A Network Traffic Representation Model for Detecting Application Layer Attacks

Cambiaso, et.al. Enrico

doi:10.12785/ijcds/050104

Cited by 5 publications

(3 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Particularly, while it may be trivial to detect and mitigate a single attacking node (by filtering out the source IP address), as Slow DoS Attacks could be distributed to multiple nodes, detection of a distributed attack may not be easy, especially considering real-time requirements [71]. Nevertheless, identification and mitigation of Slow DoS Attacks is proposed in the literature, especially considering anomaly-based intrusion detection systems by making use of statistics [72], spectral analysis [71], Fourier transform [64], or by defining in detail metrics characterizing such kind of attacks [73].…”

Section: Considerations About Protection From Slowitementioning

confidence: 99%

SlowITe, a Novel Denial of Service Attack Affecting MQTT

Vaccari

Aiello

Cambiaso

2020

Sensors

View full text Add to dashboard Cite

Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we target the Message Queue Telemetry Transport (MQTT) protocol used in IoT environments for communication between IoT devices. We exploit a specific weakness of MQTT which was identified during our research, allowing the client to configure the behavior of the server. In order to validate the possibility to exploit such vulnerability, we propose SlowITe, a novel low-rate denial of service attack aimed to target MQTT through low-rate techniques. We validate SlowITe against real MQTT services, considering both plain text and encrypted communications and comparing the effects of the threat when targeting different daemons. Results show that the attack is successful and it is able to exploit the identified vulnerability to lead a DoS on the victim with limited attack resources.

show abstract

Section: Considerations About Protection From Slowitementioning

confidence: 99%

SlowITe, a Novel Denial of Service Attack Affecting MQTT

Vaccari

Aiello

Cambiaso

2020

Sensors

View full text Add to dashboard Cite

show abstract

“…Instead, slow DoS attacks are detected by using a Fourier transform and mutual information in [82]. Information are extracted by analyzing the features of the network traffic containing attacks in [83], and finally, an intrusion detection system to detect slow DoS attacks from real-time network packets is proposed in [84]. Such scientific works can be used as a starting point for developing a SlowTT attack detection system, and machine learning algorithms or artificial intelligence algorithms may be adopted to classify the attack.…”

Section: Detection Systems and Algorithmsmentioning

confidence: 99%

SlowTT: A Slow Denial of Service against IoT Networks

2020

View full text Add to dashboard Cite

The security of Internet of Things environments is a critical and trending topic, due to the nature of the networks and the sensitivity of the exchanged information. In this paper, we investigate the security of the Message Queue Telemetry Transport (MQTT) protocol, widely adopted in IoT infrastructures. We exploit two specific weaknesses of MQTT, identified during our research activities, allowing the client to configure the KeepAlive parameter and MQTT packets to execute an innovative cyber threat against the MQTT broker. In order to validate the exploitation of such vulnerabilities, we propose SlowTT, a novel “Slow” denial of service attack aimed at targeting MQTT through low-rate techniques, characterized by minimum attack bandwidth and computational power requirements. We validate SlowTT against real MQTT services, by considering both plaintext and encrypted communications and by comparing the effects of the attack when targeting different application daemons and protocol versions. Results show that SlowTT is extremely successful, and it can exploit the identified vulnerability to execute a denial of service against the IoT network by keeping the connection alive for a long time.

show abstract

“…The authors of paper [12] presented a model aimed at detecting attacks targeting the application layer of the victim and working over the TCP transport protocol. With this model the authors extrapolated information potentially capable of detecting the executed threats.…”

Section: Selected Papers From Normal Submissionmentioning

confidence: 99%