Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Subject: search.filters.subject.Denial-of-service attack

Search Results

Now showing 1 - 10 of 10
  • No Thumbnail Available
    Item
    En-Route Filtering Techniques in Wireless Sensor Networks: A Survey
    (Springer New York LLC barbara.b.bertram@gsk.com, 2017) Kumar, A.; Pais, A.R.
    Majority of wireless sensor networks (WSNs) are deployed in unattended environments and thus sensor nodes can be compromised easily. A compromised sensor node can be used to send fake sensing reports to the sink. If undetected these reports can raise false alarms. To deal with the problem of fake report generation, a number of en-route filtering schemes have been proposed. Each of these schemes uses different cryptographic methods to check the authenticity of reports while they are being forwarded hop by hop toward base station. However, majority of these techniques can handle only limited compromised nodes or they either need node localization or statically configured routes for sending reports. Furthermore, majority of en-route filtering techniques are vulnerable to various denial of service attacks. Our main aims in this survey are: (a) to describe the major en-route filtering techniques, (b) to analyze these techniques on various parameters including security and (c) to outline main unresolved research challenges in en-route filtering in WSNs. © 2017, Springer Science+Business Media New York.
  • No Thumbnail Available
    Item
    A secure and lightweight authentication scheme for roaming service in global mobile networks
    (Elsevier Ltd, 2018) Madhusudhan, R.; Shashidhara
    Global Mobile Network provides global roaming service to the users moving from one network to another. It is essential to authenticate and protect the privacy of roaming users. Recently, Marimuthu and Saravanan proposed a secure authentication scheme for roaming service in mobile networks. This scheme can protect user anonymity, untraceability, and is believed to have many abilities to resist a range of attacks in global mobile networks. In this paper, we analyse the security strength of their scheme and show that the authentication protocol is in fact insecure against insider attack, stolen-verifier attack, impersonation attack, denial-of-service attack, synchronization problem, lack of user anonymity and operational inefficiencies. Hence, we propose a secure and lightweight authentication scheme for Global Mobile Networks. In addition, the proposed scheme requires few message exchanges between the entities such as MU (Mobile User), FA (Foreign Agent) and HA (Home Agent). The scheme ensures both communication and computation efficiency as compared to the well-known authentication schemes. The performance analysis shows that the proposed authentication scheme is well suited for resource limited wireless and mobile environments. © 2017 Elsevier Ltd
  • No Thumbnail Available
    Item
    Mobile user authentication protocol with privacy preserving for roaming service in GLOMONET
    (Springer, 2020) Madhusudhan, R.; Shashidhara, R.
    In GLObal MObile NETwork (GLOMONET), it is essential to authenticate and provide secure communication between a user, foreign agent, and the home agent using session key. Designing a secure and efficient authentication protocol for roaming users in the mobile network is a challenging. In order to secure communication over an insecure channel, a number of authentication schemes have been proposed. The main weakness of the existing authentication protocols is that attackers have the ability to impersonate a legal user at any time. In addition, the existing protocols are vulnerable to various kind of cryptographic attacks such as insider attack, bit flipping attack, forgery attacks, denial-of-service attack, unfair key agreement and cannot provide user’s anonymity. To remedy these weaknesses and to achieve low communication and computation costs, we proposed a secure authentication scheme for roaming users. In addition, the formal verification tools ProVerif and AVISPA is used to check the correctness of the proposed protocol. Finally, the performance evaluation and simulation results shows that the proposed scheme is efficient in terms of communication and computational cost. © 2019, Springer Science+Business Media, LLC, part of Springer Nature.
  • No Thumbnail Available
    Item
    Multiplexed Asymmetric Attacks: Next-Generation DDoS on HTTP/2 Servers
    (Institute of Electrical and Electronics Engineers Inc., 2020) Praseed, A.; Santhi Thilagam, P.
    Distributed Denial of Service (DDoS) attacks using the HTTP protocol have started gaining popularity in recent years. A recent trend in this direction has been the use of computationally expensive requests to launch attacks. These attacks, called Asymmetric Workload attacks can bring down servers using limited resources, and are extremely difficult to detect. The introduction of HTTP/2 has been welcomed by developers because it improves user experience and efficiency. This was made possible by the ability to transport HTTP requests and their associated inline resources simultaneously by using Multiplexing and Server Push. However multiplexing has made request traffic bursty and rendered DDoS detection mechanisms based on connection limiting obsolete. Contrary to its intention, multiplexing can also be misused to launch sophisticated DDoS attacks using multiple high workload requests in a single TCP connection. However, sufficient research has not been done in this area. Existing research demonstrates that the HTTP/2 protocol allows users to launch DDoS attacks easily, but does not focus on whether an HTTP/2 server can handle DDoS attacks more efficiently or not. Also, sufficient research has not been done on the possibility of Multiplexing and Server Push being misused. In this work, we analyse the performance of an HTTP/2 server compared to an HTTP/1.1 server under an Asymmetric DDoS attack for the same load. We propose a new DDoS attack vector called a Multiplexed Asymmetric DDoS attack, which uses multiplexing in a different way than intended. We show that such an attack can bring down a server with just a few attacking clients. We also show that a Multiplexed Asymmetric Attack on a server with Server Push enabled can trigger an egress network layer flood in addition to an application layer attack. © 2005-2012 IEEE.
