Anomaly Detection IDS for Detecting DoS Attacks in IoT Networks Based on Machine Learning Algorithms.

Widespread and ever-increasing cybersecurity attacks against Internet of Things (IoT) systems are causing a wide range of problems for individuals and organizations. The IoT is self-configuring and open, making it vulnerable to insider and outsider attacks. In the IoT, devices are designed to self-configure, enabling them to connect to networks autonomously without extensive manual configuration. By using various protocols, technologies, and automated processes, self-configuring IoT devices are able to seamlessly connect to networks, discover services, and adapt their configurations without requiring manual intervention or setup. Users' security and privacy may be compromised by attackers seeking to obtain access to their personal information, create monetary losses, and spy on them. A Denial of Service (DoS) attack is one of the most devastating attacks against IoT systems because it prevents legitimate users from accessing services. A cyberattack of this type can significantly damage IoT services and smart environment applications in an IoT network. As a result, securing IoT systems has become an increasingly significant concern. Therefore, in this study, we propose an IDS defense mechanism to improve the security of IoT networks against DoS attacks using anomaly detection and machine learning (ML). Anomaly detection is used in the proposed IDS to continuously monitor network traffic for deviations from normal profiles. For that purpose, we used four types of supervised classifier algorithms, namely, Decision Tree (DT), Random Forest (RF), K Nearest Neighbor (kNN), and Support Vector Machine (SVM). In addition, we utilized two types of feature selection algorithms, the Correlation-based Feature Selection (CFS) algorithm and the Genetic Algorithm (GA) and compared their performances. We also utilized the IoTID20 dataset, one of the most recent for detecting anomalous activity in IoT networks, to train our model. The best performances were obtained with DT and RF classifiers when they were trained with features selected by GA. However, other metrics, such as training and testing times, showed that DT was superior.

DTR-SHIELD: Mutual Synchronization for Protecting against DoS Attacks on the SHIELD Protocol with AES-CTR Mode.

To enhance security in the semiconductor industry's globalized production, the Defense Advanced Research Projects Agency (DARPA) proposed an authentication protocol under the Supply Chain Hardware Integrity for Electronics Defense (SHIELD) program. This protocol integrates a secure hardware root-of-trust, known as a dielet, into integrated circuits (ICs). The SHIELD protocol, combined with the Advanced Encryption Standard (AES) in counter mode, named CTR-SHIELD, targets try-and-check attacks. However, CTR-SHIELD is vulnerable to desynchronization attacks on its counter blocks. To counteract this, we introduce the DTR-SHIELD protocol, where DTR stands for double counters. DTR-SHIELD addresses the desynchronization issue by altering the counter incrementation process, which previously solely relied on truncated serial IDs. Our protocol adds a new AES encryption step and requires the dielet to transmit an additional 100 bits, ensuring more robust security through active server involvement and message verification.

Resilient Event-Based Fuzzy Fault Detection for DC Microgrids in Finite-Frequency Domain against DoS Attacks.

This paper addresses the problem of fault detection in DC microgrids in the presence of denial-of-service (DoS) attacks. To deal with the nonlinear term in DC microgrids, a Takagi-Sugeno (T-S) model is employed. In contrast to the conventional approach of utilizing current sampling data in the traditional event-triggered mechanism (ETM), a novel integrated ETM employs historical information from measured data. This innovative strategy mitigates the generation of additional triggering packets resulting from random perturbations, thus reducing redundant transmission data. Under the assumption of faults occurring within a finite-frequency domain, a resilient event-based H-/H∞ fault detection filter (FDF) is designed to withstand DoS attacks. The exponential stability conditions are derived in the form of linear matrix inequalities to ensure the performance of fault detected systems. Finally, the simulation results are presented, demonstrating that the designed FDF effectively detects finite-frequency faults in time even under DoS attacks. Furthermore, the FDF exhibits superior fault detection sensitivity compared to the conventional H∞ method, thus confirming the efficacy of the proposed approach. Additionally, it is observed that a trade-off exists between fault detection performance and the data releasing rate (DRR).

Robust Stabilization of Linear Time-Delay Systems under Denial-of-Service Attacks.

