Internet of Things (IoT) devices are increasingly being found in civilian and military contexts, ranging from smart cities and smart grids to Internet-of-Medical-Things, Internet-of-Vehicles, ...Internet-of-Military-Things, Internet-of-Battlefield-Things, etc. In this paper, we survey articles presenting IoT security solutions published in English since January 2016. We make a number of observations, including the lack of publicly available IoT datasets that can be used by the research and practitioner communities. Given the potentially sensitive nature of IoT datasets, there is a need to develop a standard for sharing IoT datasets among the research and practitioner communities and other relevant stakeholders. Thus, we posit the potential for blockchain technology in facilitating secure sharing of IoT datasets (e.g., using blockchain to ensure the integrity of shared datasets) and securing IoT systems, before presenting two conceptual blockchain-based approaches. We then conclude this paper with nine potential research questions. Keywords: Blockchain, Blockchain security, Collaborative security, Internet-of-military things, IoT dataset, IoT self-healing, IoT security, Intrusion-prevention system, Predictive IoT security, Predictive security
Intrusion prevention is significant to avoid device damage and financial losses. Researchers have proposed various Intrusion Prevention Systems (IPS) to prevent malware, including traditional and ...SDN-based IPS. However, existing IPSs suffer from low throughput problems caused by detection and rule-installation delays. Here, we propose a programmable switch-base IPS (named PS-IPS), which utilizes the switch CPU and pipeline to detect malware. PS-IPS consists of four main components: (1) parser, (2) flow filter, (3) recirculation director, and (4) malware detector. According to the experiment, PS-IPS achieves a 183X throughput than the SDN-based IPS. The response time of PS-IPS is also reduced by 99.99%, showing that PS-IPS effectively prevents malware with a single programmable switch.
•PS-IPS implements ML-based malware prevention on a single commercial programmable switch.•PS-IPS achieves 99.57% detection accuracy by applying the Aposemat IoT-23 traffic data set.•PS-IPS has 183X higher throughput and 99.99% lower response time than the SDN-based IPS.
Computer networks are built to achieve the main goal of communicating with each other . During the transmission process, it is expected that information can be conveyed quickly, efficiently and ...safely. Network security serves to avoid damage or even data loss caused by attacker activities during the communication process. Security aspects that need to be maintained in data information are Confidentiality, Integrity and Availability. Intrusion Prevention System is a solution that can maintain network security from various attacks. The Intrusion Prevention System will act as a protector on the network by detecting and preventing suspicious traffic on nodes in a network. The Intrusion Prevention System in its implementation has several tools which are used in this study, namely Snort and IPTables. Testing is done by performing attacks on the Web Server. The attacks carried out are Port Scanning, DDoS attacks and Brute Force. The results of this study are based on the CIA Triad with the three attacks having different characteristics in terms of cause and effect. On the defense side, Port Scanning and Brute Force can be easily prevented by IPS, but in DDoS attacks there are differences in results between drop and reject rule. In a DDoS attack with an action drop rule, it can recover the web server in 160 seconds while the action reject rule can be restored at 145 seconds which normally can be recovered in a DDoS attack in 165 seconds. The IPS server can also reduce resources when there is a DDoS attack by 9.2% .
A survey of intrusion detection techniques in Cloud Modi, Chirag; Patel, Dhiren; Borisaniya, Bhavesh ...
Journal of network and computer applications,
January 2013, 2013, 2013-1-00, Letnik:
36, Številka:
1
Journal Article
Recenzirano
Odprti dostop
In this paper, we survey different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. Proposals incorporating Intrusion Detection Systems (IDS) and ...Intrusion Prevention Systems (IPS) in Cloud are examined. We recommend IDS/IPS positioning in Cloud environment to achieve desired security in the next generation networks.
