. An APT attack is a type of intelligent attack that analyzes the target and exploits its vulnerabilities. It attempts to achieve a specific purpose, and is persistent in continuously attacking and threatening the system. With this background, this paper analyzes attack scenarios based on attack cases by malicious code, and surveys and analyzes attack techniques used in attack cases. Based on the results of the analysis, we classify and analyze malicious code detection techniques into security management systems, pattern-based detection, heuristic-based detection, reputation-based detection, behavior-based detection, virtualization-based detection, anomaly detection, data analysis-based detection (big data-based, machine learning-based), and others. This paper is expected to serve as a useful reference for detecting and preventing malicious codes. Specifically, this article is a surveyed review article.
42
Yu, Zhenhua, Xudong Duan, Xuya Cong, Xiangning Li, and Li Zheng. "Detection of Actuator Enablement Attacks by Petri Nets in Supervisory Control Systems." Mathematics 11, no. 4 (February 13, 2023): 943. http://dx.doi.org/10.3390/math11040943.
Abstract:
The feedback control system with network-connected components is vulnerable to cyberattacks. We study a problem of attack detection in supervisory control of discrete-event systems. The scenario of a system subjected to actuator enablement attacks is considered in this article. We also consider that some unsafe places that should be protected from an attacker exist in the system, and some controllable events that are disabled by a supervisor might be re-enabled by an attacker. This article proposes a defense strategy to detect actuator enablement attacks and disable all controllable events after detecting an attack. We design algorithmic procedures to determine whether the system can be protected against damage caused by actuator enablement attacks, where the damage is predefined as a set of “unsafe” places. In this way, the system property is called “AE-safe controllability”. The safe controllability can be verified by using a basis diagnoser or a basis verifier. Finally, we explain the approach with a cargo system example.
43
Kasture, Pradnya. "DDoS Attack Detection using ML." International Journal for Research in Applied Science and Engineering Technology 11, no. 5 (May 31, 2023): 6421–24. http://dx.doi.org/10.22214/ijraset.2023.53133.
Abstract:
Abstract: DDoS attacks are an attempt to prevent the service from being unavailable by overloading the server with malicious traffic. In the past few years, distributed denial of service attacks is becoming the most difficult and burdensome problem. The number and magnitude of attacks have increased from few megabytes of data to 100s of terabytes of data these days. As there are different attack patterns or new types of attacks, it is difficult to detect such attacks effectively. New techniques for generating and mitigating distributed denial of service attacks have been developed in the present paper, which demonstrate that they are far superior to those currently used. In addition, in order to carry out a thorough investigation of the challenges presented by distributed denial of service attacks, we classify DDoS attack methods and techniques used for their detection. We're comparing the attack module to a few other tools out there.
44
Alamsyah, Hendri, Riska, and Abdussalam Al Akbar. "Analisa Keamanan Jaringan Menggunakan Network Intrusion Detection and Prevention System." JOINTECS (Journal of Information Technology and Computer Science) 5, no. 1 (January 25, 2020): 17. http://dx.doi.org/10.31328/jointecs.v5i1.1240.
Abstract:
Security is an important aspect to be considered in computer networks. This security system can be a detection and prevention of attacks that are being done by the attacker (intruders). The problem of attacks that occur in computer networks is that intruders can do port scanning, enter the system using open ports such as telnet, ftp and others.. The purpose of this study is the implementation of IDPS, can be from. To do network security from various attack threats, a system that can detect and prevent it directly is needed. The method that can be used is Intrusion Detection and Prevention System (NIDPS). NIDPS can exchange and block the attacks. This security system is collaborated with IP Tables. IP Tables is used to filter incoming data packets and drop packets of data that are indicated by attack. With the Intrusion Detection and Prevention system, it can detect attacks and prevent them by blocking data packets sent by intruders through port scanning, FTP attacks, and telnets.
45
Chauhan, Ravi, Ulya Sabeel, Alireza Izaddoost, and Shahram Shah Heydari. "Polymorphic Adversarial Cyberattacks Using WGAN." Journal of Cybersecurity and Privacy 1, no. 4 (December 12, 2021): 767–92. http://dx.doi.org/10.3390/jcp1040037.
