Distributed Denial of Service attack (DDoS) is recognized to be one of the most catastrophic attacks against various digital communication entities. Software-defined networking (SDN) is an emerging ...technology for computer networks that uses open protocols for controlling switches and routers placed at the network edges by using specialized open programmable interfaces. In this article, a detailed study on DDoS threats prevalent in SDN is presented. First, SDN features are examined from the perspective of security, and then a discussion on SDN security features is done. Further, two viewpoints on protecting networks against DDoS attacks are presented. In the first view, SDN utilizes its abilities to secure conventional networks. In the second view, SDN may become a victim of the threat itself because of the centralized control mechanism. The main focus of this research work is on discovering critical security implications in SDN while reviewing the current ongoing research studies. By emphasizing the available state-of-the-art techniques, an extensive review of the advancement of SDN security is provided to the research and IT communities.
This paper looks into the topic of distributed formation control for a group of quadrotors that are vulnerable to denial-of-service (DoS) attacks. By preventing information interaction between ...adjacent quadrotors, the DoS attacks, which happen independently on individual communication channels, disrupt the formation mission. A decomposition-combination control framework is devised for the formation task. The corresponding high-order dynamic system is partitioned into slow and fast subsystems using the singular perturbation technique, which lessens the computing load and resolves the under-driven issue. A composition formation control scheme is then put forward, which includes a resilient slow-scale controller to tackle DoS attacks along with an optimal fast-scale controller to assure flying performance and stability. It should be noted that position and velocity information, which can be acquired and processed entirely by sub-controller in the proposed method, is the main content of communication between quadrotors, permitting more effective system execution. Finally, a slow-fast composition mechanism is provided, and simulation results of a system containing four quadrotors serve as validation for the suggested methods.
This article investigates the switching-like event-triggered control for networked control systems (NCSs) under the malicious denial of service (DoS) attacks. First, by dividing the DoS attacks into ...S-interval (DoS-free case) and D-interval (DoS case), a switching-like event-triggered communication scheme (SETC) is well designed to deal with intermittent DoS attacks to improve communication efficiency while keeping the desired control performance. Second, by considering the SETC and NCSs into a unified framework, the studied system is transferred into a time-delay system. Then, under the constraint of the number of maximum allowable data dropouts induced by DoS attacks, a stability criterion and a stabilization criterion are derived, which can be used to estimate the event-triggered communication parameters and obtain the security controller gain simultaneously. Moreover, the derived stabilization criterion can also provide a tradeoff to balance communication efficiency and <inline-formula><tex-math notation="LaTeX">H_{\infty }</tex-math></inline-formula> control performance. At last, a networked invert pendulum on a cart is conducted to show the effectiveness of the proposed method.
Despite the increasing popularity of cloud services, ensuring the security and availability of data, resources and services remains an ongoing research challenge. Distributed denial of service (DDoS) ...attacks are not a new threat, but remain a major security challenge and are a topic of ongoing research interest. Mitigating DDoS attack in cloud presents a new dimension to solutions proffered in traditional computing due to its architecture and features. This paper reviews 96 publications on DDoS attack and defense approaches in cloud computing published between January 2009 and December 2015, and discusses existing research trends. A taxonomy and a conceptual cloud DDoS mitigation framework based on change point detection are presented. Future research directions are also outlined.
With the widespread innovation of the Internet of Things (IoT), Software-Defined Networking (SDN), and Cloud Computing, Cyber-Physical System (CPS) have been developed and widely adopted to ...facilitate our daily life and economy. In particular, modern society heavily relies on all kinds of CPSs, such as smart grids, and transportation systems. So the shutdown of critical services can lead to serious consequences. Meanwhile, Distributed Denial-of-Service (DDoS) attacks are becoming a major threat to the internet-enabled CPSs due to their ease of execution and the devastation it causes to the target systems. In addition, since the constant updating of attack methods, there is an urgent need for a method to defend against both known and unknown DDoS attacks. In this paper, we present an adaptive DDoS attack mitigation (ADAM) scheme to detect and mitigate DDoS attacks in Software-Defined CPSs. By combining information entropy and unsupervised anomaly detection methods, ADAM can not only automatically determine the current state, but also adaptively identify suspicious features which are thereafter used to mitigate DDoS attacks in a more precise way. We also propose a pipeline filtering mechanism to accurately drop attack traffic, and this method can be implemented in existing SDN networks without additional devices required. Unlike most of the classification-based DDoS mitigation scenarios, we aim to mitigate a wide spectrum of DDoS attacks without defining attack characteristics in advance. Namely, the main goal of ADAM is to effectively and adaptively defend against DDoS attacks that are constantly updating. Real data-driven experimental results show that ADAM has an average mitigation accuracy of 99.13% under high-intensity DDoS attacks. Compared with similar work, our method reduces the false positive rate by 35%<inline-formula><tex-math notation="LaTeX">\sim</tex-math></inline-formula>59%.
