An Efficient Dynamic Solution for the Detection and Prevention of Black Hole Attack in VANETs

Rapid and tremendous advances in wireless technology, miniaturization, and Internet of things (IoT) technology have brought significant development to vehicular ad hoc networks (VANETs). VANETs and IoT together play a vital role in the current intelligent transport system (ITS). However, a VANET is highly vulnerable to various security attacks due to its highly dynamic, decentralized, open-access medium, and protocol-design-related concerns. Regarding security concerns, a black hole attack (BHA) is one such threat in which the control or data packets are dropped by the malicious vehicle, converting a safe path/link into a compromised one. Dropping data packets has a severe impact on a VANET's performance and security and may cause road fatalities, accidents, and traffic jams. In this study, a novel solution called detection and prevention of a BHA (DPBHA) is proposed to secure and improve the overall security and performance of the VANETs by detecting BHA at an early stage of the route discovery process. The proposed solution is based on calculating a dynamic threshold value and generating a forged route request (RREQ) packet. The solution is implemented and evaluated in the NS-2 simulator and its performance and efficacy are compared with the benchmark schemes. The results showed that the proposed DPBHA outperformed the benchmark schemes in terms of increasing the packet delivery ratio (PDR) by 3.0%, increasing throughput by 6.15%, reducing the routing overhead by 3.69%, decreasing the end-to-end delay by 6.13%, and achieving a maximum detection rate of 94.66%.

Multi-Aspect Based Approach to Attack Detection in IoT Clouds

This article covers the issues of constructing tools for detecting network attacks targeting devices in IoT clouds. The detection is performed within the framework of cloud infrastructure, which receives data flows that are limited in size and content, and characterize the current network interaction of the analyzed IoT devices. The detection is based on the construction of training models and uses machine learning methods, such as AdaBoostClassifier, RandomForestClassifier, MultinomialNB, etc. The proposed combined multi-aspect approach to attack detection relies on session-based spaces, host-based spaces, and other spaces of features extracted from incoming traffic. An attack-specific ensemble of various machine learning methods is applied to improve the detection quality indicators. The performed experiments have confirmed the correctness of the constructed models and their effectiveness, expressed in terms of the precision, recall, and f1-measure indicators for each analyzed type of attack, using a series of existing samples of benign and attacking traffic.

Towards Model Generalization for Intrusion Detection: Unsupervised Machine Learning Techniques

Through the ongoing digitization of the world, the number of connected devices is continuously growing without any foreseen decline in the near future. In particular, these devices increasingly include critical systems such as power grids and medical institutions, possibly causing tremendous consequences in the case of a successful cybersecurity attack. A network intrusion detection system (NIDS) is one of the main components to detect ongoing attacks by differentiating normal from malicious traffic. Anomaly-based NIDS, more specifically unsupervised methods previously proved promising for their ability to detect known as well as zero-day attacks without the need for a labeled dataset. Despite decades of development by researchers, anomaly-based NIDS are only rarely employed in real-world applications, most possibly due to the lack of generalization power of the proposed models. This article first evaluates four unsupervised machine learning methods on two recent datasets and then defines their generalization strength using a novel inter-dataset evaluation strategy estimating their adaptability. Results show that all models can present high classification scores on an individual dataset but fail to directly transfer those to a second unseen but related dataset. Specifically, the accuracy dropped on average 25.63% in an inter-dataset setting compared to the conventional evaluation approach. This generalization challenge can be observed and tackled in future research with the help of the proposed evaluation strategy in this paper.

Trustworthy Intrusion Detection in E-Healthcare Systems

In Internet of Things (IoT)-based network systems (IoT-net), intrusion detection systems (IDS) play a significant role to maintain patient health records (PHR) in e-healthcare. IoT-net is a massive technology with security threats on the network layer, as it is considered the most common source for communication and data storage platforms. The security of data servers in all sectors (mainly healthcare) has become one of the most crucial challenges for researchers. This paper proposes an approach for effective intrusion detection in the e-healthcare environment to maintain PHR in a safe IoT-net using an adaptive neuro-fuzzy inference system (ANFIS). In the proposed security model, the experiments present a security tool that helps to detect malicious network traffic. The practical implementation of the ANFIS model on the MATLAB framework with testing and training results compares the accuracy rate from the previous research in security.

