Defending Against IoT-Enabled DDoS Attacks at Critical Vantage Points on the Internet

The number of Internet of Things (IoT) devices continues to grow every year. Unfortunately, with the rise of IoT devices, the Internet is also witnessing a rise in the number and scale of IoT-enabled distributed denial-of-service (DDoS) attacks. However, there is a lack of network-based solutions targeted directly for IoT networks to address the problem of IoT-enabled DDoS. Unlike most security approaches for IoT which focus on hardening device security through hardware and/or software modification, which in many cases is infeasible, we introduce network-based approaches for addressing IoT-enabled DDoS attacks. We argue that in order to effectively defend the Internet against IoT-enabled DDoS attacks, it is necessary to consider network-wide defense at critical vantage points on the Internet. This dissertation is focused on three inherently connected and complimentary components: (1) preventing IoT devices from being turned into DDoS bots by inspecting traffic towards IoT networks at an upstream ISP/IXP, (2) detecting DDoS traffic leaving an IoT network by inspecting traffic at its gateway, and (3) mitigating attacks as close to the devices in an IoT network originating DDoS traffic. To this end, we present three security solutions to address the three aforementioned components to defend against IoT-enabled DDoS attacks

A game-theoretic analysis of energy-depleting jamming attacks with a learning counterstrategy

Jamming may become a serious threat in Internet of Things networks of battery-powered nodes, as attackers can disrupt packet delivery and significantly reduce the lifetime of the nodes. In this work, we model an active defense scenario in which an energy-limited node uses power control to defend itself from a malicious attacker, whose energy constraints may not be known to the defender. The interaction between the two nodes is modeled as an asymmetric Bayesian game where the victim has incomplete information about the attacker. We show how to derive the optimal Bayesian strategies for both the defender and the attacker, which may then serve as guidelines to develop and gauge efficient heuristics that are less computationally expensive than the optimal strategies. For example, we propose a neural-network-based learning method that allows the node to effectively defend itself from the jamming with a significantly reduced computational load. The outcomes of the ideal strategies highlight the tradeoff between node lifetime and communication reliability and the importance of an intelligent defense from jamming attacks

Intelligence in 5G networks

Over the past decade, Artificial Intelligence (AI) has become an important part of our daily lives; however, its application to communication networks has been partial and unsystematic, with uncoordinated efforts that often conflict with each other. Providing a framework to integrate the existing studies and to actually build an intelligent network is a top research priority. In fact, one of the objectives of 5G is to manage all communications under a single overarching paradigm, and the staggering complexity of this task is beyond the scope of human-designed algorithms and control systems. This thesis presents an overview of all the necessary components to integrate intelligence in this complex environment, with a user-centric perspective: network optimization should always have the end goal of improving the experience of the user. Each step is described with the aid of one or more case studies, involving various network functions and elements. Starting from perception and prediction of the surrounding environment, the first core requirements of an intelligent system, this work gradually builds its way up to showing examples of fully autonomous network agents which learn from experience without any human intervention or pre-defined behavior, discussing the possible application of each aspect of intelligence in future networks