Junchi Xing,Mingliang Yang,Haifeng Zhou,Chunming Wu,Wei Ruan

DOI: https://doi.org/10.1109/IPCCC47392.2019.8958776

2019-01-01

Abstract:Network reconnaissance aims at gathering as much information as possible before an attack is launched. Meanwhile, static host address configuration facilitates network reconnaissance. Currently, more sophisticated network reconnaissance has been emerged with the adaptive and cooperative features. To address this, in this paper, we present Hiding and Trapping (HaT), which is a deceptive approach to disrupt adversarial network reconnaissance with the help of the software-defined networking (SDN) paradigm. HaT is able to hide valuable hosts from attackers and to trap them into decoy nodes through strategic and holistic host address mutation according to characteristic of adversaries. We implement a prototype of HaT, and evaluate its performance by experiments. The experimental results show that HaT is capable to effectively disrupt adversarial network reconnaissance with better deceptive performance than the existing address randomization approach.

Wenyuan Xu,Timothy Wood,Wade Trappe,Yanyong Zhang

DOI: https://doi.org/10.1145/1023646.1023661

2004-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to launch denial of service (DoS) attacks. One form of denial of service is targeted at preventing sources from communicating. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this paper we present two strategies that may be employed by wireless devices to evade a MAC/PHY-layer jamming-style wireless denial of service attack. The first strategy, channel surfing, is a form of spectral evasion that involves legitimate wireless devices changing the channel that they are operating on. The second strategy, spatial retreats, is a form of spatial evasion whereby legitimate mobile devices move away from the locality of the DoS emitter. We study both of these strategies for three broad wireless communication scenarios: two-party radio communication, an infrastructured wireless network, and an ad hoc wireless network. We evaluate several of our proposed strategies and protocols through ns-2 simulations and experiments on the Berkeley mote platform.

Wade Trappe,Wenyuan Xu

DOI: https://doi.org/10.7282/t3rj4jw7

2007-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to conduct radio interference, or jamming attacks, which effectively cause a denial of service (DoS) of either transmission or reception functionalities. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this thesis, we examine the issue of jamming wireless networks, and sensor networks in particular, by studying both the attack and defense side of the problem. On the attack side, we present four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. In order to cope with the problem of jamming, we discuss a two-phase strategy involving the diagnosis of the attack, followed by a suitable defense strategy. For detection, we show that single measurement statistics are not enough to reliably classify the presence of a jamming attack, and propose multimodal detection methods. To cope with jamming, we propose a technique, channel surfing, which involves evading the interferer in the spectral domain. Several different channel surfing models are presented, and we evaluate their effectiveness using a testbed of MICA2 motes. Beyond channel surfing, we overview a second defense strategy whereby it is possible to establish a low data rate jamming resistant communication channel by modulating the interarrival times between jammed packets.

Boyang Zhou,Gaoning Pan,Chunming Wu,Kai Zhu,Wei Ruan

DOI: https://doi.org/10.1007/s11432-019-9921-7

2020-01-01

Science China Information Sciences

Abstract:Dear editor, Recently, crossfire attack has been witnessed as a new distributed denial-of-service (DDoS) weapon that can effectively cut off the data connections between the chosen target area (wd) of servers and the end hosts (H).The attack is launched by a network of bot (botnet) to drain bandwidth of persistent routes (PRs) in the indirect and lowrate data flooding towards the decoys that are located in upstream to the target, where the PRs are probed by the adversary who sends Internet control message protocol (ICMP) packets with different time-to-live (TTL) values, e.g., using traceroute [1].Such flooding is hard to be detected by firewalls or IDSes.

Wei Wei,Yabo Dong,Dongming Lu,Guang Jin,Honglan Lao

DOI: https://doi.org/10.1007/11760146_23

2006-01-01

Abstract:Low-rate TCP-targeted Denial-of-Service (DoS) attack (shrew) is a new kind of DoS attack which is based on TCP’s Retransmission Timeout (RTO) mechanism and can severely reduce the throughput of TCP traffic on victim. The paper proposes a novel mechanism which consists of effective detection and response methods. Through analyzing sampled attack traffic, we find that there is a stable difference between attack and legitimate traffic in frequency field, especially in low frequency. We use Sum of Low Frequency Power spectrum (SLFP) for detection. In our algorithm the destination IP address is used as flow label and SLFP is applied to every flow traversing edge router. If shrew is found, all flows to the destination are processed by Aggregated Flows Balance (AFB) at a proper upstream router. Simulation shows that attack traffics are restrained and TCP traffics can obtain enough bandwidth. The result indicates that our mechanism is effective and deployable.

