Zubair A. Baig

Pattern recognition for detecting distributed node exhaustion attacks in wireless sensor networks

Malicious attacks when launched by the adversary-class against sensor nodes of a wireless sensor network, can disrupt routine operations of the network. The mission-critical nature of these networks signifies the need to protect sensory resources against all such attacks. Distributed node exhaustion attacks are such attacks that may be launched by the adversarial class from multiple ends of a wireless sensor network against a set of target sensor nodes. The intention of such attacks is the exhaustion of the victims limited energy resources. As a result of the attack, the incapacitated data-generating legitimate sensor nodes are replaced with malicious nodes that will involve in further malicious activity against sensory resources. One such activity is the generation of fictitious sensory data to misguide emergency response systems to mobilize unwanted contingency activity. In this paper, a model is proposed for such an attack based on network traffic flow. In addition, a distributed mechanism for detecting such attacks is also defined. Specific network topology-based patterns are defined to model normal network traffic flow, and to facilitate differentiation between legitimate traffic packets and anomalous attack traffic packets. The performance of the proposed attack detection scheme is evaluated through simulation experiments, in terms of the size of the sensor resource set required for participation in the detection process for achieving a desired level of attack detection accuracy. The results signify the need for distributed pattern recognition for detecting distributed node exhaustion attacks in a timely and accurate manner.

Review: Multi-agent systems for protecting critical infrastructures: A survey

Multi-agent systems have emerged as a very significant platform in provisioning distributed and collaborative services to critical applications. Such applications require ubiquitous agent presence in the environment for monitoring, collecting data, communication, and subsequent data analysis, where the sensitivity of the applications nature cannot be understated. Recent advances in the field of autonomous, ubiquitous, intelligent and distributed computing have led to corresponding developments in the use of collaborating multi-agents to protect critical infrastructures. Such systems have witnessed crucial demand for deployment in diverse application scenarios such as E-commerce, E-health, Network Intrusion Detection, Telematics and Transport Systems, Environmental Monitoring, as well as for distributed information processing in general. Critical infrastructures have longed for a distributed system in place for their uninterrupted and accurate operations. Multi-agents have provided one such approach towards addressing the issue of protecting such infrastructures through collaborative and distributed information processing. In this paper, a state-of-the-art on the use of multi-agent based systems for protecting five most common critical infrastructures, is presented.

GMDH-based networks for intelligent intrusion detection

Abstract Network intrusion detection has been an area of rapid advancement in recent times. Similar advances in the field of intelligent computing have led to the introduction of several classification techniques for accurately identifying and differentiating network traffic into normal and anomalous. Group Method for Data Handling (GMDH) is one such supervised inductive learning approach for the synthesis of neural network models. Through this paper, we propose a GMDH-based technique for classifying network traffic into normal and anomalous. Two variants of the technique, namely, Monolithic and Ensemble-based, were tested on the KDD-99 dataset. The dataset was preprocessed and all features were ranked based on three feature ranking techniques, namely, Information Gain, Gain Ratio, and GMDH by itself. The results obtained proved that the proposed intrusion detection scheme yields high attack detection rates, nearly 98%, when compared with other intelligent classification techniques for network intrusion detection.

An Analysis of Smart Grid Attacks and Countermeasures

The threat of malicious attacks against the security of the Smart Grid infrastructure cannot be overlooked. The ever-expanding nature of smart grid user base implies that a larger set of vulnerabilities are exploitable by the adversary class to launch malicious attacks. Extensive research has been conducted to identify various threat types against the smart grid, and to propose counter-measures against these. Work has also been done to measure the significance of threats and how attacks can be perpetrated in a smart grid environment. Through this paper, we categorize these smart grid threats, and how they can transpire into attacks. In particular, we provide five different categories of attack types, and also perform an analysis of the various countermeasures thereof proposed in the literature. 

Distributed denial-of-service attacks against HTTP/2 services

HTTP/2 is the second major version of the HTTP protocol published by the internet engineering steering group. The protocol is designed to improve reliability and performance Such enhancements have thus delineated the protocol as being more vulnerable to distributed denial-of-service (DDoS) attacks when compared to its predecessor. Recent phenomenon showed that legitimate traffic or flash crowds could have high-traffic flow characteristics as seen in DDoS attacks. In this paper, we demonstrate that legitimate HTTP/2 flash crowd traffic can be launched to cause denial of service. To the best of our knowledge, no previous study has been conducted to analyse the effect of both DDoS as well as flash crowd traffic against HTTP/2 services. Results obtained prove the effect of such attacks when tested under four varying protocol-dependant attack scenarios.