  • No Thumbnail Available
    Item
    Modelling Behavioural Dynamics for Asymmetric Application Layer DDoS Detection
    (Institute of Electrical and Electronics Engineers Inc., 2021) Praseed, A.; Santhi Thilagam, P.S.
    Asymmetric application layer DDoS attacks using computationally intensive HTTP requests are an extremely dangerous class of attacks capable of taking down web servers with relatively few attacking connections. These attacks consume limited network bandwidth and are similar to legitimate traffic, which makes their detection difficult. Existing detection mechanisms for these attacks use indirect representations of actual user behaviour and complex modelling techniques, which leads to a higher false positive rate (FPR) and longer detection time, which makes them unsuitable for real time use. There is a need for simple, efficient and adaptable detection mechanisms for asymmetric DDoS attacks. In this work, an attempt is made to model the actual behavioural dynamics of legitimate users using a simple annotated Probabilistic Timed Automata (PTA) along with a suspicion scoring mechanism for differentiating between legitimate and malicious users. This allows the detection mechanism to be extremely fast and have a low FPR. In addition, the model can incrementally learn from run-time traces, which makes it adaptable and reduces the FPR further. Experiments on public datasets reveal that our proposed approach has a high detection rate and low FPR and adds negligible overhead to the web server, which makes it ideal for real time use. © 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
  • No Thumbnail Available
    Item
    Fuzzy Request Set Modelling for Detecting Multiplexed Asymmetric DDoS Attacks on HTTP/2 servers
    (Elsevier Ltd, 2021) Praseed, A.; Santhi Thilagam, P.S.
    The introduction of HTTP/2 has led to a dramatic change in web traffic. The steady flow of requests in HTTP/1.1 has been replaced by bursts of multiple requests, largely due to the introduction of multiplexing in HTTP/2 which allows users to send multiple requests through a single connection. This feature was introduced in order to reduce the page loading time by multiplexing a web page and its associated resources in a single connection. While this feature has significantly improved user experience, it can be misused to launch sophisticated application layer DDoS attacks against HTTP/2 servers. Instead of the intended use of multiplexing, attackers can force the web server to process multiple random requests simultaneously, leading to increased server usage. The use of computationally intensive requests can further exacerbate the situation. These attacks, called Multiplexed Asymmetric Attacks, pose a dangerous threat to HTTP/2 servers and stem from the lack of verification of the multiplexed requests. In this work, an approach to model an HTTP/2 request set as a fuzzy multiset is presented. The proposed approach uses a combination of relative cardinality and request workload to detect multiplexed AL-DDoS attacks. Experiments on open source datasets demonstrate that the proposed approach is able to detect multiplexed AL-DDoS attacks with an accuracy of around 95%, while maintaining a low False Positive Rate (FPR) of around 3%. © 2021 Elsevier Ltd
  • No Thumbnail Available
    Item
    HTTP request pattern based signatures for early application layer DDoS detection: A firewall agnostic approach
    (Elsevier Ltd, 2022) Praseed, A.; Santhi Thilagam, P.S.
    Application Layer DDoS (AL-DDoS) attacks are an extremely dangerous variety of DDoS attacks that started becoming popular recently. They are executed using very few legitimate requests, making them very difficult to detect. Since they are executed using attack generation tools and botnets, AL-DDoS attacks display similarity within a request stream (temporal similarity) and across request streams (spatial similarity). Once a particular request stream has been detected as malicious by an anomaly detection mechanism (ADM), spatial similarity can help in detecting AL-DDoS attacks much earlier by employing a dynamic signature based approach. In this work, we use HTTP request patterns as signatures to build a firewall agnostic Early Detection Module (EDM) for AL-DDoS attacks. We also propose the use of Sample Entropy instead of the popular Shannon's Entropy to identify AL-DDoS attacks. Sample Entropy is able to model both the frequencies and sequence of data items within a request stream, and is a better indicator of temporal similarity than Shannon's Entropy. In this work, we demonstrate that Sample Entropy can be used effectively to detect AL-DDoS attacks. With a Sample Entropy based anomaly detection mechanism, we demonstrate that the use of EDM significantly reduces the detection latency for AL-DDoS attacks. © 2022 Elsevier Ltd
  • No Thumbnail Available
    Item
    Vulnerability Testing of RESTful APIs Against Application Layer DDoS Attacks
    (Science and Information Organization, 2025) Sivakumar, K.; Santhi Thilagam, P.S.