Application layer distributed denial of service (DDoS) attacks have become a severe threat to the security of web servers. These attacks evade most intrusion prevention systems by sending numerous ...benign HTTP requests. Since most of these attacks are launched abruptly and severely, a fast intrusion prevention system is desirable to detect and mitigate these attacks as soon as possible. In this paper, we propose an effective defense system, named SkyShield, which leverages the sketch data structure to quickly detect and mitigate application layer DDoS attacks. First, we propose a novel calculation of the divergence between two sketches, which alleviates the impact of network dynamics and improves the detection accuracy. Second, we utilize the abnormal sketch to facilitate the identification of malicious hosts of an ongoing attack. This improves the efficiency of SkyShield by avoiding the reverse calculation of malicious hosts. We have developed a prototype of SkyShield and carefully evaluated its effectiveness using real attack data collected from a large-scale web cluster. The experimental results show that SkyShield can quickly reduce malicious requests, while posing a limited impact on normal users.
Nowadays, the Internet of Things (IoT) environments are evolving and becoming popular. The number of devices connected to the Internet continues to raise. IoT is an interrelated network of numerous ...devices in which data is automatically gathered from the environment by the sensors and transferred over the internet without human support and intervention. The IoT eases individuals interacting with real-world applications over the internet in the IoT environment. Modern innovations in IoT have added computers, sensors, streets, buildings, and even communities to the impression of smartness. IoT appliances function in distinct environments to fulfill several purposes; result in the variety of computational devices and communication technologies employed in healthcare, education, military, agriculture, and commerce. Thus, IoT holds a lot of promise for enhancing social and corporate life. Nevertheless, IoT equipment are a soft target and prone to attacks due substantially to their resource limitations, and the nature of their networks. There are many approaches and technologies utilized to preclude IoT from varied attacks and assaults, Intrusion Detection System (IDS) and Intrusion Preventions System (IPS) are some of them, which can ensure the security, privacy, and reliability of the IoT. In this paper, we provide a deep study of many recent and pertinent IDS/IPS proposed between 2019 and 2022 for IoT networks, giving their key specifics, strengths, shortcomings, and challenges in order to spot the issues that still require to be handled. The paper also lines the mainstream research direction and opens the way for new avenues of research for forthcoming researchers.
The smart grid (SG) paradigm is the next technological leap of the conventional electrical grid, contributing to the protection of the physical environment and providing multiple advantages such as ...increased reliability, better service quality, and the efficient utilization of the existing infrastructure and the renewable energy resources. However, despite the fact that it brings beneficial environmental, economic, and social changes, the existence of such a system possesses important security and privacy challenges, since it includes a combination of heterogeneous, co-existing smart, and legacy technologies. Based on the rapid evolution of the cyber-physical systems (CPS), both academia and industry have developed appropriate measures for enhancing the security surface of the SG paradigm using, for example, integrating efficient, lightweight encryption and authorization mechanisms. Nevertheless, these mechanisms may not prevent various security threats, such as denial of service (DoS) attacks that target on the availability of the underlying systems. An efficient countermeasure against several cyberattacks is the intrusion detection and prevention system (IDPS). In this paper, we examine the contribution of the IDPSs in the SG paradigm, providing an analysis of 37 cases. More detailed, these systems can be considered as a secondary defense mechanism, which enhances the cryptographic processes, by timely detecting or/and preventing potential security violations. For instance, if a cyberattack bypasses the essential encryption and authorization mechanisms, then the IDPS systems can act as a secondary protection service, informing the system operator for the presence of the specific attack or enabling appropriate preventive countermeasures. The cases we study focused on the advanced metering infrastructure (AMI), supervisory control and data acquisition (SCADA) systems, substations, and synchrophasors. Based on our comparative analysis, the limitations and the shortcomings of the current IDPS systems are identified, whereas appropriate recommendations are provided for future research efforts.
