Smart NCAP supporting Low-Rate DDoS Detection for IEEE 21451-1-5 Internet of Things

Ren, Jie; Liu, Yi; Wu, Jun; Li, Jianhua; Wang, Kuan

doi:10.1109/icphys.2019.8780132

Cited by 3 publications

(3 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Chen et al introduced power spectrum entropybased detection and mitigation of LDoS attacks [16]. Ren et al proposed a method for detecting LDDoS attack traffic using a linear multiple regression model with Simple Network Management Protocol contents [17]. Lin et al proposed a fair robust random early detection (FRRED) algorithm, a TCPfriendly AQM algorithm to improve the performance in terms of throughput and fairness [18].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Is low‐rate distributed denial of service a great threat to the Internet?

Chen

Wei

et al. 2021

IET Information Security

View full text Add to dashboard Cite

Low-rate Distributed Denial of Service (LDDoS) attacks, in which the attackers send packets to a victim at a sufficiently low rate to avoid being detected, are considered to be a subtype of DDoS attacks and a potential threat to Internet security. However, an overwhelming attack paradigm on the Internet has rarely been reported due to the harsh requirements for launching LDDoS attacks; therefore, most existing LDDoS attacks are constructed and evaluated through theoretical deduction and/or simulation tests. In this backdrop, the authors aim to figure out what the conditions for launching a successful LDDoS attack are, and how harmful an attack could be. They first analyse the characteristics of LDDoS attacks, and derive the conditions and parameters for initiating LDDoS attacks using a queuing model. Based on the analysis results, an LDDoS algorithm is presented. Then, an LDDoS validation prototype is built on a Network Function Virtualization network to validate the derived parameters and conditions. Finally, a series of experiments are conducted on the testbed, and the results show that a successful LDDoS attack could be achieved based on the derived algorithm; however, its attack effect only lasts for a short time compared with its DDoS counterparts.This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Ren et al. proposed a method for detecting LDDoS attack traffic using a linear multiple regression model with Simple Network Management Protocol contents [17]. Lin et al.…”

Section: Related Workmentioning

confidence: 99%

Is low‐rate distributed denial of service a great threat to the Internet?

Chen

Wei

et al. 2021

IET Information Security

View full text Add to dashboard Cite

show abstract

“…According to the characteristics of Software-Defined Network (SDN) data flow, they used information distance to quantify the deviation of traffic under different probability distributions as a metric to detect attack behavior. Ren et al [15] proposed a smart NCAP that supports LDDoS detection and proposed a method to detect LDDoS attack traffic using a linear multiple regression model with Simple Network Management Protocol (SNMP) content. Agrawal and Tapaswi [16] proposed a power spectral density (PSD)-based method to detect and mitigate LDDoS attacks in the frequency domain.…”

Section: Related Workmentioning

confidence: 99%

Can Multipath TCP Be Robust to Cyber Attacks? A Measuring Study of MPTCP with Active Queue Management Algorithms

Cao

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

With the development of social networks, more and more mobile social network devices have multiple interfaces. Multipath TCP (MPTCP), as an emerging transmission protocol, can fit multiple link bandwidths to improve data transmission performance and improve user experience quality. At the same time, due to the large-scale deployment and application of emerging technologies such as the Internet of Things and cloud computing, cyber attacks against MPTCP have gradually increased. More and more network security research studies point out that low-rate distributed denial of service (LDDoS) attacks are relatively popular and difficult to detect and are recognized as one of the most severe threats to network services. This article introduces six classic queue management algorithms: DropTail, RED, FRED, REM, BLUE, and FQ. In a multihomed network environment, we perform the performance evaluation of MPTCP under LDDoS attacks in terms of throughput, delay, and packet loss rate when using the six algorithms, respectively, by simulations. The results show that in an MPTCP-enabled multihomed network, different queue management algorithms have different throughput, delay, and packet loss rate performance when subjected to LDDoS attacks. Considering these three performance indicators comprehensively, the FRED algorithm has better performance. By adopting an effective active queue management (AQM) algorithm, the MPTCP transmission system can enhance its robustness capability, thus improving transmission performance. We suggest that when designing and improving the queue management algorithm, the antiattack performance of the algorithm should be considered: (1) it can adjust the traffic speed by optimizing the congestion control mechanism; (2) the fairness of different types of data streams sharing bandwidth is taken into consideration; and (3) it has the ability to adjust the parameters of the queue management algorithm in a timely and accurate manner.

show abstract