Wyniki wyszukiwania - BazTech

1

Nordic countries in the face of digital threats

Kaczmarek Krzysztof

Cybersecurity and Law

|

2024

|

Vol. 11 (1)

151--161

EN

Technological advances and the digital revolution have caused much of social activity to move online. The Internet has become a tool without which it is difficult to imagine the functioning of modern states. However, it is also some of conflicts between states that have moved online, and states with the highest degree of digitization, which include the Nordic states, have become a target of attacks by other states or organizations. In this article, the Author will attempt to answer the question of how the Nordic states and their societies defend themselves against cyber threats. The characteristics of the attacks carried out against them and the levels of digitization of the societies will also be compared.

PL

Postęp technologiczny i rewolucja cyfrowa sprawiły, że znaczna część aktywności spo-łecznych przeniosła się do sieci. Internet stał się narzędziem, bez którego trudno wyobra¬zić sobie funkcjonowanie współczesnych państw. Jednocześnie część konfliktów między państwami także przeniosła się do sieci, a państwa o najwyższym stopniu cyfryzacji, do których można zaliczyć państwa nordyckie, stały się celem ataków innych państw lub or-ganizacji. W artykule autor podjął próbę odpowiedzi na pytanie: W jaki sposób państwa nor¬dyckie i ich społeczeństwa bronią się przed cyberzagrożeniami? Porównał charakterysty¬ki przeprowadzanych przeciwko nim ataków oraz poziomy cyfryzacji społeczeństw.

2

On Implementation of Efficient Inline DDoS Detector Based on AATAC Algorithm

Wiśniewski Piotr, Sosnowski Maciej, Burakowski Wojciech

International Journal of Electronics and Telecommunications

|

2022

|

Vol. 68. No. 4

889--898

EN

Distributed Denial of Service (DDoS) attacks constitute a major threat in the current Internet. These cyber-attacks aim to flood the target system with tailored malicious network traffic overwhelming its service capacity and consequently severely limiting legitimate users from using the service. This paper builds on the state-of-the-art AATAC algorithm (Autonomous Algorithm for Traffic Anomaly Detection) and provides a concept of a dedicated inline DDoS detector capable of real-time monitoring of network traffic and near-real-time anomaly detection. The inline DDoS detector consists of two main elements: 1) inline probe(s) responsible for link-rate real-time processing and monitoring of network traffic with custom-built packet feature counters, and 2) an analyser that performs the near-real-time statistical analysis of these counters for anomaly detection. These elements communicate asynchronously via the Redis database, facilitating a wide range of deployment scenarios. The inline probes are based on COTS servers and utilise the DPDK framework (Data Plane Development Kit) and parallel packet processing on multiple CPU cores to achieve link rate traffic analysis, including tailored DPI analysis.

3

Exact and approximation algorithms for sensor placement against DDoS attacks

Junosza-Szaniawski Konstanty, Nogalski Dariusz, Rzążewski Paweł

International Journal of Applied Mathematics and Computer Science

|

2022

|

Vol. 32, no. 1

35--49

EN

In a distributed denial of service (DDoS) attack, the attacker gains control of many network users through a virus. Then the controlled users send many requests to a victim, leading to its resources being depleted. DDoS attacks are hard to defend because of their distributed nature, large scale and various attack techniques. One possible mode of defense is to place sensors in a network that can detect and stop an unwanted request. However, such sensors are expensive, as a result of which there is a natural question as to the minimum number of sensors and their optimal placement required to get the necessary level of safety. Presented below are two mixed integer models for optimal sensor placement against DDoS attacks. Both models lead to a trade-off between the number of deployed sensors and the volume of uncontrolled flow. Since the above placement problems are NP-hard, two efficient heuristics are designed, implemented and compared experimentally with exact mixed integer linear programming solvers.

