Research topic for approval

978-1-7281-5467-1/20/$31.00 ©2020 IEEE

Ransomware: A Framework for Security Challenges
in Internet of Things

1st Soobia Saeed
Dept. of Software Engineering

Universiti Teknologi Malaysia
Malaysia

[email protected]

4th Mamoona Humayun
Dept. of Information Systems

Jouf University
Al-Jouf, Saudi Arabia

[email protected]

2nd NZ Jhanjhi
School of Computing & IT (SoCIT)

Taylor’s University
Selangor, Malaysia

[email protected]

5th Shakeel Ahmed
Dept. of Computer Science

King Faisal University
Al- Hofuf, Saudi Arabia

[email protected]

3rd Mehmood Naqvi
Faculty of Engineering Technology

Mohawk College
Canada

[email protected]

Abstract—With the increasing volume of smartphones,
computers, and sensors in the Internet of Things (IoT) model,
enhancing security and preventing ransom attacks have become
a major concern. Traditional security mechanisms are no longer
applicable due to the involvement of devices with limited
resources, which require more computing power and resources.
Ransomware is comparatively a new and cruel malware in
cyberspace with higher rates of attacks around the world.
Ransomware could encrypt entire data to make users unable to
access their files and important information. In some cases, the
system has been hostage completely by the hackers, and the user
may receive a demand for ransom money using different
resources o access of his/her own data/system. One of the
problems associated with the Internet of Things is how to keep
your smartphones secure and keep your data safe as most of the
antivirus solutions are not useful in this case. This research
concludes the impact of ransomware on the IoT, malware
processes, and work on detecting and monitoring smartphone
infections. The paper also discusses ransomware awareness to
end-user with strategy to defeat it.

Keywords—IoT; Ransomware; Smartphones; WannaCry;
Malware

I. INTRODUCTION
The recent rapid development in the Internet of Things

(IoT) and its ability to provide different types of services have
made it the one of the fastest-growing technologies with a
major impact on social life and business environments [1]-[3].
The Internet of Things has increasingly entered all areas of
modern human life, such as education, health care, and the
business world, with storing confidential personal and
business information, financial data transactions, brand
development, and marketing. The widespread proliferation of
connected devices in IoT has increased the demand for robust
safety in response to the growing worldwide demand of
connected devices and services [4]. The threats on IoT are
increasing every day and there is a growth in the number and
intensity of attacks. In addition to the increasing number of
potential attackers and the size of networks, the tools available
to potential attackers have become more advanced, efficient
and effective [5]. Protection against threats and vulnerabilities
is therefore necessary for the IoT to achieve its full potential
[6]-[9]. Protection is characterized as a mechanism for
protecting an object from physical damage, unauthorized
access, theft or destruction, preserving high security and
integrity of the object’s data, and providing information about
the object at any time [10]. Digital technology awareness and

information techniques have helped cybercriminals to give
constant and emerging threats to the computer users.

Today, we are all trying–from home users to businesses
and government institutions–to protect ourselves from viruses
and other malware. However, we continue to ignore the
beginning of the next wave of ransom attacks aimed at
encrypting IoT devices. Ransomware has become one of the
most serious cyber threats in recent years. It can be more
dangerous due to the very comprehensive and diverse nature
of the IoT. Some differences make IoT ransomware more
dangerous than already widespread descent viruses for
desktops and smartphones [11]-[15].

Popular and effective encryption viruses, such as Locky
and Cerber, hide themselves inside important files on
computers. Here, the main strength in absence of backups, is
to force victims to pay for the decryption key or say goodbye
to their files. Important files and information are usually
assumed to have value expressed in money, and this fact
attracts blackmailers on the Internet. IoT devices often have
no data and some may think that the authors of ransomware
do not want to attack IoT devices. It’s not really. Instead of
locking only some files, IoT viruses may lock and have full
control over many devices and even networks. Malicious
software for the IoT can cause havoc, such as cars to stop, cut
off electricity, or even shut down the product line [13]. These
programs can cause greater damages, and therefore users may
lose their larger amounts of data.

Mobile ransomware is a malware type that affects mobile
devices. Cybercriminals may use malware to store sensitive
data on a smartphone or lock the device before requiring
payment to return data or unlock the device to the user.
Sometimes people download phone ransomware
unintentionally from social media because they believe they
access innocent content or essential apps. Once the malware
is downloaded to a device, the counterfeit message will carry
the victim with a malicious obligation before encrypting the
files and locking the phone. The ransomware sends a code to
unlock the device or decrypt the data once the transaction is
made, often via Bitcoin as shown in Fig. 1 [14]-[15].

