物聯網帶來了便利與安全，開啟人們新的世代。諸如智能冰箱、穿戴裝置以及網路監視器…等等，此類商品已經普及的在各個家庭中，因此產生出大量數據。但是隨之而來的缺失愈來愈明顯，隨著物聯網時代的序幕，網路攻擊也愈來愈普遍。此原因能夠歸咎於物聯網設備的密碼安全性不足，因此導致專門針對物聯網環境的惡意軟件能夠使用brute force取得密碼，並且惡意軟件攻擊讓該物聯網設備成為殭屍。所以隨著物聯網設備的增加，DDoS也隨之嚴重且普遍。
目前的論文大多數是採用入侵檢測系統(Intrusion-detection system, IDS)或是防火牆，偵測攻擊流量並且抵禦攻擊。但是此種做法不適用在高速的網路環境中，當面對流量龐大的骨幹網路，IDS會來不及偵測進而使未經檢測的攻擊封包到達目的主機。IDS使用規則辨識攻擊，在面對未知攻擊時不能夠防範，只能等到未知攻擊被專業人員解析，再新增規則至IDS內才能擋掉攻擊。在這之間所需的時間是以天數為單位在計算，攻擊早已經達成目的並且將病毒擴散的更廣。
本論文提出在Openflow switch上架設蜜罐(Honeypot)收集攻擊流量，並且使用機器學習進行異常檢測，透過此種方式能夠在不影響網路速度前提下，找到並防範未知攻擊。透過有效運用Flow table的功能，我們藉由匹配header來抵禦攻擊流量，而不是阻擋攻擊者的所有流量。在物聯網環境之下使用Flow table防範攻擊，不但能夠透過SDN支援更龐大的流量，也能夠減少流量形式的攻擊帶來的網路壅塞。
實驗結果證實，Flow table在面對DDoS的高流量以及短數據包的攻擊，比起IDS擁有更佳的捕獲率。在阻擋攻擊流量方面，能夠辨識出正常流量與攻擊流量的差異，而不用阻擋攻擊者的所有流量。我們提出在Openflow switch上架設Honeypot收集攻擊流量與既有文獻做法相比，可以在不延遲網路的情況下找到未知攻擊並且完成異常檢測。

The Internet of Things brings convenience and security and opens up new generations. Such products as smart refrigerators, wearable devices, and network monitors, etc., have been popularized in various households, thus generating a large amount of data. But the consequent lacks are becoming more and more obvious. With the prelude of the Internet of Things era, cyber attacks are becoming more and more common. This can be attributed to insufficient password security for IoT devices, which results in malware specifically targeting the IoT environment being able to use brute force to obtain passwords and malware attacks make the IoT device a zombie. Therefore, with the increase of IoT devices, DDoS is also serious and widespread.
Most of the current theses use an Intrusion-detection system (IDS) or a firewall to detect attack traffic and defend against attacks. However, this method is not suitable for use in a high-speed network environment. When faced with a heavy backbone network, IDS will not be able to detect packets and cause undetected attack packets to reach the destination host. IDS uses rules to identify attacks. It cannot be prevented in the face of unknown attacks. It can only wait until the unknown attack is resolved by the professional, and then add rules to the IDS to block the attack. The time required between these is calculated in units of days, and the attack has already achieved its purpose and spread the virus more widely.
This thesis proposes to set up a honeypot on the Openflow switch to collect attack traffic, and use machine learning to identify the abnormality. In this way, unknown attacks can be found and prevented without affecting network speed. By effectively using the Flow table feature, we match the headers to defend against attack traffic, rather than blocking all traffic from the attacker. Using Flow Table to defend against attacks in the IoT environment can not only support larger traffic through SDN, but also reduce network congestion caused by traffic-type attacks.