Abstract:
Intrusion Detection Systems (IDS) are essential components in preventing malicious traffic from penetrating networks and systems. Recently, these systems have been enhancing their detection ability using machine learning algorithms. This development also forces attackers to look for new methods for evading these advanced Intrusion Detection Systemss. Polymorphic attacks are among potential candidates that can bypass the pattern matching detection systems. To alleviate the danger of polymorphic attacks, the IDS must be trained with datasets that include these attacks. Generative Adversarial Network (GAN) is a method proven in generating adversarial data in the domain of multimedia processing, text, and voice, and can produce a high volume of test data that is indistinguishable from the original training data. In this paper, we propose a model to generate adversarial attacks using Wasserstein GAN (WGAN). The attack data synthesized using the proposed model can be used to train an IDS. To evaluate the trained IDS, we study several techniques for updating the attack feature profile for the generation of polymorphic data. Our results show that by continuously changing the attack profiles, defensive systems that use incremental learning will still be vulnerable to new attacks; meanwhile, their detection rates improve incrementally until the polymorphic attack exhausts its profile variables.
46
Joshi, Sagar Vasantrao, Nanda Wagh, Jambi Ratna Raja Kumar, Deepika Dongre, Nuzhat Rizvi, and Mahua Bhowmik. "Mitigating DDoS attacks with an intrusion detection and prevention system based on 2-player Bayesian game theory." Journal of Discrete Mathematical Sciences and Cryptography 27, no. 2-B (2024): 809–20. http://dx.doi.org/10.47974/jdmsc-1957.
Abstract:
Distributed Denial of Service (DDoS) attacks are very dangerous to the availability and security of networks, so they need improved ways to be stopped. This article suggests a new way to fight DDoS attacks that uses Intrusion Detection and Prevention Systems (IDPS) and 2-Player Bayesian Game Theory. Traditional IDPSs often have trouble responding quickly to changing attack tactics, which makes them less effective as defenses. The suggested structure, on the other hand, imagines the attacker and defense interacting as a Bayesian game. This lets them make proactive choices and come up with flexible ways to respond.The system uses Bayesian reasoning to describe the attacker’s actions and plans’ doubt, which lets it better assess the threat and decide how to respond. By constantly changing probability distributions based on what it sees attackers doing and what it sees defenders doing, the IDPS can quickly and effectively change its defenses to deal with new threats. The strategy contact between the attacker and the defense adds a competition factor that makes attackers less likely to start DDoS attacks by making them more expensive and risky. The proposed method works to stop different kinds of DDoS attacks while reducing the number of fake positives and negatives through a lot of simulations and experiments.
47
Siddiqa, Ayesha. "Web Based Intrusion Detection System for SQLIA." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 07, no. 11 (November 1, 2023): 1–11. http://dx.doi.org/10.55041/ijsrem26708.
Abstract:
SQL Injection Attack (SQLIA) refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application’s database server. By leveraging SQL Injection vulnerability, given the right circumstances, an attacker can use it to bypass a web application’s authentication and authorization mechanisms and retrieve the contents of an entire database. SQL Injection can also be used to add, modify and delete records in a database, affecting data integrity. The main idea of our work is to allow developers the freedom to write and execute code without having to worry about these attacks. In this paper we propose a Web Based Intrusion Detection System for SQLIA to extract a SQL query connecting to database from a PHP file. The structure of the query under observation will be converted to XML file and compared against the legitimate queries stored in the XML file using association rule mining thus minimizing attacks. WEBIDS is expected to reduce the time and manual effort as it only focuses on fragments that are vulnerable for attacks. Key Words: XML Rule Mining, PHP, SQL injection,
48
Chaves, Cesar, Siavoosh Azad, Thomas Hollstein, and Johanna Sepúlveda. "DoS Attack Detection and Path Collision Localization in NoC-Based MPSoC Architectures." Journal of Low Power Electronics and Applications 9, no. 1 (February 5, 2019): 7. http://dx.doi.org/10.3390/jlpea9010007.
