The Research On DDoS Attacks And Adaptive Defense Methods For Cyber-Physical Systems

With the widespread innovations in Internet of Things,software-defined networking and cloud computing,Cyber-Physical System(CPS)continues to evolve and be widely adopted to facilitate our daily life and economic development.Modern society relies heavily on various CPS,such as smart grid and transportation systems,so an unplanned shutdown of critical services can lead to serious consequences such as economic loss and even human casualties.Meanwhile,Distributed Denial-of-Service(DDoS)attacks are becoming a major threat to CPS due to their ease of execution and the damage they cause to the target system.DDoS attacks come in different types,and this thesis focuses on the study of volumetric and low-rate DDoS attacks.For volumetric attacks,traditional defense methods have limitations due to the constantly evolving attack methods.For example,machine learning-based detection methods can only detect known attack types in the dataset,while statistical-based detection methods typically use pre-defined thresholds,which are easily influenced by subjective factors,and the optimal threshold will change dynamically with the network environment.In addition,previous mitigation methods have problems such as a small number of mitigation features,inability to adaptively select features,and increased deployment costs due to the introduction of additional mitigation devices.Furthermore,due to the presence of numerous low-security Io T devices in CPS,they are vulnerable to being compromised by attackers,who can launch attacks on other devices from within.Therefore,addressing this attack scenario is also a problem that needs to be solved.To improve defense against known and unknown volumetric attacks,this thesis proposes an adaptive volumetric attack mitigation method called ADAM.This method takes advantage of the programmability and centralized control of software-defined networking(SDN),uses information entropy and anomaly detection mechanisms,and can defend against volumetric attacks without pre-defining attack features.Moreover,this method does not introduce additional devices,thus reducing deployment costs.At the same time,ADAM adopts an attacker-centric defense strategy,which can transform SDN switches in the network into detectors and dynamic filters.It applies filtering rules on switches that detect DDoS attacks to avoid attack traffic from flooding the network,thereby protecting network performance and service quality.In this way,regardless of whether the attacker launches an attack from outside the CPS or manipulates Io T devices to launch attacks from within,this method can effectively defend against them.CPS systems often incorporate cloud computing technology to meet requirements such as collaboration,integration,and resource sharing.However,in addition to volumetric attacks,low-rate attacks can target bottleneck links between cloud servers and the underlying network in a more covert manner,resulting in a degradation of service quality and affecting the physical devices in CPS.For low-rate attacks,previous work has focused mainly on attack detection,but there are still security risks associated with mitigation methods for low-rate attacks.For example,defense methods based on the similarity of traffic rate sequences may fail when the similarity decreases,and defense methods based on network statistical information features may fail when the attack randomness increases.To investigate these risks,this thesis explores the principles of existing mitigation methods and proposes a low-rate DDoS attack strategy disguised by feint: F-LDDoS.The thesis introduces the concept of "Feinting Intervals" in this strategy,making it more effective and concealed than conventional low-rate DDoS attacks.This thesis is divided into the following five parts.The first part is the introduction,which explains the motivation of the topic and analyzes and reviews the related works.This part first classifies DDoS attack types into volumetric attacks and low-rate attacks,and then analyzes the related works on these two types of attacks,and summarizes their shortcomings and security risks.The second part introduces the related technologies involved in this thesis.Firstly,the definition of cyber-physical system and some specific applications are introduced to explain the background of this work.Then the definition and working principle of SDN architecture and OpenFlow protocol are introduced to pave the way for the subsequent introduction of technical details.Finally,two types of DDoS attacks are introduced: volumetric attacks and low-rate attacks,and their differences and respective characteristics are analyzed.The third part first introduces the threat model of volumetric attacks in CPS scenarios,and then proposes an adaptive volumetric attack mitigation method: ADAM.This approach takes advantage of the SDN network architecture and is able to be deployed directly on SDN controllers without introducing additional equipment,reducing deployment and rollout costs.Moreover,this method combines information entropy and unsupervised anomaly detection mechanisms,and is capable of adaptively defending against DDoS attacks without defining attack characteristics in advance,which is able to cope with both known and unknown attacks.The simulation experimental results show that ADAM can cope with high-intensity volumetric attacks with high accuracy and strong adaptability.In the fourth part,we propose a low-rate attack strategy disguised by feint:F-LDDoS,which proposes the concept of "Feinting Interval".The bot machine sends random traffic during the Feinting Interval,thus reducing the similarity between bots’ attack flows and the aggregated attack flows,and disguises itself as a normal user.The experimental results show that by this method,F-LDDoS achieves better attack effect and stronger stealth than conventional low-rate DDoS attacks,which confirms the existence of security risks in existing methods.The fifth part is the concluding remarks,which summarizes the two works in this thesis and provides an outlook for future work,proposing a research direction that combines DDoS defense with methods to protect the SDN architecture itself.In addition,the defense method for F-LDDoS attacks and the attack effect of this attack strategy in the face of existing defense methods are also issues that deserve further exploration.