The experimental results confirm that Flow table has a better capture rate than IDS in the face of DDoS high traffic and short packet attacks. In blocking attack traffic, the difference between normal traffic and attack traffic can be identified without blocking all traffic of the attacker. We propose to set up Honeypot on the Openflow switch to collect attack traffic. Compared with the existing literature, we can find unknown attacks and complete anomaly detection without delaying the network.

目錄
第一章、緒論	1
1.1、研究動機	1
1.2、問題描述與解決方案	2
1.3、論文架構	3
第二章、相關研究背景	4
2.1、物聯網	4
2.1.1、物聯網與SDN	5
2.1.2、物聯網中的攻擊	8
2.1.3、Flow table阻擋物聯網攻擊	14
2.2、軟體定義網路	15
2.2.1、Flow table	16
2.2.2、Ryu控制器	26
2.2.2.1、Argus	27
2.2.2.2、Honeyd	27
2.2.2.3、WEKA	28
2.2.3、Mininet	29
2.3、入侵檢測系統	30
2.3.1、基於有效載荷的入侵檢測系統	30
2.3.2、基於流的入侵檢測系統	31
2.4、過去的解決方案	32
2.4.1、IDS阻擋攻擊	32
2.4.2、Flow table阻擋攻擊	34
2.4.2.1、控制器判斷攻擊	34
2.4.2.2、機器學習判斷攻擊	37
第三章、提出之新方法	40
3.1、檢測並防範未知攻擊	40
3.1.1、收集流量	40
3.1.2、機器學習	43
3.1.3、制定規則	46
3.2、控制器辨識攻擊流量	47
3.3、Argus取出流量特徵	48
3.4、Flow table阻擋攻擊	50
第四章、模擬評估	52
4.1、實驗環境與測試資料	52
4.2、吞吐量評估	54
4.2.1、Flow based IDS	54
4.2.1.1、Snort	55
4.2.1.2、Bro	60
4.2.2、Flow table	62
4.2.3、討論	66
4.3、整體架構	67
4.3.1、檢測時間	70
4.3.2、CPU使用率	74
4.3.3、討論	74
4.4、特徵選擇	76
4.4.1、SDN	77
4.4.2、Argus	78
4.4.3、討論	81
4.5、控制器判斷嫌疑流量	82
4.5.1、Brute force	84
4.5.2、Probe	86
4.5.3、DoS	90
4.5.4、討論	94
4.6、實作	95
4.6.1、吞吐量比較	96
4.6.2、整體架構	98
4.6.3、討論	101
第五章、結論與未來工作	102
參考文獻	105

 
圖目錄
圖2.1、物聯網三層	5
圖2.2、提出的物聯網環境	7
圖2.3、物聯網中的攻擊	8
圖2.4、SDN分層架構圖	16
圖2.5、OpenFlow Switch架構	16
圖2.6、OpenFlow switch處理packet流程	17
圖2.7、Flow entry主要組成部分	18
圖2.8、每層的match field參數	22
圖2.9、每層主要的設定目標	23
圖2.10、Flow entry規則範例	26
圖2.11、IDS在SDN的架構圖	33
圖2.12、SDN特徵使用機器學習[45]	38
圖2.13、SDN特徵使用機器學習[46]	38
圖3.1、Honeypot回應ICMP_flood	42
圖3.2、整體架構	42
圖3.3、分類模型事前訓練流程	44
圖3.4、已知攻擊的分類法	44
圖3.5、提取蜜罐流量的特徵	45
圖3.6、WEKA的辨識結果	46
圖3.7、Flow entry擋掉DoS的攻擊	46
圖3.8、防範brute force攻擊的Flow entry	51
圖4.1、IDS在SDN的架構圖	55
圖4.2、IDS在SDN模擬的架構圖	56
圖4.3、Snort對應Flow entry規則	56
圖4.4、Snort設置的規則	57
圖4.5、不同規則數目的捕獲率以及速率的比較圖	58
圖4.6、使用SYN-flood比較規則	59
圖4.7、10000條充數規則的協議分配	59
圖4.8、不同規則數目根據協議比例的捕獲率	60
圖4.9、Bro的腳本	61
圖4.10、700mbps下的捕獲率	61
圖4.11、Bro面對短數據包的捕獲率	62
圖4.12、Flow table架構圖	63
圖4.13、Snort的三條攻擊規則做對應	64
圖4.14、Flow table與Snort互相對應的充數規則	64
圖4.15、Flow entry增加比對到的packets	65
圖4.16、Flow entry的比對數目是20mbps的兩倍	65
圖4.17、Flow table面對短數據包的捕獲率	66
圖4.18、文件大小的檢測時間	73
圖4.19、檢測時間的CPU使用率	74
圖4.20、使用C4.5評價SDN特徵的檢測率	78
圖4.21、使用Argus全部特徵的檢測率	78
圖4.22、CfsSubsetEval選擇的特徵	79
圖4.23、對CfsSubsetEval選擇的特徵執行C4.5	79
圖4.24、InfoGainAttributeEval選擇的特徵	80
