The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communicati...The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.展开更多
The rapid growth of distributed generator(DG)capacities has introduced additional controllable assets to improve the performance of distribution systems in terms of service restoration.Renewable DGs are of particular ...The rapid growth of distributed generator(DG)capacities has introduced additional controllable assets to improve the performance of distribution systems in terms of service restoration.Renewable DGs are of particular interest to utility companies,but the stochastic nature of intermittent renewable DGs could have a negative impact on the electric grid if they are not properly handled.In this study,we investigate distribution system service restoration using DGs as the primary power source,and we develop an effective approach to handle the uncertainty of renewable DGs under extreme conditions.The distribution system service restoration problem can be described as a mixed-integer second-order cone programming model by modifying the radial topology constraints and power flow equations.The uncertainty of renewable DGs will be modeled using a chance-constrained approach.Furthermore,the forecast errors and noises in real-time operation are solved using a novel model-free control algorithm that can automatically track the trajectory of real-time DG output.The proposed service restoration strategy and model-free control algorithm are validated using an IEEE 123-bus test system.展开更多
The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and...The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(展开更多
Scalability is one of the most important quality attribute of softwareintensive systems,because it maintains an effective performance parallel to the large fluctuating and sometimes unpredictable workload.In order to ...Scalability is one of the most important quality attribute of softwareintensive systems,because it maintains an effective performance parallel to the large fluctuating and sometimes unpredictable workload.In order to achieve scalability,thread pool system(TPS)(which is also known as executor service)has been used extensively as a middleware service in software-intensive systems.TPS optimization is a challenging problem that determines the optimal size of thread pool dynamically on runtime.In case of distributed-TPS(DTPS),another issue is the load balancing b/w available set of TPSs running at backend servers.Existing DTPSs are overloaded either due to an inappropriate TPS optimization strategy at backend servers or improper load balancing scheme that cannot quickly recover an overload.Consequently,the performance of software-intensive system is suffered.Thus,in this paper,we propose a new DTPS that follows the collaborative round robin load balancing that has the effect of a double-edge sword.On the one hand,it effectively performs the load balancing(in case of overload situation)among available TPSs by a fast overload recovery procedure that decelerates the load on the overloaded TPSs up to their capacities and shifts the remaining load towards other gracefully running TPSs.And on the other hand,its robust load deceleration technique which is applied to an overloaded TPS sets an appropriate upper bound of thread pool size,because the pool size in each TPS is kept equal to the request rate on it,hence dynamically optimizes TPS.We evaluated the results of the proposed system against state of the art DTPSs by a clientserver based simulator and found that our system outperformed by sustaining smaller response times.展开更多
The Internet service provider(ISP)is the heart of any country’s Internet infrastructure and plays an important role in connecting to theWorld WideWeb.Internet exchange point(IXP)allows the interconnection of two or m...The Internet service provider(ISP)is the heart of any country’s Internet infrastructure and plays an important role in connecting to theWorld WideWeb.Internet exchange point(IXP)allows the interconnection of two or more separate network infrastructures.All Internet traffic entering a country should pass through its IXP.Thus,it is an ideal location for performing malicious traffic analysis.Distributed denial of service(DDoS)attacks are becoming a more serious daily threat.Malicious actors in DDoS attacks control numerous infected machines known as botnets.Botnets are used to send numerous fake requests to overwhelm the resources of victims and make them unavailable for some periods.To date,such attacks present a major devastating security threat on the Internet.This paper proposes an effective and efficient machine learning(ML)-based DDoS detection approach for the early warning and protection of the Saudi Arabia Internet exchange point(SAIXP)platform.The effectiveness and efficiency of the proposed approach are verified by selecting an accurate ML method with a small number of input features.A chi-square method is used for feature selection because it is easier to compute than other methods,and it does not require any assumption about feature distribution values.Several ML methods are assessed using holdout and 10-fold tests on a public large-size dataset.The experiments showed that the performance of the decision tree(DT)classifier achieved a high accuracy result(99.98%)with a small number of features(10 features).The experimental results confirmthe applicability of using DT and chi-square for DDoS detection and early warning in SAIXP.展开更多
Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualiz...Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches.展开更多
Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global infor...Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.展开更多