雷程,马多贺,张红旗,韩琦,杨英杰

DOI: https://doi.org/10.11959/j.issn.1000-436x.2017056

2017-01-01

Abstract:Moving target defense is a revolutionary technology which changes the situation of attack and defense.How to effectively achieve forwarding path mutation is one of the hotspot in this field.Since existing mechanisms are blindness and lack of constraints in the process of mutation,it is hard to maximize mutation defense benefit under the condition of good network quality of services.A novel of network moving target defense technique based on optimal forwarding path migration was proposed.Satisfiability modulo theory was adopted to formally describe the mutation constraints,so as to prevent transient problem.Optimization combination between routing path and mutation period was chosen by using optimal routing path generation method based on security capacity matrix so as to maximum defense benefit.Theoretical and experimental analysis show the defense cost and benefit in resisting passive sniffing attacks.The capability of achieving maximum defense benefit under the condition of ensuring network quality of service is proved.

MU Jun-chen,GAN Zhi-hua,XU Hong-yun

DOI: https://doi.org/10.3969/j.issn.1009-3044.2007.06.029

2007-01-01

Abstract:Discrete Fourier transform based on the time domain sequence TCP flow sample x(n) (0,1) standardization sequences. RoQ attack is detected according to it's periodicity etc. A strategy to defense the RoQ attack is proposed. The algorithm of the strategy is given.

Mariusz Żal,Marek Michalski,Piotr Zwierzykowski

DOI: https://doi.org/10.3390/electronics13050918

IF: 2.9

2024-02-29

Electronics

Abstract:The contemporary world, dominated by information technologt (IT), necessitates sophisticated protection mechanisms against attacks that pose significant threats to individuals, companies, and governments alike. The unpredictability of human behavior, coupled with the scattered development of applications and devices, complicates supply chain maintenance, making it impossible to develop a system entirely immune to cyberattacks. Effective execution of many attack types hinges on prior network reconnaissance. Thus, hindering effective reconnaissance serves as a countermeasure to attacks. This paper introduces a solution within the moving target defense (MTD) strategies, focusing on the mutation of Internet protocol (IP) addresses in both edge and core network switches. The idea of complicating reconnaissance by continually changing IP addresses has been suggested in numerous studies. Nonetheless, previously proposed solutions have adversely impacted the quality of service (QoS) levels. Implementing these mechanisms could interrupt Transmission Control Protocol (TCP) connections and result in data losses. The IP address mutation algorithms presented in this study were designed to be fully transparent to transport layer protocols, thereby preserving the QoS for users without degradation. In this study, we leveraged the benefits of software-defined networking (SDN) and the Programming-Protocol-Ondependent Packet Processors (P4) language, which specifies packet processing methodologies in the data plane. Employing both SDN and P4 enables a dynamic customization of network device functionalities to meet network users' specific requirements, a feat unachievable with conventional computer networks. This approach not only enhances the adaptability of network configurations but also significantly increases the efficiency and effectiveness of network management and operation.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yongsheng Mei,Kailash Gogineni,Tian Lan,Guru Venkataramani

DOI: https://doi.org/10.48550/arXiv.2110.03798

2021-10-08

Abstract:Communication protocol security is among the most significant challenges of the Internet of Things (IoT) due to the wide variety of hardware and software technologies involved. Moving target defense (MTD) has been adopted as an innovative strategy to solve this problem by dynamically changing target system properties and configurations to obfuscate the attack surface. Nevertheless, the existing work of MTD primarily focuses on lower-level properties (e.g., IP addresses or port numbers), and only a limited number of variations can be generated based on these properties. In this paper, we propose a new approach of MTD through communication protocol dialects (MPD) - which dynamically customizes a communication protocol into various protocol dialects and leverages them to create a moving target defense. Specifically, MPD harnesses a dialect generating function to create protocol dialects and then a mapping function to select one specific dialect for each packet during communication. To keep different network entities in synchronization, we also design a self-synchronization mechanism utilizing a pseudo-random number generator with the input of a pre-shared secret key and previously sent packets. We implement a prototype of MPD and evaluate its feasibility on standard network protocol (i.e., File Transfer Protocol) and internet of things protocol (i.e., Message Queuing Telemetry Transport). The results indicate that MPD can create a moving target defense with protocol dialects to effectively address various attacks - including the denial of service attack and malicious packet modifications - with negligible overhead.