Fig. 1 shows the three senders at the same time which are:
1) The ransomware sends a code to unlock the device or
decrypt the data once the transaction is made, often via
Bitcoin, 2) The ransomware sends a code to attack in mobile
security through emails via internet, 3) How ransomware
breaks the mobile security and enters through different apps
through downloading.

Authorized licensed use limited to: University of the Cumberlands. Downloaded on May 12,2021 at 00:13:34 UTC from IEEE Xplore. Restrictions apply.

II. CLASSIFICATION OF IOT SECURITY
There are few classifications of IoT based ransomware

which are given below:

A. Latest Threats
It is understood that cybercriminals use previously known

variants of malware. During 2017, cybercriminals used the
same toolkit later in the year to deploy Petans ransomware
after using the Eternal Blue operating toolkit to spread the
WannaCry ransomware. It is very important to understand
how the world of ransomware shifts. The more we know how
to carry out these attacks, the simpler and quicker will be the
solution. Visit the Norton Internet Security Center for more
information on the current risks [17].

B. Install Secuirty Patches
Ransomware can be downloaded to a computer due to “at-

risk” site visits from time to time. By hiding malware in a
legitimate site, you can be routed to these suspicious pages. A
good defence is to ensure that all the software and operating
systems are up-to-date [18].

C. Installing Fake Apps
Some malicious app developers seem to have taken the

word “fake” to make it “by heart,” because fake apps have
become a rampant problem for Android and iPhone users.
After downloading a fake application, cybercriminals use
ransom or malware through ads to run in the background of
your device to harm, making it hard to detect. Your data–such
as usernames and photos–can be exposed to passwords and
credit card information compromised [19].

D. Back up All Files
It’s always good to back up your files. It can be useful not

only if your mobile phone is compromised for ransom, but
also if your phone is lost or damaged. In Fast Data Recovery,
the researchers serve the needs of both individuals and
companies who want to recover their data after a ransom
attack. They are provided with the tools and expertise
necessary to perform full ransom recovery. The researchers
also offer measures to remove the ransomware and prevent
ransomware to protect you from future attacks [20].

E. Use a Strong Mobile Security Solution
Protecting all phones with a robust security solution is

always recommended. Norton Mobile Security protects your
privacy online and provides features such as App Advisor
which confirm that Android apps can be safely downloaded.
Many risks are threatening your data and privacy in today’s
world. Cybercriminals use ransomware for holding important
files as hostages or for locking their computers before
payment is made. Learning the risks and taking some steps
will help keep you ahead of these cybercriminals [20].

F. Simp-Locker
Check Point confirmed Simplocker’s launch in September

2015, which shut down tens of thousands of Android phones
and tablets. Victims have to pay for accessing their documents
between $200 and $500. Preventing infection is relatively
easy because it only goes to official download sites (i.e. not on
Google Play) and is misleading as “Flash Player”. If the client
downloads the program, the NSA reportedly receives a false
warning telling him to pay a fine within 48 hours. The fee will
double if it is not charged. Even after the files are encrypted,
end-users will not be able to easily delete the app. Research at
Check Point has shown that about 10% of users pay a ransom,
which is much higher than other breeds [21].

G. Locker Pin
ESET security researchers have found the world’s first

instance of malware that can reset the PIN of your phone to
lock your computer at all times. They named it Locker Pin,
which removes the locked screen of the infected device’s PIN
code and leaves a locked phone screen for the victims,
demanding a ransom of $500. Because you randomly reset the
PIN on the lock screen, you won’t be given access to your
device by paying a ransom because even attackers don’t know
the randomly changed PIN. Locker Pin is distributed by Porn
Droid, an adult entertainment app, and is downloaded outside
of the official Google Play Store from third-party sites and
wires forums. When downloaded on the smartphone of the
victim, the app will initially ask users to grant the privileges
of the system administrator. The malicious app modifies the
client lock screen PIN using a randomly generated number
after gaining administrator rights. Although most infections in
the United States have been detected, researchers have found
infections worldwide [22].