Enhanced Network Intrusion Detection System

A reasonably good network intrusion detection system generally requires a high detection rate and a low false alarm rate in order to predict anomalies more accurately. Older datasets cannot capture the schema of a set of modern attacks; therefore, modelling based on these datasets lacked sufficient generalizability. This paper operates on the UNSW-NB15 Dataset, which is currently one of the best representatives of modern attacks and suggests various models. We discuss various models and conclude our discussion with the model that performs the best using various kinds of evaluation metrics. Alongside modelling, a comprehensive data analysis on the features of the dataset itself using our understanding of correlation, variance, and similar factors for a wider picture is done for better modelling. Furthermore, hypothetical ponderings are discussed for potential network intrusion detection systems, including suggestions on prospective modelling and dataset generation as well.

Applying MMD Data Mining to Match Network Traffic for Stepping-Stone Intrusion Detection

A long interactive TCP connection chain has been widely used by attackers to launch their attacks and thus avoid detection. The longer a connection chain, the higher the probability the chain is exploited by attackers. Round-trip Time (RTT) can represent the length of a connection chain. In order to obtain the RTTs from the sniffed Send and Echo packets in a connection chain, matching the Sends and Echoes is required. In this paper, we first model a network traffic as the collection of RTTs and present the rationale of using the RTTs of a connection chain to represent the length of the chain. Second, we propose applying MMD data mining algorithm to match TCP Send and Echo packets collected from a connection. We found that the MMD data mining packet-matching algorithm outperforms all the existing packet-matching algorithms in terms of packet-matching rate including sequence number-based algorithm, Yang’s approach, Step-function, Packet-matching conservative algorithm and packet-matching greedy algorithm. The experimental results from our local area networks showed that the packet-matching accuracy of the MMD algorithm is 100%. The average packet-matching rate of the MMD algorithm obtained from the experiments conducted under the Internet context can reach around 94%. The MMD data mining packet-matching algorithm can fix the issue of low packet-matching rate faced by all the existing packet-matching algorithms including the state-of-the-art algorithm. It is applicable to network-based stepping-stone intrusion detection.

Performance of Machine Learning-Based Multi-Model Voting Ensemble Methods for Network Threat Detection in Agriculture 4.0

The upcoming agricultural revolution, known as Agriculture 4.0, integrates cutting-edge Information and Communication Technologies in existing operations. Various cyber threats related to the aforementioned integration have attracted increasing interest from security researchers. Network traffic analysis and classification based on Machine Learning (ML) methodologies can play a vital role in tackling such threats. Towards this direction, this research work presents and evaluates different ML classifiers for network traffic classification, i.e., K-Nearest Neighbors (KNN), Support Vector Classification (SVC), Decision Tree (DT), Random Forest (RF) and Stochastic Gradient Descent (SGD), as well as a hard voting and a soft voting ensemble model of these classifiers. In the context of this research work, three variations of the NSL-KDD dataset were utilized, i.e., initial dataset, undersampled dataset and oversampled dataset. The performance of the individual ML algorithms was evaluated in all three dataset variations and was compared to the performance of the voting ensemble methods. In most cases, both the hard and the soft voting models were found to perform better in terms of accuracy compared to the individual models.

Intelligent Techniques for Detecting Network Attacks: Review and Research Directions

The significant growth in the use of the Internet and the rapid development of network technologies are associated with an increased risk of network attacks. Network attacks refer to all types of unauthorized access to a network including any attempts to damage and disrupt the network, often leading to serious consequences. Network attack detection is an active area of research in the community of cybersecurity. In the literature, there are various descriptions of network attack detection systems involving various intelligent-based techniques including machine learning (ML) and deep learning (DL) models. However, although such techniques have proved useful within specific domains, no technique has proved useful in mitigating all kinds of network attacks. This is because some intelligent-based approaches lack essential capabilities that render them reliable systems that are able to confront different types of network attacks. This was the main motivation behind this research, which evaluates contemporary intelligent-based research directions to address the gap that still exists in the field. The main components of any intelligent-based system are the training datasets, the algorithms, and the evaluation metrics; these were the main benchmark criteria used to assess the intelligent-based systems included in this research article. This research provides a rich source of references for scholars seeking to determine their scope of research in this field. Furthermore, although the paper does present a set of suggestions about future inductive directions, it leaves the reader free to derive additional insights about how to develop intelligent-based systems to counter current and future network attacks.

