An Intrusion Detection and Prevention Framework for Internet-Integrated CoAP WSN

Security and Communication Networks ◽

10.1155/2018/1753897 ◽

2018 ◽

Vol 2018 ◽

pp. 1-14 ◽

Cited By ~ 5

Author(s):

Jorge Granjal ◽

Artur Pedroso

Keyword(s):

Intrusion Detection ◽

Denial Of Service ◽

Communication Technologies ◽

Point Of View ◽

Dos Attacks ◽

Iot Applications ◽

Sensing Platforms ◽

Computational Capability ◽

Intrusion Detection And Prevention ◽

Critical Resources

End-to-end communications between Internet devices and Internet-integrated constrained wireless sensing platforms will provide an important contribution to the enabling of many of the envisioned IoT applications and, in this context, security must be addressed when employing communication technologies such as 6LoWPAN and CoAP. Considering the constraints typically found on sensing devices in terms of energy, memory, and computational capability, the integration of Wireless Sensor Networks (WSN) with the Internet using such technologies will open new threats and attacks that must be dealt with, particularly those originated at devices without the constraints of WSN sensors (e.g., Internet hosts). Existing encryption strategies for communications in IoT environments are unable to protect Internet-integrated WSN environments from Denial of Service (DoS) attacks, as well as from other forms of attacks at the network and application layers using CoAP. We may thus fairly consider that anomaly and intrusion detection will play a major role in the materialization of most of the envisioned IoT applications. In this article, we propose a framework to support intrusion detection and reaction in Internet-integrated CoAP WSN, and in the context of this framework we design and implement various approaches to support security against various classes of attacks. We have implemented and evaluated experimentally the proposed framework and mechanisms, considering various attack scenarios, and our approach was found to be viable, from the point of view of its impact on critical resources of sensing devices and of its efficiency in dealing with the considered attacks.

Download Full-text

Intrusion Detection and Prevention in CoAP Wireless Sensor Networks Using Anomaly Detection

Sensors ◽

10.3390/s18082445 ◽

2018 ◽

Vol 18 (8) ◽

pp. 2445 ◽

Cited By ~ 10

Author(s):

Jorge Granjal ◽

João Silva ◽

Nuno Lourenço

Keyword(s):

Intrusion Detection ◽

Anomaly Detection ◽

Denial Of Service ◽

The Internet ◽

Application Layer ◽

Dos Attacks ◽

Lower Accuracy ◽

Communication Environments ◽

The Internet Of Things ◽

Intrusion Detection And Prevention

It is well recognized that security will play a major role in enabling most of the applications envisioned for the Internet of Things (IoT). We must also note that most of such applications will employ sensing and actuating devices integrated with the Internet communications infrastructure and, from the minute such devices start to support end-to-end communications with external (Internet) hosts, they will be exposed to all kinds of threats and attacks. With this in mind, we propose an IDS framework for the detection and prevention of attacks in the context of Internet-integrated CoAP communication environments and, in the context of this framework, we implement and experimentally evaluate the effectiveness of anomaly-based intrusion detection, with the goal of detecting Denial of Service (DoS) attacks and attacks against the 6LoWPAN and CoAP communication protocols. From the results obtained in our experimental evaluation we observe that the proposed approach may viably protect devices against the considered attacks. We are able to achieve an accuracy of 93% considering the multi-class problem, thus when the pattern of specific intrusions is known. Considering the binary class problem, which allows us to recognize compromised devices, and though a lower accuracy of 92% is observed, a recall and an F_Measure of 98% were achieved. As far as our knowledge goes, ours is the first proposal targeting the usage of anomaly detection and prevention approaches to deal with application-layer and DoS attacks in 6LoWPAN and CoAP communication environments.