H. Locky Ransomeware
Locky ransomware is a new breed of ransomware virus–a

piece of malware which encrypts files on your hard drive and
requires you to pay a decryption fee. Normally Locky comes
as an email with a similar attachment to gobbledygook. If the
file does not appear unreadable, a message in the report
suggests that you allow macros. If you do, Locky
ransomware’s macro code runs on the drive, encoding files
that may include Office documents, videos, and images. To
order to restore your files, it is recommended that the Locky
ransomware file goes to a dark web site where you receive
instructions for payment. The virus can encrypt any directory,
including servers and other computers, into any folder on any
drive that it can reach [23]-[25].

I. WannaCry
The WannaCry ransomware attack in May 2017 was a

cyber-attack by the WannaCry ransomware crypto worm. It
concentrated on PCs operating the Microsoft Windows
working system by scrambling data and demanding payment

Fig. 1. Cyber-attacks [16]

Authorized licensed use limited to: University of the Cumberlands. Downloaded on May 12,2021 at 00:13:34 UTC from IEEE Xplore. Restrictions apply.

in the digital currency of Bitcoin. You may realize that the
ransomware has been around for a long time. Even though the
first model of the ransomware was fully exposed to a
calculation problem. However, there are issues about
receiving the money. How to receive payment without being
detected? How to send payment to a mailbox? [26], [27].

In addition, [28]-[32] explained the smart system for smart
homes, cellular phones, etc. However, these extended smart
applications are equally vulnerable to the ransomware attacks.
Further researchers also present a number of attack detection
methods, suggested use of blockchain as well, still
ransomware targets applications.

III. PROPOSED METHOD
The conceptual framework of ransomware is given below:

The conceptual framework above illustrates the concept of
the method in Fig. 2. Furthermore, the scope of our research
is to examine how API packets are used by attackers to encrypt
files or secure a mobile device. This study investigated these
API calls after removing identical instances to see if we can
find differences between ransomware and clean applications
about this API package calls.

The proposed methodology has several stages, API-based
ransomware detection system, evaluation of the API
ransomware detection system, and finally the provision of API
ransomware detection system services. The overall workflow
of the methodology with the corresponding system
architecture and components is shown in Fig. 3.

Fig. 3 shows the main functions of these components,
which include:

1) Examine the latest approaches for ransom detection,
2) Collect new apps for Android,
3) See the new API,
4) Calls from the family of Android,
5) Clear and measure the frequency of all API calls in

Android apps,
6) Remove duplicates and use community functions by

sorting pooled API call values,
7) Analyze calls from the API,
8) Analyze the API calls used and used from a security

perspective for both good applications and billing ransom,
9) Choose a list of API calls to be included in the newly

created datasets as features,
10) Structure Create good data sets as well as

ransomware,
11) Check supported API calls using data mining

techniques to create predictive models using data mining
techniques, and then test the impact of API calls on
complexity and accuracy of ransomware detection and
efficiency,

12) Approve the best model with the best performance
in the ransomware API framework to be a predictive model,

13) Evaluate the device API to detect and monitor the
performance of Ransomware from the API,

14) Provide system detection services for Ransomware
APIs including ransomware detection systems and datasets
for users, researchers and developers.

The authors implemented these steps for security of
android app and API-based Ransomware detection system,
ransomware detection system assessment of API. The author
practically implemented these procedures to android mobile
phone to secure it against ransomware attacks.

A. Precautions for Securing Mobile Devices
There are steps to be taken to avoid falling victim to a

smartphone ransom program are:

1) Do not install apps outside the official Apple App
Store or Google Play Store (Android devices).

2) Do not grant permissions to the system administrator
unless you trust them.

3) Lock your phone with a secure password, stay away
from all porn sites, and apps, “honey trap”.

4) The key to your iDevices is your Apple ID. So be sure
to keep them secure (for example, do not use your Apple ID
to download multimedia content for a questionable website).

5) Update your phones with the new IOS code to keep
them safe from known exploits.

6) The researcher also suggests using an antivirus
program including Sophos Antivirus and Protection, a free
smartphone and tablet app for Android users.

7) Protect web app users from infections and keep
confidential data beyond the endpoint by deploying virtual,
protected, and enhanced browsers.

8) Prevent email ransom from penetrating the endpoint
by deploying a virtual, protected, and enhanced email client.

Fig. 2. Conceptual Framework

Authorized licensed use limited to: University of the Cumberlands. Downloaded on May 12,2021 at 00:13:34 UTC from IEEE Xplore. Restrictions apply.