圖4.25對InfoGainAttributeEval選擇的特徵執行C4.5	80
圖4.26、Brute force攻擊的Flow entry	85
圖4.27、Controller面對brute force攻擊的準確率	86
圖4.28、Probe攻擊的Flow entry	88
圖4.29、Controller設置Flow entry將嫌疑流量流進蜜罐	88
圖4.30、將攻擊者後續流量轉至蜜罐	88
圖4.31、Controller面對probe攻擊的準確率	89
圖4.32、機器學習面對各種攻擊的分類結果	90
圖4.33、ICMP協議	91
圖4.34、ICMP_flood的Flow entry	92
圖4.35、Flow entry阻擋攻擊封包個數	92
圖4.36、Controller面對DoS攻擊的準確率	93
圖4.37、IDS架構圖	97
圖4.38、Snort IDS的掉包率	97
圖4.39、Flow table架構圖	98
圖4.40、Flow table面對短數據包的捕獲率	98
圖4.41、實作架構圖	99
圖4.42、Controller下達drop的Flow entry	100
圖4.43、Switch的CPU使用率	101











表目錄
表2.1、物聯網中的物理攻擊	9
表2.2、物聯網中的網路攻擊	10
表2.3、物聯網中的軟件攻擊	12
表2.4、物聯網中的加密攻擊	13
表2.5、Flow entry說明	18
表2.6、Openflow1.3的match fields參數	20
表2.7、OpenFlow Switch Counters	24
表2.8、Action常用指令	25
表2.9、使用Flow tale防範DDoS論文比較	35
表3.1、Flow entry的流量統計資訊	47
表3.2、Argus特徵	49
表4.1、使用的流量資料	53
表4.2、整體架構使用的特徵	67
表4.3、與既有文獻比較	69
表4.4、檢測時間	70
表4.5、異常檢測步驟	72
表4.6、使用SDN特徵的檢測時間	73
表4.7、機器學習使用的數據集	76
表4.8、從switch取得的特徵	77
表4.9、Controller判斷攻擊的依據	83
表4.10、實作異常檢測步驟	100

參考文獻
[1] Anna Sperotto, Gregor Schaffrath, Ramin Sadre, Cristian Morariu, Aiko Pras, Burkhard Stiller, “An Overview of IP Flow-Based Intrusion Detection,” IEEE Communications Surveys & Tutorials, vol. 12, Third Quarter 2010, pp.343 – 356
[2] M Anirudh, S Arul Thileeban, Daniel Jeswin Nallathambi, “Use of honeypots for mitigating DoS attacks targeted on IoT networks” International Conference on Computer, Communication and Signal Processing (ICCCSP) , Jan. 2017
[3] S. Khan, M. Ali, N. Sher, Y. Asim, W. Naeem, M. Kamran, “Software-Defined Networks (SDNs) and Internet of Things (IoTs): A Qualitative Prediction for 2020,” International Journal of Advanced Computer Science and Applications, vol. 7, no. 11, 2016, pp.385-404
[4] Suman Sankar Bhunia, Mohan Gurusamy, “Dynamic attack detection and mitigation in IoT using SDN,” International Telecommunication Networks and Applications Conference (ITNAC), Nov. 2017
[5] Eun Joo Kim, Jong Arm Jun, Nae-Soo Kim “The method of controlling traffic paths in IoT-based software defined network,” IEEE 7th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), Oct. 2016
[6] Akram Hakiri, Bassem Sellami, Prithviraj Patil, Pascal Berthou, Aniruddha Gokhale, “Managing Wireless Fog Networks using Software-Defined Networking” 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA), Nov. 2017, pp.1149-1156 
[7] Lina Huang, Gaolei Li, Jun Wu, Lan Li, Jianhua Li, Rosario Morello,  “Software-defined QoS provisioning for fog computing advanced wireless sensor networks” 2016 IEEE SENSORS, Nov. 2016, pp.1-3