UAV-enabled Integrated Sensing and Communication (ISAC) in sixth-generation (6G) wireless networks has sparked significant research interest. UAVs are positioned as aerial wireless platforms, ...extending coverage and improving Sensing and Communication (S&C) services. However, integrating UAVs introduces vulnerabilities due to multi-connectivity, necessitating robust security measures. To address this, efforts are focused on developing effective Intrusion Detection Systems (IDS). Here ML-based IDSs depend on the most suited Machine Learning (ML) algorithms for improved detection accuracy. However, inadequate detection features frequently contribute to the limitations of detection accuracy in various emerging cyber-attacks. Our study explores attack traits in UAV-enabled 6G networks, using complementary detection features to enhance ML-based attack detection. Additionally, existing Deep Neural Network (DNN) solutions for UAVs-enabled 6G networks mainly use single models (e.g., CNN, SVM, CGAN) instead of multi-tier models, (e.g., Hybrid, Fusion, Ensemble). Here, although the use of a single model can be faster for computer systems, it is difficult to understand the growing complexity of intrusion patterns in data. Also, these single models might not be good at recognizing the unique patterns of less common issues in datasets. Thus, we propose a fusion multi-tier DNN-based Collaborative Intrusion Detection and Prevention System (CIDPS) for critical UAV-enabled 6G networks. This system boosts accuracy without sacrificing latency reductions. Our approach learns decision boundaries from imbalanced data points using preceding DNNs sequentially. Moreover, most existing research works do not focus on intrusion prevention methods and deployment frameworks for UAV networks. This research proposes effective IPS mechanisms and deployment architecture for CIDPS in UAV-enabled 6G networks. It incorporates a CIDPS with an emergency response protocol, neutralizing attacks upon anomaly detection. We validate our solution through diverse dataset experiments (UAVIDS-2020, NF-UQ-NIDS-v2, 5G-NIDD). Unlike traditional practices where IDS are simulated, we implement CIDPS on actual UAV devices (PX4 Vision Dev Kit V1.5, DJI mini se, DJI mini 3 pro) and real-world UAV networks. Our approach outperforms prior algorithms with a 99.25% attack classification accuracy, higher detection efficiency, and lower resource usage, exceeding 99.05% detection rates.
This work presents an Intrusion Prevention System (IPS) called the Embedded Process Prediction Intrusion Prevention System (EPPIPS) to detect cyber-attacks by predicting what harm the attacks could ...cause to the physical process in critical infrastructure. EPIPPS is a digital twin internal to a Programmable Logic Controller (PLC). EPPIPS examines incoming command packets and programs sent to the PLC. If EPPIPS predicts these packets or programs to be harmful, EPPIPS can potentially prevent or limit the harm. EPPIPS consists of a module that examines the packets that would alter settings or actuators and incorporates a model of the physical process to aid in predicting the effect of processing the command. Specifically, EPPIPS determines whether a safety violation would occur for critical variables in the physical system. Experiments were performed on virtual testbeds involving a water tank and pipeline with a variety of command-injection attacks to determine the classification accuracy of EPPIPS. Also, uploaded programs including time and logic bombs are evaluated on whether the programs were unsafe. The results show EEPIPS is effective in predicting effects of setting changes in the PLC. EPPIPS's accuracy is 98% for the water tank and 96% for the pipeline.
Distributed Denial of Services (DDoS) is still considered the main availability problem in computer networks. Developing a programmable Intrusion Prevention System (IPS) application in a Software ...Defined Network (SDN) may solve the specified problem. However, the deployment of centralized logic control can create a single point of failure on the network. This paper proposed the integration of Honeypot Sensor (Suricata) on the SDN environment, namely the SD-Honeypot network, to resolve the DDoS attack using a machine learning approach. The application employed several algorithms (Support Vector Machine (SVM), Multilayer Perceptron (MLP), Gaussian Naive Bayes (GNB), K-Nearest Neighbors (KNN), Classification and Regression Trees (CART), and Random Forest (RF)) and comparatively analyzed. The dataset used during the emulation utilized the extracted Internet Control Message Protocol (ICMP) flood data from the Suricata sensor. In order to measure the effectiveness of detection and mitigation modules, several variables were examined, namely, accuracy, precision, recall, and the promptness of the flow mitigation installation process. The Honeypot server transmitted the flow rule modification message for blocking the attack using the Representational State Transfer Application Programming Interface (REST API). The experiment results showed the effectiveness of CART algorithm for detecting and resolving the intrusion. Despite the accuracy score pointed at 69-70%, the algorithm could promptly deploy the mitigation flow within 31-49ms compared to the SVM, which produced 93-94% accuracy, but the flow installation required 112-305ms. The developed CART module can be considered a solution to prevent the attack effectively based on the analyzed variable.