Cryptography and Security

Qian Xu,Pinyi Ren,Dongyang Xu

DOI: https://doi.org/10.1109/icc.2019.8761544

2019-01-01

Abstract:Unlike many existing studies on physical layer security which use multi-antenna techniques to improve the transmission security, this paper exploits the multipath wireless channel to achieve secure transmission. Specifically, we consider a time-reversal transmission system where the signal waveform is designed as the conjugated time reversed counterpart of the wireless multipath channel. Thus, the wireless channel acts as a matched filter that can boost the signal power at the intended receiver. To further improve the transmission security, we also inject a time-domain artificial noise which causes no interference to the intended receiver's signal detection. As for the eavesdroppers, we assume that their specific number and locations are unknown and use the homogenous Poisson point process (HPPP) to model the distribution of them. First, we study the average achievable rate of the intended user and a given eavesdropper, respectively. Then, based on the HPPP model, we can obtain the secrecy outage probability under a given density of eavesdropper. With a given requirement on the secrecy outage probability, we can finally obtain the optimal energy allocation parameter and the corresponding maximum secure transmission rate. Numerical results are presented to show that the proposed scheme can guarantee the transmission security under various system parameters.

Bing-Qing Zhao,Hui-Ming Wang,Peng Liu

DOI: https://doi.org/10.1109/jiot.2020.2998789

IF: 10.6

2020-12-01

IEEE Internet of Things Journal

Abstract:Passive radio-frequency identification (RFID) communication raises new transmission secrecy protection challenges, since passive tags stored information lack effective information protection mechanisms. Due to constraints of passive tags, such as limited computation and storage capabilities, security solutions based on the physical-layer security (PLS) are promising candidates compared to those based on conventional lightweight cryptography. Unlike existing endeavors on PLS of RFID wireless communication, we consider an RFID system in the presence of a special proactive eavesdropper, which is able to both enhance the information wiretap and interfere with the information detection at the RFID reader simultaneously by broadcasting its own continuous-wave (CW) signal. To defend against proactive eavesdropping attacks, we propose a wiretap-channel-conscious artificial-noise (AN)-aided secure transmission scheme for the RFID reader, which first estimates both legitimate and wiretap channels and then superimposes an AN signal on the CW signal to confuse the proactive eavesdropper. The transmit power and power allocation between the AN signal and the CW signal are optimized to maximize the secrecy rate. Furthermore, we model the attack and defense process between the proactive eavesdropper and the RFID reader as a hierarchical security game and prove it can achieve the equilibrium. The simulation results show the superiority of our proposed scheme in terms of the secrecy rate and the interactions between the RFID reader and the proactive eavesdropper.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yulong Zou,Jia Zhu,Baoyu Zheng

DOI: https://doi.org/10.1109/chinacom.2013.6694683

2013-01-01

Abstract:Wireless communication is vulnerable to eavesdropping attack due to the broadcast nature of radio propagation. In recent years, physical-layer security is emerging as a promising paradigm to prevent an eavesdropper from interception. In this paper, we consider a wireless network consisting of one source, one destination and one eavesdropper, and exploit multiple antennas at all the network nodes to improve wireless security against eavesdropping attack. Considering multiple transmit antennas at source node, we propose the optimal antenna selection (OAS) scheme to enhance the physical-layer security. We also examine the conventional single-input single-output (SISO) and space-time-coded transmission (STT) for the comparison purpose. We analyze the intercept probability performance of SISO, STT and OAS schemes in Rayleigh fading channels and theoretically prove that the proposed OAS scheme strictly outperforms conventional STT scheme in terms of the intercept probability. In addition, numerical results illustrate that with an increasing number of antennas at source and destination, the intercept probabilities of both OAS and STT schemes significantly decrease, implying the advantage of exploiting multiple antennas for wireless security against eavesdropping attack.

