Shuang Hao,Hua Song,Wenbao Jiang,Yiqi Dai

DOI: https://doi.org/10.1109/iscst.2005.1553301

2005-01-01

Abstract:With the development of network communication and collaboration, distributed denial-of-service (DDos) attack increasingly becomes one of the hardest and most annoying network security problems to address. In this paper, we present a new framework to detect the DDos attacks according to the packet flows of specific protocols. Our aim is to detect the attacks as early as possible and avoid the unnecessary false positive. A Gaussian parametrical mixture model is utilized to estimate the normal behavior and a queue model is adopted for detecting the attacks. Experiments verify that our proposed approach is effective and has reasonable accuracy.

WEI Wei,DONG Ya-bo,LU Dong-ming,JIN Guang

DOI: https://doi.org/10.3785/j.issn.1008-973x.2008.05.007

2008-01-01

Abstract:Low rate TCP-targeted denial of service(DoS) attack makes use of time-out and retransmission mechanism in transmission control protocol(TCP) and could severely decrease the throughput of legitimate TCP traffic.With its attacking traffic pattern,obvious difference was found between the power spectrum density(PSD) of legitimate and attack traffic samples.The statistical characteristic of this difference in history data was analyzed,and a detection method using the summation of low frequency was proposed.Meanwhile,based on the methods of leak bucket and the increasing of routing buffer,a response method was provided,which uses leak bucket periodically for smoothing the flow and uses buffer for holding extra traffic to send in next period,and its reasonable resource requirement was proved.Simulations show that for more general attack scenarios than the existing methods,the detection method has very low positive and negative false ratio,and the response method can depress attack flows more effectively than the previous methods and maintain the legitimate throughput in a normal level while the previous methods failed.

Haiding Tang,Zhouzheng Lu,Lifu Zhang,Yang Chen,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/etfa.2015.7301498

2015-01-01

Abstract:Recently, the industrial wireless protocols have been widely used around the world. However, the unreliable communication media between the sensors and the central controller renders the wireless signal channel vulnerable to many attacks. Various efforts have been devoted to study the influence of specific malicious attacks from the aspect of theoretical investigation based on different assumptions. This paper focuses on verifying the optimal Denial-of-Service (DoS) jamming attack strategy on a class of wireless industrial control system from the view of experiments. We first introduce typical control system model and DoS attack model, and an optimal DoS attack schedule against LQG control based on these models. Then, we establish a semi-physical security testbed which consists of virtual plant, physical controller and communication process. We also realize wireless DoS attacks by exploiting the USRP device. Through extensive experiments and analysis, we investigate the performance of different DoS attack strategies on the LQG control system over an inverted pendulum.

Wei Wei,Houbing Song,Huihui Wang,Xiumei Fan

DOI: https://doi.org/10.1109/access.2017.2681684

IF: 3.9

2017-01-01

IEEE Access

Abstract:Concentrating on the influence of DDoS applied to ad hoc networks, we introduced three classic queue management algorithms: Drop-Tail, random early detection (RED), and random exponential marking (REM). We analyzed and compared the defensive abilities of these algorithms applied to ad hoc networks with NS2 under DDoS attack. The results showed that active queue management algorithms, such as REM and RED, exhibited stronger defensive abilities than the passive queue management algorithm Drop-Tail under medium- and small-scale DDoS attacks; however, under large-scale DDoS attack, all three algorithms exhibited insufficient defensive capabilities. This means that other defense schemes, such as network detection, must be integrated into security schemes to defeat DDoS attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yongyang Liu,Jingqiu Guo,Yibing Wang