StegoFrameOrder-MAC Layer Covert Network Channel for Wireless IEEE 802.11 Networks

The proposed StegoFrameOrder (SFO) method enables the transmission of covert data in wireless computer networks exploiting non-deterministic algorithms of medium access (such as the distributed coordination function), especially in IEEE 802.11 networks. Such a covert channel enables the possibility of leaking crucial information outside secured network in a manner that is difficult to detect. The SFO method embeds hidden bits of information in the relative order of frames transmitted by wireless terminals operating on the same radio channel. The paper presents an idea of this covert channel, its implementation, and possible variants. The paper also discusses implementing the SFO method in a real environment and the experiments performed in the real-world scenario.

Running an Internet Hospital in China: Perspective Based on a Case Study

Internet hospitals, as a new forum for doctors to conduct diagnosis and treatment activities based on the internet, are emerging in China and have become integral to the development of the medical field in conjunction with increasing reforms and policies in China's medical and health system. Here, we take the Internet Hospital of the First Affiliated Hospital, Zhejiang University (FAHZU Internet Hospital) as an example to discuss the operations and functional positioning of developing internet hospital medical services in relation to physical hospitals. This viewpoint considers the platform operation, management, and network security of FAHZU Internet Hospital, and summarizes the advantages and limitations in the operation to provide a reference for other areas with interest in developing internet hospitals.

Alternatives to Google Suite Applications

Librarians adopted and utilized web-based Google suite applications as a method of collaborating with each other on projects, research, and professional association membership duties. However, as cybercriminals have begun to exploit these tools to infect healthcare networks with ransomware, many hospital IT departments have blocked access to Google applications. This paper provides a background on security risks to healthcare institutions and possible alternatives to Google applications hospital librarians can use to continue collaborating.

Generator of Slow Denial-of-Service Cyber Attacks

In today’s world, the volume of cyber attacks grows every year. These attacks can cause many people or companies high financial losses or loss of private data. One of the most common types of attack on the Internet is a DoS (denial-of-service) attack, which, despite its simplicity, can cause catastrophic consequences. A slow DoS attack attempts to make the Internet service unavailable to users. Due to the small data flows, these attacks are very similar to legitimate users with a slow Internet connection. Accurate detection of these attacks is one of the biggest challenges in cybersecurity. In this paper, we implemented our proposal of eleven major and most dangerous slow DoS attacks and introduced an advanced attack generator for testing vulnerabilities of protocols, servers, and services. The main motivation for this research was the absence of a similarly comprehensive generator for testing slow DoS vulnerabilities in network systems. We built an experimental environment for testing our generator, and then we performed a security analysis of the five most used web servers. Based on the discovered vulnerabilities, we also discuss preventive and detection techniques to mitigate the attacks. In future research, our generator can be used for testing slow DoS security vulnerabilities and increasing the level of cyber security of various network systems.

Practical Cross-Layer Radio Frequency-Based Authentication Scheme for Internet of Things

The Internet of Things world is in need of practical solutions for its security. Existing security mechanisms for IoT are mostly not implemented due to complexity, budget, and energy-saving issues. This is especially true for IoT devices that are battery powered, and they should be cost effective to be deployed extensively in the field. In this work, we propose a new cross-layer approach combining existing authentication protocols and existing Physical Layer Radio Frequency Fingerprinting technologies to provide hybrid authentication mechanisms that are practically proved efficient in the field. Even though several Radio Frequency Fingerprinting methods have been proposed so far, as a support for multi-factor authentication or even on their own, practical solutions are still a challenge. The accuracy results achieved with even the best systems using expensive equipment are still not sufficient on real-life systems. Our approach proposes a hybrid protocol that can save energy and computation time on the IoT devices side, proportionally to the accuracy of the Radio Frequency Fingerprinting used, which has a measurable benefit while keeping an acceptable security level. We implemented a full system operating in real time and achieved an accuracy of 99.8% for the additional cost of energy, leading to a decrease of only ~20% in battery life.