This research examines new methods for stabilizing linear time-delay systems that are subject to denial-of-service (DoS) attacks. The study takes into account the different effects that a DoS attack can have on the system, specifically delay-independent and -dependent behaviour. The traditional proportional-integral-derivative (PID) acts on the error signal, which is the difference between the reference input and the measured output. The approach in this paper uses what we call the PID state feedback strategy, where the controller acts on the state signal. Our proposed strategy uses the Lyapunov-Krasovskii functional (LKF) to develop new linear matrix inequalities (LMIs). The study considers two scenarios where the time delay is either a continuous bounded function or a differentiable and time-varying function that falls within certain bounds. In both cases, new LMIs are derived to find the PID-like state feedback gains that will ensure robust stabilization. The findings are illustrated with numerical examples.

Improved Dynamic Event-Triggered Robust Control for Flexible Robotic Arm Systems with Semi-Markov Jump Process.

In this paper, we investigate the problem of a dynamic event-triggered robust controller design for flexible robotic arm systems with continuous-time phase-type semi-Markov jump process. In particular, the change in moment of inertia is first considered in the flexible robotic arm system, which is necessary for ensuring the security and stability control of special robots employed under special circumstances, such as surgical robots and assisted-living robots which have strict lightweight requirements. To handle this problem, a semi-Markov chain is conducted to model this process. Furthermore, the dynamic event-triggered scheme is used to solve the problem of limited bandwidth in the network transmission environment, while considering the impact of DoS attacks. With regard to the challenging circumstances and negative elements previously mentioned, the adequate criteria for the existence of the resilient H∞ controller are obtained using the Lyapunov function approach, and the controller gains, Lyapunov parameters and event-triggered parameters are co-designed. Finally, the effectiveness of the designed controller is demonstrated via numerical simulation using the LMI toolbox in MATLAB.

Transport and Application Layer DDoS Attacks Detection to IoT Devices by Using Machine Learning and Deep Learning Models.

From smart homes to industrial environments, the IoT is an ally to easing daily activities, where some of them are critical. More and more devices are connected to and through the Internet, which, given the large amount of different manufacturers, may lead to a lack of security standards. Denial of service attacks (DDoS, DoS) represent the most common and critical attack against and from these networks, and in the third quarter of 2021, there was an increase of 31% (compared to the same period of 2020) in the total number of advanced DDoS targeted attacks. This work uses the Bot-IoT dataset, addressing its class imbalance problem, to build a novel Intrusion Detection System based on Machine Learning and Deep Learning models. In order to evaluate how the records timestamps affect the predictions, we used three different feature sets for binary and multiclass classifications; this helped us avoid feature dependencies, as produced by the Argus flow data generator, whilst achieving an average accuracy >99%. Then, we conducted comprehensive experimentation, including time performance evaluation, matching and exceeding the results of the current state-of-the-art for identifying denial of service attacks, where the Decision Tree and Multi-layer Perceptron models were the best performing methods to identify DDoS and DoS attacks over IoT networks.

On Consensus and Stability under Denial-of-Service Attacks.

In the paper, discrete-time multi-agent systems under Denial-of-Service (DoS) attacks are considered. Since in the presence of DoS attacks the stability of the whole system may be disturbed, sufficient stability conditions for the multi-agent system under DoS attacks are delivered. The consensus problem for the special case of the considered system under DoS attacks is also examined by delivering sufficient conditions. Theoretical considerations are illustrated by numerical examples.

Generator of Slow Denial-of-Service Cyber Attacks.

In today's world, the volume of cyber attacks grows every year. These attacks can cause many people or companies high financial losses or loss of private data. One of the most common types of attack on the Internet is a DoS (denial-of-service) attack, which, despite its simplicity, can cause catastrophic consequences. A slow DoS attack attempts to make the Internet service unavailable to users. Due to the small data flows, these attacks are very similar to legitimate users with a slow Internet connection. Accurate detection of these attacks is one of the biggest challenges in cybersecurity. In this paper, we implemented our proposal of eleven major and most dangerous slow DoS attacks and introduced an advanced attack generator for testing vulnerabilities of protocols, servers, and services. The main motivation for this research was the absence of a similarly comprehensive generator for testing slow DoS vulnerabilities in network systems. We built an experimental environment for testing our generator, and then we performed a security analysis of the five most used web servers. Based on the discovered vulnerabilities, we also discuss preventive and detection techniques to mitigate the attacks. In future research, our generator can be used for testing slow DoS security vulnerabilities and increasing the level of cyber security of various network systems.

