Towards Risk Evaluation of Denial-of-Service Vulnerabilities in Security Protocols

Denial-of-Service(DoS) attacks are virulent to both computer and networked systems.Modeling and evaluating DoS attacks are very important issues to networked systems;they provide both mathematical foundations and theoretic guidelines to security system design.As defense against DoS has been built more and more into security protocols,this paper studies how to evaluate the risk of DoS in security protocols.First,we build a formal framework to model protocol operations and attacker capabilities.Then we pro...     

DoS Attack Detection Based on Deep Factorization Machine in SDN

Software-Defined Network (SDN) decouples the control plane of network devices from the data plane. While alleviating the problems presented in traditional network architectures, it also brings potential security risks, particularly network Denial-of-Service (DoS) attacks. While many research efforts have been devoted to identifying new features for DoS attack detection, detection methods are less accurate in detecting DoS attacks against client hosts due to the high stealth of such attacks. To solve this problem, a new method of DoS attack detection based on Deep Factorization Machine (DeepFM) is proposed in SDN. Firstly, we select the Growth Rate of Max Matched Packets (GRMMP) in SDN as detection feature. Then, the DeepFM algorithm is used to extract features from flow rules and classify them into dense and discrete features to detect DoS attacks. After training, the model can be used to infer whether SDN is under DoS attacks, and a DeepFM-based detection method for DoS attacks against client host is implemented. Simulation results show that our method can effectively detect DoS attacks in SDN. Compared with the K-Nearest Neighbor (K-NN), Artificial Neural Network (ANN) models, Support Vector Machine (SVM) and Random Forest models, our proposed method outperforms in accuracy, precision and F1 values.     

内容中心网络中DoS攻击问题综述

“内容中心网络”（Content Centric Networking,CCN）是未来互联网架构体系群中极具前景的架构之一。尽管CCN网络的全新设计使其能够抵御目前网络存在的大多数形式DoS攻击,但仍引发了新型的DoS攻击,其中危害较大的两类攻击是兴趣包泛洪攻击和缓存污染攻击。这两类DoS攻击利用了CCN网络自身转发机制的安全逻辑漏洞,通过泛洪大量的恶意攻击包,耗尽网络资源,并导致网络瘫痪。与传统IP网络中DoS攻击相比,CCN网络中的内容路由、内嵌缓存和接收者驱动传输等新特征,对其DoS攻击的检测和防御方法都提出了新的挑战。本文首先介绍CCN网络的安全设计和如何对抗已有的DoS攻击,然后从多角度描述、比较CCN中新型DoS攻击的特点,重点阐述了兴趣包泛洪攻击和缓存污染攻击的分类、检测和防御方法,以及它们所面临的问题挑战,最后对全文进行总结。     

A Comprehensive Framework for Enhancing Security in InfiniBand Architecture

The InfiniBand architecture (IBA) is a promising communication standard for building clusters and system area networks. However, the IBA specification has left out security aspects, resulting in potential security vulnerabilities, which could be exploited with moderate effort. In this paper, we view these vulnerabilities from three classical security aspects - confidentiality, authentication, and availability - and investigate the following security issues. First, as groundwork for secure services in IBA, we present partition-level and queue-pair-level key management schemes, both of which can be easily integrated into IBA. Second, for confidentiality and authentication, we present a method to incorporate a scalable encryption and authentication algorithm into IBA, with little performance overhead. Third, for better availability, we propose a stateful ingress filtering mechanism to block denial-of-service (DoS) attacks. Finally, to further improve the availability, we provide a scalable packet marking method tracing back DoS attacks. Simulation results of an IBA network show that the security performance overhead due to encryption/authentication on network latency ranges from 0.7 percent to 12.4 percent. Since the stateful ingress filtering is enabled only when a DoS attack is active, there is no performance overhead in a normal situation.     

基于DoS攻击能量分级的ICPS综合安全控制与通信协同设计

针对一类有限能量拒绝服务（denial of service,DoS）攻击与执行器故障共存的工业信息物理系统（industry cyber-physical system,ICPS）,研究了综合安全控制与通信协同设计问题。首先,考虑单侧网络遭受DoS攻击的情形,构建了ICPS综合安全控制架构,并从防御者的视角通过分析不...     

A queueing analysis for the denial of service (DoS) attacks in computer networks

In most network security analysis, researchers mainly focus on qualitative studies on security schemes and possible attacks, and there are few papers on quantitative analysis in the current literature. In this paper, we propose one queueing model for the evaluation of the denial of service (DoS) attacks in computer networks. The network under DoS attacks is characterized by a two-dimensional embedded Markov chain model. With this model, we can develop a memory-efficient algorithm for finding the stationary probability distribution which can be used to find other interesting performance metrics such as the connection loss probability and buffer occupancy percentages of half-open connections for regular traffic and attack traffic. Different from previous works in the literature, this paper gives a more general analytical approach to the study of security measures of a computer network under DoS attacks. We hope that our approach opens a new avenue to the quantitative evaluation of more complicated security schemes in computer networks.     