Fuzzy Logic-Based Decision Making for Detecting Distributed Node Exhaustion Attacks in Wireless Sensor Networks

Recent advances in the field of wireless networks have entailed collateral growth in the number of possible malicious attacks against them. A significant amount of work has been done towards ensuring security of a class of such networks, namely, Wireless Sensor Networks. Considering the untrusted environments of operations of such networks, the threat of distributed attacks against constrained resources i.e. sensor power, computation and communication capabilities cannot be overlooked. In [1], we modeled a class of attack called a distributed denial of service attack in such networks, and proposed a pattern-based scheme to detect such attacks. The limitation of this proposed scheme was on the lack of a tradeoff mechanism between improved performance of the detection scheme (higher detection rates) and corresponding increase in the use of the energy resources of the sensor nodes participating in the detection process. In this paper, we propose a fuzzy logic-based approach towards achieving demarkation in the values of specific parameters of the detection scheme, so as to ascertain a reasonable tradeoff between attack detection and node energy utilization. Simulation results depict the use of a fuzzy-based approach for addressing the energy-detection rate tradeoff problem effectively.

Controlled access to cloud resources for mitigating Economic Denial of Sustainability (EDoS) attacks

Cloud computing is a paradigm that provides scalable IT resources as a service over the Internet. Vulnerabilities in the cloud infrastructure have been readily exploited by the adversary class. Therefore, providing the desired level of assurance to all stakeholders through safeguarding data (sensitive or otherwise) which is stored in the cloud, is of utmost importance. In addition, protecting the cloud from adversarial attacks of diverse types and intents, cannot be understated. Economic Denial of Sustainability (EDoS) attack is considered as one of the concerns that has stalled many organizations from migrating their operations and/or data to the cloud. This is because an EDoS attack targets the financial component of the service provider. In this work, we propose a novel and reactive approach based on a rate limit technique, with low overhead, to detect and mitigate EDoS attacks against cloud-based services. Through this reactive scheme, a limited access permission for cloud services is granted to each user. Experiments were conducted in a laboratory cloud setup, to evaluate the performance of the proposed mitigation technique. Results obtained show that the proposed approach is able to detect and prevent such an attack with low cost and overhead.

Controlled Virtual Resource Access to Mitigate Economic Denial of Sustainability (EDoS) Attacks against Cloud Infrastructures

Service providers of the cloud have witnessed a rapidly growing demand to provide services to end-users in a timely manner. Security vulnerabilities against the cloud infrastructure cannot be overlooked. Through exploitation of such weaknesses, the adversary class may disrupt routine cloud operations, and have a debilitating effect on the reputation of the service provider. One attack type specifically affecting cloud services is the Economic Denial of Sustainability (EDoS) attack. Through such a malicious attack, the ability of the service provider to dynamically stretch and accommodate increasing numbers of requests from end-users, is exploited, to make it economically unviable for the service provider to sustain further demand for service from legitimate end-users. In this paper, we propose a novel approach for selectively controlling user requests for service, implemented at the service providers end. Through this scheme, we reduce i.e mitigate the effects of an imminent EDoS attack against critical cloud resources. Incoming requests are classified into normal or suspicious. Subsequently, further analysis is conducted to ensure that priority to cloud service access is given to those end-users tagged as being legitimate, whereas, suspect users are given lesser priority to service access, until they are eventually removed from the suspect list. Simulations were conducted to study the performance of the scheme, with results showing promise.

Real-time QoS-aware video streaming: a comparative and experimental study

Due to its flexibility, scalability, real-time, and rich QoS features, Data Distribution Service (DDS) middleware provides seamless integration with high-performance, real-time, and mission-critical networks. Unlike traditional client-server communication models, DDS is based on the publish/subscribe communication model. DDS improves video streaming quality through its efficient and high-performance data delivery mechanism. This paper studies and investigates how DDS is suitable for streaming real-time full-motion video over a communication network. Experimental studies are conducted to compare video streaming using a the VLC player with the DDS overlay. Our results depict the superiority of DDS in provisioning quality video streams at the cost of low network bandwidth. The results also show that DDS is more scalable and flexible and is a promised technology for video distribution over IP networks where it uses much less bandwidth while maintaining high quality video stream delivery.

On the use of pattern matching for rapid anomaly detection in smart grid infrastructures

The Smart Grid Infrastructure (SGI) has emerged as a necessary and critical platform for provisioning intelligent and accurate services to consumers of the electric grid, in recent times. With the emergence of this infrastructure and accompanying technologies, the need for securing the same from malicious attempts by the adversary class to disrupt routine operations, cannot be understated. A standard SGI may consist of disparate and heterogeneous devices, cooperating and exchanging customer-specific data (readings), obtained from smart meters. Some of the devices connected to the SGI, such as sensors and actuators, are resource-constrained in nature. In addition, an omnipresent threat to the SGI, from the adversary class in cyberspace, does indeed exist. In this paper, a brief description of various types of malicious attacks against SGI operations, is presented. In addition, a light-weighted pattern matching technique for detecting such attacks, is discussed. The proposed scheme is capable of detecting anomalous device behavior at various levels of the SGI hierarchy, at the same time imposing minimal overhead in terms of communication and storage needed.