A Two-Layer IP Hopping-Based Moving Target Defense Approach to Enhancing the Security of Mobile Ad-Hoc Networks

Mobile ad-hoc networks (MANETs) have great potential applications in military missions or emergency rescue due to their no-infrastructure, self-organizing and multi hop capability characteristics. Obviously, it is important to implement a low-cost and efficient mechanism of anti-invasion, anti-eavesdropping and anti-attack in MANETs, especially for military scenarios. The purpose of intruding or attacking a MANET is usually different from that of wired Internet networks whose security mechanism has been widely explored and implemented. For MANETs, moving target defense (MTD) is a suitable mechanism to enhance the network security, whose basic idea is to continuously and randomly change the system parameters or configuration to create inaccessibility for intruders and attackers. In this paper, a two-layer IP hopping-based MTD approach is proposed, in which device IP addresses or virtual IP addresses change or hop according to the network security status and requirements. The proposed MTD scheme based on the two-layer IP hopping has two major advantages in terms of network security. First, the device IP address of each device is not exposed to the wireless physical channel at all. Second, the two-layer IP hops with individual interval and rules to obtain enhanced security of MANET while maintaining relatively low computational load and communication cost for network control and synchronization. The proposed MTD scheme is implemented in our developed MANET terminals, providing three level of network security: anti-intrusion in normal environment, intrusion detection in offensive environment and anti-eavesdropping in a hostile environment by combining the data encryption technology.

Robot Communication: Network Traffic Classification Based on Deep Neural Network

With the rapid popularization of robots, the risks brought by robot communication have also attracted the attention of researchers. Because current traffic classification methods based on plaintext cannot classify encrypted traffic, other methods based on statistical analysis require manual extraction of features. This paper proposes (i) a traffic classification framework based on a capsule neural network. This method has a multilayer neural network that can automatically learn the characteristics of the data stream. It uses capsule vectors instead of a single scalar input to effectively classify encrypted network traffic. (ii) For different network structures, a classification network structure combining convolution neural network and long short-term memory network is proposed. This structure has the characteristics of learning network traffic time and space characteristics. Experimental results show that the network model can classify encrypted traffic and does not require manual feature extraction. And on the basis of the previous tool, the recognition accuracy rate has increased by 8.

DDoS Flood and Destination Service Changing Sensor

In this paper, we aim to detect distributed denial of service (DDoS) attacks, and receive a notification of destination service, changing immediately, without the additional efforts of other modules. We designed a kernel-based mechanism to build a new Transmission Control Protocol/Internet Protocol (TCP/IP) connection smartly by the host while the users or clients not knowing the location of the next host. Moreover, we built a lightweight flooding attack detection mechanism in the user mode of an operating system. Given that reinstalling a modified operating system on each client is not realistic, we managed to replace the entry of the system call table with a customized sys_connect. An effective defense depends on fine detection and defensive procedures. In according with our experiments, this novel mechanism can detect flooding DDoS successfully, including SYN flood and ICMP flood. Furthermore, through cooperating with a specific low cost network architecture, the mechanism can help to defend DDoS attacks effectively.

A Password Meter without Password Exposure

To meet password selection criteria of a server, a user occasionally needs to provide multiple choices of password candidates to an on-line password meter, but such user-chosen candidates tend to be derived from the user’s previous passwords—the meter may have a high chance to acquire information about a user’s passwords employed for various purposes. A third party password metering service may worsen this threat. In this paper, we first explore a new on-line password meter concept that does not necessitate the exposure of user’s passwords for evaluating user-chosen password candidates in the server side. Our basic idea is straightforward; to adapt fully homomorphic encryption (FHE) schemes to build such a system but its performance achievement is greatly challenging. Optimization techniques are necessary for performance achievement in practice. We employ various performance enhancement techniques and implement the NIST (National Institute of Standards and Technology) metering method as seminal work in this field. Our experiment results demonstrate that the running time of the proposed meter is around 60 s in a conventional desktop server, expecting better performance in high-end hardware, with an FHE scheme in HElib library where parameters support at least 80-bit security. We believe the proposed method can be further explored and used for a password metering in case that password secrecy is very important—the user’s password candidates should not be exposed to the meter and also an internal mechanism of password metering should not be disclosed to users and any other third parties.