Managing and Securing the Global Multicast Infrastructure

A lack of mechanisms to monitor and manage multicast networks has adversely affected progress in several areas critical for successful deployment. One such area involves discovering and solving multicast security vulnerabilities. Although a number of vulnerabilities exist, the most troubling are a set of easily exploited Denial-of-Service (DoS) attacks. The main reason for this concern is that the one-to-many nature of multicast can significantly magnify the effects of these attacks. Among the possible multicast DoS attacks, those that target the the Multicast Source Discovery Protocol (MSDP) can be most damaging. MSDP vulnerabilities are unusually easy to exploit and can lead to infrastructure-wide damage. In this paper, our goal is to develop a security framework that protects against DoS attacks through detection and then deflection. In developing our framework, we first examine the vulnerability of multicast protocols, to DoS attacks. We use data collected with our global monitoring infrastructure, Mantra, to analyze the nature and effects of attacks that have already occurred. We then create additional, more virulent strains. Finally, we propose a family of solutions to detect and deflect the effects of each attack. Our techniques are evaluated by simulating their effectiveness against both real and simulated workloads.     

WSN中一种防御广播认证中的DoS攻击策略

当将数字签名应用到广播认证时,网络很容易受到DoS( Denial of Service)攻击,比如攻击者不停地广播虚假数据包从而消耗网络的通信资源和计算资源.针对这种情况,提出一种基于弱认证和信誉等级的协议来防御此类DoS攻击.该协议针对分簇的无线传感器网络模型,利用中国剩余定理和单向函数来完成弱认证,同时还引入信誉...     

基于能量预测的传感器网络信任机制研究

信任机制最近已建议作为一个无线传感器网络(WSNs)有效的安全机制.文中提出了一种信任机制(EPTM),该机制不仅可以防止被入侵的节点或者恶意节点选举为簇头,而且还设计出一种新型副簇头节点来监察簇头以防止他们的恶意行为.特别介绍了一种基于能量预测的方法来检测拒绝服务攻击(DoS)的节点,选出值得信赖的簇.最后通过仿真验证了机制的可行性,结果表明:EPTM可以有效防御拒绝服务(DoS)攻击.     

Countering jamming attacks against an authentication and key agreement protocol for mobile satellite communications

The radio-based medium of satellite communication systems is vulnerable to interference on physical channels: unintentional interferences occur frequently and jamming attacks can be achieved using low-grade technology. While application layer security protocols cannot defend against denial of service (DoS) attacks where the attacker jams continuously, effective security protocols ensure that communication can continue after such interference has stopped.This paper analyses an authentication and key agreement protocol for satellite communications. The presented analysis reveals that the protocol is susceptible to a new DoS attack, where attackers jam a single message to achieve a permanent DoS condition. A new authentication and key agreement protocol is proposed that additionally addresses the scenario where messages send over the mobile satellite channel may not reach their intended recipient due to accidental or malicious interference. Analysis of the new protocol demonstrates that it is effective in countering the disruptive effects of jamming.     

An overview on multi-agent consensus under adversarial attacks

This paper presents an overview on the recent advances in the research of security of cyber–physical systems. We place particular emphases on consensus problems for multi-agent systems in hostile environments and their analyses on the resiliency against two types of attacks. First, we discuss a class of data injection attacks by focusing on the approach based on mean subsequence reduced (MSR) algorithms and their variants. Agents equipped with such algorithms will ignore their neighbors taking extreme state values. Characterizations on the properties necessary for network topologies and moreover a number of extensions with enhanced resiliency will be established. As the second class of attacks, the effects of denial-of-service (DoS) attacks will be examined in the context of multi-agent consensus. By employing a DoS model based on the energy constraints of the attacker, we will observe that robustness against such attacks may depend on system properties such as dynamics of the individual agents and network structures. Applications of the algorithms will be further discussed for clock synchronization in wireless sensor networks and control of a group of mobile robots.     

S-MAS: An adaptive hierarchical distributed multi-agent architecture for blocking malicious SOAP messages within Web Services environments

During the last years the use of Web Service-based applications has notably increased. However, the security has not evolved proportionally, which makes these applications vulnerable and objective of attacks. One of the most common attacks requiring novel solutions is the denial of service attack (DoS), caused for the modifications introduced in the XML of the SOAP messages. The specifications of existing security standards do not focus on this type of attack. This article presents the S-MAS architecture as a novel adaptive approach for dealing with DoS attacks in Web Service environments, which represents an alternative to the existing centralized solutions. S-MAS proposes a distributed hierarchical multi-agent architecture that implements a classification mechanism in two phases. The main benefits of the approach are the distributed capabilities of the multi-agent systems and the self-adaption ability to the changes that occur in the patterns of attack. A prototype of the architecture was developed and the results obtained are presented in this study.     

