With the recent progress in the development of low-budget sensors and machine-to-machine communication, the Internet-of-Things has attracted considerable attention. Unfortunately, many of today's smart devices are rushed to market with little consideration for basic security and privacy protection making them easy targets for various attacks. Unfortunately, organizations and network providers use mostly manual workflows to address malware-related incidents and therefore they are able to prevent neither attack damage nor potential attacks in the future. Thus, there is a need for a defense system that would not only detect an intrusion on time, but also would make the most optimal real-time crisis-action decision on how the network security policy should be modified in order to mitigate the threat. In this study, we are aiming to reach this goal relying on advanced technologies that have recently emerged in the area of cloud computing and network virtualization. We are proposing an intelligent defense system implemented as a reinforcement machine learning agent that processes current network state and takes a set of necessary actions in form of software-defined networking flows to redirect certain network traffic to virtual appliances. We also implement a proof-of-concept of the system and evaluate a couple of state-of-art reinforcement learning algorithms for mitigating three basic network attacks against a small realistic network environment.
Esitetään Jyväskylän yliopiston informaatioteknologian tiedekunnan suostumuksella julkisesti tarkastettavaksi yliopiston vanhassa juhlasalissa S212 toukokuun 22. päivänä 2014 kello 12.Academic dissertation to be publicly discussed, by permission of the Faculty of Information Technology of the University of Jyväskylä, in building Seminarium, auditorium S212 on May 22, 2014 at 12 o'clock noon. UNIVERSITY OF JYVÄSKYLÄ JYVÄSKYLÄ 2014On This work focuses on the application of different methods and algorithms of data mining to various problems encountered in mobile networks and computer systems. Data mining is the process of analysis of a dataset in order to extract knowledge patterns and construct a model for further use based on these patterns. This process involves three main phases: data preprocessing, data analysis and validation of the obtained model. All these phases are discussed in this study. The most important steps of each phase are presented and several methods of their implementation are described. In addition, several case studies devoted to different problems in the field of computer science are presented in the dissertation. Each of these studies employs one or more data mining techniques to solve a posed problem. Firstly, optimal positions of relay stations in WiMAX multihop networks are calculated with the help of genetic algorithm. Next, the prediction of the next mobile user location is carried out based on the analysis of spatial-temporal trajectories and application of several classifying methods. After that, the use of clustering and anomaly detection techniques for the detection of anomalous HTTP requests is presented. Finally, the data mining approach is applied for the detection and classification of malicious software. These case studies show that data mining methods can help to solve many different problems related to mobile networking and network security. LIST OF FIGURES LIST OF TABLES
With the emergence of cloud computing, many attacks, including Distributed Denial-of-Service (DDoS) attacks, have changed their direction towards cloud environment. In particular, DDoS attacks have changed in scale, methods, and targets and become more complex by using advantages provided by cloud computing. Modern cloud computing environments can benefit from moving towards Software-Defined Networking (SDN) technology, which allows network engineers and administrators to respond quickly to the changing business requirements. In this paper, we propose an approach for detecting application-layer DDoS attacks in cloud environment with SDN. The algorithm is applied to statistics extracted from network flows and, therefore, is suitable for detecting attacks that utilize encrypted protocols. The proposed detection approach is comprised of the extraction of normal user behavior patterns and detection of anomalies that significantly deviate from these patterns. The algorithm is evaluated using DDoS detection system prototype. Simulation results show that intermediate application-layer DDoS attacks can be properly detected, while the number of false alarms remains very low.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.