New DoS Defense Method Based on Strong Designated Verifier Signatures.

We present a novel technique for source authentication of a packet stream in a network, which intends to give guarantees that a specific network flow really comes from a claimed origin. This mechanism, named packet level authentication (PLA), can be an essential tool for addressing Denial of Service (DoS) attacks. Based on designated verifier signature schemes, our proposal is an appropriate and unprecedented solution applying digital signatures for DoS prevention. Our scheme does not rely on an expensive public-key infrastructure and makes use of light cryptography machinery that is suitable in the context of the Internet of Things (IoT). We analyze our proposed scheme as a defense measure considering known DoS attacks and present a formal proof of its resilience face to eventual adversaries. Furthermore, we compare our solution to already existent strategies, highlighting its advantages and drawbacks.

Dynamic event-triggering-based distributed model predictive control of heterogeneous connected vehicle platoon under DoS attacks.

This paper is concerned with the distributed model predictive control (DMPC) for heterogeneous connected vehicle platoon (CVP) under denial-of-service (DoS) attacks. Firstly, a dynamic event-triggering mechanism (DETM) based on the information interaction between vehicles is proposed to reduce the communication and computational burdens. Due to the fact that the triggering moment for each vehicle cannot be synchronized and DoS attacks can break the communication between vehicles, a packet replenishment mechanism is designed to ensure the integrity and effectiveness of information interaction. Then, the effect of external disturbance is handled by adding robustness constraints to the DMPC algorithm. In addition, the recursive feasibility of the DMPC algorithm and input-to-state practical stability (ISPS) of the CVP control system are demonstrated. Finally, the effectiveness of the algorithm is verified by simulation and comparison results.

Switching-like event-triggered control of uncertain NCSs under delay distribution and DoS attacks.

The paper addresses the switching-like event-triggered control for uncertain networked control systems with time-varying delay under DoS attacks. First of all, to reduce the communication burden, a switching-like event-triggered mechanism is designed to automatically select the trigger condition according to whether the system is under DoS attacks, which have the advantage of reducing the number of data packets transmitted. Secondly, unlike the traditional assumption of time-varying delay, here it satisfies the condition that the probability is known, and combines the networked control systems to propose a novel time-delay system model, which can obtain a larger upper bound on the delay. Then, by using both the Lyapunov functional method and linear matrix inequality technique, we obtain sufficient conditions of uncertain networked control systems to achieve exponentially stable in the mean square sense. Furthermore, under the common limitations of the maximum continuous packet losses caused by the DoS attacks and delay, the stability criterion is derived, which can be used to estimate the communication parameters and security controller gain. Finally, through two simulation examples, the larger upper bound of time delay, less trigger times, faster convergence rate are obtained, which verify the validity of our theoretical analysis.

Event-triggered predictive control for cooperation-competition multi-agent systems under DoS attacks.

This paper concerns the bipartite consensus problem of multi-agent systems(MASs) with competitive- cooperative network topology under denial-of-service (DoS) attacks. Firstly, this work extensively analyzes the competitive phenomena that may exist in the information interchange of agents in contrast to the single cooperative behavior between agents. Based on this, some necessary conditions are provided for the system to attain the bipartite consensus. In addition, the event-triggered mechanism (ETM) effectively lowers unnecessary information sharing between agents and eliminates Zeno behavior. Furthermore, the predictive method provides the system with exceptional resistance against common energy-limited DoS attacks and the ability to compensate for information loss caused by DoS attacks. Finally, a numerical simulation proves that the proposed approach is feasible.

DoS attacks resilience of heterogeneous complex networks via dynamic event-triggered impulsive scheme for secure quasi-synchronization.