Abstract:
Denial of Service (DoS) attacks are an increasing threat for Multiprocessor System-on-Chip (MPSoC) architectures. By exploiting the shared resources on the chip, an attacker is able to prevent completion or degrade the performance of a task. This is extremely dangerous for MPSoCs used in critical applications. The Network-on-Chip (NoC), as a central MPSoC infrastructure, is exposed to this attack. In order to maintain communication availability, NoCs should be enhanced with an effective and precise attack detection mechanism that allows the triggering of effective attack mitigation mechanisms. Previous research works demonstrate DoS attacks on NoCs and propose detection methods being implemented in NoC routers. These countermeasures typically led to a significantly increased router complexity and to a high degradation of the MPSoC’s performance. To this end, we present two contributions. First, we provide an analysis of information that helps to narrow down the location of the attacker in the MPSoC, achieving up to a 69% search space reduction for locating the attacker. Second, we propose a low cost mechanism for detecting the location and direction of the interference, by enhancing the communication packet structure and placing communication degradation monitors in the NoC routers. Our experiments show that our NoC router architecture detects single-source DoS attacks and determines, with high precision, the location and direction of the collision, while incurring a low area and power overhead.
49
Peterson, Matthew, Todd Andel, and Ryan Benton. "Towards Detection of Selfish Mining Using Machine Learning." International Conference on Cyber Warfare and Security 17, no. 1 (March 2, 2022): 237–43. http://dx.doi.org/10.34190/iccws.17.1.15.
Abstract:
Selfish mining is an attack against a blockchain where miners hide newly discovered blocks instead of publishing them to the rest of the network. The selfish miners continue to mine on their private chain while the honest miners waste resources mining on a shorter chain. According to the blockchain protocol, a longer chain takes precedent and shorter chains are discarded which allows the selfish miners to gain an advantage by keeping their chain secret. This attack can be used by malicious miners to earn a disproportionate share of the mining rewards or in conjunction with other attacks to steal money from cryptocurrency exchanges. Several of these attacks were launched in 2018 and 2019 with the attackers stealing as much as $18 Million. Developers made several different attempts to fix this issue, but the effectiveness of the fixes is currently unknown. Although this attack is possible against both Proof-of-Work and Proof-of-Stake blockchains, this research concentrates on detection in Proof-of-Work blockchains. As is difficult to evaluate security advances in the real-time blockchain, it is imperative to focus on simulation to evaluate blockchain security properties. To this end, we extend a blockchain simulator and add the ability to simulate selfish mining attacks. Several existing simulators are examined before choosing SimBlock for this research. Our goal is to identify the factors that identify selfish mining. Using existing research, we choose several factors that could identify an attack in an unlaunched state, an active state, or historically. We plan to use simulated data to train a machine learning model to detect selfish mining. Using the modified simulator, we generate training and test data for unlaunched and active attacks. For historical attacks, we will use historical data from known selfish mining attacks. While some existing research has examined the detection of selfish mining, it only examines active attacks. In this paper, we seek to lay the groundwork for future research into detecting attacks that are unlaunched, active, or historical.
50
Chamotra, Saurabh, Rakesh Kumar Sehgal, and Ram Swaroop Misra. "Honeypot Baselining for Zero Day Attack Detection." International Journal of Information Security and Privacy 11, no. 3 (July 2017): 63–74. http://dx.doi.org/10.4018/ijisp.2017070106.
Abstract:
Honeypots are the network sensors used for capturing the network attacks. As these sensors are solely deployed for the purpose of being attacked and compromised hence they have to be closely monitored and controlled. In the work presented in this paper the authors have addressed the problem of base-lining the high-interaction Honeypots by proposing a structured framework for base-lining any high interaction Honeypot. The Honeypot base-lining process involves identification and white-listing of all the legitimate system activities and the modeling of Honeypot attack surface. The outcome of the Honeypot base-lining process is an XML file which models the Honeypot attack surface. The authors claim that this Honeypot system modeling is useful at the time of attack data analysis, as it enables the mapping of captured attacks to the vulnerabilities exposed by the Honeypot. This attack to vulnerability mapping capability helps defenders to find out what attacks targets what vulnerabilities and could also leads to the detection of the zero day vulnerabilities exploit attempt.