Software-Defined Networking (SDN) is an emerging network architecture that addresses the limitation of the traditional network by providing centralized management through a central controller that decouples the control and data planes. However, this development has made the controller a severe target for malicious users to execute attacks such as Distributed Denial of Service (DDoS) attacks. Several schemes have been proposed to mitigate DDoS attacks in SDN, but the challenges still exist. This paper proposes a DDoS mitigation scheme for SDN to ensure accurate attack detection and efficient network resource utilization. The scheme employs two stages: a bandwidth control mechanism and Extreme Gradient Boosting (XGBoost) Algorithm. The bandwidth control mechanism utilizes an adaptive bandwidth profile-based threshold and bandwidth control algorithm that trigger the XGBoost algorithm in case of threshold violations. The use of multiple bandwidth profiles in stetting the threshold ensures the threshold's adaptivity to consider the network traffic variation and reduce the packets drop ratio, which shows an outstanding result. The XGBoost algorithm classifies network traffic flow that violates a set threshold into normal or abnormal traffic. We evaluated the performance of our scheme using CICDDoS2019, NSL-KDD, and CAIDA datasets. Furthermore, we validated our proposed solution in real-time with the SDN environment. The results obtained show that our scheme protects SDN against DDoS attacks with high accuracy, low error, and efficient utilization of the network resources. The proposed system achieved 99.9% accuracy in detecting DDoS attacks with a low false-positive rate of 0.0002% in SDN.
Algorithms for community detection are usually stochastic, leading to different partitions for different choices of random seeds. Consensus clustering has proven to be an effective technique to derive more stable and accurate partitions than the ones obtained by the direct application of the algorithm. However, the procedure requires the calculation of the consensus matrix, which can be quite dense if (some of) the clusters of the input partitions are large. Consequently, the complexity can get dangerously close to quadratic, which makes the technique inapplicable on large graphs. Here we present a fast variant of consensus clustering, which calculates the consensus matrix only on the links of the original graph and on a comparable number of additional node pairs, suitably chosen. This brings the complexity down to linear, while the performance remains comparable as the full technique. Therefore, our fast consensus clustering procedure can be applied on networks with millions of nodes and links.
With the rapid growth of internet-connected devices and their resource-constrained capabilities, the current authentication mechanisms are unable to meet the complex IoT application requirements, such as in the Industrial Internet of Things (IIoT), due to the increased computation, communication, and storage overhead arising from these mechanisms. In the IIoT, machine-to-machine (M2M) communication is an underlying technology where devices (e.g., sensors, actuators, and controllers) can be enabled to exchange information autonomously; thus, the massive data generated by these devices can increase latency, network congestion, and the complexity of security management. Message queue telemetry transport (MQTT) is one of the promising M2M protocols used in the IoT that could encounter such issues because it relies on a central broker in the cloud and implements a heavyweight authentication mechanism based on TLS. Therefore, this paper proposes an MQTT architecture with multi-tier brokers based on fog computing, where each broker is deployed with an authentication manager. In addition, the paper presents a lightweight mutual authentication scheme based on hash function and XOR operation. Comparing the results given in the benchmark, the overall performance of our scheme shows that storage and communication overheads are reduced to 89% and 23%, respectively. Furthermore, our system can resist against several cyberattacks and provide scalability.
Recently, agent-based software technology has received wide attention by the research community due to its valuable benefits, such as reducing the load on networks and providing an efficient solution for the transmission challenge problem. However, the major concern in building agent-based systems is related to the security of agents. In this paper, we explore the techniques used to build controls that guarantee both the protection of agents against malicious destination machines and the protection of destination machines against malicious agents. In addition, statistical-based analyses are employed to evaluate the level of maturity of the protection techniques to preserve the protection goals (the code and data, state, and itinerary of the agent), with and without the threat of attacks. Challenges regarding the security of agents are presented and highlighted by seven research questions related to satisfying cyber security requirements, protecting the visiting agent and the visited host machine from each other, providing robustness against advanced attacks that target protection goals, quantifying the security in agent-based systems, and providing features of self-protection and self-communication to the agent itself.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.