Previous studies have shown that deep learning is very effective in detecting known attacks.However,when facing unknown attacks,models such as Deep Neural Networks(DNN)combined with Long Short-Term Memory(LSTM),Convol...Previous studies have shown that deep learning is very effective in detecting known attacks.However,when facing unknown attacks,models such as Deep Neural Networks(DNN)combined with Long Short-Term Memory(LSTM),Convolutional Neural Networks(CNN)combined with LSTM,and so on are built by simple stacking,which has the problems of feature loss,low efficiency,and low accuracy.Therefore,this paper proposes an autonomous detectionmodel for Distributed Denial of Service attacks,Multi-Scale Convolutional Neural Network-Bidirectional Gated Recurrent Units-Single Headed Attention(MSCNN-BiGRU-SHA),which is based on a Multistrategy Integrated Zebra Optimization Algorithm(MI-ZOA).The model undergoes training and testing with the CICDDoS2019 dataset,and its performance is evaluated on a new GINKS2023 dataset.The hyperparameters for Conv_filter and GRU_unit are optimized using the Multi-strategy Integrated Zebra Optimization Algorithm(MIZOA).The experimental results show that the test accuracy of the MSCNN-BiGRU-SHA model based on the MIZOA proposed in this paper is as high as 0.9971 in the CICDDoS 2019 dataset.The evaluation accuracy of the new dataset GINKS2023 created in this paper is 0.9386.Compared to the MSCNN-BiGRU-SHA model based on the Zebra Optimization Algorithm(ZOA),the detection accuracy on the GINKS2023 dataset has improved by 5.81%,precisionhas increasedby 1.35%,the recallhas improvedby 9%,and theF1scorehas increasedby 5.55%.Compared to the MSCNN-BiGRU-SHA models developed using Grid Search,Random Search,and Bayesian Optimization,the MSCNN-BiGRU-SHA model optimized with the MI-ZOA exhibits better performance in terms of accuracy,precision,recall,and F1 score.展开更多
The growing sophistication of cyberthreats,among others the Distributed Denial of Service attacks,has exposed limitations in traditional rule-based Security Information and Event Management systems.While machine learn...The growing sophistication of cyberthreats,among others the Distributed Denial of Service attacks,has exposed limitations in traditional rule-based Security Information and Event Management systems.While machine learning–based intrusion detection systems can capture complex network behaviours,their“black-box”nature often limits trust and actionable insight for security operators.This study introduces a novel approach that integrates Explainable Artificial Intelligence—xAI—with the Random Forest classifier to derive human-interpretable rules,thereby enhancing the detection of Distributed Denial of Service(DDoS)attacks.The proposed framework combines traditional static rule formulation with advanced xAI techniques—SHapley Additive exPlanations and Scoped Rules-to extract decision criteria from a fully trained model.The methodology was validated on two benchmark datasets,CICIDS2017 and WUSTL-IIOT-2021.Extracted rules were evaluated against conventional Security Information and Event Management Systems rules with metrics such as precision,recall,accuracy,balanced accuracy,and Matthews Correlation Coefficient.Experimental results demonstrate that xAI-derived rules consistently outperform traditional static rules.Notably,the most refined xAI-generated rule achieved near-perfect performance with significantly improved detection of DDoS traffic while maintaining high accuracy in classifying benign traffic across both datasets.展开更多
DDoS attacks represent one of the most pervasive and evolving threats in cybersecurity,capable of crippling critical infrastructures and disrupting services globally.As networks continue to expand and threats become m...DDoS attacks represent one of the most pervasive and evolving threats in cybersecurity,capable of crippling critical infrastructures and disrupting services globally.As networks continue to expand and threats become more sophisticated,there is an urgent need for Intrusion Detection Systems(IDS)capable of handling these challenges effectively.Traditional IDS models frequently have difficulties in detecting new or changing attack patterns since they heavily depend on existing characteristics.This paper presents a novel approach for detecting unknown Distributed Denial of Service(DDoS)attacks by integrating Sliced Iterative Normalizing Flows(SINF)into IDS.SINF utilizes the Sliced Wasserstein distance to repeatedly modify probability distributions,enabling better management of high-dimensional data when there are only a few samples available.The unique architecture of SINF ensures efficient density estimation and robust sample generation,enabling IDS to adapt dynamically to emerging threats without relying heavily on predefined signatures or extensive retraining.By incorporating Open-Set Recognition(OSR)techniques,this method improves the system’s ability to detect both known and unknown attacks while maintaining high detection performance.The experimental evaluation on CICIDS2017 and CICDDoS2019 datasets demonstrates that the proposed system achieves an accuracy of 99.85%for known attacks and an F1 score of 99.99%after incremental learning for unknown attacks.The results clearly demonstrate the system’s strong generalization capability across unseen attacks while maintaining the computational efficiency required for real-world deployment.展开更多