DOI: https://doi.org/10.1155/2018/6986198

IF: 2.249

2018-01-01

Journal of Advanced Transportation

Abstract:Deterministic/point/vertical and shockwave/physical/horizontal queueing models are widely used in traffic operation to estimate vehicular queue length and delays at bottlenecks such as signalized intersections. The consistency between the two types of queueing model in terms of their estimation performance has been a subject of debate for decades. This paper reexamines the issue, typically with respect to oversaturated signal intersections, and demonstrates the consistency based on analytical studies and microscopic simulations. While fixed-location sensor data was dominating, it was hardly possible to construct the deterministic or shockwave queueing profile using real data. For this reason, either profile had significance only at a conceptual level and could not be put into practical usage. With the quick spread of mobile sensing data, however, the situation has drastically changed. In this context, this paper also intends to develop an efficient approach to the reconstruction of the deterministic and shockwave queueing profiles in a quasi-real-time manner using very limited mobile sensing data. Microscopic simulations with AIMSUN have demonstrated the efficiency of the approach as well as the analytical results obtained in this paper.

Jian Wang,Aiping Huang,Wei Wang,Rui Yin

DOI: https://doi.org/10.1109/wcnc.2012.6213973

2012-01-01

Abstract:In this paper, the queue dynamics of secondary users (SUs) in a multi-SU and multi-channel cognitive radio network is analyzed to obtain the expressions of quality of service (QoS) metrics. Specially, in the analysis, we take several lower-layer mechanisms and settings into account, including automatic repeat request (ARQ), finite-size buffer, adaptive modulation and coding (AMC) and non-ignorable spectrum sensing errors. By modeling the queue dynamics as a Markov chain, we derive the analytical expressions of queue length, packet dropping rate and packet collision rate. Based on these expressions, the QoS metrics including delay, packet loss rate and throughput are calculated further. Through simulation, our queueing analysis is verified and the QoS metrics are investigated.

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Peng Zhang,Huanzhao Wang,Chengchen Hu,Chuang Lin

DOI: https://doi.org/10.1109/mnet.2016.1600109nm

IF: 10.294

2016-01-01

IEEE Network

Abstract:Software defined networking greatly simplifies network management by decoupling control functions from the network data plane. However, such a decoupling also opens SDN to various denial of service attacks: an adversary can easily exhaust network resources by flooding short-lived spoofed flows. Toward this issue, we present a comprehensive study of DoS attacks in SDN, and propose multi-layer fair queueing (MLFQ), a simple but effective DoS mitigation method. MLFQ enforces fair sharing of an SDN controller's resources with multiple layers of queues, which can dynamically expand and aggregate according to controller load. Both testbed-based and emulation-based experiments demonstrate the effectiveness of MLFQ in mitigating DoS attacks targeted at SDN controllers.

Jianmin Zhang,Yi Chen,Naizheng Jin,Lianquan Hou,Qianzhi Zhang

DOI: https://doi.org/10.1109/pesgm.2017.8274254

2017-01-01

Abstract:Due to DoS (Denial of Service) as the most serious cyber attack for digital substation, a modeling of data flow with different properties as periodic, random, sudden response is firstly introduced, followed by a simulation modeling of DoS attack based on the SYN-Flood principle; the module design and simulation implementation scheme based on OPNET platform has been proposed in detail. The simulation scenario is selected as the star network where the station layer server is under the SYN_flood attack, and the case studies are made for wide-band of 10BaseT and 100BaseT data link. The simulation results give the performances of the station layer server before and after SYN_flood attack, and the attack consequences are long stay at a high CPU utilization, time delay increasing of TCP connection, and the increasing of link throughput to exhaust the link band, etc., in which the attempts of DoS are exposed to make the station layer server disable to response the normal business request, i.e., to deny the service.

Zhen Cao,Zhi Guan,Zhong Chen,Jian-Bin Hu,Li-Yong Tang

DOI: https://doi.org/10.1007/s11390-010-9330-4

2010-01-01

Abstract:Denial-of-Service (DoS) attacks are virulent to both computer and networked systems. Modeling and evaluating DoS attacks are very important issues to networked systems; they provide both mathematical foundations and theoretic guidelines to security system design. As defense against DoS has been built more and more into security protocols, this paper studies how to evaluate the risk of DoS in security protocols. First, we build a formal framework to model protocol operations and attacker capabilities. Then we propose an economic model for the risk evaluation. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the “Value-at-Risk” (VaR) for the security protocols. The “Value-at-Risk” represents how much computing resources are expected to lose with a given level of confidence. The proposed model can help users to have a better understanding of the protocols they are using, and in the meantime help designers to examine their designs and get clues of improvement. Finally we apply the proposed model to analyze a key agreement protocol used in sensor networks and identify a DoS flaw there, and we also validate the applicability and effectiveness of our risk evaluation model by applying it to analyze and compare two public key authentication protocols.

