The proliferation of Internet of Things(IoT)rapidly increases the possiblities of Simple Service Discovery Protocol(SSDP)reflection attacks.Most DDoS attack defence strategies deploy only to a certain type of devices ...The proliferation of Internet of Things(IoT)rapidly increases the possiblities of Simple Service Discovery Protocol(SSDP)reflection attacks.Most DDoS attack defence strategies deploy only to a certain type of devices in the attack chain,and need to detect attacks in advance,and the detection of DDoS attacks often uses heavy algorithms consuming lots of computing resources.This paper proposes a comprehensive DDoS attack defence approach which combines broad learning and a set of defence strategies against SSDP attacks,called Broad Learning based Comprehensive Defence(BLCD).The defence strategies work along the attack chain,starting from attack sources to victims.It defends against attacks without detecting attacks or identifying the roles of IoT devices in SSDP reflection attacks.BLCD also detects suspicious traffic at bots,service providers and victims by using broad learning,and the detection results are used as the basis for automatically deploying defence strategies which can significantly reduce DDoS packets.For evaluations,we thoroughly analyze attack traffic when deploying BLCD to different defence locations.Experiments show that BLCD can reduce the number of packets received at the victim to 39 without affecting the standard SSDP service,and detect malicious packets with an accuracy of 99.99%.展开更多
Reflection attacks are one of the most intimidating threats organizations face.A reflection attack is a special type of distributed denial-of-service attack that amplifies the amount of malicious traffic by using refl...Reflection attacks are one of the most intimidating threats organizations face.A reflection attack is a special type of distributed denial-of-service attack that amplifies the amount of malicious traffic by using reflectors and hides the identity of the attacker.Reflection attacks are known to be one of the most common causes of service disruption in large networks.Large networks perform extensive logging of NetFlow data,and parsing this data is an advocated basis for identifying network attacks.We conduct a comprehensive analysis of NetFlow data containing 1.7 billion NetFlow records and identified reflection attacks on the network time protocol(NTP)and NetBIOS servers.We set up three regression models including the Ridge,Elastic Net and LASSO.To the best of our knowledge,there is no work that studied different regression models to understand patterns of reflection attacks in a large network.In this paper,we(a)propose an approach for identifying correlations of reflection attacks,and(b)evaluate the three regression models on real NetFlow data.Our results show that(a)reflection attacks on the NTP servers are not correlated,(b)reflection attacks on the NetBIOS servers are not correlated,(c)the traffic generated by those reflection attacks did not overwhelm the NTP and NetBIOS servers,and(d)the dwell times of reflection attacks on the NTP and NetBIOS servers are too small for predicting reflection attacks on these servers.Our work on reflection attacks identification highlights recommendations that could facilitate better handling of reflection attacks in large networks.展开更多
In this paper, the limitation of the GNY logic about its inabilityto detect the reflection attacks against some authentication protocols is given. Animprovement is proposed which takes into account the possible multip...In this paper, the limitation of the GNY logic about its inabilityto detect the reflection attacks against some authentication protocols is given. Animprovement is proposed which takes into account the possible multiple instances(principals) of the same identity in the model.展开更多
Software defined networking(SDN)has attracted significant attention from both academia and industry by its ability to reconfigure network devices with logically centralized applications.However,some critical security ...Software defined networking(SDN)has attracted significant attention from both academia and industry by its ability to reconfigure network devices with logically centralized applications.However,some critical security issues have also been introduced along with the benefits,which put an obstruction to the deployment of SDN.One root cause of these issues lies in the limited resources and capability of devices involved in the SDN architecture,especially the hardware switches lied in the data plane.In this paper,we analyze the vulnerability of SDN and present two kinds of SDN-targeted attacks:1)data-to-control plane saturation attack which exhausts resources of all SDN components,including control plane,data plane,and the in-between downlink channel and 2)control plane reflection attack which only attacks the data plane and gets conducted in a more efficient and hidden way.Finally,we propose the corresponding defense frameworks to mitigate such attacks.展开更多
基金The work presented in this paper is supported by the Shandong Provincial Natural Science Foundation(No.ZR2020MF04)National Natural Science Foundation of China(No.62072469)+2 种基金the Fundamental Research Funds for the Central Universities(19CX05027B,19CX05003A-11)West Coast Artificial Intelligence Technology Innovation Center(2019-1-5,2019-1-6)the Opening Project of Shanghai Trusted Industrial Control Platform(TICPSH202003015-ZC).
