Detecting and confronting flash attacks from IoT botnets

Kumar, C. U. Om; Bhama, Ponsy R. K. Sathia

doi:10.1007/s11227-019-03005-2

Cited by 45 publications

(29 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Even though crypto-mining attacks are a fairly new phenomenon, they have attracted significant attention in the security landscape. Some research works have concentrated on crypto mining in general computer systems [18] whilst others have narrowed the scope to critical infrastructure and IoT [19]. Muhammad et al [20] propose an end-to-end analysis of browser-based crypto mining by statically and dynamically examining the rise of crypto mining in the real world cases.…”

Section: Related Workmentioning

confidence: 99%

Demystifying Cryptocurrency Mining Attacks: A Semi-supervised Learning Approach Based on Digital Forensics and Dynamic Network Characteristics

Zimba

Ngongola-Reinke

Chishimba³

et al. 2021

zictjournal

View full text Add to dashboard Cite

Cryptocurrencies have emerged as a new form of digital money that has not escaped the eyes of cyber-attackers. Traditionally, they have been maliciously used as a medium of exchange for proceeds of crime in the cyber dark-market by cyber-criminals. However, cyber-criminals have devised an exploitative technique of directly acquiring cryptocurrencies from benign users' CPUs without their knowledge through a process called crypto mining. The presence of crypto mining activities in a network is often an indicator of compromise of illegal usage of network resources for crypto mining purposes. Crypto mining has had a financial toll on victims such as corporate networks and individual home users. This paper addresses the detection of crypto mining attacks in a generic network environment using dynamic network characteristics. It tackles an in-depth overview of crypto mining operational details and proposes a semi-supervised machine learning approach to detection using various crypto mining features derived from complex network characteristics. The results demonstrate that the integration of semi-supervised learning with complex network theory modeling is effective at detecting crypto mining activities in a network environment. Such an approach is helpful during security mitigation by network

show abstract

Section: Related Workmentioning

confidence: 99%

Demystifying Cryptocurrency Mining Attacks: A Semi-supervised Learning Approach Based on Digital Forensics and Dynamic Network Characteristics

Zimba

Ngongola-Reinke

Chishimba³

et al. 2021

zictjournal

View full text Add to dashboard Cite

show abstract

“…The common goal of these attacks is to create an imbalance in the frequency appreciated by power generators' security mechanisms due to a sudden surge. Those sort of attacks have been called load changing Distributed DoS or Grid-Shock [10], and they can cause damage to machinery, power cut-outs and (consequently) huge monetary loss (another name for this sort of attack is Flash Attacks [15]).…”

Section: Security Concerns and Related Workmentioning

confidence: 99%

Modelling Load-Changing Attacks in Cyber-Physical Systems

Arnaboldi¹,

Czekster²,

Metere³

et al. 2019

Preprint

View full text Add to dashboard Cite

Cyber-Physical Systems (CPS) are present in many settings addressing a myriad of purposes. Examples are Internet-of-Things (IoT) or sensing software embedded in appliances or even specialised meters that measure and respond to electricity demands in smart grids. Due to their pervasive nature, they are usually chosen as recipients for larger scope cyber-security attacks. Those promote system-wide disruptions and are directed towards one key aspect such as confidentiality, integrity, availability or a combination of those characteristics. Our paper focuses on a particular and distressing attack where coordinated malware infected IoT units are maliciously employed to synchronously turn on or off high-wattage appliances, affecting the grid's primary control management. Our model could be extended to larger (smart) grids, Active Buildings as well as similar infrastructures. Our approach models Coordinated Load-Changing Attacks (CLCA) also referred as GridLock or BlackIoT, against a theoretical power grid, containing various types of power plants. It employs Continuous-Time Markov Chains where elements such as Power Plants and Botnets are modelled under normal or attack situations to evaluate the effect of CLCA in power reliant infrastructures. We showcase our modelling approach in the scenario of a power supplier (e.g. power plant) being targeted by a botnet. We demonstrate how our modelling approach can quantify the impact of a botnet attack and be abstracted for any CPS system involving power load management in a smart grid. Our results show that by prioritising the type of power-plants, the impact of the attack may change: in particular, we find the most impacting attack times and show how different strategies impact their success. We also find the best power generator to use depending on the current demand and strength of attack.

show abstract

“…IoT devices have gained significant popularity over the last two decades due to their worldwide connectivity, allowing them to communicate and exchange knowledge with other techniques and intelligence. 1,2 It is a group of smart devices like sensors, phones, computers, mobiles, and home appliances interlinked by the internet. 3 These kinds of devices are becoming an important segment of our daily life and are offering different benefits like smart grid, 4 smart cities, 5 and smart agriculture.…”

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Effective intrusion detection system for IoT using optimized capsule auto encoder model

Kumar¹,

Durairaj²,

Ali³

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

Intrusion Detection Systems (IDS) play a major part in protecting security threats and networks from attacks. Due to the rapid development of the internet of things (IoT), more cyber‐attacks are attacking these devices. Various security challenges still occur on IoT devices since most of them have limited security mechanisms. Hence, this paper introduces a combination of linear and non‐linear space transformation models for IDS. Independent component analysis (ICA) is employed for linear transformation to obtain an orthogonal space, and a dual‐phase distance metric learning method (D‐DML) is utilized to obtain an optimal distance metric. The Gaussian radial basis function (GRBF) model is employed for non‐linear transformation. Then these features of linear and non‐linear models are integrated and classified by capsule auto encoder with a hybrid kernel function (HKCAE) which classifies normal and malicious attacks. Guidance of the capuchin search algorithm (CSA) is employed to optimize the HKCAE parameters during prediction attack prediction. The performance of the implemented approach is compared with the other approaches with some measures like precision, accuracy, sensitivity, F‐score, and specificity benchamrked through UNSW‐15 and BoT‐IoT datasets. The accuracy of the developed scheme is 0.9973 and 0.999 on UNSW‐15 and BoT‐IoT datasets, respectively.

show abstract

Detecting and confronting flash attacks from IoT botnets

Cited by 45 publications

References 35 publications

Demystifying Cryptocurrency Mining Attacks: A Semi-supervised Learning Approach Based on Digital Forensics and Dynamic Network Characteristics

Demystifying Cryptocurrency Mining Attacks: A Semi-supervised Learning Approach Based on Digital Forensics and Dynamic Network Characteristics

Modelling Load-Changing Attacks in Cyber-Physical Systems

Effective intrusion detection system for IoT using optimized capsule auto encoder model

Contact Info

Product

Resources

About