Towards 6G wireless communication networks: vision, enabling technologies, and new paradigm shifts

The fifth generation (5G) wireless communication networks are being deployed worldwide from 2020 and more capabilities are in the process of being standardized, such as mass connectivity, ultra-reliability, and guaranteed low latency. However, 5G will not meet all requirements of the future in 2030 and beyond, and sixth generation (6G) wireless communication networks are expected to provide global coverage, enhanced spectral/energy/cost efficiency, better intelligence level and security, etc. To meet these requirements, 6G networks will rely on new enabling technologies, i.e., air interface and transmission technologies and novel network architecture, such as waveform design, multiple access, channel coding schemes, multi-antenna technologies, network slicing, cell-free architecture, and cloud/fog/edge computing. Our vision on 6G is that it will have four new paradigm shifts. First, to satisfy the requirement of global coverage, 6G will not be limited to terrestrial communication networks, which will need to be complemented with non-terrestrial networks such as satellite and unmanned aerial vehicle (UAV) communication networks, thus achieving a space-air-ground-sea integrated communication network. Second, all spectra will be fully explored to further increase data rates and connection density, including the sub-6 GHz, millimeter wave (mmWave), terahertz (THz), and optical frequency bands. Third, facing the big datasets generated by the use of extremely heterogeneous networks, diverse communication scenarios, large numbers of antennas, wide bandwidths, and new service requirements, 6G networks will enable a new range of smart applications with the aid of artificial intelligence (AI) and big data technologies. Fourth, network security will have to be strengthened when developing 6G networks. This article provides a comprehensive survey of recent advances and future trends in these four aspects. Clearly, 6G with additional technical requirements beyond those of 5G will enable faster and further communications to the extent that the boundary between physical and cyber worlds disappears.

Towards a Safer Internet of Things-A Survey of IoT Vulnerability Data Sources

The security of the Internet of Things (IoT) is an important yet often overlooked subject. Specifically, the publicly available information sources about vulnerabilities affecting the connected devices are unsatisfactory. Our research shows that, while the information is available on the Internet, there is no single service offering data focused on the IoT in existence. The national vulnerability databases contain some IoT related entries, but they lack mechanisms to distinguish them from the remaining vulnerabilities. Moreover, information about many vulnerabilities affecting the IoT world never reaches these databases but can still be found scattered over the Internet. This review summarizes our effort at identifying and evaluating publicly available sources of information about vulnerabilities, focusing on their usefulness in the scope of IoT. The results of our search show that there is not yet a single satisfactory source covering vulnerabilities affecting IoT devices and software available.

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Many companies have transformed their telephone systems into Voice over IP (VoIP) systems. Although implementation is simple, VoIP is vulnerable to different types of attacks. The Session Initiation Protocol (SIP) is a widely used protocol for handling VoIP signaling functions. SIP is unprotected against attacks because it is a text-based protocol and lacks defense against the growing security threats. The Distributed Denial of Service (DDoS) attack is a harmful attack, because it drains resources, and prevents legitimate users from using the available services. In this paper, we formulate detection of DDoS attacks as a classification problem and propose an approach using token embedding to enhance extracted features from SIP messages. We discuss a deep learning model based on Recurrent Neural Networks (RNNs) developed to detect DDoS attacks with low and high-rate intensity. For validation, a balanced real traffic dataset was built containing three attack scenarios with different attack durations and intensities. Experiments show that the system has a high detection accuracy and low detection time. The detection accuracy was higher for low-rate attacks than that of traditional machine learning.