9) Protect mobile devices from ransomware and other
types of malware with containers, encryption, blacklists,
whitelists, and device compliance checks.

10) Ensure rapid recovery of encrypted data with
ransom with secure and powerful file sharing and
synchronization service.

IV. ALGORITHM
The few algorithms which the authors used to encrypt data

of mobile phone are given below:

Algorithm.1

Pseudocode for IoT

Function get create Locker Pin creates additional files during the
infection:

1. Initialize variable with 00000000.pay
If yes, write API and time in Microsoft PUBLICKEY containing the RSA-

2048 public key text file with a comma delimiter
Write the command for WCry threat actors presumably hold the private

key.
2. Pass the command object into the 00000000.res
If yes, write API and Convert data for C2 communication
3. Pass the command object into the 00000000.key
Write command Victim-unique RSA private key encrypted with

embedded RSA public key
4. Pass the command object into the 00000000.dky
Decrypted RSA private key transmitted to the victim after a

ransom payment
5. Create the variable value atf.wnry

A list of randomly chosen files encrypted with an embedded RSA
private key that allows WCry to “demonstrate” decryption to
victims

6. Create the instance of @[email protected]
The main module of the WCry ransomware “decryptor,” identical

to u.wnry
7. Check if the connection of command is true@[email protected]
Ransom demand text, identical to r.wnry
8. If the output is “ransomware”, an alert user with a pop-up

window
9. If the output is “good ware”, the sample can execute in a user system
10. End function
Algorithm.2

Function when started, WCry executes two commands
WCry performs the following single (readability formatted)

command to make system and data recovery more complicated. If the
malware does not run with high privileges, WCry performs this with the
command “run as.
1. Initialize variable of value with attrib +h.
2. Initialize variable of value with icacls. /grant everyone with API call
3. If yes, write F /T /C /Q
4. If no, close the original text file
5. Pass the command object into the cmd.exe /c vssadmin delete shadows

/all /quiet &
6. Pass the command object into the wmicshadow copy delete &
7. Pass the command object into the bcdedit /set
8. If yes, write {Default} bootstatuspolicyignore all failures&
9. If no, close the original text file
10. Pass the command object into the bcdedit /set
11. If yes, write {Default} recovery enabled no
a. If no, close the original text file
12. Pass the command object into the web admin delete catalogue –quiet
13. Check if the connection of command is true or not
14. If the output is “ransomware”, an alert user with a pop-up window

Fig. 3. The proposed framework of ransomware

Authorized licensed use limited to: University of the Cumberlands. Downloaded on May 12,2021 at 00:13:34 UTC from IEEE Xplore. Restrictions apply.

15. If the output is “good ware”, the sample can execute in the user system
16. End function

Algorithm.3

WCry terminates several services so that their data stores can be
encrypted:

1. Initialize the variable with WCry terminates several services
2. Pass the command object into the taskkill.exe /f /im mysqld.exe
3. Pass the command object into the taskkill.exe /f /im sqlwriter.exe
4. Pass the command object into the taskkill.exe /f /im sqlserver.exe
5. Pass the command object into the taskkill.exe /f /imMSExchange*
6. Pass the command object into the taskkill.exe /f /im

Microsoft.Exchange.*
7. Function Get Max for WCry, a batch file is created using a large

integer randomly generated (e.g. 46631494859358.bat,
37061494619317.bat) which creates a malware shortcut.

8. Check if the connection of command is true or not
9. If the output is “ransomware”, an alert user with a pop-up window
10. If the output is “good ware”, the sample can execute in the user

system
11. End function

V. FUTURE RESEARCH DIRECTIONS
The questions of security and privacy need to be

addressed. This suggests that there is still a lot of work to be
done in the area of IoT, the virus of ransomware is not a
complete solution at this time, many antivirus companies IOS
and android mobile to run ransomware command and it is
unable to disable the antivirus. It’s not a permanent solution
after different virus and sources. The future research can be
diverted into multiple directions. One direction is to gain a
deeper understanding of the threats to the IoT infrastructure as
well as to recognize the potential implications of IoT
ransomware. Second, at the outset of product development,
consideration should be given to describing the appropriate
security protocols for access control, encryption, identity
management and a versatile system for trust management.
This work will be useful to security researchers by helping to
identify key IoT security issues and providing a better
understanding of the threats and characteristics coming from
various hackers such as organizations and intelligence
agencies.

VI. CONCLUSION
The Internet of Things faces several threats that must be

recognized for preventive actions. In this paper, security
challenges and security threats to IoT have been discussed and
some robust solutions are presented. The overall objective is
to identify assets and document potential threats, attacks and
vulnerabilities faced by the Internet of Things. The authors
provide an overview of the most important IoT security issues,
with a focus on IoT device and API security challenges. We
conclude that organizations should deploy a cybersecurity
team to monitor user activity, prevent security attacks by not
allowing unknown packets to enter in the organization’s
network, and home users must install reliable antivirus at the
minimum.

ACKNOWLEDGMENT

Authors are grateful to the Department of Software
Engineering at Universiti Teknologi Malaysia-UTM.

REFERENCES
[1] L. Atzori, A. Iera, and G. Morabito, “The internet of things: A survey,”

Computer networks, vol. 54, no. 15, pp. 2787–2805, 2010.

[2] S. Andreev and Y. Koucheryavy, “Internet of things, smart spaces, and
next-generation networking,” Springer, LNCS, vol. 7469, p. 464, 2012.

[3] J. S. Kumar and D. R. Patel, “A survey on internet of things: Security
and privacy issues,” International Journal of Computer Applications,
vol. 90, no. 11, pp. 20–26, March 2014, published by Foundation of
Computer Science, New York, USA.

[4] A. Stango, N. R. Prasad, and D. M. Kyriazanos, “A threat analysis
methodology for security evaluation and enhancement planning,” in
Emerging Security Information, Systems and Technologies, 2009.
SECURWARE’09. Third International Conference on. IEEE, 2009,
pp. 262–267.

[5] D. Jiang and C. ShiWei, “A study of information security for m2m of
iot,” in Advanced Computer Theory and Engineering (ICACTE), 2010
3rd International Conference on, vol. 3. IEEE, 2010, V3–576.
Cybersecurity and the Internet of Things, p.83.

[6] B. Schneier, “Secrets and lies: digital security in a networked world”,
John Wiley & Sons,new york, 2011,vol.51, pp304-306.

[7] S. Balamurugan, A. Ayyasamy, and K. S. Joseph “A Review on
Privacy and Security Challenges in the Internet of Things (IoT) to
protect the Device and Communication Networks”, Journal of
Computer Science IJCSIS, vol. 16, no. 6 , pp. 57-62, 2018.

[8] M. Taneja, “An analytics framework to detect compromised IoT
devices using mobility behaviour”, in ICT Convergence (ICTC), 2013
International Conference on. IEEE, 2013, pp. 38–43.

[9] G. M. Koien and V. A. Oleshchuk, “Aspects of Personal Privacy in
Communications-Problems”, Technology and Solutions. River
Publishers, vol. 22, 2013.

[10] N. R. Prasad, “Threat model framework and methodology for personal
networks (pns)”, in Communication Systems Software and
Middleware, 2007. COMSWARE 2007. 2nd International Conference
on. IEEE, 2007, pp. 1–6.

[11] J. E. Thomas, “Improving Backup System Evaluations in Information
Security Risk Assessments to Combat Ransomware“, Published by
Canadian Center of Science and Education, 2018, vol. 11, pp.1-12.

[12] J. Allen,“Surviving ransomware”. American Journal of Family ,
vol. 31, NO. 2, pp. 65-68, 2017.

[13] A. K. Maurya, N. Kumar, A. Agrawal, and R. A. Khan, “Ransomware:
Evolution, Target and Safety Measures”, IET, Faizabad, India, vol.6,
no. 1, pp 80-85, 2018.

[14] N. Agnihotri, “Ransomware Classifier using Extreme Gradient
Boosting” (IJCSIT) International Journal of Computer Science and
Information Technologies, vol. 9, no. 2, pp. 45-47, 2018.

[15] M. Paquet-Clouston, “Ransomware Payments in the Bitcoin
Ecosystem”, Austrian Institute of Technology Vienna, IEEE
Symposium on Security and Privacy and Information Security
Management Conference, pp.1-9, 2018.

[16] K. Cabaj and W. Mazurczyk, “Using Software-Defined Networking for
Ransomware Mitigation: The Case of CryptoWall”, IEEE Network,
vol. 30, no. 6, 2016.