    In recent years, modern mobile, web applications are shifting from monolithic application to microservice based application because of the issues such as scalability and ease of maintenance.These services are exposed to the clients through Application programming interface (API). APIs are built, integrated and deployed quickly.The very nature of APIs directly interact with backend server, the security is paramount important for CAP. Denial of service attacks are more serious attack which denies service to legitimate request. Rate limiting policies are used to stop the API DoS attacks. But by passing rate limit or flooding attack overload the backend server. Even sophisticated attack using http/2 multiplexing with multiple clients leads severe disruptions of service. This research shows that how sophisticated multi client attack on high workload end point leads to a dos attack. © (2025), (Science and Information Organization). All rights reserved.
  • No Thumbnail Available
    Item
    Fortifying 5G network slices using a trust-based secure federated learning framework for attack detection and classification
    (Springer Science and Business Media Deutschland GmbH, 2025) Singh, V.P.; Singh, M.P.; Hegde, S.
    The rapid evolution of 5G has revolutionized communication by offering high-speed connectivity and supporting various applications. An essential feature of 5G networks is network slices, which enable the creation of multiple virtualized and independent networks on a shared physical infrastructure to provide a dynamic range of services for specific use cases. However, this flexibility also poses significant security challenges, such as Denial of Service (DoS), Distributed Denial of Service (DDoS), Injection, Malware, and Man-in-the-middle (MITM), to network slices. In addition, existing Machine Learning (ML) and Deep Learning (DL) based approaches cannot adapt to network slices’ distributed and dynamic nature, posing privacy threats. Unlike conventional methods, Federated Learning (FL) presents a more advanced alternative with enhanced security and privacy. However, FL aggregation processes remain vulnerable to several attacks, including model poisoning, data poisoning, and Byzantine attacks. Addressing them is essential for unlocking FL’s complete potential. This paper proposes a trust-based client selection technique to secure FL by ensuring that only trusted, non-malicious clients contribute to global model development. In addition, our proposed secure FL framework uses the ResNet-18 Convolutional Neural Network (CNN) to detect and classify attacks in network slices, achieving 97.36% accuracy in non-malicious environments. The proposed approach significantly outperforms in the presence of 60% and 70% malicious clients, and demonstrates 93.35% and 56.38% accuracy, respectively. These results highlight the effectiveness of our secure FL framework for detecting and classifying attacks in network slices, even in the presence of malicious clients. Furthermore, an experimental analysis on the Edge-IIoT dataset demonstrates the generalizability and robustness of the proposed framework. © Springer-Verlag GmbH Germany, part of Springer Nature 2025.
  • No Thumbnail Available
    Item
    Next-Generation DDoS Attacks on IoT Deployments: Targeting the Advanced Features of MQTT v5.0 Protocol
    (Institute of Electrical and Electronics Engineers Inc., 2025) Lakshminarayana, S.; Santhi Thilagam, P.
    Message queuing telemetry transport (MQTT) has emerged as the widely adopted application layer protocol for IoT environments because of its lightweight header, minimal power, and bandwidth requirements. Despite its popularity, the earlier version of the protocol, MQTT v3.1.1, encounters performance issues in large-scale implementations and required an update to handle the growing requirements of modern IoT applications. In response to these concerns, MQTT v5.0 was released with several significant features designed to enhance the reliability, user experience, and performance of IoT systems. While the MQTT protocol features were intended to facilitate robust and efficient communications, adversaries could exploit these features to mount various types of attacks in IoT deployments. More specifically, the Denial-of-Service (DoS) attacks toward the MQTT protocol have recently gained a lot of attention from the research community. However, the existing works primarily focus only on exploring the possibilities of misusing the MQTT v3.1.1 protocol features to generate DoS attacks in IoT realms. In this work, we attempt to extensively investigate the advanced protocol features of MQTT v5.0 that can be exploited to launch DDoS attacks impacting the IoT paradigm. We present the first critical evaluation of Distributed DoS (DDoS) attacks on the MQTT v5.0 protocol by analyzing three significant features: 1) CONNECT properties; 2) user properties; and 3) flow control. Moreover, we systematically propose attack scenarios based on the adversary’s capabilities, thus illustrating the practicality of proposed attacks in real-world scenarios. Furthermore, we built a real-world testbed for IoT healthcare application to evaluate the severity of the identified attacks. The experimental results demonstrate the effectiveness of these attacks in impacting the availability of guaranteed IoT services to legitimate users, even in times of need. Additionally, we disclose the insightful findings of this work as takeaways and present research initiatives toward developing effective defense mechanisms for MQTT v5.0 protocol. We hope that such a discussion could pave the way for future research, contributing to MQTT v5.0 security and resiliency. © 2014 IEEE.