The Security of IP-Based Video Surveillance Systems

Over the last decade, video surveillance systems have become a part of the Internet of Things (IoT). These IP-based surveillance systems now protect industrial facilities, railways, gas stations, and even one's own home. Unfortunately, like other IoT systems, there are inherent security risks which can lead to significant violations of a user's privacy. In this review, we explore the attack surface of modern surveillance systems and enumerate the various ways they can be compromised with real examples. We also identify the threat agents, their attack goals, attack vectors, and the resulting consequences of successful attacks. Finally, we present current countermeasures and best practices and discuss the threat horizon. The purpose of this review is to provide researchers and engineers with a better understanding of a modern surveillance systems' security, to harden existing systems and develop improved security solutions.

SlowITe, a Novel Denial of Service Attack Affecting MQTT

Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we target the Message Queue Telemetry Transport (MQTT) protocol used in IoT environments for communication between IoT devices. We exploit a specific weakness of MQTT which was identified during our research, allowing the client to configure the behavior of the server. In order to validate the possibility to exploit such vulnerability, we propose SlowITe, a novel low-rate denial of service attack aimed to target MQTT through low-rate techniques. We validate SlowITe against real MQTT services, considering both plain text and encrypted communications and comparing the effects of the threat when targeting different daemons. Results show that the attack is successful and it is able to exploit the identified vulnerability to lead a DoS on the victim with limited attack resources.

A SURVEY ON THE USE OF DATA CLUSTERING FOR INTRUSION DETECTION SYSTEM IN CYBERSECURITY

In the present world, it is difficult to realize any computing application working on a standalone computing device without connecting it to the network. A large amount of data is transferred over the network from one device to another. As networking is expanding, security is becoming a major concern. Therefore, it has become important to maintain a high level of security to ensure that a safe and secure connection is established among the devices. An intrusion detection system (IDS) is therefore used to differentiate between the legitimate and illegitimate activities on the system. There are different techniques are used for detecting intrusions in the intrusion detection system. This paper presents the different clustering techniques that have been implemented by different researchers in their relevant articles. This survey was carried out on 30 papers and it presents what different datasets were used by different researchers and what evaluation metrics were used to evaluate the performance of IDS. This paper also highlights the pros and cons of each clustering technique used for IDS, which can be used as a basis for future work.

Wildcard Fields-Based Partitioning for Fast and Scalable Packet Classification in Vehicle-to-Everything

Vehicle-to-Everything (V2X) requires high-speed communication and high-level security. However, as the number of connected devices increases exponentially, communication networks are suffering from huge traffic and various security issues. It is well known that performance and security of network equipment significantly depends on the packet classification algorithm because it is one of the most fundamental packet processing functions. Thus, the algorithm should run fast even with the huge set of packet processing rules. Unfortunately, previous packet classification algorithms have focused on the processing speed only, failing to be scalable with the rule-set size. In this paper, we propose a new packet classification approach balancing classification speed and scalability. It can be applied to most decision tree-based packet classification algorithms such as HyperCuts and EffiCuts. It determines partitioning fields considering the rule duplication explicitly, which makes the algorithm memory-effective. In addition, the proposed approach reduces the decision tree size substantially with the minimal sacrifice of classification performance. As a result, we can attain high-speed packet classification and scalability simultaneously, which is very essential for latest services such as V2X and Internet-of-Things (IoT).

Pseudo-Random Encryption for Security Data Transmission in Wireless Sensor Networks

The security of wireless sensor networks (WSN) has become a great challenge due to the transmission of sensor data through an open and wireless network with limited resources. In the paper, we discussed a lightweight security scheme to protect the confidentiality of data transmission between sensors and an ally fusion center (AFC) over insecure links. For the typical security problem of WSN's binary hypothesis testing of a target's state, sensors were divided into flipping and non-flipping groups according to the outputs of a pseudo-random function which was held by sensors and the AFC. Then in order to prevent an enemy fusion center (EFC) from eavesdropping, the binary outputs from the flipping group were intentionally flipped to hinder the EFC's data fusion. Accordingly, the AFC performed inverse flipping to recover the flipped data before data fusion. We extended the scheme to a more common scenario with multiple scales of sensor quantification and candidate states. The underlying idea was that the sensor measurements were randomly mapped to other quantification scales using a mapping matrix, which ensured that as long as the EFC was not aware of the matrix, it could not distract any useful information from the captured data, while the AFC could appropriately perform data fusion based on the inverse mapping of the sensor outputs.