[8] Jyoti Deogirikar, Amarsinh Vidhate, “Security attacks in IoT: A survey,” IoT in Social, Mobile, Analytics and Cloud (I-SMAC), Feb. 2017, pp.32-37
[9] S.N Uke, A. R Mahajan, R. C Thool, “UML Modeling of Physical and Data Link Layer Security Attacks in WSN,” International Journal of Computer Applications, vol. 70, no. 11, May 2013, pp.25-28
[10] Li Hong, Y. Chen, Z. He, “The Survey of RFID Attacks and Defenses,” Wireless Communications, Networking and Mobile Computing, Sept. 2012, pp.1-4
[11] F. Kandah, Y. Singh, W. Zhang and C. Wang, “Mitigating colluding injected attack using monitoring verification in mobile ad-hoc networks,” Security and Communication Networks, pp. 1939–0122, 2013.
[12] Tapalina Bhattasali, Rituparna Chaki, Sugata Sanyal, “Sleep Deprivation Attack Detection in Wireless Sensor Net-work,” in International Journal of Computer Applications, Vol. 40, no. 15, 2012, pp.19-25
[13] Priyanka S. Fulare, Nikita Chavhan, “False Data Detectionin Wireless Sensor Network with Secure Communication,” in International Journal of Smart Sensors and AdHoc Networks(IJSSAN), vol. 1, 2011, pp.66-71
[14] I. Andrea, C. Chrysostomou, G. Hadjichristofi, “Internet of Things: Security vulnerabilities and challenges,” IEEE Symposium on Computers and Communication (ISCC), pp. 180-187, 2015.
[15] Md. I. Abdullah, M. M. Rahman and M. C. Roy, “Detecting Sinkhole Attacks in Wireless Sensor Network using Hop Count,” I. J. Computer Network and Information Security, pp. 50–56, 2015.
[16] Wahid, Abdul, P. Kumar, “A Survey on attacks, Challenges and Security Mechanism In wireless Sensor Network,” JIRST- International Journal for Research in Science & Technology, vol. 1, pp. 189–196, January 2015.
[17] M.U. Farooq, M. Waseem, A. Khairi, S. Mazhar, “A Critical Analysis on the Security Concerns of Internet of Things (IoT),” International Journal of Computer Applications, vol.111, no. 7, February 2015.
[18] John R. Douceur, “The Sybil Attack,” in Peer-to-Peer Systems- IPTPS, 2002, pp. 251-260
[19] C. Kolias, G. Kambourakis, A. Stavrou, J. Voas, “DDoS in the IoT: Mirai and Other Botnets,” IEEE Computer, vol. 50, no. 7, pp. 80-84, July 2017 
[20] Michele De Donno, Nicola Dragoni, Alberto Giaretta, Angelo Spognardi “Analysis of DDoS-capable IoT malwares,” Federated Conference on Computer Science and Information Systems (FedCSIS), Sept. 2017, pp.807-816
[21] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, “OpenFlow,” ACM SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, p. 69, Mar. 2008.
