Detection and prevention schemes for ddos, arp spoofing, and ip fragmentation attacks in smart factory

Detection and prevention schemes for ddos, arp spoofing, and ip fragmentation attacks in smart factory

Industry Revolution 4.0 allows Internet of Things (IoT) resource constrained devices to be integrated into the technologies and systems to develop intelligent solutions that leverage the value of data and deliver insight. The network configuration can be complex due to the dynamic IoT environment...

Full description

Bibliographic Details
Main Author: Chai, Tze Uei
Format: Final Year Project / Dissertation / Thesis
Published: 2023
Subjects:
T Technology (General)
TD Environmental technology. Sanitary engineering
Online Access:http://eprints.utar.edu.my/6251/
http://eprints.utar.edu.my/6251/1/CEA_2023_CTU.pdf
Description
Summary:Industry Revolution 4.0 allows Internet of Things (IoT) resource constrained devices to be integrated into the technologies and systems to develop intelligent solutions that leverage the value of data and deliver insight. The network configuration can be complex due to the dynamic IoT environments, such as numerous diverse devices that interact to deliver an autonomous function. In this situation, the environments can produce a significant amount of data and expose vulnerabilities in the communication protocols. Once an attacker breaks into the network, the whole network infrastructure can be broken down. Therefore, this research selects three potential attacks with an evaluation of the protections, namely 1) Distributed Denial of Service (DDoS), 2) Address Resolution Protocol (ARP) spoofing, and 3) Internet Protocol (IP) Fragmentation attacks. In the DDoS protection, the F1-score (a.k.a. F-score), accuracy, precision, and recall of the four-feature Random Forest with Principal Component Analysis (RFPCA) model are 95.65%, 97%, 97.06%, and 94.29% respectively. In the ARP spoofing, a batch processing method adopts the entropy calculated in the 20s of time window with sensitivity to network abnormalities iii detection of various ARP spoofing scenarios involving victims’ traffic. The detected attacker’s Media Access Control (MAC) address is inserted in the block list to filter malicious traffic. The proposed protection in the Internet Protocol (IP) fragmentation attack is to implement one-time code (OTC) and timestamp fields in the packet header. The simulation shows that the method can detect 160 fake fragments from attackers in 2040 fragments.

Similar Items