Yingmo Jie,Mingchu Li,Cheng Guo,Ling Chen

DOI: https://doi.org/10.1109/ACCESS.2018.2869399

IF: 3.9

2018-01-01

IEEE Access

Abstract:To fight against denial of services (DoS) attacks on vehicular ad hoc networks, which can cause congestion over networks and degrading the user's experience, a lot of detective techniques and schemes have been proposed. However, the complex ones cannot keep pace with the growth of vehicle networks. In this paper, we propose a simple but effective defense strategy scheme inspired by the port-hopping mechanism, which advantage is manifested in that the detection and filtering off of malicious packets launched by attackers can be achieved without any change in existing protocol. First, we design a dynamic defense strategy scheme to puzzle a DoS attacker, where the specific defense strategy will change according to a scheme of time. To mitigate the losses caused by an attacker whose goal is to probe the vulnerable services' ports contained in the UDP/TCP headers between vehicle-to-vehicle or vehicle-to-infrastructure, we add some security services' ports that are valueless to attackers. Second, we give the specific construction of such a defense strategy scheme reflected as a matrix and a security analysis with respect to detecting the probed ports. At last, in comparison with the non-strategy defense scheme, simulations considering some parameters are conducted, which can show that our scheme is an effective defense scheme used for protecting VANETs.

Baoxing Pu,Hongben Huang,GuangYao Pang

DOI: https://doi.org/10.1038/s41598-024-77510-7

IF: 4.6

2024-11-08

Scientific Reports

Abstract:For secure network coding to prevent eavesdropping attacks, a general design is used that puts restrictions on the eavesdropping channel set or encryption technology is embedded, which can cause problems in practical applications. Based on random linear network coding technology, in this paper, a transmission strategy to prevent eavesdropping attacks is proposed for single - source multicast networks, without either precondition of restricting the eavesdropping channel set or embedding encryption technology. The data transmission process is divided into three phases , and the global encoding vectors are separated from the encoded data on the channel. The proposed strategy can enable the sink to decode successfully, making it very difficult for eavesdroppers to meet the conditions for successful decoding by randomly selecting the eavesdropping channel set without obtaining network topology knowledge. The feasibility of the proposed method is strictly demonstrated using layered network technology, and its security is analyzed. The simulation results confirm the validity of the theoretical analysis.

multidisciplinary sciences

Fei Song,Yu-Tong Zhou,Yu Wang,Tian-Ming Zhao,Ilsun You,Hong-Ke Zhang

DOI: https://doi.org/10.1016/j.ins.2018.06.002

IF: 8.1

2019-04-01

Information Sciences

Abstract:The Moving Target Defense (MTD) has been widely discussed in many communities to upgrade the network reliability, survivability, dependability, etc. However, utilizing MTD in privacy protection still needs more investigations. In this paper, we propose a smart collaborative distribution scheme to enhance the privacy based on MTD guidelines. A target application scenario is the Domain Name System (DNS) that is experiencing serious and complex privacy issues. The preliminary and potential risks are firstly analyzed based on DNS attack approaches, DNS server locations and the vulnerability of user privacy. Then, the details of our scheme are illustrated through port number assignment patterns, main procedures of dynamic port hopping and the implementation method. To quantitatively evaluate the performance, an analytical model was established from theoretical perspectives. The relationships between multiple parameters and overall system capacity are explored as well. The validation results demonstrate that the smart collaborative distribution is able to improve the privacy without affecting the basic DNS functionality.

computer science, information systems

Mingfang Li,Zheng Dou

DOI: https://doi.org/10.1186/s13634-023-01080-5

2023-11-22

EURASIP Journal on Advances in Signal Processing

Abstract:Abstract Considering the variety of Internet of Things (IoT) device types and access methods, it remains necessary to address the security challenges we currently encounter. Physical layer security (PLS) can offer streamlined security solutions for the next generation of IoT networks. Presently, we are witnessing the application of intelligent technologies including machine learning (ML) and artificial intelligence (AI) for precise prevention or detection of security breaches. Active eavesdropping detection is a physical layer security-based method that can differentiate wireless signals between wireless devices through feature classification. However, the operation of numerous IoT devices operate in environments characterized by low signal-to-noise ratios (SNR), and active eavesdropping attack detection during communication is rarely studied. We assume that the wireless system comprising an access point (AP), K authorized users and a proactive eavesdropper (E), following the framework of transforming wireless signals at AP into organized datasets that this article proposes a BP neural network model based on deep learning as a classifier to distinguish eavesdropping and non-eavesdropping attack signals. By conducting experiments under SNRs, the numerical results show that the proposed model has stronger robustness and detection accuracy can significantly improve the up to 19.58% compared with the reference approach, which show the superiority of our proposed method.