Download Full-text

Visualization Technique for Intrusion Detection

Security and Privacy Management, Techniques, and Protocols - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-5583-4.ch011 ◽

2018 ◽

pp. 276-290

Author(s):

Mohamed Cheikh ◽

Salima Hacini ◽

Zizette Boufaida

Keyword(s):

Intrusion Detection ◽

Computer Security ◽

Detection System ◽

Denial Of Service ◽

High Rate ◽

False Alarms ◽

Dos Attacks ◽

Network Parameter ◽

A New Technique ◽

Parameter Values

Intrusion detection system (IDS) plays a vital and crucial role in a computer security. However, they suffer from a number of problems such as low detection of DoS (denial-of-service)/DDoS (distributed denial-of-service) attacks with a high rate of false alarms. In this chapter, a new technique for detecting DoS attacks is proposed; it detects DOS attacks using a set of classifiers and visualizes them in real time. This technique is based on the collection of network parameter values (data packets), which are automatically represented by simple geometric graphs in order to highlight relevant elements. Two implementations for this technique are performed. The first is based on the Euclidian distance while the second is based on KNN algorithm. The effectiveness of the proposed technique has been proven through a simulation of network traffic drawn from the 10% KDD and a comparison with other classification techniques for intrusion detection.

Download Full-text

Network Intrusion Detection and Prevention Systems on Flooding and Worm Attacks

Advances in Digital Crime, Forensics, and Cyber Terrorism - Combating Security Breaches and Criminal Activity in the Digital Sphere ◽

10.4018/978-1-5225-0193-0.ch012 ◽

2016 ◽

pp. 183-207

Author(s):

P. Vetrivelan ◽

M. Jagannath ◽

T. S. Pradeep Kumar

Keyword(s):

Intrusion Detection ◽

Denial Of Service ◽

Packet Transmission ◽

Network Intrusion Detection ◽

The Internet ◽

Network Intrusion ◽

Worm Attacks ◽

Packet Marking ◽

Vast Network ◽

Intrusion Detection And Prevention

The Internet has transformed greatly the improved way of business, this vast network and its associated technologies have opened the doors to an increasing number of security threats which are dangerous to networks. The first part of this chapter presents a new dimension of denial of service attacks called TCP SYN Flood attack has been witnessed for severity of damage and second part on worms which is the major threat to the internet. The TCP SYN Flood attack by means of anomaly detection and traces back the real source of the attack using Modified Efficient Packet Marking algorithm (EPM). The mechanism for detecting the smart natured camouflaging worms which is sensed by means of a technique called Modified Controlled Packet Transmission (MCPT) technique. Finally the network which is affected by these types of worms are detected and recovered by means of Modified Centralized Worm Detector (MCWD) mechanism. The Network Intrusion Detection and Prevention Systems (NIDPS) on Flooding and Worm Attacks were analyzed and presented.

Download Full-text

Recent Advancements in Intrusion Detection Systems for the Internet of Things

Security and Communication Networks ◽

10.1155/2019/4301409 ◽

2019 ◽

Vol 2019 ◽

pp. 1-19 ◽

Cited By ~ 6

Author(s):

Zeeshan Ali Khan ◽

Peter Herrmann

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Ad Hoc ◽

Denial Of Service ◽

Research Work ◽

Intrusion Detection Systems ◽

Future Research ◽

Detection Systems ◽

Iot Applications ◽

Iot Devices

Many Internet of Things (IoT) systems run on tiny connected devices that have to deal with severe processor and energy restrictions. Often, the limited processing resources do not allow the use of standard security mechanisms on the nodes, making IoT applications quite vulnerable to different types of attacks. This holds particularly for intrusion detection systems (IDS) that are usually too resource-heavy to be handled by small IoT devices. Thus, many IoT systems are not sufficiently protected against typical network attacks like Denial-of-Service (DoS) and routing attacks. On the other side, IDSs have already been successfully used in adjacent network types like Mobile Ad hoc Networks (MANET), Wireless Sensor Networks (WSN), and Cyber-Physical Systems (CPS) which, in part, face limitations similar to those of IoT applications. Moreover, there is research work ongoing that promises IDSs that may better fit to the limitations of IoT devices. In this article, we will give an overview about IDSs suited for IoT networks. Besides looking on approaches developed particularly for IoT, we introduce also work for the three similar network types mentioned above and discuss if they are also suitable for IoT systems. In addition, we present some suggestions for future research work that could be useful to make IoT networks more secure.