4

A holistic study on the use of blockchain technology in CPS and IoT architectures maintaining the CIA triad in data communication

Bhattacharjya Aniruddha

International Journal of Applied Mathematics and Computer Science

|

2022

|

Vol. 32, no. 3

403--413

EN

Blockchain-based cyber-physical systems (CPSs) and the blockchain Internet of things (BIoT) are two major focuses of the modern technological revolution. Currently we have security attacks like distributed denial-of-service (DDoS), address resolution protocol (ARP) spoofing attacks, various phishing and configuration threats, network congestion, etc. on the existing CPS and IoT architectures. This study conducts a complete survey on the flaws of the present centralized IoT system’s peer-to-peer (P2P) communication and the CPS architecture’s machine-to-machine (M2M) communication. Both these architectures could use the inherent consensus algorithms and cryptographic advantages of blockchain technology. To show how blockchain technology can resolve the flaws of the existing CPS and IoT architectures while maintaining confidentiality, integrity, and availability (the CIA triad), we conduct a holistic survey here on this topic and discuss the research focus in the domain of the BIoT. Then we analyse the similarities and dissimilarities of blockchain technology in IoT and CPS architectures. Finally, it is well understood that one should explore whether blockchain technology will give advantages to CPS and IoT applications through a decision support system (DSS) with a relevant mathematical model, so here we provide the DSS with such a model for this purpose.

5

Markov Decision Process based Model for Performance Analysis an Intrusion Detection System in IoT Networks

Kalnoor Gauri, Gowrishankar

Journal of Telecommunications and Information Technology

|

2021

|

nr 3

42--49

EN

In this paper, a new reinforcement learning intrusion detection system is developed for IoT networks incorporated with WSNs. A research is carried out and the proposed model RL-IDS plot is shown, where the detection rate is improved. The outcome shows a decrease in false alarm rates and is compared with the current methodologies. Computational analysis is performed, and then the results are compared with the current methodologies, i.e. distributed denial of service (DDoS) attack. The performance of the network is estimated based on security and other metrics.

6

Detection of DDoS Attacks in OpenStack-based Private Cloud Using Apache Spark

Gumaste Shweta, G. Narayan D., Shinde Sumedha, K. Amit

Journal of Telecommunications and Information Technology

|

2020

|

nr 4

62--71

EN

Security is a critical concern for cloud service providers. Distributed denial of service (DDoS) attacks are the most frequent of all cloud security threats, and the consequences of damage caused by DDoS are very serious. Thus, the design of an efficient DDoS detection system plays an important role in monitoring suspicious activity in the cloud. Real-time detection mechanisms operating in cloud environments and relying on machine learning algorithms and distributed processing are an important research issue. In this work, we propose a real-time detection of DDoS attacks using machine learning classifiers on a distributed processing platform. We evaluate the DDoS detection mechanism in an OpenStack-based cloud testbed using the Apache Spark framework. We compare the classification performance using benchmark and real-time cloud datasets. Results of the experiments reveal that the random forest method offers better classifier accuracy. Furthermore, we demonstrate the effectiveness of the proposed distributed approach in terms of training and detection time.

7

Exact and approximation algorithms for sensor placement against DDoS attacks

Junosza-Szaniawski Konstanty, Nogalski Dariusz, Wójcik Agnieszka

Annals of Computer Science and Information Systems

|

2020

|

Vol. 21

295--301

EN

In DDoS attack (Distributed Denial of Service), an attacker gains control of many network users by a virus. Then the controlled users send many requests to a victim, leading to lack of its resources. DDoS attacks are hard to defend because of distributed nature, large scale and various attack techniques. One of possible ways of defense is to place sensors in the network that can detect and stop an unwanted request. However, such sensors are expensive so there is a natural question about a minimum number of sensors and their optimal placement to get the required level of safety. We present two mixed integer models for optimal sensor placement against DDoS attacks. Both models lead to a trade-off between the number of deployed sensors and the volume of uncontrolled flow. Since above placement problems are NP-hard, two efficient heuristics are designed, implemented and compared experimentally with exact linear programming solvers.