[22] 王協源, 鄭力維, 張華婷, “軟體定義網路技術簡介及發展趨勢,” NCP Newsletter, no.57, November .2013.
[23] “ONF White Paper.” [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf.
[24] 廖振宇, “以軟體定義網路改善Hadoop叢集之運作效能,” June.2015
[25]“OpenFlow Switch Specification, version 1.3.4.” [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-switch-v1.3.4.pdf.
[26] J.-R. Jiang, H.-W. Huang, J.-H. Liao, and S.-Y. Chen, “Extending Dijkstra’s shortest path algorithm for software defined networking,” in The 16th Asia-Pacific Network Operations and Management Symposium, 2014, pp. 1–4.
[27]“Flowgrammable” [Online]. Available: “http://flowgrammable.org/sdn/openflow/classifiers/#tab_ofp_1_3_0”
[28] O. Flauzac, C. González, A. Hachani, F. Nolot, “SDN based architecture for IoT and improvement of the security,” 29th IEEE WAINA Conference, March 2015, pp. 688-693.
[29] “Ryu.” [Online]. Available: http://osrg.github.io/ryu/.
[30] “Argus”[Online], Available:https://qosient.com/argus/
[31] Nour Moustafa, Jill Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” Military Communications and Information Systems Conference (MilCIS), Nov. 2015, pp. 1 – 6
[32] “Honeyd” [Online]. Available: http://www.honeyd.org/
[33] Wei Chen, Jun Yao, Jingjing Tan, “The Design and Implementation of the Honeypot System Based on Spark,” International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), Jan. 2018, pp.545-548
[34] W. Zhang, B. Qu, “Security architecture of the Internet of Things oriented to perceptual layer,” Int. J. Comput. Consum. Control, vol. 2, no. 2, pp. 37-45, Jun. 2013.
[35] Albert Sagala, “Automatic SNORT IDS rule generation based on honeypot log,” International Conference on Information Technology and Electrical Engineering (ICITEE), Oct. 2015, pp. 576 - 580
[36] Daniel Silalahi, Yudistira Asnar, Riza Satria Perdana, “Rule generator for IPS by using honeypot to fight polymorphic worm,” International Conference on Data and Software Engineering (ICoDSE) , Nov. 2017
[37] “WEKA” [Online]. Available: https://www.cs.waikato.ac.nz/ml/index.html
[38] Gaurav Meena, Ravi Raj Choudhary, “A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA” International Conference on Computer, Communications and Electronics (Comptelix), July 2017, pp.553- 558
[39] Vrushali Mhetre, Mayura Nagar, “Classification based data mining algorithms to predict slow, average and fast learners in educational system using WEKA” International Conference on Computing Methodologies and Communication (ICCMC), July 2017, pp.475-479
[40] NS Chandolikar, VD Nandavadekar, “Efficient algorithm for intrusion attack classification by analyzing KDD Cup 99” Wireless and Optical Communications Networks (WOCN), Sept. 2012, pp. 1 - 5
[41] Preeti Aggarwal, Sudhir Kumar Sharma, “An Empirical Comparison of Classifiers to Analyze Intrusion Detection,” Advanced Computing & Communication Technologies, Feb. 2015, pp. 446 - 450
[42] Safwan Mawlood Hussein, “Performance Evaluation of Intrusion Detection System Using Anomaly and Signature Based Algorithms to Reduction False Alarm Rate and Detect Unknown Attacks” Computational Science and Computational Intelligence (CSCI), Dec. 2016, pp.1064-1069
[43] “Mininet”[Online], Available: http://mininet.org/walkthrough/
[44] B. Claise, “Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information,” RFC 5101 (Proposed Standard), June. 2015, 
[45] Atiku Abubakar, Bernardi Pranggono, “Machine learning based intrusion detection system for software defined networks,” Emerging Security Technologies (EST) , Sept. 2017, pp.138-143
[46] Luca Boero, Mario Marchese, Sandro Zappatore, “Support Vector Machine Meets Software Defined Networking in IDS Domain,” 29th International Teletraffic Congress (ITC 29), Sept. 2017, pp.25-30
[47] N. N. Dao, J. Park, M. Park, S. Cho, “A feasible method to combat against DDoS attack in SDN network,” International Conference on Information Networking (lCOIN), pp. 309-311, Jan. 2015