文摘The proliferation of Internet of Things(IoT)rapidly increases the possiblities of Simple Service Discovery Protocol(SSDP)reflection attacks.Most DDoS attack defence strategies deploy only to a certain type of devices in the attack chain,and need to detect attacks in advance,and the detection of DDoS attacks often uses heavy algorithms consuming lots of computing resources.This paper proposes a comprehensive DDoS attack defence approach which combines broad learning and a set of defence strategies against SSDP attacks,called Broad Learning based Comprehensive Defence(BLCD).The defence strategies work along the attack chain,starting from attack sources to victims.It defends against attacks without detecting attacks or identifying the roles of IoT devices in SSDP reflection attacks.BLCD also detects suspicious traffic at bots,service providers and victims by using broad learning,and the detection results are used as the basis for automatically deploying defence strategies which can significantly reduce DDoS packets.For evaluations,we thoroughly analyze attack traffic when deploying BLCD to different defence locations.Experiments show that BLCD can reduce the number of packets received at the victim to 39 without affecting the standard SSDP service,and detect malicious packets with an accuracy of 99.99%.
基金the auspices of the EU Horizon 2020 Research and Innovation program under Grant Agreement No.830927(CONCORDIA)by Security Lancaster under the EPSRC Grant EP/V026763/1.
文摘Reflection attacks are one of the most intimidating threats organizations face.A reflection attack is a special type of distributed denial-of-service attack that amplifies the amount of malicious traffic by using reflectors and hides the identity of the attacker.Reflection attacks are known to be one of the most common causes of service disruption in large networks.Large networks perform extensive logging of NetFlow data,and parsing this data is an advocated basis for identifying network attacks.We conduct a comprehensive analysis of NetFlow data containing 1.7 billion NetFlow records and identified reflection attacks on the network time protocol(NTP)and NetBIOS servers.We set up three regression models including the Ridge,Elastic Net and LASSO.To the best of our knowledge,there is no work that studied different regression models to understand patterns of reflection attacks in a large network.In this paper,we(a)propose an approach for identifying correlations of reflection attacks,and(b)evaluate the three regression models on real NetFlow data.Our results show that(a)reflection attacks on the NTP servers are not correlated,(b)reflection attacks on the NetBIOS servers are not correlated,(c)the traffic generated by those reflection attacks did not overwhelm the NTP and NetBIOS servers,and(d)the dwell times of reflection attacks on the NTP and NetBIOS servers are too small for predicting reflection attacks on these servers.Our work on reflection attacks identification highlights recommendations that could facilitate better handling of reflection attacks in large networks.
文摘In this paper, the limitation of the GNY logic about its inabilityto detect the reflection attacks against some authentication protocols is given. Animprovement is proposed which takes into account the possible multiple instances(principals) of the same identity in the model.
基金supported in part by the National Key R&D Program of China under Grant No.2017YFB0801701the National Science Foundation of China under Grant No.61472213CERNET Innovation Project(NGII20160123)
文摘Software defined networking(SDN)has attracted significant attention from both academia and industry by its ability to reconfigure network devices with logically centralized applications.However,some critical security issues have also been introduced along with the benefits,which put an obstruction to the deployment of SDN.One root cause of these issues lies in the limited resources and capability of devices involved in the SDN architecture,especially the hardware switches lied in the data plane.In this paper,we analyze the vulnerability of SDN and present two kinds of SDN-targeted attacks:1)data-to-control plane saturation attack which exhausts resources of all SDN components,including control plane,data plane,and the in-between downlink channel and 2)control plane reflection attack which only attacks the data plane and gets conducted in a more efficient and hidden way.Finally,we propose the corresponding defense frameworks to mitigate such attacks.