8

Protection of resources of an SDN virtual network that utilises hidden ID tags, a hidden network driver and HSwitch hidden switching

Ścibiorek Przemysław, Piotrowski Zbigniew

Elektronika : konstrukcje, technologie, zastosowania

|

2019

|

Vol. 60, nr 9

16--18

EN

The article presents a concept of use of a hidden data layer (HDL) in software defined networks (SDN). It also describes verification of integrity of network elements for a dedicated sdn network through their authentication using hidden id tags. Moreover, it presents a concept of protection of sdn network against ddos attacks using a hidden switching mechanism (HSwitch). The proposed solutions may become new standards for protection of network resources using data hiding technique.

PL

W artykule przedstawiono koncepcję wykorzystania skrytej warstwy danych (HDL) w zastosowaniu do Sieci Definiowanych Programowo (SDN). Opisano mechanizm weryfikacji integralności elementów sieciowych dla dedykowanej sieci SDN poprzez ich uwierzytelnienie z wykorzystaniem skrytych znaczników ID hidden. Przedstawiono koncepcję ochrony sieci SDN przed atakami typu DDoS z wykorzystaniem mechanizmu skrytego przełączania (HSwitch). Zaproponowane rozwiązania mogą stać się nowymi standardami ochrony zasobów sieciowych z wykorzystaniem techniki ukrywania danych.

9

Design of a distributed HIDS for IoT backbone components

de O. Kfouri Guilherme, Gonçalves Daniel G. V., Dutra Bruno V., de Alencastro João F., de Caldas Filho Francisco L., e Martins Lucas M. C., Praciano Bruno J. G., de O. Albuquerque Robson, de Sousa Jr Rafael T.

Annals of Computer Science and Information Systems

|

2019

|

Vol. 20

81--88

EN

Nowadays DDoS attacks using IoT devices are frequent and extensive. Given that IoT network instances are distributed and deployed over conventional Internet gear, DDoS countermeasures in IoT need to be fully distributed and coordinated all over the components that form each IoT instance. This paper presents a designed and prototyped distributed host-based intrusion detection systems (HIDS) that aims to protect the components of IoT network backbones, comprising conventional switches and routers. In our design, a set of the proposed HIDS executes conventional security verifications, like default username and password, known attacks signatures, monitoring the usage of resources, processes, ports and open connections, while also interacting with a Controller of the HIDS set to allow the coordination of intrusion detection actions relative to DDoS attacks all over the IoT instance. The designed distributed HIDS is evaluated in a controlled environment that, although being a local and isolated network, realistically represents IoT network instances.

10

A framework for network intrusion detection using network programmability and data stream clustering machine learning algorithms

de Ribamar Lima Ribeiro Admilson, Moreno Ordonez Edward David, Alves Nascimento Anderson Clayton

Annals of Computer Science and Information Systems

|

2019

|

Vol. 20

57--63

EN

Several operational security mechanisms have been developed to mitigate malicious activity in the Internet. However, the most these mechanisms require a signature basis and present the inability to predict new malicious activity. Other anomaly-based mechanisms are inefficient due to the possibility of an attacker simulates legitimate traffic, which causes many false alarms. Thus, to overcome that problem, in this paper we present an anomaly-based framework that uses network programmability and machine learning algorithms over continuous data stream. Our approach overcomes the main challenges that occur when develop an anomaly-based system using machine learning techniques. We have done an experimental evaluation to demonstrate the feasibility of the proposed framework. In the experiments, we use a DDoS attack as network intrusion and we show that the technique attains an Accuracy of 98.98%, a Recall of 60%, a Precision of 60% and an FPR of 0.48% for 1% DDoS attack on the real normal traffic. This shows the effectiveness of our technique.

11

Real-time detection and mitigation of flood attacks in SDN networks

Neykov N.

