Detection of economic denial of sustainability (EDoS) threats in self-organizing networks

Monge, Marco Antonio Sotelo; Vidal, Jorge Maestre; Pérez, Gregorio Martínez

doi:10.1016/j.comcom.2019.07.002

Cited by 28 publications

(5 citation statements)

References 56 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“… DCIS will also be highly correlated with TRD and CDA. It is safe to assume that a high dependency on CIS infrastructure is linked to a higher chance of collateral damage should this infrastructure be attacked [ 83 ]. …”

Section: Mission-level Cysas-s3mentioning

confidence: 99%

Introducing the CYSAS-S3 Dataset for Operationalizing a Mission-Oriented Cyber Situational Awareness

Choumanof

Sánchez

Mayo

et al. 2022

Sensors

Self Cite

View full text Add to dashboard Cite

The digital transformation of the defence sector is not exempt from innovative requirements and challenges, with the lack of availability of reliable, unbiased and consistent data for training automatisms (machine learning algorithms, decision-making, what-if recreation of operational conditions, support the human understanding of the hybrid operational picture, personnel training/education, etc.) being one of the most relevant gaps. In the context of cyber defence, the state-of-the-art provides a plethora of data network collections that tend to lack presenting the information of all communication layers (physical to application). They are synthetically generated in scenarios far from the singularities of cyber defence operations. None of these data network collections took into consideration usage profiles and specific environments directly related to acquiring a cyber situational awareness, typically missing the relationship between incidents registered at the hardware/software level and their impact on the military mission assets and objectives, which consequently bypasses the entire chain of dependencies between strategic, operational, tactical and technical domains. In order to contribute to the mitigation of these gaps, this paper introduces CYSAS-S3, a novel dataset designed and created as a result of a joint research action that explores the principal needs for datasets by cyber defence centres, resulting in the generation of a collection of samples that correlate the impact of selected Advanced Persistent Threats (APT) with each phase of their cyber kill chain, regarding mission-level operations and goals.

show abstract

Section: Mission-level Cysas-s3mentioning

confidence: 99%

Introducing the CYSAS-S3 Dataset for Operationalizing a Mission-Oriented Cyber Situational Awareness

Choumanof

Sánchez

Mayo

et al. 2022

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…The characteristics and impact of EDoS are illustrated in Figure 2. An effect of EDoS attacks is that it becomes necessary to scale-up and scale-out the deployed environment resource by adding additional computational resources when the request packets of the attacker are consequently generated, flooding the resource [24]. Moreover, Figure 3 illustrates the CPU utilization of EDoS attacks in multi-variate time series.…”

Section: Edos Attack On Networkmentioning

confidence: 99%

MAN-EDoS: A Multihead Attention Network for the Detection of Economic Denial of Sustainability Attacks

Park

2021

Electronics

View full text Add to dashboard Cite

Cloud computing is one of the most modernized technology for the modern world. Along with the developments in the cloud infrastructure comes the risk of attacks that exploit the cloud services to exhaust the usage-based resources. A new type of general denial attack, called “economic denial of sustainability” (EDoS), exploits the pay-per-use service to scale-up resource usage normally and gradually over time, finally bankrupting a service provider. The stealthiness of EDoS has made it challenging to detect by most traditional mechanisms for the detection of denial-of-service attacks. Although some recent research has shown that multivariate time recurrent models, such as recurrent neural networks (RNN) and long short-term memory (LSTM), are effective for EDoS detection, they have some limitations, such as a long processing time and information loss. Therefore, an efficient EDoS detection scheme is proposed, which utilizes an attention technique. The proposed attention technique mimics cognitive attention, which enhances the critical features of the input data and fades out the rest. This reduces the feature selection processing time by calculating the query, key and value scores for the network packets. During the EDoS attack, the values of network features change over time. The proposed scheme inspects the changes of the attention scores between packets and between features, which can help the classification modules distinguish the attack flows from network flows. On another hand, our proposal scheme speeds up the processing time for the detection system in the cloud. This advantage benefits the detection process, but the risk of the EDoS is serious as long as the detection time is delayed. Comprehensive experiments showed that the proposed scheme can enhance the detection accuracy by 98%, and the computational speed is 60% faster compared to previous techniques on the available datasets, such as KDD, CICIDS, and a dataset that emerged from the testbed. Our proposed work is not only beneficial to the detection system in cloud computing, but can also be enlarged to be better with higher quality of training and technologies.

show abstract

“…As Jajodia et al stated in [27]: to protect critical network infrastructures and missions, we must understand not only the vulnerabilities of each individual system, but also their inter-dependencies and how they support missions, which gains difficulty when operating on emerging technological ecosystems [28,29], combining the perception of both insider and outsider threats [30] or facing adversarial evasion tactics [31,32] . At the same time, they proposed a framework to obtain mission-centric SA (Cauldron) combining data fusion, network paths of vulnerabilities, alert correlation, mission impact analysis and recommended reactive/proactive mitigation actions [33,34].…”

Section: Mission-centric Cyber Situational Awarenessmentioning

confidence: 99%

Understanding and Assessment of Mission-Centric Key Cyber Terrains for joint Military Operations

Martínez¹,

Vidal²,

González³

2021

Preprint

View full text Add to dashboard Cite

Since the cyberspace consolidated as fifth warfare dimension, the different actors of the defense sector began an arms race toward achieving cyber superiority, on which research, academic and industrial stakeholders contribute from a dual vision, mostly linked to a large and heterogeneous heritage of developments and adoption of civilian cybersecurity capabilities. In this context, augmenting the conscious of the context and warfare environment, risks and impacts of cyber threats on kinetic actuations became a critical rule-changer that military decision-makers are considering. A major challenge on acquiring mission-centric Cyber Situational Awareness (CSA) is the dynamic inference and assessment of the vertical propagations from situations that occurred at the mission supportive Information and Communications Technologies (ICT), up to their relevance at military tactical, operational and strategical views. In order to contribute on acquiring CSA, this paper addresses a major gap in the cyber defence state-of-the-art: the dynamic identification of Key Cyber Terrains (KCT) on a mission-centric context. Accordingly, the proposed KCT identification approach explores the dependency degrees among tasks and assets defined by commanders as part of the assessment criteria. These are correlated with the discoveries on the operational network and the asset vulnerabilities identified thorough the supported mission development. The proposal is presented as a reference model that reveals key aspects for mission-centric KCT analysis and supports its enforcement and further enforcement by including an illustrative application case.

show abstract

Detection of economic denial of sustainability (EDoS) threats in self-organizing networks

Cited by 28 publications

References 56 publications

Introducing the CYSAS-S3 Dataset for Operationalizing a Mission-Oriented Cyber Situational Awareness

Introducing the CYSAS-S3 Dataset for Operationalizing a Mission-Oriented Cyber Situational Awareness

MAN-EDoS: A Multihead Attention Network for the Detection of Economic Denial of Sustainability Attacks

Understanding and Assessment of Mission-Centric Key Cyber Terrains for joint Military Operations

Contact Info

Product

Resources

About