Resilient Time-Varying Formation-Tracking of Multi-UAV Systems Against Composite Attacks: A Two-Layered Framework

This paper studies the countermeasure design problems of distributed resilient time-varying formation-tracking control for multi-UAV systems with single-way communications against composite attacks,including denial-of-services(DoS)attacks,false-data injection attacks,camouflage attacks,and actuation attacks(AAs).Inspired by the concept of digital twin,a new two-layered protocol equipped with a safe and private twin layer(TL) is proposed,which decouples the above problems into the defense scheme ...     

DLDM: Deep learning-based defense mechanism for denial of service attacks in wireless sensor networks

Wireless Sensor Networks (WSNs) include small battery-based self-governing devices that are deployed in a distributed manner to supervise the environmental or physical circumstances. The routers and gateways are connected to the deployed nodes to support many real-time applications. Due to open access, the security issue arises in WSN. In this circumstance, the external users can be verified by securing authentication is necessary one. In real-time applications, to achieve secured communication they have made many lightweight authentication mechanisms. But WSNs are highly susceptible to DoS attacks as it lacks the synchronization between nodes during data routing. In this paper, a new lightweight DoS detection scheme Deep Learning-based Defense Mechanism (DLDM) has proposed to detect and isolate the attacks in Data Forwarding Phase (DFP). This paper describes the new algorithm for the successful detection of DoS attacks, such as exhaustion, jamming, homing, and flooding. We conduct extensive simulation experiments that can accurately isolate the adversaries and it is more resilient to DoS attacks. Our proposed simulation result shows that it can achieve a high detection rate, throughput, packet delivery ratio, and accuracy. This also reduces the energy consumption and the false alarm rate.     

网络攻击追踪技术性能分析

DoS攻击(拒绝服务攻击)和DDoS攻击(分布式拒绝服务攻击)IP追踪目前成为当今网络安全领域中最难解决的问题,IP追踪系统目的是在数据包源地址非真时识别出IP数据包源地址.对一些解决该问题最有前景的追踪技术进行了比较,以寻找更有效方法,并提出了一个新的IP追踪系统,该系统能够只用一个数据包就可以实现追踪而不需要受害者数据包.     

分布式拒绝服务（DDoS）与防护

分布式拒绝服务攻击是目前严重影响网络安全和威胁网站服务质量的一种攻击手段。文章中讨论了拒绝服务攻击和分布式拒绝服务攻击的产生方式和特点,并提出了相应的防护措施。     

基于博弈理论的传感器网络拒绝服务攻击限制模型

如何有效防治无线传感器网络中的拒绝服务(Denial of Service,Dos)攻击,以保障网络设施的可用性,是一个极具挑战性的安全问题.本文在假设网络节点为理性的基础上,提出了面向重复博弈的DoS攻击限制模型.该模型通过建立攻击检测惩罚机制,来降低攻击者的攻击收益以敦促恶意节点的协作,使传感器网络最终达到一个协作的Nash均衡.仿真结果表明,通过合理选择惩戒机制参数,可以有效抵御传感器网络中的DoS攻击.     

WLAN中基于规范的自适应DoS攻击检测*

无线网络由于其传输介质及通信规程的特殊性,除了要面对有线网络中存在的各种拒绝服务（denial of service, DoS）攻击之外,还面临着一些在无线环境下特有的DoS攻击。针对由伪造协议会话中使用的管理帧和EAP帧发起的DoS攻击,提出了一种基于规范的自适应检测方法（WSBA）,为无线局域网所执行的安全协议建立在正常运行时的状态转移模型连同网络安全策略约束定义作为检测规范,作为检测此类DoS攻击的依据。给出了检测阈值的自适应调整算法,分析了算法参数设置对检测性能的影响。实验测试结果表明该方法是正确而有效的。     

基于主成分分析的拒绝服务和网络探测攻击检测

针对拒绝服务和网络探测攻击难以检测的问题,提出了一种新的基于主成分分析的拒绝服务和网络探测攻击检测方法。首先在攻击流量和正常流量数据集上应用主成分分析,得到所有流量数据集的各种不同统计量;然后依据这些统计量构造攻击检测模型。实验表明：该模型检测拒绝服务和网络探测攻击的检测率达到99%;同时能够让受攻击对象在有限的时间内做出反应,减少攻击对服务器的危害程度。     

一个分布式拒绝服务攻击检测系统的设计

根据拒绝服务武攻击与分布式拒绝服务攻击的特点,该文设汁并实现了一个针对这种攻击的检测响应系统,详细讨论了拒绝服务攻击的特征,通用的攻击检测算法以及攻击响应策略。实际应用表明,系统检测准确率高、结构清晰、配置灵活、运行开销小,能有效地检测和防御常见的拒绝服务式攻击。