Zeszyty Naukowe Uczelni Jana Wyżykowskiego. Studia z Nauk Technicznych

|

2017

|

Nr 6

171--182

EN

Distributed Denial of Service (DDoS) flooding attack threats are becoming more and more relevant due to the advances in the Software Defined Networks (SDN). This rising trend creates an emerging need for defense mechanisms against such attacks. In order to address those issues the following paper focuses primarily on the implementation of an automatic real-time DDoS defense application based on sFlow technology. Initially we start by constructing a special flow, bound to a metric in order to capture traffic of interest. As soon as the flow reaches a certain predefined metric level, it is sent to an analyzer. Next we implement a detection algorithm based on the event handling capabilities of the sFlow-RT real-time analyser. Finally, the algorithm is tested with emulation network Mininet using network traffic, resulting in quick and effective DDoS attack mitigation.

PL

Zagrożenia w wyniku rozproszonej odmowy usługi (DDos) w przypadku masowego ataku stają się coraz bardziej możliwe z uwagi na rozwój programowalnych sieci (SDN). Ten rosnący trend powoduje konieczność tworzenia mechanizmów obronnych na wypadek takich ataków. W celu odniesienia sie do takich zagadnień, artykuł ten przede wszystkim skupia się na wdrażaniu automatycznych, działających w czasie rzeczywistym aplikacji obronnych DDoS, opartych na technologii sFlow. Wstępnie rozpoczynamy od stworzenia określonego przepływu, związanego z pomiarem w celu wychwycenia jak duże jest zainteresowanie eksploracją danych. Jak tylko przepływ osiągnie pewien wcześniej określony poziom, informacja zostaje wysłana do analityka. Następnie wdrażamy algorytm wykrywania, w oparciu o zdarzenie, który posiada funkcje analityka sFlow dzialajacego w czasie rzeczywistym. Na koniec testuje się algorytm przy wykorzystaniu emulacyjnej sieci Mininet, wykorzystującej eksplorację danych, co w rezultacie szybko i w efektywny sposób niweluje masowy atak DDoS.

12

The analysis of efficiency and performance of intrusion prevention systems

Szarek M., Nycz M., Nienajadło S.

Zeszyty Naukowe Politechniki Rzeszowskiej. Elektrotechnika

|

2017

|

z. 36 [296], nr 1

53--65

EN

This article aims at presenting a comparative analysis of two intrusion detection and prevention systems, namely Snort and Suricata, run in the af-packet mode in the context of the efficiency of their protection against the denial of service attacks. The paper sets out, in statistical terms, the denial of service attacks and distributed denial-of-service attacks occurring around the world. In the further part of the research, penetration tests were conducted in order to assess comparatively analysis of the efficiency of IDS/IPS systems was carried out in the context of starting various numbers of network connected devices as well as in the case of sending packets with different sizes. This article is addressed to security systems administrators as well as to people involved in security systems implementation.

PL

Tematem artykułu jest analiza sprawności systemów wykrywania i zapobiegania włamaniom przed atakami odmowy usługi. W początkowej cześć artykuł w oparciu o wynik analiz, zaprezentowano skalę problemu omawianych zagrożeń. W kolejnych paragrafach przedstawiono metodykę badań określenia podatności na ataki odmowy usługi. Następnie przeprowadzono symulacje wydajności i skuteczności obrony przed atakami dwóch sieciowych systemów wykrywania włamań w segmencie open-source Snort i Suricata. Analizowano rozwiązania pracując w trybach nfqueue i af-packet, przy zestawie tych samych reguł. Przeprowadzone testy porównawcze z wykorzystaniem dwóch najpopularniejszy zagrożeń tj. Land i SYN Flood, wykazały przewagę rozwiązania Suricata w skuteczności wykrywania analizowanych ataków. Artykuł jest adresowany do osób zajmuj ących się wdrażaniem i administracją systemów zabezpieczeń.

13

Analiza podatności serwerów WWW w odniesieniu do ataków odmowy usługi

Szeliga P., Nycz M., Nienajadło S.

