Reliable and timely detection of cyber attacks become indispensable to protect networks and systems. Internet control message protocol (ICMP) flood attacks are still one of the most challenging threats in both IPv4 and IPv6 networks. This paper proposed an approach based on Kullback-Leibler divergence (KLD) to detect ICMP-based Denial Of service (DOS) and Distributed Denial Of Service (DDOS) flooding attacks. This is motivated by the high capacity of KLD to quantitatively discriminate between two distributions. Here, the three-sigma rule is applied to the KLD distances for anomaly detection. We evaluated the effectiveness of this scheme by using the 1999 DARPA Intrusion Detection Evaluation Datasets.
Anomaly detection in the Internet of Things (IoT) is imperative to improve its reliability and safety. Detecting denial of service (DOS) and distributed DOS (DDOS) is one of the critical security challenges facing network technologies. This paper presents an anomaly detection mechanism using the Kullback-Leibler distance (KLD) to detect DOS and DDOS flooding attacks, including transmission control protocol (TCP) SYN flood, UDP flood, and ICMP-based attacks. This mechanism integrates the desirable properties of KLD, the capacity to quantitatively discriminate between two distributions, with the sensitivity of an exponential smoothing scheme. The primary reason for exponentially smoothing KLD measurements (ES-KLD) is to aggregate all of the information from past and actual samples in the decision rule, making the detector sensitive to small anomalies. Furthermore, a nonparametric approach using kernel density estimation has been used to set a threshold for ES-KLD decision statistic to uncover the presence of attacks. Tests on three publicly available datasets show improved performances of the proposed mechanism in detecting cyber-attacks compared to other conventional monitoring procedures.
Privacy in Vehicular Ad Hoc Networks (VANET) is fundamental because the user's safety may be threatened by the identity and the real-time spatiotemporal data exchanged on the network. This issue is commonly addressed by the use of certified temporal pseudonyms and their updating strategies to ensure the user's unlinkability and anonymity. IEEE 1609.2 Standard specified the process of certifying pseudonym along with certificates structure. However, the communication procedure between the certifying authority and the requesting vehicle was not defined. In this paper, a new privacy-preserving solution for pseudonym on-road on-demand refilling is proposed where the vehicle anonymously authenticates itself to the regional authority subsidiary of the central trusted authority to request a new pseudonyms pool. The authentication method has two phases, the first one uses anonymous tickets, and the second one is a challenge-based authentication. The anonymous tickets are certificates that do not include the identity of the user. Instead, it contains a reference number and the certifying authority signature. The challenge authentication is identity-less to preserve the privacy, yet it is used to prevent the misuse of tickets and the impersonation of its owner. Our proposed scheme is analyzed by the use of Burrows, Abadi and Needham (BAN) logic to demonstrate its correctness. It is also specified and checked by using the Security Protocol ANimator (SPAN) and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tools. The logical demonstration proved that this privacy-preserving authentication is assured. The SPAN and AVISPA tools illustrated that it is resilient to security attacks.Road Side Units (RSUs) which are infrastructures with a wide transmission range that may be connected to service providers, authorities, or to the internet backbone. The network vehicles are considered as computers on wheels with processing units, storage capacities, sensors, network interfaces, etc. They communicate with each other via wireless Dedicated Short-Range Communications (DSRC). 1 This communication is often referred to as Vehicle-to-Vehicle (V2V). The vehicles also communicate with the RSUs and infrastructures via Vehicle-to-Infrastructure (V2I). 2 These communications aim to exchange sensed data and to ensure safety applications. 3 The VANETs have some particular characteristics. Among which are that the vehicles have predictable movements that follows road restrictions. Also, they are highly dynamic. Moreover, they rely on the wireless exchange of clear state messages (Beacons). The beacons are required by the safety applications to prevent road causalities. They are broadcasted with high frequency, and they contain identity, location, speed, and direction data leading to a potential violation of the vehicle's confidentiality.Due to its direct impact on the user's safety and well-being, ensuring the security in these networks is fundamental. Various security risks and attacks exist in vehicular networks ...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.