This paper addresses the secure quasi-synchronization issue of heterogeneous complex networks (HCNs) under aperiodic denial-of-service (DoS) attacks with dynamic event-triggered impulsive scheme (ETIS). The heterogeneity of networks and the aperiodic DoS attacks, which hinder communication channels and synchronization goals, present challenges to the analysis of secure quasi-synchronization. The ETIS leverages impulsive control and dynamic event-triggered scheme (ETS) to handle the network heterogeneity and the DoS attacks. We give specific bounds on the attack duration and frequency that the network can endure, and obtain synchronization criteria that relate to event parameters, attack duration, attack frequency, and impulsive gain by the variation of parameter formula and recursive methods. Moreover, we prove that the dynamic ETS significantly reduces the controller updates, saves energy without sacrificing the system decay rate, and prevents the Zeno phenomenon. Finally, we validate our control scheme with a numerical example.

Secure consensus for PDEs-based multiagent systems under DoS attacks via boundary control approach.

This paper focuses on secure consensus for leader-following multiagent systems (MASs) modeled by partial differential equations (PDEs) under denial of service (DoS) attacks. To mitigate the negative effects of DoS attacks, which can paralyze communication and cause agents to fail to receive valid control inputs, a buffer region is established in the communication channels among agents to temporarily store messages from neighbors. Additionally, since the states of the leader and followers are not always measurable, observers are used to estimate these states. To address these challenges, this paper proposes two boundary controllers to ensure leader-following consensus in both measurable and unmeasurable states. One controller is based on original boundary information, while the other utilizes observation information from both the leader and followers. To the best of our knowledge, this is the first attempt to use buffers to solve a class of PDEs-based MASs under DoS attacks. Furthermore, the boundary control approach has the potential to significantly reduce the number of actuators required, thereby lowering control costs. Finally, we present two numerical examples to validate the feasibility of the proposed methods.

Dynamic event-triggered consensus control for nonlinear multi-agent systems under DoS attacks.

In this paper, we investigated leader-following consensus control for nonlinear multi-agent systems (MASs) experiencing denial-of-service (DoS) attacks. We proposed a distributed control strategy incorporating an adaptive scheme and a state feedback control gain to eliminate the effects of system nonlinear dynamics and uncertainties. In addition, we introduced a dynamic event-triggered control (DETC) to minimize the utilization of communication resources. Finally, we provided simulation results to show the validity of the proposed approach.

Sampled-based adaptive event-triggered resilient control for multiagent systems with hybrid cyber-attacks.

The multiagent systems have shared broad application in many practical systems including unmanned aircraft clusters, intelligent robots, and intelligent transportation. However, many unexpected cyber-attacks may disturb or disrupt the normal communication of the agents, thus reducing the interacting efficiency of multiagent systems. Ever since the cyber-attacks have been proposed, the resilient control problem for multiagent systems has been intensively explored in light of the communication network growth. However, most of the consequences only focused on denial-of-service (DoS) attacks or deception attacks independently. Distinguished from the existing resilient control mechanisms, the current investigation represents the first attempt at designing an adaptive resilient controller for multiagent systems according to the sampled-based adaptive event-triggered manner, where denial-of-service (DoS) attacks and deception attacks are both considered. First, the hybrid cyber-attacks model and its impact on the closed-loop system are addressed. And then, an adaptive event-triggered strategy is proposed to reduce network resource consumption and ease the communication burden, where the designed adaptive law can automatically adjust the triggering threshold. Finally, the consensus state of multiagent systems is capable of achieving via a series of reasonable control rules formulated through Lyapunov functional approach despite suffering hybrid cyber-attacks. And a simulation example is given to substantiate the feasibility of the proposed method.

Resilient event-triggered observer-based control of non-linear systems under denial-of-service attacks with actuator saturation.