engineering, electrical & electronic

Cai Guilin,Wang Baosheng,Wang Tianzuo,Luo Yuebin,Wang Xiaofeng,Cui XinWu

DOI: https://doi.org/10.7544/issn1000-1239.2016.20150225

2016-01-01

Journal of Computer Research and Development

Abstract:Nowadays ,network configurations are typically deterministic ,static ,and homogeneous . These features reduce the difficulties for cyber attackers scanning the network to identify specific targets and gather essential information ,which gives the attackers asymmetric advantages of building up ,launching and spreading attacks .Thus the defenders are always at a passive position ,and the existing defense mechanisms and approaches cannot reverse this situation . Moving target defense (M TD) is proposed as a new revolutionary technology to alter the asymmetric situation of attacks and defenses .It keeps moving the attack surface of the protected target through dynamic shifting ,which can be controlled and managed by the administrator . In this way , the attack surface exposed to attackers appears chaotic and changes over time . Therefore , the work effort ,i .e ., the cost and complexity ,for the attackers to launch a successful attack ,will be greatly increased .As a result ,the probability of successful attacks will be decreased ,and the resiliency and security of the protected target will be enhanced effectively .In this paper ,we firstly introduce the basic concepts of M TD ,and classify the related works into categories according to their research field .Then ,under each category , we give a detailed description on the existing work ,and analyze and summarize them separately . Finally ,we present our understandings on M TD ,and summarize the current research status ,and further discuss the development trends in this field .

Cheng Lei,Hong-Qi Zhang,Jing-Lei Tan,Yu-Chen Zhang,Xiao-Hu Liu

DOI: https://doi.org/10.1155/2018/3759626

IF: 1.968

2018-07-22

Security and Communication Networks

Abstract:As an active defense technique to change asymmetry in cyberattack-defense confrontation, moving target defense research has become one of the hot spots. In order to gain better understanding of moving target defense, background knowledge and inspiration are expounded at first. Based on it, the concept of moving target defense is analyzed. Secondly, literature analysis method is adopted to explain the design principles and system architecture of moving target defense. In addition, some relevant key techniques are introduced from the aspects of strategy generation, shuffling implementation, and performance evaluation. After that, the applications of moving target defense in different network architectures are illustrated. Finally, existing problems and future trend in this field are elaborated so as to provide a basis for further study.

computer science, information systems,telecommunications

HONG Jingfeng,DUAN Haixin,YAO Shuzhen

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.08.066

2006-01-01

Abstract:A new approach to tracing sources of DDoS attacks based on passive sniffing overlay network(PSON) is proposed,which can span multiple autonomy systems to trace back to multiple attack sources of a large scale DDoS attack.Based on this solution,it designs and implements an IP traceback system: SnifferTrack.The architecture and composition of the system are described,as well as the tracing process and algorithms.Several limitations of the system and future work are also proposed.

Kaigui Bian,Jung-Min Park,Ruiliang Chen

DOI: https://doi.org/10.1109/glocom.2006.266

2006-01-01

Abstract:Denial-of-Service (DoS) attacks pose a major threat to the availability of wireless ad hoc networks. Fault tolerant operation of wireless ad hoc networks will depend on the placement of DoS countermeasures in sufficiently robust form. In this paper, we describe a novel type of DoS attack called the Stasis Trap attack, and propose a technique for detecting such an attack. Stasis Trap attack has two distinguishing characteristics-it has a cross-layer design, and is stealthy. The Stasis Trap attack has a cross-layer design in that it is launched from the MAC layer but its aim is to degrade the end-to-end throughput of flows at the transport layer by exploiting TCP's congestion-control mechanism. Specifically, an adversary launches a Stasis Trap attack against neighboring nodes by periodically preempting the wireless channel in order to cause large variations in the round trip time (RTT) of TCP flows. Channel preemptions are carried out by manipulating the back-off mechanism of the Distributed Coordinating Function of the 802.11 MAC protocol. The periodic preemptions induce large RTT variations in the TCP flows that are within the transmission range of the adversary. This in turn causes a significant drop in the throughput of those flows, thereby creating a "stasis trap" around the adversary that entangles TCP flows. The aforementioned attack severely degrades end-to-end throughput but has very little effect on MAC-layer throughput, and hence it is very hard to detect at the MAC layer, which is its point of attack. In this sense, this attack is stealthy. To detect the Stasis Trap attack, we propose a minimax robust decentralized detection framework with robust hypothesis testing.