Download Full-text

CNN-Based Network Intrusion Detection against Denial-of-Service Attacks

Electronics ◽

10.3390/electronics9060916 ◽

2020 ◽

Vol 9 (6) ◽

pp. 916 ◽

Cited By ~ 7

Author(s):

Jiyeon Kim ◽

Jiwon Kim ◽

Hyunjung Kim ◽

Minsun Shim ◽

Eunjung Choi

Keyword(s):

Neural Network ◽

Deep Learning ◽

Intrusion Detection ◽

Denial Of Service ◽

Intrusion Detection Systems ◽

Network Intrusion Detection ◽

National Defense ◽

Dos Attacks ◽

Detection Systems ◽

Network Intrusion

As cyberattacks become more intelligent, it is challenging to detect advanced attacks in a variety of fields including industry, national defense, and healthcare. Traditional intrusion detection systems are no longer enough to detect these advanced attacks with unexpected patterns. Attackers bypass known signatures and pretend to be normal users. Deep learning is an alternative to solving these issues. Deep Learning (DL)-based intrusion detection does not require a lot of attack signatures or the list of normal behaviors to generate detection rules. DL defines intrusion features by itself through training empirical data. We develop a DL-based intrusion model especially focusing on denial of service (DoS) attacks. For the intrusion dataset, we use KDD CUP 1999 dataset (KDD), the most widely used dataset for the evaluation of intrusion detection systems (IDS). KDD consists of four types of attack categories, such as DoS, user to root (U2R), remote to local (R2L), and probing. Numerous KDD studies have been employing machine learning and classifying the dataset into the four categories or into two categories such as attack and benign. Rather than focusing on the broad categories, we focus on various attacks belonging to same category. Unlike other categories of KDD, the DoS category has enough samples for training each attack. In addition to KDD, we use CSE-CIC-IDS2018 which is the most up-to-date IDS dataset. CSE-CIC-IDS2018 consists of more advanced DoS attacks than that of KDD. In this work, we focus on the DoS category of both datasets and develop a DL model for DoS detection. We develop our model based on a Convolutional Neural Network (CNN) and evaluate its performance through comparison with an Recurrent Neural Network (RNN). Furthermore, we suggest the optimal CNN design for the better performance through numerous experiments.

Download Full-text

SIP Security: Main Vulnerabilities, Denial of Service (DoS) Attacks and Intrusion Detection Techniques

International Conference on Aerospace Sciences and Aviation Technology ◽

10.21608/asat.2013.22107 ◽

2013 ◽

Vol 15 (AEROSPACE SCIENCES) ◽

pp. 1-17

Author(s):

D. Allawi ◽

A. Rohiem ◽

A. El-moghazy ◽

A. Ghalwash

Keyword(s):

Intrusion Detection ◽

Denial Of Service ◽

Dos Attacks ◽

Detection Techniques

Download Full-text

Efficient Intrusion Detection System for SDN Orchestrated Internet of Things

Journal of Computer Networks and Communications ◽

10.1155/2021/5593214 ◽

2021 ◽

Vol 2021 ◽

pp. 1-14

Author(s):

Esubalew M. Zeleke ◽

Henock M. Melaku ◽

Fikreselam G. Mengistu

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Service Availability ◽

Dos Attacks ◽

Network Systems ◽

Security Challenge ◽

Accuracy Result

Internet of Things (IoT) can simply be defined as an extension of the current Internet system. It extends the human to human interconnection and intercommunication scenario of the Internet by including things, to bring anytime, anywhere, and anything communication. A discipline in networking evolving in parallel with IoT is Software Defined Networking (SDN). It is an important technology that is aimed to solve the different problems existing in the traditional network systems. It provides a new convenient home to address the different challenges existing in different network-based systems including IoT. One important security challenge prevailing in such SDN-based IoT (SDIoT) systems is guarantying service availability. The ever-increasing denial of service (DoS) attacks are responsible for such service denials. A centralized signature-based intrusion detection system (IDS) is proposed and developed in this work. Random Forest (RF) classifier is used for training the model. A very popular and recent benchmark dataset, CICIDS2017, has been used for training and validating the machine learning (ML) models. An accuracy result of 99.968% has been achieved by using only 12 features on Wednesday’s release of the dataset. This result is higher than the achieved accuracy results of related works considering the original CICIDS2017 dataset. A maximum cross-validated accuracy result of 99.713% has been achieved on the same release of the dataset. These developed models meet the basic requirement of a supervised IDS system developed for smart environments and can effectively be used in different IoT service scenarios.