Yan Chen,Adam Bargteil,David Bindel,Randy H. Katz,John Kubiatowicz

DOI: https://doi.org/10.1007/3-540-45600-7_37

2001-01-01

Abstract:Network Denial of Service (DoS) attacks are increasing in frequency, severity and sophistication, making it desirable to measure the resilience of systems to DoS attacks. In this paper, we propose a simulation-based methodology and apply it to attacks on object location services such as DNS. Our results allow us to contrast the DoS resilience of three distinct architectures for object location.

Adam Bargteil,David Bindel,Yan Chen

2000-01-01

Abstract:Denial of Service (DoS) attacks are increasing in fre- quency, severity and sophistication. Most previous work has focused on DoS attacks which take advan- tage of a protocol to launch the attack. We take the view that DoS attack is any malicious action which reduces the availability of some resource to some users. We set as a goal a general methodol- ogy for measuring the resilience of a system to broad classes of attacks. As a first step toward this ambi- tious goal, we have studied the effect of a variety of attacks on directory services in a network setting.

Jiahu Qin,Menglin Li,Ling Shi,Xinghuo Yu

DOI: https://doi.org/10.1109/tac.2017.2756259

IF: 6.549

2017-01-01

IEEE Transactions on Automatic Control

Abstract:The recent years have seen a surge of security issues of cyber-physical systems (CPS). In this paper, denial-of-service (DoS) attack scheduling is investigated in depth. Specifically, we consider a system where a remote estimator receives the data packet sent by a sensor over a wireless network at each time instant, and an energy-constrained attacker that cannot launch DoS attacks all the time designs the optimal DoS attack scheduling to maximize the attacking effect on the remote estimation performance. Most of the existing works concerning DoS attacks focus on the ideal scenario in which data packets can be received successfully if there is no DoS attack. To capture the unreliability nature of practical networks, we study the packet-dropping network in which packet dropouts may occur even in the absence of attack. We derive the optimal attack scheduling scheme that maximizes the average expected estimation error, and the one which maximizes the expected terminal estimation error over packet-dropping networks. We also present some countermeasures against DoS attacks, and discuss the optimal defense strategy, and how the optimal attack schedule can serve for more effective and resource-saving countermeasures. We further investigate the optimal attack schedule with multiple sensors. The optimality of the theoretical results is demonstrated by numerical simulations.

LIN Chuang,WANG Yang,LI Quan-Lin

DOI: https://doi.org/10.3321/j.issn:0254-4164.2005.12.001

2005-01-01

Chinese Journal of Computers

Abstract:Network systems are becoming more complex and larger, and specifically network attacks and security destroy is also increasingly prevalent and multiple. Network security is being confronted with many significant challenges. Network security is one of the most important scientific issues in the world and has been an important factor which effects on social improvement and national develop strategy. In this paper, we provide a complete overview on stochastic models and evaluation techniques for network security. The authors indicate the present status and evolvement in the area of network security. The authors provide several effective and efficient methods for modeling and analysis of network security, and also analyze network survivability. Finally, the authors give some concluding remarks on new and challenging directions for future and potential research of network security.

Yang Wang,Chuang Lin,Quan-Lin Li

DOI: https://doi.org/10.1016/j.peva.2010.01.003

IF: 2.205

2010-01-01

Performance Evaluation

Abstract:Email is a crucial part of our daily life, but email systems are facing increasing security threats such as attacks and spam. Because of this, new mechanisms are being provided to defend against the attacks and to reduce the amount of spam in email systems. Up to now, few available works have been reported on the performance evaluation of email systems under attack, which has become necessary for enhancing email security. In this paper, we propose a novel method to study the impact of three types of attacks on email systems. We construct a multiple queueing model to characterize three types of attacks integrally, and study the performance metrics of system security such as system availability, average queue length and information leakage probability. Numerical examples indicate that the approach of this paper is effective and efficient for dealing with the security analysis of email systems under attack. We believe that this work will open a new avenue for the performance evaluation of computer networks under email attack and other forms of attacks. (C) 2010 Elsevier B.V. All rights reserved.

