Protocol version 6 (IPv6) host communicating with other neighbouring hosts. Two NDP messages are used during AR and DAD to communicate with one another in the same IPv6 link-local network, namely Neighbour Solicitation (NS) and Neighbour Advertisement (NA) messages. However, NDP messages have non-secure designs and lack verification mechanisms for authenticating whether incoming messages originate from a legitimate or illegitimate node. Therefore, any node in the same link can manipulate NS or NA messages and then launch a Denial-of-Service (DoS) attack. Techniques proposed to secure AR and DAD include Secure NDP (SeND) and Trust-NDP (Trust-ND); however, these techniques either entail high processing time and bandwidth consumption or are vulnerable to DoS attacks because of their designs. Therefore, to secure AR and DAD, this study aims to introduce a prevention technique called Match-Prevention, which secures target IP addresses and exchange messages (i.e. NS and NA). The processing time, bandwidth consumption and DoS prevention success rate of Match-Prevention in different scenarios are evaluated, and its performance is compared with those of existing techniques, including Standard-Process (i.e., Standard-AR and Standard-DAD), SeND and Trust-ND. Results show that Match-Prevention requires less processing time during AR and DAD processes and less bandwidth consumption compared with other existing techniques. In terms of DoS prevention success rate, the experiments show that Standard-Process and Trust-ND are unable to secure AR and DAD from DoS attacks, whilst SeND is vulnerable to flooding attacks. By contrast, Match-Prevention allows IPv6 nodes to verify the incoming message, discard the fake message before further processing and prevent a DoS attack during AR and DAD in an IPv6 link-local network.
Visual cryptography is an encryption technique that decomposes secret images into multiple shares. These shares are digitally or physically overlapped to recover the original image, negating the need for complex mathematical operations or additional hardware. There have been many variations of visual cryptography proposed over the years, each addressing different problems or to fulfill different security requirements. Existing review papers on the area only cover certain types of visual cryptography or lack comparisons between the various schemes. To address this gap, this paper provides broad overview of the area to aid new researchers in identifying research problems or to select suitable visual cryptography methods for their desired applications. For more veteran researchers in the area, our paper provides the most up-to-date coverage of the state-of-the-art. We first provide an introduction to the various categories of visual cryptography techniques, including a discussion on recently proposed schemes. These schemes are then compared in terms of their features, performance metrics, advantages and disadvantages. Compared to prior work, we extend the number of comparison metrics to include signal-to-noise ratio and the type of shares. Over 40 visual cryptography schemes that have been proposed in the past two decades were analyzed and compared. Our findings indicate that existing problems such as pixel expansion, poor quality of recovered image quality, computational and memory complexities still exist, and a optimizing the trade-off between these requirements still requires further investigation. We conclude the paper with a discussion of these open problems and future research directions.
Software-defined networking (SDN) is a unique network architecture isolating the network control plane from the data plane, offering programmable elastic features that allow network operators to monitor their networks and efficiently manage them. However, the new technology is security deficient. A DDoS attack is one of the common attacks that threaten SDN controllers, leading to the degradation or even collapse of the entire SDN network. Entropy-based approaches and their variants are considered the most efficient approaches to detecting DDoS attacks on SDN controllers. Therefore, this work analyzes the feasibility and impacts of an entropy-based DDoS attack detection approach for detecting low-rate and high-rate DDoS attacks against the controller, measured in terms of detection rate (DR) and false-positive rate (FPR), triggered by a single or multiple host attacks targeting a single or multiple victims. Eight simulation scenarios, representing low and high DDoS attack traffic rates on the controller, have been used to evaluate an entropy-based DDoS attack detection approach. The experimental results reveal that the entropy-based approach enhances the average DR for detecting high-rate DDoS attack traffic compared with low-rate DDoS attack traffic by 6.25%, 20.26%, 6.74%, and 8.81%. In addition, it reduces the average FPRs for detecting a high DDoS attack traffic rate compared with a low DDoS attack traffic rate by 67.68%, 77.54%, 66.94%, and 64.81.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.