Download Full-text

A Host-Based Intrusion Detection System Using Architectural Features to Improve Sophisticated Denial-of-Service Attack Detections

International Journal of Information Security and Privacy ◽

10.4018/jisp.2010010102 ◽

2010 ◽

Vol 4 (1) ◽

pp. 18-31

Author(s):

Ran Tao ◽

Li Yang ◽

Lu Peng ◽

Bin Li

Keyword(s):

Operating System ◽

Intrusion Detection ◽

Detection System ◽

Denial Of Service ◽

Hardware Architecture ◽

Intrusion Detection Systems ◽

System Level ◽

Gradient Boosting ◽

Dos Attacks ◽

Detection Systems

Application features like port numbers are used by Network-based Intrusion Detection Systems (NIDSs) to detect attacks coming from networks. System calls and the operating system related information are used by Host-based Intrusion Detection Systems (HIDSs) to detect intrusions toward a host. However, the relationship between hardware architecture events and Denial-of-Service (DoS) attacks has not been well revealed. When increasingly sophisticated intrusions emerge, some attacks are able to bypass both the application and the operating system level feature monitors. Therefore, a more effective solution is required to enhance existing HIDSs. In this article, the authors identify the following hardware architecture features: Instruction Count, Cache Miss, Bus Traffic and integrate them into a HIDS framework based on a modern statistical Gradient Boosting Trees model. Through the integration of application, operating system and architecture level features, the proposed HIDS demonstrates a significant improvement of the detection rate in terms of sophisticated DoS intrusions.

Download Full-text

Visualization Technique for Intrusion Detection

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch009 ◽

2021 ◽

pp. 168-182

Author(s):

Mohamed Cheikh ◽

Salima Hacini ◽

Zizette Boufaida

Keyword(s):

Intrusion Detection ◽

Computer Security ◽

Detection System ◽

Denial Of Service ◽

High Rate ◽

False Alarms ◽

Dos Attacks ◽

Network Parameter ◽

A New Technique ◽

Parameter Values

Download Full-text

WSN-DS: A Dataset for Intrusion Detection Systems in Wireless Sensor Networks

Journal of Sensors ◽

10.1155/2016/4731953 ◽

2016 ◽

Vol 2016 ◽

pp. 1-16 ◽

Cited By ~ 43

Author(s):

Iman Almomani ◽

Bassam Al-Kasasbeh ◽

Mousa AL-Akhras

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Intrusion Detection ◽

Cross Validation ◽

Denial Of Service ◽

Wireless Sensor ◽

Security Threats ◽

Dos Attacks ◽

Wide Range ◽

Fold Cross Validation

Wireless Sensor Networks (WSN) have become increasingly one of the hottest research areas in computer science due to their wide range of applications including critical military and civilian applications. Such applications have created various security threats, especially in unattended environments. To ensure the security and dependability of WSN services, an Intrusion Detection System (IDS) should be in place. This IDS has to be compatible with the characteristics of WSNs and capable of detecting the largest possible number of security threats. In this paper a specialized dataset for WSN is developed to help better detect and classify four types of Denial of Service (DoS) attacks: Blackhole, Grayhole, Flooding, and Scheduling attacks. This paper considers the use of LEACH protocol which is one of the most popular hierarchical routing protocols in WSNs. A scheme has been defined to collect data from Network Simulator 2 (NS-2) and then processed to produce 23 features. The collected dataset is called WSN-DS. Artificial Neural Network (ANN) has been trained on the dataset to detect and classify different DoS attacks. The results show that WSN-DS improved the ability of IDS to achieve higher classification accuracy rate. WEKA toolbox was used with holdout and 10-Fold Cross Validation methods. The best results were achieved with 10-Fold Cross Validation with one hidden layer. The classification accuracies of attacks were 92.8%, 99.4%, 92.2%, 75.6%, and 99.8% for Blackhole, Flooding, Scheduling, and Grayhole attacks, in addition to the normal case (without attacks), respectively.

Download Full-text