DDoS in the IoT: Mirai and Other Botnets Kolias, Constantinos; Kambourakis, Georgios; Stavrou, Angelos ...
Computer (Long Beach, Calif.),
2017, Volume:
50, Issue:
7
Journal Article
Peer reviewed
The Mirai botnet and its variants and imitators are a wake-up call to the industry to better secure Internet of Things devices or risk exposing the Internet infrastructure to increasingly disruptive ...distributed denial-of-service attacks.
In a distributed cloud context, distributed denial of service (DDoS) attacks are widespread. The services are rendered unavailable to legitimate users as a result of the overwhelming traffic, ...resulting in financial losses. There are possible obstacles, although several researchers have established various mitigation measures. Initially, Software-defined networking technology was revealed to protect businesses from DDoS attacks. DDoS attacks cause server outages and financial losses due to service unavailability. Meeting of service-level agreement with the customers remains a challenge. In this article, the scattered denial-of-service mitigation tree architecture (SDMTA) is used to propose a novel DDoS mitigation strategy for the hybrid cloud environment. To enable detection procedures, the proposed SDMTA mitigation architecture includes integrated network monitoring. The suggested and existing state-of-the-art models' detection rates over the input dataset were estimated. When compared to the existing state-of-the-art model, the system's accuracy, specificity, and sensitivity were found to be 99.7%, 98.32%, and 99.92%, respectively.
This article focuses on distributed adaptive formation tracking control of mobile robots under event-triggered communication (ETC) and denial-of-service (DoS) attacks. Dynamic level of model for ...mobile robots and directed-communication graph condition are considered. To handle the constraint that only part of the robots can access full knowledge of the desired trajectories, distributed event-triggered based estimators are designed. Then, an adaptive tracking control scheme is designed for each robot by utilizing backstepping technique. By analyzing the effects of DoS attacks on ETC, a stability condition constraining the active and suspended durations for each attack period is provided, based on which all closed-loop signals are ensured to be locally uniformly bounded. Moreover, Zeno behaviors are excluded. Experimental results are presented to validate theoretical findings.
This article addresses the distributed model-free adaptive control (DMFAC) problem for learning nonlinear multiagent systems (MASs) subjected to denial-of-service (DoS) attacks. An improved dynamic ...linearization method is proposed to obtain an equivalent linear data model for learning systems. To alleviate the influence of DoS attacks, an attack compensation mechanism is developed. Based on the equivalent linear data model and the attack compensation mechanism, a novel learning-based DMFAC algorithm is developed to resist DoS attacks, which provides a unified framework to solve the leaderless consensus control, the leader-following consensus control, and the containment control problems. Finally, simulation examples are shown to illustrate the effectiveness of the developed DMFAC algorithm.
The Internet-of-Things (IoT) network is growing big owing to its utility in smart applications. An IoT network is susceptible to security breaches, in majority due to the resource-constrained nature ...of IoT. Of the various breaches, the Distributed Denial-of-Service (DDoS) attack can snip off the network service to the users in various ways, such as consumption of server's resources, saturating link bandwidth, etc. These types of DDoS breaches can turn out to be a catastrophe in critical IoT use cases. This article delves into tackling the DDoS attack triggered by malicious wireless IoT on IoT servers. Our security scheme leverages the cloud and software-defined network (SDN) paradigm to mitigate the DDoS attack on IoT servers. We have proposed a novel mechanism named learning-driven detection mitigation (LEDEM) that detects DDoS using a semisupervised machine-learning algorithm and mitigates DDoS. We tested LEDEM in the testbed and emulated topology, and compared the results with state-of-the-art solutions. We achieved an improved accuracy rate of 96.28% in detecting DDoS attack.
PDF
