Some public and private services are called part of the Critical Infrastructure (CI), which are considered as the most important services to protect the functioning of a society and the economy.  Many CIs provide services via the Internet and thus cyber-attacks can be performed remotely.  It is now very simple and free to find and download software, which automates performing cyber-attacks.  A recent example is that two teenagers, with close to no security knowledge, created an on-line business. They would run cyber-attacks (online booter service called vDOS, as reported by Brian Krebs) for a small fee. They reportedly earned over 600,000 USD in a short period of time by conducting a large number of automated DDoS cyber-attacks. Then Krebs was retaliated against, and the highest DDoS attack bandwidth ever recorded, 620 Gbps, was launched against Krebs. In this paper we show how cognitive learning can be used to significantly mitigate any effects of DDoS network attacks, against the critical infrastructure.

DDoS attacks have been a problem since 2000. In October 2016, there was a major DDoS attack against the service provider Dyn’s DNS service, which took the service down. This was one of the largest bandwidth DDoS attack ever documented, with attack bandwidth over 650 Gbps. By taking down just Dyn’s DNS service, clients could not obtain the IP addresses, of the organizations hosting their DNS with Dyn, such as Twitter. Our contribution is that we have found a way to mitigate the effect of DDoS attacks against DNS services. We only require some very small algorithm changes, in the DNS protocol. More specifically, we propose to add two additional timers. Even if the end DNS clients don’t support these timers, they will receive our new functionality via the DNS resolvers and recursive servers. In summary, our contributions give much more control to the organizations, as to under which specific conditions the DNS cache entries should be aged or used. This allows the organization to (1) much more quickly expire client DNS caches and (2) to mitigate the DDoS DNS attack effects. Our contributions are also helpful to organizations, even if there are no DDoS DNS attack.

Most Web and other on-line service providers (”Inter- net Services”) only support legacy ID (or email) and password (ID/PW) credential authentication. However, there are numerous vulnerabilities concerning ID/PW credentials. Scholars and the industry have proposed several improved security solutions, such as MFA, however most of the Internet Services have refused to adopt these solutions. Mobile phones are much more sensitive to these vulnerabilities (so this paper focuses on mobile phones). Many users take advantage of password managers, to keep track of all their Internet Service profiles. However, the Internet Service profiles found in password managers, are normally kept on the PC or mobile phone’s disk, in an encrypted form. Our first contribution is a design guideline, whereby the Internet Service profiles never need to touch the client’s disk. Most users would benefit, if they had the ability to use MFA, to login to a legacy Internet Service, which only supports ID/PW credential authentication. Our second contribution is a design guideline, whereby users can choose, for each legacy ID/PW Internet Service, which specific MFA they wish to use. We have also presenting conceptual design guidelines, showing that both of our contributions are minor changes to existing password managers, which can be implemented easily with low overhead.

Layer 3, 4 and 7 DDoS attacks are common and very difficult to defend against. The academic community has published hundreds of well thought out algorithms, which require changes in computer networking equipment, to better detect and mitigate these attacks. The problem with these solutions, is that they require computer networking manufacturers to make changes to their hardware and/or software. On the other hand, with our solution, absolutely no hardware or software changes are required. We only require the use of BGP4 Flow-Spec, which has already been widely deployed many years ago. Further the customers’ own ISP does not require Flow-Spec. Our algorithm protects groups of over sixty-five thousand different customers, via the aggregation into one very small Flow-Spec rule. In this paper, we propose our novel, low cost and efficient solution, to both detect and greatly mitigate any and all types of L347 DDoS Web attacks.

In this paper, we propose a solution to eliminate a popular type of Denial of Service (DoS) attack, which is a DoS amplification attack. Note that a DoS is a subset of of DDoS. Our solution protects servers running any number of TCP services. This paper is focused on the most popular type of DoS amplification attack, which uses the UDP protocol. Via DoS UDP amplification attacks, an attacker can send a 1 Gbps traffic stream to reflectors. The reflectors will then send up 556 times that amount (amplified traffic) to the victim’s server. So just ten PCs, each sending 10Mbps, can send 55 Gbps indirectly, via reflectors, to a victim’s server. Very few ISP customers have 55 Gpbs provisioned. Expensive and complex solutions exist. However our elimination techniques can be implemented very quickly, easily and at an extremely low cost.

Our research problem is that there are a large number of successful network reflection DDoS attacks. Via a UDP Reflection Attack, an attacker can send just 1 Gb/s of payload to innocent servers, and it is these servers which then can send over 4,600 times the payload to the victim! There are very expensive and complex solutions in use today, however most all of these on premise solutions can be easily circumvented. The academic community has not adequately addressed this research problem. We have created a new Internet services network security surface attack mitigation methodology. Our novel design patterns will help organizations improve the price/performance of their anti-network reflection solution by 100 times, as compared to common on premise solutions. Our analysis and results confirm that our solution is viable. Our novel solution is based on stateless IP packet header filtering firewalls (which can be implemented mostly in hardware due to their simplicity). We have reduced and in some cases eliminated the need for researchers to even try and find new ways to filter the same traffic via more complex, software driven stateful solutions.

The market for smart phones has been booming in the past few years. There are now over 400,000 applications on the Android market. Over 10 billion Android applications have been downloaded from the Android market. Due to the Android popularity, there are now a large number of malicious vendors targeting the platform. Many honest end users are being successfully hacked on a regular basis. In this work, a cloud based reputation security model has been proposed as a solution which greatly mitigates the malicious attacks targeting the Android market. Our security solution takes advantage of the fact that each application in the android platform is assigned a unique user id (UID). Our solution stores the reputation of Android applications in an anti-malware providers’ cloud (AM Cloud). The experimental results witness that the proposed model could well identify the reputation index of a given application and hence its potential of being risky or not.

Information Security education benefits greatly from hands-on laboratory oriented exercises. Campus students often have access to security lab equipment. However, remote students, who never visit the campus, often have no laboratory access at all. While previous literature describing designs for information security laboratories are seldom based on specified pedagogical approaches or systematic design theories, this paper contributes by outlining a design theory of online InfoSec labs based on the “Personalized system of instruction” (PSI). We also illustrate the PSI-oriented approach to on-line information security education with help of design suggestions and general level evaluation measures.

Information Security education benefits greatly from hands-on laboratory oriented exercises. Campus students often have access to security lab equipment. However, remote students, who never visit the campus, often have no laboratory access at all. While previous literature describing designs for information security laboratories are seldom based on specified pedagogical approaches or systematic design theories, this paper contributes by outlining a design theory of online InfoSec labs based on the “Personalized system of instruction” (PSI). We also illustrate the PSI-oriented approach to on-line information security education with help of design suggestions and general level evaluation measures.

Security is becoming an increasingly important feature of today's mobile environment where users download unknown apps and connect their smartphones to unknown networks while roaming. This paper proposes and evaluates an enhanced security model and architecture, WallDroid, enabling virtualized application specific firewalls managed by the cloud. The WallDroid solution can be considered as an Android Firewall Application but with some extra functionality. Key components used by the solution include VPN technologies like the Point to Point Tunneling Protocol (PPTP) and the Android Cloud to Device Messaging Framework (C2DM). Our solution is based on the cloud keeping track of millions of applications and their reputation (good, bad, or unknown) and comparing traffic flows of applications with a list of known malicious IP servers. We describe a prototype implementation and evaluate our solution.