This paper studies the control problem for a continuous-time networked system with non-linearity in the state equation as well as in the input, as saturation. The system is considered under denial-of-service (DoS), attacks which cause the blockage of input and/or output components in the overall closed-loop model. An event-triggering scheme that is resilient in nature, along with an observer-based control, has been considered under DoS attacks. The resultant scheme ensures efficient network resources and excludes Zeno behavior naturally due to the presence of a minimum positive interevent delay. Then, an event-based switched non-linear model is presented to address both the event-triggering scheme and the presence of DoS blocking attacks. A piece-wise Lyapunov-Krasovskii functional method on the described non-linear model, resulting in the switched system, is considered for achieving an exponentially stable response by driving the required feasibility conditions. In the presence of a non-linear system with saturation in the actuator, the presented design establishes quantitative relationships among the exponential decay rate, active/sleeping intervals of attacks, parameters of the event-triggering condition, and sampling period of the system. After that, linear matrix inequalities are presented for designing an event-triggered controller with an observer, while the design also includes the region of convergence for dealing with the input non-linearity. Finally, comparative results for an offshore structure model with non-linearity in states as well as in actuator, are demonstrated to verify the results of the control scheme that is developed. It has been verified that our design is less conservative than the previous designs, and can handle the non-linearities in the dynamics of plant and actuator saturation more efficiently, while DoS attacks are also present. By applying our proposed method, the overshoot and undershoot are less than ±2.5 percent, while system states converge to the origin within 55 s.

Joint non-fragile automatic generation control and multi-event driven mechanism co-design for wind integrated power system under denial of services attacks.

Denial of services (DoS) attacks exist in wind integrated power system. DoS attacks can cause network-induced delay and packages loss in information transmission. Meanwhile, considering the parameter perturbation of controller and system model uncertainty in wind integrated power system, these may cause the system dynamic performances degradation or even instability. Based on the above considerations, the joint non-fragile automatic generation robust control of wind integrated power system under DoS attacks is studied in this paper. In order to ensure the expected system performance and more effectively utilize the limited network communication resources under DoS attacks, a novel dynamic multi-event driven mechanism based joint non-fragile H∞ automatic generation control method is proposed. By constructing a suitable Lyapunov-Krasovskii functional and utilizing the Shur complement lemma to handle nonlinear matrix inequality, the sufficient conditions are derived to guarantee the asymptotic stability of wind integrated power system under DoS attacks. Furthermore, the performance of the proposed non-fragile regulator is demonstrated through a four-area wind integrated power system to show the feasibility and applicability. The analysis result indicates that the proposed scheme provides stronger robustness, higher wind energy utilization efficiency and more efficient communication mechanism.

Secure control scheme for CPSs under DoS attacks via multiple transmission channels and unknown input observer.

The paper investigates the secure control problems for cyber-physical systems (CPSs) when the transmission channels suffer from Denial-of-Service (DoS) attacks based on switching observer and unknown input reconstruction (UIR). Firstly, an augmented system whose system state consists of the original system state and the measurement noises is set up, and the preconditions for the original system and augmented system are discussed in detail. Secondly, a full-order observer is constructed to generate the estimations of the augmented system state. Besides, based on the state estimation, an algebraic UIR method is developed and the UIR decouples the control input signal successfully. Thirdly, under the situation that some transmission channels suffer from DoS attacks, an observer-based secure controller is designed based on state estimation feedback and UIR feedback in view of a switching system. The stability of the switching system is analyzed as well. Finally, to verify the effectiveness of the proposed protocols, two simulation examples and the comparison with existing methods are given.

Attack-resilient event-triggered formation control of multi-agent systems under periodic DoS attacks using complex Laplacian.

This paper concentrates on attack-resilient event-triggered formation control of multi-agent systems (MASs) under periodic Denial-of-Service (DoS) attacks, which involves a new technique based on complex Laplacian. Firstly, periodic DoS attacks are modeled as Bernoulli distribution where the considered plant is viewed as a stochastic system. Then, a novel attack-resilient event-triggered mechanism (ARETM) is put forward to address formation shape problems of the system. ARETM not only restrains periodic DoS attacks effectively, but also saves network resources greatly and excludes Zeno behavior naturally. Moreover, the system stability is analyzed by using a generalized Nyquist stability criterion, in which a distinctive homotopy Newton iterative algorithm is introduced. Finally, numerical simulation cases are presented to explain the effectiveness of the designed method.