[48] S. M. Mousavi, M. St-Hilaire, “Early detection of DDoS attacks against SDN controllers,” International Conference in Computing Networking and Communications (ICNC), pp. 77-81, Feb. 2015
[49] C. Buragohain, N. Medhi, “FlowTrApp: An SDN based architecture for DDoS attack detection and mitigation in data centers,” 3rd International Conference on Signal Processing and Integrated Networks (SPIN), pp. 519-524, Feb. 2016 
[50] Christos Gkountis, Miran Taha, Jaime Lloret, Georgios Kambourakis “Lightweight algorithm for protecting SDN controller against DDoS attacks,” Wireless and Mobile Networking Conference (WMNC), Sept. 2017 
[51] Y. Xu, Y. Liu, “DDoS attack detection under SDN context,” The 35th Annual IEEE International Conference on Computer Communications (INFOCOM), pp. 1-9, Apr. 2016
[52] S. A. Mehdi, J. Khalid, S. A. Khayam, “Revisiting Traffic Anomaly Detection Using Software Defined Networking,” Recent Advances in Intrusion Detection (RAID), vol. 6961, pp. 161-180, 2011.
[53] J. H. Jafarian, E. Al-Shaer, Q. Duan, “Openflow Random Host Mutation: Transparent Moving Target Defense using Software Defined Networking,” Proceedings of the First Workshop on Hot Topics in Software Defined Networks (HotSDN'12), pp. 127-132, Aug. 2012.
[54] S. Shin, V. Yegneswaran, P. Porras, G. Gu, “AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks,”  Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS'13), pp. 413-424, Nov. 2013.
[55] Huiqiang Yuwen, Liancheng Zhang, Zhenxing Wang, Yazhou Kong, “Probability-based delay scheme for resisting SDN scanning” International Conference on Computer and Communications (ICCC), Oct. 2016, pp.1096-1101
[56] Linda Markowsky, George Markowsky, “Scanning for vulnerable devices in the Internet of Things” Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Sept. 2015, pp. 463 - 467
[57] Te-Jen Su, Shih-Ming Wang, Yi-Feng Chen, Chao-Liang Liu, “Attack detection of distributed denial of service based on Splunk” International Conference on Advanced Materials for Science and Engineering (ICAMSE), Nov. 2016, pp.397-400
[58] Ashaq Hussain Dar, Beenish Habib, Farida Khurshid, M. Tariq Banday, “Experimental analysis of DDoS attack and it's detection in Eucalyptus private cloud platform” International Conference on Advances in Computing, Communications and Informatics (ICACCI), Sept. 2016, pp.1718-1724
[59] Hudan Studiawan, Baskoro Adi Pratomo, Radityo Anggoro, ”Clustering of SSH brute-force attack logs using k-clique percolation,” Information & Communication Technology and Systems (ICTS), Oct. 2016, pp.39-42
[60] Alessandro Sforzin, Félix Gómez Mármol, Mauro Conti, Jens-Matthias Bohli, “RPiDS: Raspberry Pi IDS — A Fruitful Intrusion Detection System for IoT” Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), July 2016, pp.440-448
[61] Naser Fallahi, Ashkan Sami, Morteza Tajbakhsh, “Automated flow-based rule generation for network intrusion detection systems” Iranian Conference on Electrical Engineering (ICEE), May 2016, pp.1948-1953 
[62] Dhanashri Ashok Bhosale, Vanita Manikrao Mane, “Comparative study and analysis of network intrusion detection tools” International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), Oct. 2015, pp. 312 - 315
[63] Hashem Alaidaros, M. Mahmuddin, “Flow-Based Approach on Bro Intrusion Detection,” Journal of Telecommunication, Electronic and Computer Engineering, vol. 9, 2017, pp.139-145 
[64] Muhammad Shafiq, Xiangzhan Yu, Asif Ali Laghari, “WeChat Text Messages Service Flow Traffic Classification Using Machine Learning Technique,” International Conference on IT Convergence and Security (ICITCS), Sept. 2016, pp.1-5
[65] Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N. Asokan, Ahmad-Reza Sadeghi, Sasu Tarkoma, “IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT,” in Proc. 37th IEEE International Conference on Distributed Computing Systems (ICDCS 2017), Jun. 2017.
