Fog computing technology has gained significant attention among Internet users to establish an efficient connection between the Internet of Things (IoT) devices and cloud data centers. The characteristics of the fog computing encounter the different security challenges over the fog nodes or end-users. With the increased type of attacks in the fog platform such as port scanning attack, denial-of-service attack, flooding attack, and man-in-the-middle attack, Intrusion Detection System (IDS) becomes a significant solution. Traditional IDS techniques are inefficient for the dynamic as well as light-weight fog environment. Hence, deploying the IDS techniques in the fog layer is essential to monitor and analyze the access control policies, user information, log files, and so on. Applying traditional machine learning algorithms fail to cope up with the new classes of the attacks or malicious behaviors with the reduced computational effort. Hence, adopting the incremental learning algorithm plays a significant role in modeling the dynamic security mechanism for the ever-changing fog environment. Incremental learning can learn and detect attacks or malicious behaviors in the new classes. Thus, the incremental learning based IDS is essential for detecting as well as preventing the malicious behaviors in the fog with the increased quality and the reduced storage of the training data.
You can look at NetSim. Documentation and codes for some NetSim projects relating to IoT attacks are available at https://tetcos.com/file-exchange.html
Dear Aftab Alam,
a relatively new trend in intrusion and anomaly detection is based on the solutions that use the idea of SDN. For this see my small list of literature:
S. Lim, J. Ha, H. Kim, Y. Kim, S. Yang: A SDN-Oriented DDoS Blocking Scheme for Botnet-Based Attacks; Sixth International Conference on Ubiquitous and Future Networks (ICUFN); Jul 2014 https://ieeexplore.ieee.org/document/6876752
Daojing He, Sammy Chan, Xiejun Ni, Mohsen Guizani: Software-Defined-Networking-Enabled Traffic Anomaly Detection and Mitigation; IEEE Internet of Things Journal, Vol. 4, Issue 6, Dec 2017 https://ieeexplore.ieee.org/abstract/document/7902104
Shiji Zheng: Research on SDN-based IoT Security Architecture Model, IEEE 8th Joint International, Information Technology and Artificial Intelligence Conference (ITAIC), May 2019
https://ieeexplore.ieee.org/document/8785456
Gilberto Fernandes Jr., Joel J. P. C. Rodrigues et al.: A comprehensive survey on network anomaly detection; Telecommunication Systems, Vol. 70, Issue 3, Mar 2019 https://link.springer.com/article/10.1007/s11235-018-0475-8
Nguyen Ngoc Tuan, Pham Huy Hung et al.: A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN; Electronics Vol. 9 Issue 3, Feb 2020 https://www.researchgate.net/publication/339586383
Best regards and much success
Anatol Badach
I only have experience of defending a website, where the assumption is, that the only open port is 80.
This limits the possible attack techniques, and makes defence considerably simpler.
There is only a limited number (approximately 100) of hack queries being used around the world, so the simplest approach is to defend against those, rather than doing the grossly inefficient practice of maintaining blacklists and whitelists - each of which is probably out-of-date as soon as it's published.
Our approach is to deploy an IPS which examines the content of each incoming query, and determines whether or not it is hostile. Response can be a matter of a few miiliseconds, during which the connection is dropped, and a firewall rule is added to block the IP address. This system has run successfully on our server for many years, and has foiled a total of 128,320 attempted attacks (as of today).
We also run a separate process, whose only job is to detect and nullify attempted SYN/ACK amplification attacks, which it does within a few milliseconds of receiving the first SYN. The solution to this was extremely simple, so I may describe it in another article, some time.
If you're interested, the original article describing the IDS/IPS is here : https://www.researchgate.net/publication/323686620_What%27s_An_IPS
- Badges
- Science topic
- Similar topics
- Psychology
- Mental Processes
- Learning