[17] N. Shah and M. Farik, “Ransomware – Threats, Vulnerabilities and
Recommendations”, International Journal of Scientific & Technology
vol. 6, no. 6, pp. 307-309, 2017.

[18] R. Richardson, “Ransomware: Evolution, Mitigation and Prevention”,
Management & Entrepreneurship Department Information Systems
Department Coles College of Kennesaw State University, GA
USA, vol. 13, pp. 25-32, 2017.

[19] S. H. Kok, A. Abdullah, N. Z. Jhanjhi, and M. Supramaniam, “A
Review of Intrusion Detection System using Machine Learning
Approach”, International Journal of Engineering Research and
Technology. ISSN 0974-3154, vol. 12, no. 1, pp. 8-15, 2019.

[20] S. H. Kok, A. Abdullah, N. Z. Jhanjhi, and M. Supramaniam,
”Ransomware, Threat and Detection Techniques: A Review”, IJCSNS
International Journal of Computer Science and Network Security, vol.
19, no. 2, February 2019.

[21] S. H. Kok, A. Abdullah, N. Z. Jhanjhi, and M. Supramaniam,
“Prevention of Crypto-Ransomware Using a Pre-Encryption Detection
Algorithm”, Computers, vol. 8, no. 4, pp. 79-80, 2019.

[22] H. U. Salvi, “Ransomware: A Cyber Extortion”, Asian Journal of
Convergence in Technology, vol. 2, pp. 1-9, 2017.

Authorized licensed use limited to: University of the Cumberlands. Downloaded on May 12,2021 at 00:13:34 UTC from IEEE Xplore. Restrictions apply.

[23] S. B. Surati, ”A Review on Ransomware Detection & Prevention”,
International Journal of Research and Scientific Innovation (IJRSI) vol.
4, pp. 38-39, 2017.

[24] P. B. Pathak, “A Dangerous Trend of Cybercrime: Ransomware
Growing Challenge”, International Journal of Advanced Research in
Computer Engineering & Technology, vol. 5, no. 2, pp. 371-373, 2016.

[25] S. Mohurle and M. R. Patil, “A brief study of WannaCry Threat:
Ransomware Attack 2017” International Journal of Advanced
Research in Computer Science. vol. 8, no. 5, pp. 1938-1940, 2017.

[26] M. M. Ahmadian, H. R. Shahriari, and S. M. Ghaffarian, “Connection-
monitor & connection-breaker: A novel approach for prevention and
detection of high survivable Ransomware”, Information Security and
Cryptology (ISCISC), 2015 12th International Conference on Iranian
Society of Cryptology, pp. 79 – 84, 2015.

[27] K. Fischer and J. Gesner; “Security architecture elements for IoT
enabled automation networks normally-off computing for IoT
systems”, published in 2015 International SoC Design Conference
(ISOCC), pp.1-8.

[28] Z. A. Almusaylim, N. Zaman, and L. T. Jung, “Proposing a data
privacy aware protocol for roadside accident video reporting service

using 5G in Vehicular Cloud Networks Environment”, In IEEE In 2018
4th International Conference on Computer and Information Sciences
(ICCOINS), pp. 1–5, August 2018.

[29] Z. A. Almusaylim and N. Zaman, “A review on smart home present
state and challenges: linked to context-awareness internet of things
(IoT)”, Journal of Wireless Networks, pp. 1–12, 2018.

[30] Z. A. Almusaylim and N. Z. Jhanjhi, “Comprehensive Review: Privacy
Protection of User in Location-Aware Services of Mobile Cloud
Computing”, Wireless Pers Commun, pp. 32-38, 2019.

[31] M. Alamri, N. Z. Jhanjhi, and M. Humayun, “Blockchain for Internet
of Things (IoT) Research Issues Challenges & Future Directions: A
Review”, International Journal of Computer Science and Network
Security, vol. 19, no. 5, pp. 244–258, 2019.

[32] K. Hussain, S. J. Hussain, N. Z. Jhanjhi, and M. Humayun, “SYN Flood
Attack Detection based on Bayes Estimator (SFADBE) For MANET”,
in 2019 International Conference on Computer and Information
Sciences (ICCIS), vol. 3, pp. 1-4, 2019.

Authorized licensed use limited to: University of the Cumberlands. Downloaded on May 12,2021 at 00:13:34 UTC from IEEE Xplore. Restrictions …