[66] Tharmini Janarthanan, Shahrzad Zargari, “Feature selection in UNSW-NB15 and KDDCUP'99 datasets,” International Symposium on Industrial Electronics (ISIE), June 2017, pp.1881-1886
[67] D. Stiawan, M. Y. Idris, A. H. Abdullah, F. Aljaber, R. Budiarto, “Cyber-attack penetration test and vulnerability analysis,” International Journal of Online Engineering, vol. 13, pp. 125-132, 2017.
[68] A. Joshi, M. wazid, R. H. Goudar, “An Efficient Cryptographic Scheme for Text Message Protection Against Brute Force and Cryptanalytic Attacks,” Procedia Computer Science, vol. 48, pp. 360-366, 2015.
[69] K. Kaynar, “A taxonomy for attack graph generation and usage in network security,” Journal of Information Security and Applications, vol. 29, pp. 27-56, 2016.
[70] S. Anandita, Y. Rosmansyah, B. Dabarsyah, J. U. Choi, “Implementation of dendritic cell algorithm as an anomaly detection method for port scanning attack,” 2015 International Conference on Information Technology Systems and Innovation (ICITSI), pp. 1-6, 2015.
[71] J. Vykopal, A. Abraham, J. Lloret, J. F. Buford, J. Suzuki, S. M. Thampi, “A Flow-Level Taxonomy and Prevalence of Brute Force Attacks,” in Advances in Computing and Communications, Springer Berlin Heidelberg, vol. 191, pp. 666-675, 2011.
[72] M. Jonker, R. Hofstede, A. Sperotto, A. Pras, “Unveiling flat traffic on the internet: an SSH attack case study,” Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management, pp. 270-278, 2015.
[73] Prachi Deshpande, Aditi Aggarwal, S.C. Sharma, P.Sateesh Kumar, Ajith Abraham, “Distributed port-scan attack in cloud environment,” Computational Aspects of Social Networks, Aug. 2013, pp. 27 - 31
[74] Elias Bou-Harb, Mourad Debbabi, Chadi Assi, “Cyber Scanning: A Comprehensive Survey,” IEEE Comm. Surveys & Tutorials, vol. 16, no. 3, 2014, pp.1496-1519
[75] Masoud Hasanifard, Behrouz Tork Ladani, “DoS and port scan attack detection in high speed networks” Information Security and Cryptology, Sept. 2014, pp.61-66
[76] M. Bhuyan, D. Bhattacharyya, and J. Kalita, “Surveying port-scans and their detection methodologies” The Computer Journal, vol. 54, no. 10, pp. 1565-1581, Oct., 2011
[77] Seungwoon Lee, Sun-young Im, Seung-Hun Shin, Byeong-hee Roh, Cheolho Lee, “Implementation and vulnerability test of stealth port scanning attacks using ZMap of censys engine” Information and Communication Technology Convergence (ICTC), Oct. 2016, pp.681-683