90 counties (cities) in Guangxi Province being taken as the tested region,the ecosystem service value of those counties (cities) was measured with the data of land-using in 2005 by means of the Table of Terrestrial Ec...90 counties (cities) in Guangxi Province being taken as the tested region,the ecosystem service value of those counties (cities) was measured with the data of land-using in 2005 by means of the Table of Terrestrial Ecosystem Services Value in China.The result indicated that the value of the ecosystem services per unit was divided into 3 categories:the first category with high ecosystem services value,the second category with medium ecosystem services value and the third category with low ecosystem services value.The region of the first category was mainly distributed in the mountain area of northern,northwestern,eastern and northeast part of Guangxi;the second category,in the hilly area of southern part and the mountain area in the southwestern part of Guangxi and the third category,in the basin area of central Guangxi,the karst area of western and northwestern Guangxi Province.展开更多
Cloud computing(CC)is an advanced technology that provides access to predictive resources and data sharing.The cloud environment represents the right type regarding cloud usage model ownership,size,and rights to acces...Cloud computing(CC)is an advanced technology that provides access to predictive resources and data sharing.The cloud environment represents the right type regarding cloud usage model ownership,size,and rights to access.It introduces the scope and nature of cloud computing.In recent times,all processes are fed into the system for which consumer data and cache size are required.One of the most security issues in the cloud environment is Distributed Denial of Ser-vice(DDoS)attacks,responsible for cloud server overloading.This proposed sys-tem ID3(Iterative Dichotomiser 3)Maximum Multifactor Dimensionality Posteriori Method(ID3-MMDP)is used to overcome the drawback and a rela-tively simple way to execute and for the detection of(DDoS)attack.First,the pro-posed ID3-MMDP method calls for the resources of the cloud platform and then implements the attack detection technology based on information entropy to detect DDoS attacks.Since because the entropy value can show the discrete or aggregated characteristics of the current data set,it can be used for the detection of abnormal dataflow,User-uploaded data,ID3-MMDP system checks and read risk measurement and processing,bug ratingfile size changes,orfile name changes and changes in the format design of the data size entropy value.Unique properties can be used whenever the program approaches any data error to detect abnormal data services.Finally,the experiment also verifies the DDoS attack detection capability algorithm.展开更多
Electric power grids are evolving into complex cyber-physical power systems(CPPSs)that integrate advanced information and communication technologies(ICTs)but face increasing cyberspace threats and attacks.This study c...Electric power grids are evolving into complex cyber-physical power systems(CPPSs)that integrate advanced information and communication technologies(ICTs)but face increasing cyberspace threats and attacks.This study considers CPPS cyberspace security under distributed denial of service(DDoS)attacks and proposes a nonzero-sum game-theoretical model with incomplete information for appropriate allocation of defense resources based on the availability of limited resources.Task time delay is applied to quantify the expected utility as CPPSs have high time requirements and incur massive damage DDoS attacks.Different resource allocation strategies are adopted by attackers and defenders under the three cases of attack-free,failed attack,and successful attack,which lead to a corresponding consumption of resources.A multidimensional node value analysis is designed to introduce physical and cybersecurity indices.Simulation experiments and numerical results demonstrate the effectiveness of the proposed model for the appropriate allocation of defense resources in CPPSs under limited resource availability.展开更多
Cloud computing environments,characterized by dynamic scaling,distributed architectures,and complex work-loads,are increasingly targeted by malicious actors.These threats encompass unauthorized access,data breaches,de...Cloud computing environments,characterized by dynamic scaling,distributed architectures,and complex work-loads,are increasingly targeted by malicious actors.These threats encompass unauthorized access,data breaches,denial-of-service attacks,and evolving malware variants.Traditional security solutions often struggle with the dynamic nature of cloud environments,highlighting the need for robust Adaptive Cloud Intrusion Detection Systems(CIDS).Existing adaptive CIDS solutions,while offering improved detection capabilities,often face limitations such as reliance on approximations for change point detection,hindering their precision in identifying anomalies.This can lead to missed attacks or an abundance of false alarms,impacting overall security effectiveness.To address these challenges,we propose ACIDS(Adaptive Cloud Intrusion Detection System)-PELT.This novel Adaptive CIDS framework leverages the Pruned Exact Linear Time(PELT)algorithm and a Support Vector Machine(SVM)for enhanced accuracy and efficiency.ACIDS-PELT comprises four key components:(1)Feature Selection:Utilizing a hybrid harmony search algorithm and the symmetrical uncertainty filter(HSO-SU)to identify the most relevant features that effectively differentiate between normal and anomalous network traffic in the cloud environment.(2)Surveillance:Employing the PELT algorithm to detect change points within the network traffic data,enabling the identification of anomalies and potential security threats with improved precision compared to existing approaches.(3)Training Set:Labeled network traffic data forms the training set used to train the SVM classifier to distinguish between normal and anomalous behaviour patterns.(4)Testing Set:The testing set evaluates ACIDS-PELT’s performance by measuring its accuracy,precision,and recall in detecting security threats within the cloud environment.We evaluate the performance of ACIDS-PELT using the NSL-KDD benchmark dataset.The results demonstrate that ACIDS-PELT outperforms existing cloud intrusion detection techniques in terms of accuracy,precision,and recall.This superiority stems from ACIDS-PELT’s ability to overcome limitations associated with approximation and imprecision in change point detection while offering a more accurate and precise approach to detecting security threats in dynamic cloud environments.展开更多
