Botnets and Internet of Things Security Bertino, Elisa; Islam, Nayeem
Computer (Long Beach, Calif.),
2017-Feb., 2017-2-00, 20170201, Volume:
50, Issue:
2
Journal Article
Peer reviewed
Recent distributed denial-of-service attacks demonstrate the high vulnerability of Internet of Things (IoT) systems and devices. Addressing this challenge will require scalable security solutions ...optimized for the IoT ecosystem.
This article focuses on the formation control problem of nonlinear multiagent systems under denial-of-service attacks. The formation control can be preserved by the distributed hybrid ...event-triggering strategies (HETSs). As a balance between periodic and continuous event-triggering strategies, HETS arranges a tradeoff between the resource utilization and the communication frequency among agents. Theoretical results are verified using a benchmark problem of six miniature quadrotor prototypes.
This article addresses quantized output feedback stabilization under denial-of-service (DoS) attacks. First, assuming that the duration and frequency of DoS attacks are averagely bounded and that an ...initial bound of the plant state is known, we propose an output encoding scheme that achieves exponential convergence with finite data rates. Next, we show that a suitable state transformation allows us to remove the assumption on the DoS frequency. Finally, we discuss the derivation of state bounds under DoS attacks and obtain sufficient conditions on the bounds of DoS duration and frequency for achieving Lyapunov stability of the closed-loop system.
Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' ...access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.
This paper is concerned with the quantized consensus problem for uncertain nonlinear multi-agent systems under data-rate constraints and Denial-of-Service (DoS) attacks. The agents are modeled in ...strict-feedback form with unknown nonlinear dynamics and external disturbance. Extended state observers (ESOs) are leveraged to estimate agents' total uncertainties along with their states. To mitigate the effects of DoS attacks, a novel dynamic quantization with zooming-in and holding capabilities is proposed. The idea is to zoom-in and hold the variable to be quantized if the system is in the absence and presence of DoS attacks, respectively. The control protocol is given in terms of the outputs of the ESOs and the dynamic-quantization-based encoders and decoders. We show that, for a connected undirected network, the developed control protocol is capable of handling any DoS attacks inducing bounded consecutive packet losses with merely 3-level quantization. The application of the zooming-in and holding approach to known linear multi-agent systems is also discussed.
We consider the problem of resilient control of networked control system (NCS) under denial-of-service (DoS) attack via a unified game approach. The DoS attacks lead to extra constraints in the NCS, ...where the packets may be jammed by a malicious adversary. Considering the attack-induced packet dropout, optimal control strategies with multitasking and central-tasking structures are developed using game theory in the delta domain, respectively. Based on the optimal control structures, we propose optimality criteria and algorithms for both cyber defenders and DoS attackers. Both simulation and experimental results are provided to illustrate the effectiveness of the proposed design procedure.
Distributed Denial of Service (DDoS) attacks are one of the most harmful threats in today's Internet, disrupting the availability of essential services. The challenge of DDoS detection is the ...combination of attack approaches coupled with the volume of live traffic to be analysed. In this paper, we present a practical, lightweight deep learning DDoS detection system called Lucid, which exploits the properties of Convolutional Neural Networks (CNNs) to classify traffic flows as either malicious or benign. We make four main contributions; (1) an innovative application of a CNN to detect DDoS traffic with low processing overhead, (2) a dataset-agnostic preprocessing mechanism to produce traffic observations for online attack detection, (3) an activation analysis to explain Lucid's DDoS classification, and (4) an empirical validation of the solution on a resource-constrained hardware platform. Using the latest datasets, Lucid matches existing state-of-the-art detection accuracy whilst presenting a 40x reduction in processing time, as compared to the state-of-the-art. With our evaluation results, we prove that the proposed approach is suitable for effective DDoS detection in resource-constrained operational environments.
The fable of the Emperor's New Clothes is a classic example of a conspiracy of silence, a situation where everyone refuses to acknowledge an obvious truth. But the denial of social realities -- ...whether incest, alcoholism, corruption, or even genocide -- is no fairy tale. In this book, the author sheds new light on the social and political underpinnings of silence and denial -- the keeping of "open secrets." The author shows that conspiracies of silence exist at every level of society, ranging from small groups to large corporations, from personal friendships to politics. Drawing on examples from newspapers and comedy shows to novels, children's stories, and film, the book travels back and forth across different levels of social life, and from everyday moments to large-scale historical events. At its core, the book helps us understand why we ignore truths that are known to all of us. The author shows how such conspiracies evolve, illuminating the social pressures that cause people to deny what is right before their eyes. We see how each conspirator's denial is symbiotically complemented by the others, and we learn that silence is usually more intense when there are more people conspiring -- and especially when there are significant power differences among them. He concludes by showing that the longer we ignore "elephants," the larger they loom in our minds, as each avoidance triggers an even greater spiral of denial. Social life in families, organizations, communities and even entire nations is full of situations where the emperor has no clothes. The book illuminates the dynamics behind these situations, revealing why we ignore obvious and alarming realities.
Distributed Denial of Service attack (DDoS) is recognized to be one of the most catastrophic attacks against various digital communication entities. Software-defined networking (SDN) is an emerging ...technology for computer networks that uses open protocols for controlling switches and routers placed at the network edges by using specialized open programmable interfaces. In this article, a detailed study on DDoS threats prevalent in SDN is presented. First, SDN features are examined from the perspective of security, and then a discussion on SDN security features is done. Further, two viewpoints on protecting networks against DDoS attacks are presented. In the first view, SDN utilizes its abilities to secure conventional networks. In the second view, SDN may become a victim of the threat itself because of the centralized control mechanism. The main focus of this research work is on discovering critical security implications in SDN while reviewing the current ongoing research studies. By emphasizing the available state-of-the-art techniques, an extensive review of the advancement of SDN security is provided to the research and IT communities.
PDF