Zeszyty Naukowe Politechniki Rzeszowskiej. Elektrotechnika

|

2016

|

z. 35 [294], nr 2

35--46

PL

Artykuł jest adresowany w głównej mierze do osób zajmujących się bezpieczeństwem serwerów WWW. Praca rozpoczyna się od przedstawienia statystycznego ujęcia problemu, jakim są ataki DDoS. Autorzy kładą szczególny nacisk na problematykę ochrony serwerów przed szybko rozwijającymi się atakami odmowy usługi. W pracy przeanalizowano odporności podstawowych konfiguracji dla najpopularniejszych obecnie serwerów web. Na potrzeby badań zostało opracowane wirtualne środowisko testowe, na którym zrealizowano badania podatności wybranych systemów WWW. Celem wykonanej analizy jest rozpoznanie oraz omówienie podstawowych podatności serwera Apache oraz serwera IIS. Dla każdego z omawianych serwerów WWW autorzy zaimplementowali podstawowe mechanizmy ochrony. Artykuł jest adresowany do osób zajmujących się analizą oraz bezpieczeństwem serwerów web.

EN

The article is addressed primarily to those involved in the security of web servers. The work begins with the presentation of statistical treatment of the problem, which are DDoS attacks. The authors emphasize the problems of server protection against rapidly-evolving attacks denial of service. The study analyzed the resistance of the basic configuration for today's most popular web server. For the study, we have developed a virtual test environment, where the research was carried out vulnerability of selected sites. The aim of this analysis is to identify and discuss the fundamental vulnerability of Apache and IIS. For each of the Web servers authors have implemented the basic mechanisms of protection. The article is addressed to people involved in the analysis and the security of web servers.

14

Model laboratoryjny do badań federacyjnych systemów cyberbezpieczeństwa

Patkowski A. E.

Studia Bezpieczeństwa Narodowego

|

2014

|

R. 4, Nr 6

377--398

PL

W opracowaniu naszkicowano możliwości budowy najprostszego systemu obrony federacyjnej przed atakami DDoS. Przedstawiono również wybrane rozwiązania techniczne dla takiego systemu i zaprezentowano tani model laboratoryjny do badań jego właściwości oraz zachowania się. Adekwatność modelu osiągana jest dzięki wykorzystywaniu w badaniach, jako tła, ruchu sieciowego zarejestrowanego w reprezentatywnych lub docelowych sieciach. Wskazano możliwości badań z wykorzystaniem tego modelu i uzyskania odpowiedzi na pytania potencjalnych uczestników federacji.

EN

The paper outlines the possibility of building the simplest federal defense system against DDoS attacks. It also presents some technical solutions of such a system and presents a not expensive laboratory model for testing its properties and behavior. The adequacy of the model is achieved by using in research a network traﬃc which has been registered in representative (or target) networks. Some possibilities of tests and to get answers to questions of potential federation participants were indicated.

15

Cyber Defence : rozproszona obrona przed atakami DDdoS

Patkowski A. E.

Biuletyn Instytutu Automatyki i Robotyki

|

2011

|

R. 17, nr 31

3-15

PL

Przedstawiono propozycję federacyjnej obrony przez rozproszonymi atakami prowadzącymi do odmowy usługi (DDoS). Zaproponowano najprostsze, minimalne rozwiązanie takiej obrony. Cechy charakterystyczne to całkowicie rozproszona realizacja oraz zdolność do adaptowania się do zmiennego ruchu sieciowego. Osiągalny jest też efekt stopniowego upadku. Rozwiązanie może stanowić podstawę do budowania systemu obrony cyberprzestrzeni kraju.

EN

A proposal of a federal defense against distributed attacks causing denial of service (DDoS) is presented. This is a very simple, minimal solution of such a defense. Characteristic features are: a fully distributed implementation and the ability to adapt to the behavior of a network traffic. A gradually degradation during the attack is also allowed. The solution can provide a basis for building a national cyber-defense system.