The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are ...The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.展开更多
Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,t...Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,the proliferation of Internet of Things(IoT)has increased the quantity of vulnerable devices connected to the network and has intensified the threat of LFAs.In LFAs,attackers typically utilize low-speed flows that do not reach the victims,making the attack difficult to detect.Traditional LFA defense methods mainly reroute the attack traffic around the congested link,which encounters high complexity and high computational overhead due to the aggregation of massive attack traffic.To address these challenges,we present an LFA defense framework which can mitigate the attack flows at the border switches when they are small in scale.This framework is lightweight and can be deployed at border switches of the network in a distributed manner,which ensures the scalability of our defense system.The performance of our framework is assessed in an experimental environment.The simulation results indicate that our method is effective in detecting and mitigating LFAs with low time complexity.展开更多
In this in-depth exploration, I delve into the complex implications and costs of cybersecurity breaches. Venturing beyond just the immediate repercussions, the research unearths both the overt and concealed long-term ...In this in-depth exploration, I delve into the complex implications and costs of cybersecurity breaches. Venturing beyond just the immediate repercussions, the research unearths both the overt and concealed long-term consequences that businesses encounter. This study integrates findings from various research, including quantitative reports, drawing upon real-world incidents faced by both small and large enterprises. This investigation emphasizes the profound intangible costs, such as trade name devaluation and potential damage to brand reputation, which can persist long after the breach. By collating insights from industry experts and a myriad of research, the study provides a comprehensive perspective on the profound, multi-dimensional impacts of cybersecurity incidents. The overarching aim is to underscore the often-underestimated scope and depth of these breaches, emphasizing the entire timeline post-incident and the urgent need for fortified preventative and reactive measures in the digital domain.展开更多
In wastewater treatment process(WWTP), the accurate and real-time monitoring values of key variables are crucial for the operational strategies. However, most of the existing methods have difficulty in obtaining the r...In wastewater treatment process(WWTP), the accurate and real-time monitoring values of key variables are crucial for the operational strategies. However, most of the existing methods have difficulty in obtaining the real-time values of some key variables in the process. In order to handle this issue, a data-driven intelligent monitoring system, using the soft sensor technique and data distribution service, is developed to monitor the concentrations of effluent total phosphorous(TP) and ammonia nitrogen(NH_4-N). In this intelligent monitoring system, a fuzzy neural network(FNN) is applied for designing the soft sensor model, and a principal component analysis(PCA) method is used to select the input variables of the soft sensor model. Moreover, data transfer software is exploited to insert the soft sensor technique to the supervisory control and data acquisition(SCADA) system. Finally, this proposed intelligent monitoring system is tested in several real plants to demonstrate the reliability and effectiveness of the monitoring performance.展开更多
Software-defined network(SDN)becomes a new revolutionary paradigm in networks because it provides more control and network operation over a network infrastructure.The SDN controller is considered as the operating syst...Software-defined network(SDN)becomes a new revolutionary paradigm in networks because it provides more control and network operation over a network infrastructure.The SDN controller is considered as the operating system of the SDN based network infrastructure,and it is responsible for executing the different network applications and maintaining the network services and functionalities.Despite all its tremendous capabilities,the SDN face many security issues due to the complexity of the SDN architecture.Distributed denial of services(DDoS)is a common attack on SDN due to its centralized architecture,especially at the control layer of the SDN that has a network-wide impact.Machine learning is now widely used for fast detection of these attacks.In this paper,some important feature selection methods for machine learning on DDoS detection are evaluated.The selection of optimal features reflects the classification accuracy of the machine learning techniques and the performance of the SDN controller.A comparative analysis of feature selection and machine learning classifiers is also derived to detect SDN attacks.The experimental results show that the Random forest(RF)classifier trains the more accurate model with 99.97%accuracy using features subset by the Recursive feature elimination(RFE)method.展开更多
文摘The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.
基金the National Renewable Energy Laboratory(NREL)operated by Alliance for Sustainable Energy,LLC,for the U.S.Department of Energy(DOE)under Contract No.DE-AC36-08GO28308the U.S.Department of Energy Office of Electricity AOP Distribution Grid Resilience Project.The views expressed in the article do not necessarily represent the views of the DOE or the U.S.Government.The U.S.Government retains and the publisher,by accepting the article for publication,acknowledges that the U.S.Government retains a nonexclusive,paid-up,irrevocable,worldwide license to publish or reproduce the published form of this work,or allow others to do so,for U.S.Government purposes.
文摘The rapid growth of distributed generator(DG)capacities has introduced additional controllable assets to improve the performance of distribution systems in terms of service restoration.Renewable DGs are of particular interest to utility companies,but the stochastic nature of intermittent renewable DGs could have a negative impact on the electric grid if they are not properly handled.In this study,we investigate distribution system service restoration using DGs as the primary power source,and we develop an effective approach to handle the uncertainty of renewable DGs under extreme conditions.The distribution system service restoration problem can be described as a mixed-integer second-order cone programming model by modifying the radial topology constraints and power flow equations.The uncertainty of renewable DGs will be modeled using a chance-constrained approach.Furthermore,the forecast errors and noises in real-time operation are solved using a novel model-free control algorithm that can automatically track the trajectory of real-time DG output.The proposed service restoration strategy and model-free control algorithm are validated using an IEEE 123-bus test system.
文摘The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(
文摘Scalability is one of the most important quality attribute of softwareintensive systems,because it maintains an effective performance parallel to the large fluctuating and sometimes unpredictable workload.In order to achieve scalability,thread pool system(TPS)(which is also known as executor service)has been used extensively as a middleware service in software-intensive systems.TPS optimization is a challenging problem that determines the optimal size of thread pool dynamically on runtime.In case of distributed-TPS(DTPS),another issue is the load balancing b/w available set of TPSs running at backend servers.Existing DTPSs are overloaded either due to an inappropriate TPS optimization strategy at backend servers or improper load balancing scheme that cannot quickly recover an overload.Consequently,the performance of software-intensive system is suffered.Thus,in this paper,we propose a new DTPS that follows the collaborative round robin load balancing that has the effect of a double-edge sword.On the one hand,it effectively performs the load balancing(in case of overload situation)among available TPSs by a fast overload recovery procedure that decelerates the load on the overloaded TPSs up to their capacities and shifts the remaining load towards other gracefully running TPSs.And on the other hand,its robust load deceleration technique which is applied to an overloaded TPS sets an appropriate upper bound of thread pool size,because the pool size in each TPS is kept equal to the request rate on it,hence dynamically optimizes TPS.We evaluated the results of the proposed system against state of the art DTPSs by a clientserver based simulator and found that our system outperformed by sustaining smaller response times.
文摘The Internet service provider(ISP)is the heart of any country’s Internet infrastructure and plays an important role in connecting to theWorld WideWeb.Internet exchange point(IXP)allows the interconnection of two or more separate network infrastructures.All Internet traffic entering a country should pass through its IXP.Thus,it is an ideal location for performing malicious traffic analysis.Distributed denial of service(DDoS)attacks are becoming a more serious daily threat.Malicious actors in DDoS attacks control numerous infected machines known as botnets.Botnets are used to send numerous fake requests to overwhelm the resources of victims and make them unavailable for some periods.To date,such attacks present a major devastating security threat on the Internet.This paper proposes an effective and efficient machine learning(ML)-based DDoS detection approach for the early warning and protection of the Saudi Arabia Internet exchange point(SAIXP)platform.The effectiveness and efficiency of the proposed approach are verified by selecting an accurate ML method with a small number of input features.A chi-square method is used for feature selection because it is easier to compute than other methods,and it does not require any assumption about feature distribution values.Several ML methods are assessed using holdout and 10-fold tests on a public large-size dataset.The experiments showed that the performance of the decision tree(DT)classifier achieved a high accuracy result(99.98%)with a small number of features(10 features).The experimental results confirmthe applicability of using DT and chi-square for DDoS detection and early warning in SAIXP.
文摘Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches.
文摘Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.
基金supported by Science and Technology Innovation Programfor Postgraduate Students in IDP Subsidized by Fundamental Research Funds for the Central Universities(Project No.ZY20240335)support of the Research Project of the Key Technology of Malicious Code Detection Based on Data Mining in APT Attack(Project No.2022IT173)the Research Project of the Big Data Sensitive Information Supervision Technology Based on Convolutional Neural Network(Project No.2022011033).
文摘Previous studies have shown that deep learning is very effective in detecting known attacks.However,when facing unknown attacks,models such as Deep Neural Networks(DNN)combined with Long Short-Term Memory(LSTM),Convolutional Neural Networks(CNN)combined with LSTM,and so on are built by simple stacking,which has the problems of feature loss,low efficiency,and low accuracy.Therefore,this paper proposes an autonomous detectionmodel for Distributed Denial of Service attacks,Multi-Scale Convolutional Neural Network-Bidirectional Gated Recurrent Units-Single Headed Attention(MSCNN-BiGRU-SHA),which is based on a Multistrategy Integrated Zebra Optimization Algorithm(MI-ZOA).The model undergoes training and testing with the CICDDoS2019 dataset,and its performance is evaluated on a new GINKS2023 dataset.The hyperparameters for Conv_filter and GRU_unit are optimized using the Multi-strategy Integrated Zebra Optimization Algorithm(MIZOA).The experimental results show that the test accuracy of the MSCNN-BiGRU-SHA model based on the MIZOA proposed in this paper is as high as 0.9971 in the CICDDoS 2019 dataset.The evaluation accuracy of the new dataset GINKS2023 created in this paper is 0.9386.Compared to the MSCNN-BiGRU-SHA model based on the Zebra Optimization Algorithm(ZOA),the detection accuracy on the GINKS2023 dataset has improved by 5.81%,precisionhas increasedby 1.35%,the recallhas improvedby 9%,and theF1scorehas increasedby 5.55%.Compared to the MSCNN-BiGRU-SHA models developed using Grid Search,Random Search,and Bayesian Optimization,the MSCNN-BiGRU-SHA model optimized with the MI-ZOA exhibits better performance in terms of accuracy,precision,recall,and F1 score.
基金funded under the Horizon Europe AI4CYBER Projectwhich has received funding from the European Union’s Horizon Europe Research and Innovation Programme under grant agreement No.101070450.
文摘The growing sophistication of cyberthreats,among others the Distributed Denial of Service attacks,has exposed limitations in traditional rule-based Security Information and Event Management systems.While machine learning–based intrusion detection systems can capture complex network behaviours,their“black-box”nature often limits trust and actionable insight for security operators.This study introduces a novel approach that integrates Explainable Artificial Intelligence—xAI—with the Random Forest classifier to derive human-interpretable rules,thereby enhancing the detection of Distributed Denial of Service(DDoS)attacks.The proposed framework combines traditional static rule formulation with advanced xAI techniques—SHapley Additive exPlanations and Scoped Rules-to extract decision criteria from a fully trained model.The methodology was validated on two benchmark datasets,CICIDS2017 and WUSTL-IIOT-2021.Extracted rules were evaluated against conventional Security Information and Event Management Systems rules with metrics such as precision,recall,accuracy,balanced accuracy,and Matthews Correlation Coefficient.Experimental results demonstrate that xAI-derived rules consistently outperform traditional static rules.Notably,the most refined xAI-generated rule achieved near-perfect performance with significantly improved detection of DDoS traffic while maintaining high accuracy in classifying benign traffic across both datasets.
基金supported by the National Science and Technology Council,Taiwan with grant numbers NSTC 112-2221-E-992-045,112-2221-E-992-057-MY3,and 112-2622-8-992-009-TD1.
文摘DDoS attacks represent one of the most pervasive and evolving threats in cybersecurity,capable of crippling critical infrastructures and disrupting services globally.As networks continue to expand and threats become more sophisticated,there is an urgent need for Intrusion Detection Systems(IDS)capable of handling these challenges effectively.Traditional IDS models frequently have difficulties in detecting new or changing attack patterns since they heavily depend on existing characteristics.This paper presents a novel approach for detecting unknown Distributed Denial of Service(DDoS)attacks by integrating Sliced Iterative Normalizing Flows(SINF)into IDS.SINF utilizes the Sliced Wasserstein distance to repeatedly modify probability distributions,enabling better management of high-dimensional data when there are only a few samples available.The unique architecture of SINF ensures efficient density estimation and robust sample generation,enabling IDS to adapt dynamically to emerging threats without relying heavily on predefined signatures or extensive retraining.By incorporating Open-Set Recognition(OSR)techniques,this method improves the system’s ability to detect both known and unknown attacks while maintaining high detection performance.The experimental evaluation on CICIDS2017 and CICDDoS2019 datasets demonstrates that the proposed system achieves an accuracy of 99.85%for known attacks and an F1 score of 99.99%after incremental learning for unknown attacks.The results clearly demonstrate the system’s strong generalization capability across unseen attacks while maintaining the computational efficiency required for real-world deployment.
基金Supported by Guangxi Natural Sciences Funding Project
文摘90 counties (cities) in Guangxi Province being taken as the tested region,the ecosystem service value of those counties (cities) was measured with the data of land-using in 2005 by means of the Table of Terrestrial Ecosystem Services Value in China.The result indicated that the value of the ecosystem services per unit was divided into 3 categories:the first category with high ecosystem services value,the second category with medium ecosystem services value and the third category with low ecosystem services value.The region of the first category was mainly distributed in the mountain area of northern,northwestern,eastern and northeast part of Guangxi;the second category,in the hilly area of southern part and the mountain area in the southwestern part of Guangxi and the third category,in the basin area of central Guangxi,the karst area of western and northwestern Guangxi Province.
文摘Cloud computing(CC)is an advanced technology that provides access to predictive resources and data sharing.The cloud environment represents the right type regarding cloud usage model ownership,size,and rights to access.It introduces the scope and nature of cloud computing.In recent times,all processes are fed into the system for which consumer data and cache size are required.One of the most security issues in the cloud environment is Distributed Denial of Ser-vice(DDoS)attacks,responsible for cloud server overloading.This proposed sys-tem ID3(Iterative Dichotomiser 3)Maximum Multifactor Dimensionality Posteriori Method(ID3-MMDP)is used to overcome the drawback and a rela-tively simple way to execute and for the detection of(DDoS)attack.First,the pro-posed ID3-MMDP method calls for the resources of the cloud platform and then implements the attack detection technology based on information entropy to detect DDoS attacks.Since because the entropy value can show the discrete or aggregated characteristics of the current data set,it can be used for the detection of abnormal dataflow,User-uploaded data,ID3-MMDP system checks and read risk measurement and processing,bug ratingfile size changes,orfile name changes and changes in the format design of the data size entropy value.Unique properties can be used whenever the program approaches any data error to detect abnormal data services.Finally,the experiment also verifies the DDoS attack detection capability algorithm.
基金supported by the“Pioneer”and“Leading Goose”R&D Program of Zhejiang(No.2022C01239)National Natural Science Foundation of China(No.52177119)Fundamental Research Funds for the Central Universities(Zhejiang University NGICS Platform).
文摘Electric power grids are evolving into complex cyber-physical power systems(CPPSs)that integrate advanced information and communication technologies(ICTs)but face increasing cyberspace threats and attacks.This study considers CPPS cyberspace security under distributed denial of service(DDoS)attacks and proposes a nonzero-sum game-theoretical model with incomplete information for appropriate allocation of defense resources based on the availability of limited resources.Task time delay is applied to quantify the expected utility as CPPSs have high time requirements and incur massive damage DDoS attacks.Different resource allocation strategies are adopted by attackers and defenders under the three cases of attack-free,failed attack,and successful attack,which lead to a corresponding consumption of resources.A multidimensional node value analysis is designed to introduce physical and cybersecurity indices.Simulation experiments and numerical results demonstrate the effectiveness of the proposed model for the appropriate allocation of defense resources in CPPSs under limited resource availability.
基金funded by the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University(IMSIU)through Research Partnership Program No.RP-21-07-09.
文摘Cloud computing environments,characterized by dynamic scaling,distributed architectures,and complex work-loads,are increasingly targeted by malicious actors.These threats encompass unauthorized access,data breaches,denial-of-service attacks,and evolving malware variants.Traditional security solutions often struggle with the dynamic nature of cloud environments,highlighting the need for robust Adaptive Cloud Intrusion Detection Systems(CIDS).Existing adaptive CIDS solutions,while offering improved detection capabilities,often face limitations such as reliance on approximations for change point detection,hindering their precision in identifying anomalies.This can lead to missed attacks or an abundance of false alarms,impacting overall security effectiveness.To address these challenges,we propose ACIDS(Adaptive Cloud Intrusion Detection System)-PELT.This novel Adaptive CIDS framework leverages the Pruned Exact Linear Time(PELT)algorithm and a Support Vector Machine(SVM)for enhanced accuracy and efficiency.ACIDS-PELT comprises four key components:(1)Feature Selection:Utilizing a hybrid harmony search algorithm and the symmetrical uncertainty filter(HSO-SU)to identify the most relevant features that effectively differentiate between normal and anomalous network traffic in the cloud environment.(2)Surveillance:Employing the PELT algorithm to detect change points within the network traffic data,enabling the identification of anomalies and potential security threats with improved precision compared to existing approaches.(3)Training Set:Labeled network traffic data forms the training set used to train the SVM classifier to distinguish between normal and anomalous behaviour patterns.(4)Testing Set:The testing set evaluates ACIDS-PELT’s performance by measuring its accuracy,precision,and recall in detecting security threats within the cloud environment.We evaluate the performance of ACIDS-PELT using the NSL-KDD benchmark dataset.The results demonstrate that ACIDS-PELT outperforms existing cloud intrusion detection techniques in terms of accuracy,precision,and recall.This superiority stems from ACIDS-PELT’s ability to overcome limitations associated with approximation and imprecision in change point detection while offering a more accurate and precise approach to detecting security threats in dynamic cloud environments.
基金extend their appreciation to Researcher Supporting Project Number(RSPD2023R582)King Saud University,Riyadh,Saudi Arabia.
文摘The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.
基金supported in part by the National Key R&D Program of China under Grant 2018YFA0701601in part by the National Natural Science Foundation of China(Grant No.62201605,62341110,U22A2002)in part by Tsinghua University-China Mobile Communications Group Co.,Ltd.Joint Institute。
文摘Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,the proliferation of Internet of Things(IoT)has increased the quantity of vulnerable devices connected to the network and has intensified the threat of LFAs.In LFAs,attackers typically utilize low-speed flows that do not reach the victims,making the attack difficult to detect.Traditional LFA defense methods mainly reroute the attack traffic around the congested link,which encounters high complexity and high computational overhead due to the aggregation of massive attack traffic.To address these challenges,we present an LFA defense framework which can mitigate the attack flows at the border switches when they are small in scale.This framework is lightweight and can be deployed at border switches of the network in a distributed manner,which ensures the scalability of our defense system.The performance of our framework is assessed in an experimental environment.The simulation results indicate that our method is effective in detecting and mitigating LFAs with low time complexity.
文摘In this in-depth exploration, I delve into the complex implications and costs of cybersecurity breaches. Venturing beyond just the immediate repercussions, the research unearths both the overt and concealed long-term consequences that businesses encounter. This study integrates findings from various research, including quantitative reports, drawing upon real-world incidents faced by both small and large enterprises. This investigation emphasizes the profound intangible costs, such as trade name devaluation and potential damage to brand reputation, which can persist long after the breach. By collating insights from industry experts and a myriad of research, the study provides a comprehensive perspective on the profound, multi-dimensional impacts of cybersecurity incidents. The overarching aim is to underscore the often-underestimated scope and depth of these breaches, emphasizing the entire timeline post-incident and the urgent need for fortified preventative and reactive measures in the digital domain.
基金Supported by the National Natural Science Foundation of China(61622301,61533002)Beijing Natural Science Foundation(4172005)Major National Science and Technology Project(2017ZX07104)
文摘In wastewater treatment process(WWTP), the accurate and real-time monitoring values of key variables are crucial for the operational strategies. However, most of the existing methods have difficulty in obtaining the real-time values of some key variables in the process. In order to handle this issue, a data-driven intelligent monitoring system, using the soft sensor technique and data distribution service, is developed to monitor the concentrations of effluent total phosphorous(TP) and ammonia nitrogen(NH_4-N). In this intelligent monitoring system, a fuzzy neural network(FNN) is applied for designing the soft sensor model, and a principal component analysis(PCA) method is used to select the input variables of the soft sensor model. Moreover, data transfer software is exploited to insert the soft sensor technique to the supervisory control and data acquisition(SCADA) system. Finally, this proposed intelligent monitoring system is tested in several real plants to demonstrate the reliability and effectiveness of the monitoring performance.
文摘Software-defined network(SDN)becomes a new revolutionary paradigm in networks because it provides more control and network operation over a network infrastructure.The SDN controller is considered as the operating system of the SDN based network infrastructure,and it is responsible for executing the different network applications and maintaining the network services and functionalities.Despite all its tremendous capabilities,the SDN face many security issues due to the complexity of the SDN architecture.Distributed denial of services(DDoS)is a common attack on SDN due to its centralized architecture,especially at the control layer of the SDN that has a network-wide impact.Machine learning is now widely used for fast detection of these attacks.In this paper,some important feature selection methods for machine learning on DDoS detection are evaluated.The selection of optimal features reflects the classification accuracy of the machine learning techniques and the performance of the SDN controller.A comparative analysis of feature selection and machine learning classifiers is also derived to detect SDN attacks.The experimental results show that the Random forest(RF)classifier trains the more accurate model with 99.97%accuracy using features subset by the Recursive feature elimination(RFE)method.
