An SDN-Enabled Proactive Defense Framework for DDoS Mitigation in IoT Networks

被引:47
作者
Zhou, Yuyang [1 ]
Cheng, Guang [1 ]
Yu, Shui [2 ]
机构
[1] Southeast Univ, Minist Educ, Key Lab Comp Network & Informat Integrat,Jiangsu, Sch Cyber Sci & Engn,Res Base Int Cyberspace Gove, Nanjing 211189, Peoples R China
[2] Univ Technol Sydney, Sch Comp Sci, Ultimo, NSW 2007, Australia
基金
中国国家自然科学基金;
关键词
Internet of Things; Servers; Security; Denial-of-service attack; Games; Computer crime; Resists; DDoS attacks; moving target defense; cyber deception; signaling game; ATTACKS; INTERNET;
D O I
10.1109/TIFS.2021.3127009
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
The Internet of Things (IoT) is becoming truly ubiquitous in every domain of human lives, and a large number of objects can be connected and enabled to communicate with cloud servers at any time. However, complex connections and vulnerabilities of IoT devices introduce inevitable security threats, in which distributed denial-of-service (DDoS) attacks usually incur catastrophic results. Unfortunately, the existing DDoS mitigation methods cannot provide effective protection. Moreover, the amplifying complexity and increasing delay incurred by defense greatly affect the stability of IoT networks. To tackle these problems, we present a novel framework that can proactively adapt the attack surface of IoT networks, dynamically optimize defense strategies, and rapidly deploy the corresponding defense mechanisms. In particular, we establish hybrid proactive defense mechanisms combining Moving Target Defense (MTD) techniques with cyber deception to spread camouflage information to confuse attackers. Based on these mechanisms, we introduce a defender-led signaling game model to formalize defense scenarios and depict the interactions between the defender and the attacker. Besides, we present an optimal algorithm to solve decision problems and optimize defense implementation in a cost-effective manner. Our extensive experiments demonstrate that the proposed approach can effectively mitigate DDoS attacks and maintain a high level of performance in IoT networks with acceptable overhead.
引用
收藏
页码:5366 / 5380
页数:15
相关论文
共 51 条
[1]   Model-based evaluation of combinations of Shuffle and Diversity MTD techniques on the cloud [J].
Alavizadeh, Hooman ;
Kim, Dong Seong ;
Jang-Jaccard, Julian .
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2020, 111 :507-522
[2]   Predictability of IP Address Allocations for Cloud Computing Platforms [J].
Almohri, Hussain M. J. ;
Watson, Layne T. ;
Evans, David .
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2020, 15 :500-511
[3]   Strategic Defense Against Stealthy Link Flooding Attacks: A Signaling Game Approach [J].
Aydeger, Abdullah ;
Manshaei, Mohammad Hossein ;
Rahman, Mohammad Ashiqur ;
Akkaya, Kemal .
IEEE TRANSACTIONS ON NETWORK SCIENCE AND ENGINEERING, 2021, 8 (01) :751-764
[4]   FastMove: Fast IP switching Moving Target Defense to mitigate DDOS Attacks [J].
Bandi, Nahid ;
Tajbakhsh, Hesam ;
Analoui, Morteza .
2021 IEEE CONFERENCE ON DEPENDABLE AND SECURE COMPUTING (DSC), 2021,
[5]  
Bhunia SS, 2017, 2017 27TH INTERNATIONAL TELECOMMUNICATION NETWORKS AND APPLICATIONS CONFERENCE (ITNAC), P84
[6]   Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures [J].
Butun, Ismail ;
Osterberg, Patrik ;
Song, Houbing .
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2020, 22 (01) :616-644
[7]   Network Intrusion Detection for IoT Security Based on Learning Techniques [J].
Chaabouni, Nadia ;
Mosbah, Mohamed ;
Zemmari, Akka ;
Sauvignac, Cyrille ;
Faruki, Parvez .
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2019, 21 (03) :2671-2701
[8]  
Chiang CYJ, 2018, IEEE MILIT COMMUN C, P110, DOI 10.1109/MILCOM.2018.8599755
[9]   Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense [J].
Cho, Jin-Hee ;
Sharma, Dilli P. ;
Alavizadeh, Hooman ;
Yoon, Seunghyun ;
Ben-Asher, Noam ;
Moore, Terrence J. ;
Kim, Dong Seong ;
Lim, Hyuk ;
Nelson, Frederica F. .
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2020, 22 (01) :709-745
[10]   An Improved Ant Colony Optimization Algorithm Based on Hybrid Strategies for Scheduling Problem [J].
Deng, Wu ;
Xu, Junjie ;
Zhao, Huimin .
IEEE ACCESS, 2019, 7 :20281-20292