Naixue Xiong,Laurence T. Yang,Yaoxue Zhang,Yuezhi Zhou,Yingshu Li

DOI: https://doi.org/10.1109/euc.2008.179

2008-01-01

Abstract:The recently proposed Active Queue Management (AQM) is an effective method used in Internet routers for congestion control, and to achieve a tradeoff between link utilization and delay. The de facto standard, the Random Early Detection (RED) AQM scheme, and most of its variants use average queue length as a congestion indicator to trigger packet dropping. In this paper, we propose a novel proportional and differential RED algorithm, called NPDRED, as an extension of RED. NPD-RED is based on a self-tuning Proportional and Differential controller, which not only considers the instantaneous queue length at the current time point, but also takes into consideration the ratio of the current differential error signal to the buffer size. Furthermore, we give theoretical analysis of the system stability and give guidelines for the selection of feedback gains for the TCP/RED system to stabilize the instantaneous queue length at a desirable level. Extensive simulations have been conducted with ns2. The simulation results have demonstrated that the proposed NPD-RED algorithm outperforms the existing AQM schemes in terms of average queue length,average throughput, and stability.

Li Qiu,Shuyou Zhou,Yidan Wen,Marzieh Najariyan,Chengxiang Liu

DOI: https://doi.org/10.1109/tcsii.2024.3358016

2024-01-01

Abstract:In this brief, the denial of service (DoS) attacks on the communication channel of the semi-Markov jump system are studied. Firstly, the DoS attacks are modeled as a Markov chain, and then a networked semi-Markov jump system model with DoS attacks is proposed. Based on this model, the network semi-Markov jump system stability under the DoS attacks is analyzed, and the mean square stability lemma is derived. According to the mean square stability condition of the system, the sufficient condition of the mean square stability of the system is put forward, and the mean square stability controller is designed according to the sufficient condition. Due to the introduction of the DoS attacks, a new Lyapunov function is constructed, and linear matrix inequality(LMI) is derived. Finally, several groups of comparative simulation are constructed to verify the compensation effect of control strategy on DoS attacks and frequent system switching.

engineering, electrical & electronic

Rongfei Zeng,Chuang Lin,Hongkun Yang,Yuanzhuo Wang,Yang Wang,Peter Ungsunan

DOI: https://doi.org/10.1109/AINA.2009.81

2009-01-01

Abstract:Seamless handover is one of the most attractive research fields in B3G systems. Many mechanisms are proposed to provide certain QoS guarantees in handovers of mobile systems, which would also introduce new threats, such as DoS and DDOS attacks. In this paper, we extend a cookie-based scheme to protect systems from DoS and DDoS attacks. We also adopt a novel queuing network model to analyze our scheme by estimating two essential metrics, i.e. the mean total response time and the mean queue length of MAP. Numerical results indicate that our mechanism works better than the traditional cookie-based scheme and it could effectively help networks defend against abnormal attacks in the handover process.

Xiaohu Li,Timothy Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1109/tdsc.2008.75

2011-01-01

Abstract:Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are necessary, they cannot address a defender's need for insight into which aspects of a networked system having a significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The resulting model captures two aspects of a networked system:1) the strength of deployed security mechanisms such as intrusion detection systems and 2) the underlying vulnerability graph, which reflects how attacks may proceed. The resulting model brings the following insights: 1) How should a defender “tune” system configurations (e.g., network topology) so as to improve security? 2) How should a defender “tune” system parameters (e.g., by upgrading which security mechanisms) so as to improve security? 3) Under what conditions is the steady-state number of compromised entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically.