Xiang Li,Na Ruan,Fan Wu,Jie Li,Mengyuan Li

DOI: https://doi.org/10.1109/PCCC.2014.7017109

2014-01-01

Abstract:Providing lightweight authentication and resisting Denial of Service (DoS) attacks are challenging problems in wireless ad hoc networks, such as wireless sensor networks (WSNs). We introduce two improved protocols based on fault-tolerant protocol and DoS-resistant protocol in Multilevel μTESLA to overcome these difficulties. The proposed Efficient Fault-Tolerant Protocol contributes in shortening the recovery time when highlevel packets are lost, and hence reduces the risk of memory-based DoS attacks. The proposed Enhanced DoS-Resistant Protocol enhances the resistance to DoS attacks by offering packet-loss recovery of authentication message.

Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Keval Doshi,Yasin Yilmaz,Suleyman Uludag

DOI: https://doi.org/10.48550/arXiv.2006.08064

2020-06-15

Abstract:Internet of Things (IoT) networks consist of sensors, actuators, mobile and wearable devices that can connect to the Internet. With billions of such devices already in the market which have significant vulnerabilities, there is a dangerous threat to the Internet services and also some cyber-physical systems that are also connected to the Internet. Specifically, due to their existing vulnerabilities IoT devices are susceptible to being compromised and being part of a new type of stealthy Distributed Denial of Service (DDoS) attack, called Mongolian DDoS, which is characterized by its widely distributed nature and small attack size from each source. This study proposes a novel anomaly-based Intrusion Detection System (IDS) that is capable of timely detecting and mitigating this emerging type of DDoS attacks. The proposed IDS's capability of detecting and mitigating stealthy DDoS attacks with even very low attack size per source is demonstrated through numerical and testbed experiments.

Cryptography and Security,Networking and Internet Architecture,Machine Learning

Stefan Hristozov,Manuel Huber,Georg Sigl

DOI: https://doi.org/10.1109/host45689.2020.9300290

2020-12-07

Abstract:Many IoT use cases involve constrained battery powered devices offering services in a RESTful manner to their communication partners. Such services may involve, e.g., costly computations or actuator/sensor usage, which may have significant influence on the power consumption of the service Providers. Remote attackers may excessively use those services in order to exhaust the Providers’ batteries, which is a form of a Denial of Service (DoS) attack. Previous work proposed solutions based on lightweight symmetric authentication. These solutions scale poorly due to requiring pre-shared keys and do not provide protection against compromised service Requesters. In contrast, we consider more powerful attackers even capable of compromising legit Requesters. We propose a method that combines attacker detection and throttling, conducted by a third trusted Backend, with a lightweight authentication protocol. For attacker detection and throttling, we propose a novel approach using rate limitation algorithms. In addition, we propose and formally verify two authentication protocols suitable for different, widely used IoT network topologies. Our protocols ensure service availability for benign Requesters even if Providers are under a battery exhaustion attack. The protocols do neither require pre-shared keys between Requesters and Providers, nor the usage of asymmetric cryptography and public key infrastructures on the Provider. This makes our protocols suitable for a variety of IoT deployments involving constrained devices and constrained networks. We demonstrate the feasibility of our method through a simulation and a proof of concept implementation.

Na Ruan,Lei Gao,Haojin Zhu,Weijia Jia,Xiang Li,Qi Hu

DOI: https://doi.org/10.1109/icdcs.2016.66

2016-01-01

Abstract:With the increasing demand of Quality of Service(QoS) in Crowdsensing Networks, providing broadcast authentication and preventing Denial of Service (DoS) attacks become not only a fundamental issue but also a challenging security service. The multi-level TESLA is a series of lightweight broadcast authentication protocols, which can effectively mitigate DoS attacks via randomly selected messages. However, the rule of the parameter selection still remains a problem. In this paper, we formulate the attack-defense model as an evolutionary game accordingly, and then present an optimal solution, which achieves security assurance along with minimum resource cost. We then analyze the stability of our evolutionary strategy theoretically. Simulation results are given to evaluate the performance of the proposed algorithm under low QoS channels and severe DoS attacks, which demonstrates that our proposed protocol canworks even in the extreme case.

Mustafa Sanlı

DOI: https://doi.org/10.1007/s13369-023-08669-w

IF: 2.807

2024-02-23

Arabian Journal for Science and Engineering

Abstract:The increasing number of sensors and Internet of Things (IoT) devices have made the Denial of Service (DoS) attacks in IoT networks a significant security threat. The inherent characteristics of IoT networks such as the large number of end nodes, the heterogeneous nature of IoT networks, resource limitations in routers, and the multiplicity of application areas in daily life, make the investigation of attacks in these networks a major and important research problem. This paper presents a new approach for detecting and mitigating DoS attacks in IoT networks. The proposed approach is implemented on an Field Programmable Gate Array (FPGA)-based platform and tested for performance against different types of DoS attacks. The approach can respond quickly to attacks specific to IoT networks and can be easily implemented on hardware with low resource requirements.

multidisciplinary sciences

S.A.Arunmozhi,Y.Venkataramani

DOI: https://doi.org/10.5121/ijnsa.2011.3312

2011-06-07

Abstract:The wireless ad hoc networks are highly vulnerable to distributed denial of service(DDoS) attacks because of its unique characteristics such as open network architecture, shared wireless medium and stringent resource constraints. These attacks throttle the tcp throughput heavily and reduce the quality of service(QoS) to end systems gradually rather than refusing the clients from the services completely. In this paper, we discussed the DDoS attacks and proposed a defense scheme to improve the performance of the ad hoc networks. Our proposed defense mechanism uses the medium access control (MAC) layer information to detect the attackers. The status values from MAC layer that can be used for detection are Frequency of receiving RTS/CTS packets, Frequency of sensing a busy channel and the number of RTS/DATA retransmissions. Once the attackers are identified, all the packets from those nodes will be blocked. The network resources are made available to the legitimate users. We perform the simulation with Network Simulator NS2 and we proved that our proposed system improves the network performance.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Saurav Kumar,Ajit kumar Keshri

DOI: https://doi.org/10.1016/j.knosys.2024.112052

IF: 8.139

2024-06-21

Knowledge-Based Systems

Abstract:The Internet of Things enables the creation of transmitted use cases for interconnected devices and complementary channels. The varied structure of it creates additional security needs and problems. In particular, the safeguards used in the IoT should adjust to the changing environment. One of the major dangers to the World Wide Web (WWW) things is Distributed Denial of Service (DDoS). Therefore, in this work, an intelligent Game Theory-based Adaptive security (GT-AS) mathematical model was developed to maximize the effectiveness of DDoS attack mitigation. Moreover, this strategy can strongly derive the five parameters such as energy channel, memory, intruder, and hybrid. These all can achieve a stronger defense posture against DDoS attacks from the newly designed IoT. Consequently, the Recurrent Bat (RB) framework is developed to classify the nodes into two classes such as trusted node and malicious node. In addition, the proposed frameworks analyze how protection effectiveness and energy consumption interact when evaluating adaptive security techniques. To analyze the effectiveness of the suggested paradigm, researchers also give the outcomes of simulation experiments. Researchers demonstrate that, in comparison to existing models, the developed approach has increased the lifespan of the connected objects by 47 %. Also, the developed strategy has attained better accuracy and lower error rates when comparing traditional strategies. Moreover, the packet delivery ratio is 60 KB, energy consumption is 116 KJ, Mean Location Error is 0.078 and resource usage is 148.

computer science, artificial intelligence

Xiaofen Fang,Kunli Fang,Guohua Li,Xinjun Jin,Lihui Zheng

DOI: https://doi.org/10.26855/ea.2022.12.006

2023-01-01

Engineering Advances

Abstract:Smart vehicles constitute the intelligent transportation system, the complex traffic network of multiple types of sensors in the energy consumption data and the amount of data transmitted is increasing, the network consisting of multi-source wireless sensors in the vehicle is often subject to DDoS attacks, the DDoS will lead to data loss or even traffic failure.Since multiple distributed vehicle nodes are dynamic constantly entering or leaving a network cluster, as smart vehicles continue to join the new wireless sensor network and obtain new identity IDs based on location, IP addresses are always allocated and recycled.DDoS attacks against vehicle networking clusters are difficult to identify, destructive and easy to implement.In this paper, we analyze the topology and communication patterns of wireless sensor networks in vehicular networks, the characteristics of being subject to DDoS attacks, the detection methods of each, and propose the initial detection and energy consumption trust value calculation for the detection of DDoS attack network nodes.

CHEN Xiao,GUO Dawei,ZHANG Guoqing,LI Jiawei

2009-01-01

Abstract:Broadcast authentication is the important guarantee that can keep wireless sensor networks working normally.Because of its cost-effective encryption and authentication framework,μTESLA protocol is to be in line with the characteristic and security needs of wireless sensor networks to some extent.In this paper,the implementation procedure of μTESLA protocol was researched deeply.Then the concept of "Authentication Drift" and threshold-based multiple authentication mechanism(M-μTESLA)were put forward,against the common problem that the broadcast packets might not be authenticated normally in the junction of cycles.The research result indicates that the performance of μTESLA protocol could be improved by this mechanism effectively.

Mohammed Al-Mehdhara,Na Ruan

DOI: https://doi.org/10.1155/2021/8891758

2021-01-01

Wireless Communications and Mobile Computing

Abstract:The wireless nature of the Vehicular Ad Hoc Network (VANET), a technology that offers facilities such as traffic management and safety services, makes it vulnerable to distributed denial-of-service (DDoS) attacks that exploit network communications and reduce network reliability and performance. This paper proposes a design of a secure VANET architecture using a Software-Defined Networking (SDN) controller and Neural Network Self-Organizing Maps (SOMs). In the proposed design, we adopt the SDN architecture by using its separation of the control plane from the data plane and adding intelligent capabilities to the VANET. To resolve the drawbacks of standard SOMs and to enhance the SOM's efficiency, a Multilayer Distributed SOM (MSOM) model based on two levels of clustering and classification is used. Experimental results show that our solution can efficiently detect malicious traffic, prevent and mitigate DDoS attacks, and increase system security and recovery speed from the attacking traffic. Moreover, the proposed scheme achieves a high accuracy rate (99.67%). Simulation results demonstrate the effectiveness and efficiency of the MSOM regarding detection accuracy and other studied metrics.

Yao Zhao,Sagar Vemuri,Jiazhen Chen,Yan Chen,Hai Zhou,Zhi Fu

DOI: https://doi.org/10.1109/DSN.2009.5270358

2009-01-01

Abstract:Security protocols are not as secure as we assumed. In this paper, we identified a practical way to launch DoS attacks on security protocols by triggering exceptions. Through experiments, we show that even the latest strongly authenticated protocols such as PEAP, EAP-TLS and EAP-TTLS are vulnerable to these attacks. Real attacks have been implemented and tested against TLS-based EAP protocols, the major family of security protocols for wireless LAN, as well as the return routability of mobile IPv6, an emerging lightweight security protocol in new IPv6 infrastructure. DoS attacks on PEAP, one popular TLS-based EAP protocol were performed and tested on a major university's wireless network, and the attacks were highly successful. We further tested the scalability of our attack through a series of ns-2 simulations. Countermeasures for detection of such attacks and improvements of the protocols to overcome these types of DoS attacks are also proposed and verified experimentally.

Hongsong Chen,Caixia Meng,Zhiguang Shan,Zhongchuan Fu,Bharat K. Bhargava

DOI: https://doi.org/10.1109/access.2019.2903816

IF: 3.9

2019-01-01

IEEE Access

Abstract:Low-rate Denial of Service (LDoS) attack is a special DoS attack. The routing protocol is vulnerable to many types of attacks in a wireless sensor network (WSN), which is an important network type of the Internet of Things (IoT). The novel LDoS attack to the routing protocol is proposed to evaluate the security and trust mechanism in the WSN. In fact, the LDoS attack is difficult to be detected due to its small-signal characteristics, so it is a serious threat to the security and trust of the WSN. A Hilbert–Huang transform (HHT) time–frequency joint analysis approach is utilized to analyze the non-stationary small signal that is produced by the LDoS attack. However, false intrinsic mode function (IMF) components are the challenge problems to precisely detect the LDoS attack. Correlation coefficient and Kolmogorov–Smirnov (KS) test approaches are united to evaluate the trustworthy of IMF components and exclude the false IMF components. Hilbert–Huang transformation and trust evaluation approaches are combined to detect the novel LDoS attack in Zigbee WSN. CC2530 system-on-chip integrated with ZigBee protocol is utilized to build a wireless sensor node. Random routing REQuest (RREQ) flooding attack is used to implement the routing layer LDoS attack in Zigbee WSN. If the correlation coefficient value of IMF component relative to original traffic is more than 0.3 and the KS similarity probability value of the IMF component relative to the original traffic is more than 0.4, the IMF component is identified as high trust IMF components that will be used to detect LDoS attack. If the IMF component only satisfies one of the trust evaluation conditions, the IMF component is identified as low trust IMF component. Otherwise, the IMF component is the false IMF component. We have proposed a scalable LDoS attack detection architecture for both WSN and IoT. The experimental results demonstrate that the nove- approach is highly effective to detect the LDoS attack in the ZigBee WSN.

computer science, information systems,telecommunications,engineering, electrical & electronic

Philipp Meyer,Timo Häckel,Franz Korf,Thomas C. Schmidt

DOI: https://doi.org/10.48550/arXiv.1908.09646

2019-08-26

Networking and Internet Architecture

Abstract:Ethernet is the most promising solution to reduce complexity and enhance the bandwidth in the next generation in-car networks. Dedicated Ethernet protocols enable the real-time aspects in such networks. One promising candidate is the IEEE 802.1Q Time-Sensitive Networking protocol suite. Common Ethernet technologies, however, increases the vulnerability of the car infrastructure as they widen the attack surface for many components. In this paper proposes an IEEE 802.1Qci based algorithm that on the one hand, protects against DoS attacks by metering incoming Ethernet frames. On the other hand, it adapts to the behavior of the Credit Based Shaping algorithm, which was standardized for Audio/Video Bridging, the predecessor of Time-Sensitive Networking. A simulation of this proposed Credit Based Metering algorithm evaluates the concept.

C. Anand,N. Vasuki

DOI: https://doi.org/10.1007/s11277-021-08855-9

IF: 2.017

2021-08-18

Wireless Personal Communications

Abstract:Wireless sensor network occupies an inevitable role in various applications that requires data collection and transmission. The tiny wireless sensor nodes are responsible for data collection and transmission. However, these randomly deployed nodes are vulnerable to attacks such as selective forwarding attacks, flooding attacks, etc., These attacks directly affect the network performance and probe the network security. In this research work, an efficient trust-based attack detection module is presented to detect denial of service attacks such as selective forwarding and flooding attacks. Multi-dimensional trust parameters are extracted and estimated through the proposed approach to determine the packet forwarding activity from the sensor nodes. The proposed DoS attack detection model performance is verified through simulations and the results validate the better performance in terms of throughput, energy consumption, packet delay, and accuracy. Compared to conventional detection techniques proposed attack detection model outperforms well in all aspects.

telecommunications

Murad Khan

DOI: https://doi.org/10.1049/ell2.70075

2024-10-26

Electronics Letters

Abstract:The proposed deep learning‐based zero trust network access (DL‐ZTNA) system secures Message Queuing Telemetry Transport‐based Internet of Things networks by integrating multi‐head convolutional neural networks with attention‐based bi‐directional long short‐term memory networks for real‐time security analysis. This system effectively monitors and restricts unauthorized device access, particularly under distributed denial of service attacks, showing improved efficiency in CPU usage, throughput, and detection accuracy compared to traditional security methods. Here, a deep learning‐based zero trust network access (DL‐ZTNA) system to enhance the security of the Message Queuing Telemetry Transport (MQTT) protocol within Internet of Things (IoT) applications was proposed. Combining multi‐head convolutional neural networks and attention‐based bi‐directional long short‐term memory networks with ZTNA provides real‐time security analysis of device behaviour. This behaviour‐based approach ensures that only authorized devices can access network resources and continuously monitors for potential threats like distributed denial of service (DDoS) attacks. The proposed DL‐ZTNA system revokes device access when a threat is detected and prevents further malicious activities. Evaluation in a testbed environment showed improvements in CPU usage efficiency, throughput, and attack detection probability compared to traditional methods. This highlights the system's effectiveness in securing MQTT‐based IoT networks against DDoS attacks while maintaining high performance, showcasing the potential of integrating deep learning techniques into ZTNA system for addressing security challenges in IoT environments.

engineering, electrical & electronic

Ahmad Hani El Fawal,Ali Mansour,Mohammad Ammad Uddin,Abbass Nasser

DOI: https://doi.org/10.3390/s24134287

2024-07-01

Abstract:The progression of the Internet of Things (IoT) has brought about a complete transformation in the way we interact with the physical world. However, this transformation has brought with it a slew of challenges. The advent of intelligent machines that can not only gather data for analysis and decision-making, but also learn and make independent decisions has been a breakthrough. However, the low-cost requirement of IoT devices requires the use of limited resources in processing and storage, which typically leads to a lack of security measures. Consequently, most IoT devices are susceptible to security breaches, turning them into "Bots" that are used in Distributed Denial of Service (DDoS) attacks. In this paper, we propose a new strategy labeled "Temporary Dynamic IP" (TDIP), which offers effective protection against DDoS attacks. The TDIP solution rotates Internet Protocol (IP) addresses frequently, creating a significant deterrent to potential attackers. By maintaining an "IP lease-time" that is short enough to prevent unauthorized access, TDIP enhances overall system security. Our testing, conducted via OMNET++, demonstrated that TDIP was highly effective in preventing DDoS attacks and, at the same time, improving network efficiency and IoT network protection.

Wei Wei,Yingjie Xia,Yabo Dong

DOI: https://doi.org/10.4028/www.scientific.net/AMR.542-543.1275

2012-01-01

Abstract:Security is an important consideration in next generation Internet, where Distributed Denial of Service (DDoS) attack is still a serious threat, especially when Internet of Things is taken into account. To defend against DDoS, capability based Traffic Validation Architecture (TVA) is an excellent candidate. However, there are some shortcomings which make it not so practical, e.g., it has large capability overhead and some DoS attacks could escape from it. To overcome these problems, we proposed the autonomic system based architecture: ASTVA, which created and verified capability using autonomic system as the basic defense unit. In ASTVA, two kinds of sub-capabilities were provided and serveral system security levels were given by mixing the two kinds of sub-capabilities; several key parameters were adjusted dynamically to enhance system flexibility; and an anti-shrew function was added to TVA to make it more robust against low-rate DoS attacks. Finally, we gave out several simulation tests and the results show that ASTVA is more robust and flexible than TVA and is more practical to real world security.

Jie Duan,Wente Zeng,Mo-Yuen Chow

DOI: https://doi.org/10.1109/isie.2016.7744958

2016-01-01

Abstract:The internet of things (IoT) is an attractive networking paradigm with machine-to-machine communication. Several distributed approaches have been proposed to solve the DC optimal power flow (DC-OPF) problem in the IoT environment. The nature of distributed computation provides scalability, robustness and privacy protection, while it also poses more vulnerabilities to unexpected cyber faults and adversaries. One important concern in the distributed DC-OPF algorithm is to maintain the optimal power dispatch result in the face of compromised nodes which are exchanging false information. In this paper, we deal with the data integrity attack and develop an attack detection and mitigation method that could fit into the IoT environment to secure the distributed DC-OPF algorithm. It is a fully distributed mechanism that enables each bus to perform the following major functions based on two-hop neighbors' information: 1) verifying the correctness of the exchanged information without infringing neighbor's privacy; 2) identifying the malicious attacker and recovering the optimal power dispatch from the malicious impact. The effectiveness of the proposed mechanism is illustrated by the standard IEEE 14-bus system.

Dongbin Wang,Yu Zhao,Hui Zhi,Dongzhe Wu,Weihan Zhuo,Yueming Lu,Xu Zhang

DOI: https://doi.org/10.3390/s23125426

IF: 3.9

2023-06-08

Sensors

Abstract:The limited computation resource of the centralized controller and communication bandwidth between the control and data planes become the bottleneck in forwarding the packets in Software-Defined Networking (SDN). Denial of Service (DoS) attacks based on Transmission Control Protocol (TCP) can exhaust the resources of the control plane and overload the infrastructure of SDN networks. To mitigate TCP DoS attacks, DoSDefender is proposed as an efficient kernel-mode TCP DoS prevention framework in the data plane for SDN. It can prevent TCP DoS attacks from entering SDN by verifying the validity of the attempts to establish a TCP connection from the source, migrating the connection, and relaying the packets between the source and the destination in kernel space. DoSDefender conforms to the de facto standard SDN protocol, the OpenFlow policy, which requires no additional devices and no modifications in the control plane. Experimental results show that DoSDefender can effectively prevent TCP DoS attacks in low computing consumption while maintaining low connection delay and high packet forwarding throughput.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation