Destructive Attacks Research Articles

Botnets Unveiled: A Comprehensive Survey on Evolving Threats and Defense Strategies

ABSTRACTBotnets have emerged as a significant internet security threat, comprising networks of compromised computers under the control of command and control (C&C) servers. These malevolent entities enable a range of malicious activities, from denial of service (DoS) attacks to spam distribution and phishing. Each bot operates as a malicious binary code on vulnerable hosts, granting remote control to attackers who can harness the combined processing power of these compromised hosts for synchronized, highly destructive attacks while maintaining anonymity. This survey explores botnets and their evolution, covering aspects such as their life cycles, C&C models, botnet communication protocols, detection methods, the unique environments botnets operate in, and strategies to evade detection tools. It analyzes research challenges and future directions related to botnets, with a particular focus on evasion and detection techniques, including methods like encryption and the use of covert channels for detection and the reinforcement of botnets. By reviewing existing research, the survey provides a comprehensive overview of botnets, from their origins to their evolving tactics, and evaluates how botnets evade detection and how to counteract their activities. Its primary goal is to inform the research community about the changing landscape of botnets and the challenges in combating these threats, offering guidance on addressing security concerns effectively through the highlighting of evasion and detection methods. The survey concludes by presenting future research directions, including using encryption and covert channels for detection and strategies to strengthen botnets. This aims to guide researchers in developing more robust security measures to combat botnets effectively.

Distributed Denial of Service Attack Detection and Prevention Using Pipit Fox-Attentional Deep Learning in Software-Defined Networking

The Software-Defined Network (SDN) remains the innovative model that assists in satisfying the new application requirements of future networks. However, destructive attacks, particularly Distributed Denial of Service (DDoS) attacks, are aimed primarily at the SDN control panel, presenting a significant risk to network security. The traditional approaches for DDoS attack detection exhibit several limitations including interpretability challenges, overfitting problems, and false predictions. To mitigate these drawbacks, the research proposed a Pipit Flying Fox Optimized Deep Neural Network (PPF-DNN) and Intelligent Pipit Forage Optimized-Attentional Convolutional Neural Network (IPFO-ACNN) model. The channel attention is employed to enable the network to focus selectively on relevant information, improving the model’s sensitivity to subtle anomalies associated with DDoS attacks. By dynamically adjusting the attention weights across channels, the mechanism enhances the capability of the model to discriminate the normal network traffic and malicious patterns, which results in improved precision and reduced false positives. This approach harnesses the power of CNN to automatically extract hierarchical features from network data, enhancing the efficacy of the ACNN model in attack detection. IPFO and PPF algorithms integrate the unique strengths of bio-inspired algorithms, creating a synergistic approach for efficient model parameter tuning. In the case of Training Percentage (TP) 80, the accuracy, sensitivity, and specificity of the IPFO-ACNN model are evaluated as 98.87%, 99.24% and 97.91%, respectively. Similarly, the PPF-DNN model’s performance is assessed as 98.49%, 92.50% and 98.55%, which presents a promising avenue for bolstering network security infrastructure, ensuring more robust DDoS detection and mitigation capabilities in an increasingly complex cyber threat landscape.

Scalable rapid framework for evaluating network worst robustness with machine learning

Robustness is pivotal for comprehending, designing, optimizing, and rehabilitating networks, with simulation attacks being the prevailing evaluation method. Simulation attacks are often time-consuming or even impractical; however, a more crucial yet persistently overlooked drawback is that any attack strategy merely provides a potential paradigm of disintegration. The key concern is: in the worst-case scenario or facing the most severe attacks, what is the limit of robustness, referred to as “Worst Robustness”, for a given system? Understanding a system’s worst robustness is imperative for grasping its reliability limits, evaluating protective capabilities, and determining associated design and security maintenance costs. To address these challenges, we introduce the concept of Most Destruction Attack (MDA), which is based on the idea of knowledge stacking. MDA is employed to assess the worst robustness of networks, followed by the application of an adapted CNN algorithm to expedite the prediction of worst robustness. We establish the logical validity of MDA and highlight the exceptional performance of the adapted CNN algorithm in predicting the worst robustness across diverse network topologies. This Worst Robustness Evaluation (WRE) framework is scalable, accommodating various attack strategies, whether existing or prospective, and enhancing predictive capabilities with more powerful machine learning algorithms.

A Critical Candidate Node-Based Attack Model of Network Controllability.

The controllability of complex networks is a core issue in network research. Assessing the controllability robustness of networks under destructive attacks holds significant practical importance. This paper studies the controllability of networks from the perspective of malicious attacks. A novel attack model is proposed to evaluate and challenge network controllability. This method disrupts network controllability with high precision by identifying and targeting critical candidate nodes. The model is compared with traditional attack methods, including degree-based, betweenness-based, closeness-based, pagerank-based, and hierarchical attacks. Results show that the model outperforms these methods in both disruption effectiveness and computational efficiency. Extensive experiments on both synthetic and real-world networks validate the superior performance of this approach. This study provides valuable insights for identifying key nodes crucial for maintaining network controllability. It also offers a solid framework for enhancing network resilience against malicious attacks.

Resilient interval observer-based coordination control for multi-agent systems under stealthy attacks

In this paper, the coordination control problem of multi-agent systems (MASs) subjected to stealthy attacks and uncertainties is considered, where the uncertainties refer to unknown external disturbances and initial states. We consider a scenario in which the sensors are maliciously attacked, rendering the traditional interval observer’s bounds ineffective for estimating the system states. By solving the linear programming problem, the maximum destructive attack sequences are generated. A distributed resilient interval observer composed of a resilient framer and a control protocol is designed, in which the construction of control protocol for each agent depends on the framer information of its own and its neighbors. It is demonstrated by the cooperativity theory and the Lyapunov stability theory that the distributed resilient interval observer can not only realize interval-valued state estimation for each agent but also drive the cooperative behavior of MASs. In addition, the observer gain matrix is selected and optimized by solving a semi-definite programming problem to provide tighter bounds for each agent. Meanwhile, the bounds of stealthy attacks are calculated. Finally, through a simulation example, the superiority of the distributed resilient interval observer and the effectiveness of the resilient interval observer-based consensus control algorithms are validated.

Intrusion Detection System Using Probabilistic Adaptive Learning

Abstract: Machine learning and deep learning techniques are widely used to evaluate intrusion detection systems (IDS) capable of rapidly and automatically recognizing and classifying cyber-attacks on networks and hosts. However, when destructive attacks are becoming more extensive, more challenges develop, needing a comprehensive response. Numerous intrusion detection datasets are publicly accessible for further analysis by the cybersecurity research community. The Intrusion Detection System (IDS) is an effective tool utilized in cybersecurity systems to detect and identify intrusion attacks. With the increasing volume of data generation, the possibility of various forms of intrusion attacks also increases. Feature selection is crucial and often necessary enhance performance. The structure of the dataset can impact the efficiency of the machine learning model. Furthermore, data imbalance can pose a problem, but sampling approaches can help mitigate it. With technological advancements, machine learning-based methods have emerged as the cornerstone of modern intrusion detection, enabling more precise identification of abnormal behaviors and potential intrusions by learning the patterns of normal network traffic. In response to these challenges, this paper introduces an innovative intrusion detection model that amalgamates the Probabilistic Adaptiv eLearning Network architecture.

Quantum image encryption algorithm based on four-dimensional chaos

Background: Quantum image processing is rapidly developing in the field of quantum computing, and it can be successfully implemented on the Noisy Intermediate-Scale Quantum (NISQ) device. Quantum image encryption holds a pivotal position in this domain. However, the encryption process often encounters security vulnerabilities and entails complex computational complexities, thereby consuming substantial quantum resources. To address this, the present study proposes a quantum image encryption algorithm based on four-dimensional chaos.Methods: The classical image is first encoded into quantum information using the Generalized Quantum Image Representation (GQIR) method. Subsequently, the trajectory of the four-dimensional chaotic system is randomized, and multi-dimensional chaotic keys are generated to initially encrypt the pixel values of the image. Then, the Arnold transformation is applied to randomly encrypt the pixel positions, resulting in the encrypted image. During the decryption process, the inverse process of encryption is employed to restore the original image.Results: We simulated this process in the Python environment, and the information entropy analysis experiment showed that the information entropy of the three encrypted images reached above 7.999, so the system has good encryption. At the same time, the correlation of the pixel distribution after the encryption algorithm is weak, which proves that the control parameters of the chaotic system can effectively reduce the correlation between pixels in the image. In the final key space analysis, the key space issued by our encryption can reach $10140\gg 2128$.Conclusion: Our method is resistant to destructive attacks and can produce scrambled images with higher encryption and usability. This algorithm solves the problems of general encryption algorithms such as periodicity, small key space, and vulnerability to statistical analysis, and proposes a reliable and effective encryption scheme. By making full use of the characteristics of Arnold transformation permutation, ergodicity and the randomness of the four-dimensional chaotic system, the encryption algorithm uses the larger key space provided by the four-dimensional Lorenz system.

Electrochemical studies, adsorption behavior, and spectroscopic analysis of vanadyl complex of bis(1-(pyridin-2-yl)ethylidene)malonohydrazide as efficient eco-friendly corrosion inhibitor for low carbon steel in 1M HCl

Corrosion is a destructive attack that can effect on a substance. One of the most important problems is corrosion losses, which can cause a loss of 10% of the metallic output every year. A novel VO+2 complex of N1, N3-bis(1-(pyridin-2-yl)ethylidene)malonohydrazide [(VO)2(L)(OH)2].H2O has been prepared and utilized as corrosion controller for Low carbon steel (LCS) in hydrochloric acid solution. Chemical (Weight loss (WL)), electrochemical (electrochemical impedance spectroscopy (EIS), and potentiodynamic polarization (PP)) are utilized to examine the effectiveness of prepared [(VO)2(L)(OH)2].H2O (VOL). The inhibition efficacy improved with increasing the VOL doses. The maximum efficacy of the investigated inhibitor is 96.1% at 21×10−6 M. However, at 21×10−6 M, the efficacy decreased from 96.1% to 84.4% when the temperature elevated from 298 to 318 K. The adsorption of VOL on the LCS surface was used to explain the inhibition. According to the values of ∆G°ads, which ranged from 25.8 to 21.5 kJ mol−1, the adsorption of the VOL on the LCS surface is physical adsorption. Analyzing the polarization curves of synthesized inhibitors revealed that they were mixed-type inhibitors. LCS was found to be surface inhibited when coated with a thin film of inhibitors, and surface morphology was assessed by different techniques such as scanning electron microscopy (SEM), energy dispersive X-ray (EDX), and atomic force microscope (AFM), and X-ray photoelectron spectroscopy (XPS). Density functional theory (DFT) was employed to explain the nature of the interface among VOL and LCS surfaces. It was found that all of these used tests agreed with each other.

Intrusion Detection in IOT Networks using Machine Learning Techniques

Artificial intelligence (AI) and machine learning (ML) are essential for processing vast datasets and forecasting unknown events, offering innovative solutions to IoT security challenges. Recurrent neural networks (RNNs) have extended the predictive capacity of traditional neural networks, particularly in forecasting sequential events. With the increasing frequency of system attacks, the integration of machine learning into intrusion detection systems (IDS) is vital to identify and report potential threats, thereby safeguarding IoT infrastructure against destructive attacks

Detect Insider Attacks in Industrial Cyber-physical Systems Using Multi-physical Features-based Fingerprinting

ICPS software and hardware suffer from low update frequency, making it easier for insiders to bypass external defenses and launch concealed destructive attacks. To address these concerns, we design a device fingerprinting method based on multi-physical features, augmenting current intrusion detection techniques in the ICPS environment. In this article, we use the sorting system as an example, demonstrating that the proposed device fingerprinting technology has generality in the intrusion detection of ICPS control flow. Specifically, we first formalize the physical model of the sorting system to analyze the critical device features. Then, we extract these physical features from the sensor data collected in a physical testbed. Utilizing featurized data, we train a classifier that generates fingerprints in real-time in the production environment. Moreover, we develop a differential detection model based on device fingerprints to discover stealthy insider attacks efficiently. We evaluate the proposed method in a real-world testbed. Experiment results show that the detecting performance of classifiers approaches 100% when the the number of component types is small.

Securing smart home against sinkhole attack using weight‐based IDS placement strategy

AbstractExtensive use of the Internet of Things (IoT) in smart homes makes users' lives easy and comfortable. Yet, these resource‐constrained devices are prone to manifold security attacks. The sinkhole attack is one of the most destructive attacks that disrupt smart home operations, causing user dissatisfaction. Existing intrusion detection systems (IDS) cannot handle sinkhole attacks competently as they (i) do not consider the node capacity for being an IDS agent, leading to a low attack detection ratio, (ii) do not examine the sinkhole node's role when mitigating attacks, causing remaining network disconnection with the root node and (iii) do not consider replacing energy‐exhausted IDS nodes, causing connectivity loss of partial network with the root. This paper addresses these shortcomings and adequately presents a mechanism to handle sinkhole attacks. A formulation for assigning weights to network nodes based on their resources is proposed here. An IDS placement strategy is introduced to place IDS agents on particular resourceful nodes that extend network lifetime and enhance attack detection capability. We present a novel attack detection and mitigation strategy by ensuring network connectivity. The proposed mechanism achieves 95% attack detection accuracy and reduces false negative rates by 25% and energy consumption reasonably compared to the state‐of‐the‐art.

A medical impact of war: the hypertension crises dynamic in an adjacent population

Abstract Background The current military conflagration in Ukraine impacted also boundaring countries by fear military conflict extension in the region, often augmented by mass-media, as well as by real horror stories told by refugees. Goal. The aim of our research was evolutive assessment of the hypertension (HTN) crises in our emergency units during last twenty months. Method In this observational study, we analysed 45.293 patient (pts) files during five distinct intervals: 24.06.2021-23.10.2021, as four months of peace (P), 24.10.2021-23.02.2022, as four months of pre-war army manœvres (PW), 24.02.2022-23.06.2022, as the first four months of war – Russian invasion (RI), 24.06.2022-23.10.2022, as next four months of war – Ukrainean counteroffensive (UC), and 24.10.2022 – 23.02.2023, as other four months of war – Russian destructive attacks (RD), statistically matched 1:1:1:1:1. The acquisition of arterial pressure values was performed by professional digital tensiometers. Results From a quite steady number of 150 +/- 14 pts daily, the distribution of HTN pts was: 29,17 (P); 38,21 (PW); 67,49 (RI); 43,58 (UC); 56,14 (RD). Concerning the HTN crises, the data are as follows: 12,43 (P); 14,97 (PW); 27,65 (RI); 16,28 (UC); 24,93 (RD). Demographically, the male predominance oscillated as follows: 68,32% (P); 65,89% (PW); 59,58% (RI); 62,37% (UC); 56,94% (RD). The medium age for HTN crises pts balanced as follows: 65,32 yrs (P); 64,97 yrs (PW); 62,18 yrs (RI); 63,74 yrs (UC); 62,85 (RD). Conclusion According to our outcomes, the stress and high anxiety caused by fear of war in the neighbourhood significantly influenced the incidence of HTN crises along the five abovementioned periods. The most dramatic data were registered during RI period. Taking into consideration that this war is irrepeatable, this research is unique.

IoT Vulnerabilities and Attacks: SILEX Malware Case Study

The Internet of Things (IoT) is rapidly growing and is projected to develop in future years. The IoT connects everything from Closed Circuit Television (CCTV) cameras to medical equipment to smart home appliances to smart automobiles and many more gadgets. Connecting these gadgets is revolutionizing our lives today by offering higher efficiency, better customer service, and more effective goods and services in a variety of industries and sectors. With this anticipated expansion, many challenges arise. Recent research ranked IP cameras as the 2nd highest target for IoT attacks. IoT security exhibits an inherent asymmetry where resource-constrained devices face attackers with greater resources and time, creating an imbalanced power dynamic. In cybersecurity, there is a symmetrical aspect where defenders implement security measures while attackers seek symmetrical weaknesses. The SILEX malware case highlights this asymmetry, demonstrating how IoT devices’ limited security made them susceptible to a relatively simple yet destructive attack. These insights underscore the need for robust, proactive IoT security measures to address the asymmetrical risks posed by adversaries and safeguard IoT ecosystems effectively. In this paper, we present the IoT vulnerabilities, their causes, and how to detect them. We focus on SILEX, one of the famous malware that targets IoT, as a case study and present the lessons learned from this malware.

Learning agent-based security schema mitigating man-in-the-middle attacks in fog computing

<div style="text-align: start;" align="center"><span lang="EN-US">The fast emerging of internet of things (IoTs) has introduced fog computing as an intermediate layer between end-users and the cloud datacenters. Fog computing layer characterized by its closeness to end users for service provisioning than the cloud. However, security challenges are still a big concern in fog and cloud computing paradigms as well. In fog computing, one of the most destructive attacks is man-in-the-middle (MitM). Moreover, MitM attacks are hard to be detected since they performed passively on the network level. This paper proposes a MitM mitigation scheme in fog computing architecture. The proposal mapped the fog layer on software-defined network (SDN) architecture. The proposal integrated multi-path transmission control protocol (MPTCP), moving target defense (MTD) technique, and reinforcement learning agent (RL) in one framework that contributed significantly to improving the fog layer resources utilization and security. The proposed schema hardens the network reconnaissance and discovery, thus improved the network security against MitM attack. The evaluation framework was tested using a simulation environment on mininet, with the utilization of MPTCP kernel and Ryu SDN controller. The experimental results shows that the proposed schema maintained the network resiliency, improves resource utilization without adding significant overheads compared to the traditional transmission control protocol (TCP).</span></div>

Network wormhole attacks without a traditional wormhole

A prudent attacker tries to maximize profits during an attack, taking into account the investment cost for carrying out the attack; a cost which always exists. This includes the effort of information gathering, the energy and work needed to develop the attack, the risk of being exposed etc. The wormhole attack, in which a non-existent path is augmented to the network coaxing naive nodes to route traffic through the attackers, is accepted as one of the most destructive attacks in ad-hoc networks (e.g. manets, iot, wsn, uavs etc.). This research proposes a method to maximize the profit of the attack and challenges the axiomatic assumption of the wormhole attack protocol. We show that up to a specific point, there is a simpler alternative to the attack that does not require the creation of an additional fictitious link; yet, achieves optimal attack coverage. Simulating multiple network node/edge combinations in ns3, demonstrates how the benefit of every additional dedicated wormhole link is actually small and diminishes as link density increases. Our alternative, based on centrality measures, decreases the chance of being detected by ids/ips as no active topology manipulation is taking place.

A Learning Convolutional Neural Network Approach for Network Robustness Prediction.

Network robustness is critical for various societal and industrial networks against malicious attacks. In particular, connectivity robustness and controllability robustness reflect how well a networked system can maintain its connectedness and controllability against destructive attacks, which can be quantified by a sequence of values that record the remaining connectivity and controllability of the network after a sequence of node-or edge-removal attacks. Traditionally, robustness is determined by attack simulations, which are computationally very time-consuming or even practically infeasible for large-scale networks. In this article, an improved method for network robustness prediction is developed based on learning feature representation using the convolutional neural network (LFR-CNN). In this scheme, the higher-dimensional network data are compressed into lower-dimensional representations, which are then passed to a convolutional neural network to perform robustness prediction. Extensive experimental studies on both synthetic and real-world networks, both directed and undirected, demonstrate that: 1) the proposed LFR-CNN performs better than other two state-of-the-art prediction methods, with significantly smaller prediction errors; 2) LFR-CNN is insensitive to the variation of the input network size, which significantly extends its applicability; 3) although LFR-CNN needs more time to perform feature learning, it can achieve accurate prediction faster than attack simulations; and 4) LFR-CNN not only accurately predicts the network robustness, but also provides a good indicator for connectivity robustness, better than the classical spectral measures.

Evaluation of industrial network robustness against targeted attacks

SummaryDeveloping a long‐lasting, secure Industry 4.0 system presents a significant challenge for businesses and other interested parties. Industrial control systems (ICSs) are particularly vulnerable to cybercrime because of the operating systems' excessive availability and high robustness requirements. This research investigates five graph‐theory‐based measures to evaluate the robustness of industrial network topologies against three centrality‐based attacks and one random attack. Experiments are conducted to examine the three levels of the ICS network topology, from the field devices to the controllers and the enterprise devices. The results are twofold. On the one hand, the closeness‐based attack is the most harmful since it has the highest destructive potential and needs to attack only half of the total nodes in the network to reach the lowest robustness level. The betweenness‐based attack follows closely in terms of destruction, whereas the degree‐based attack is less destructive but rapidly degrades the robustness of the network. On the other hand, the flow robustness measure provides the best performance in the presence of any of the studied attacks, showing strong perception of robustness reduction when only one percent of the total nodes in the network are attacked. For this reason, the flow robustness measure is suitable to identify and locate the targeted attacks at their early stages, preventing them from becoming more catastrophic. Finally, the results suggest that the industrial network security system should combine at least two measures to ensure robustness against the most destructive attacks and their early‐stage detection. The research also confirmed the results by implementing attacks and measures on a real gas transmission network.

Security analysis in federated learning based on adversarial attacks

Federated learning can fully use more data to improve the model's performance, but there will be a significant risk once the communication data (such as gradient information) is exposed. The risk of communication data leakage is unacceptable to users. When an attacker gets a little communication data from somewhere, the leaked communication data is a deadly poison. Attackers only need this communication data to launch destructive attacks and quickly break through the defensive line. This paper studies how to defend this risk to improve the security of federated learning through simulated attack experiments. For example, a random pruning strategy compresses the attack model (deep neural network). The purpose is to change the model's structure without affecting the model's performance as much as possible to make the structure of the proxy model (attacker) and the attacked model different to verify whether the strategy can improve the defense capability of the model. The experimental results show that the gradient-based attack method has good generalization. Even if the structure of the neural network model is modified in this paper, it still cannot resist the specific attacks brought by gradient exposure.

Empowering DDoS Attack Mitigation with Programmable Switches

Distributed denial-of-service (DDoS) attacks have long been the most severe and destructive attack on modern networks. Some solutions place several middleboxes that run security-oriented network functions (SNFs) in the network to defend against DDoS attacks. However, middleboxes are proprietary and fixed-function, making them costly and inflexible when handling attack dynamics. Another class of solutions exploits the capability of software-defined networking (SDN) and network function virtualization (NFV) to run virtualized SNFs on commodity servers. This reduces the cost of DDoS attack mitigation while enabling high flexibility by dynamically removing or adding SNF instances. However, this class of solutions sacrifices packet processing performance and incurs non-trivial end-to-end latency, which is unacceptable for many latency-sensitive Internet services. Recently, the emergence of programmable switches brings a promising alternative solution: arbitrary SNFs can be directly performed in line-rate ASIC pipelines of programmable switches, enabling low-cost, flexible, and high-performance DDoS attack mitigation. In this article, we present an illustrative survey of recent solutions that leverage programmable switches to provide DDoS attack mitigation. Our survey can help understand how to make full use of the benefits of programmable switches to defend against DDoS attacks.

Sweden

Sweden's financial sector is highly digitalized and interconnected, and related technological developments heighten cyber threats and vulnerabilities. The cyber threat landscape has evolved, with many Swedish financial institutions victims of Distributed Denial of Service (DDoS) attacks. Wider, more destructive attacks are likely in the near future.