8,843 research outputs found
Recommended from our members
ForChaos: Real Time Application DDoS detection using Forecasting and Chaos Theory in Smart Home IoT Network
Recently, D/DoS attacks have been launched by zombie IoT devices in smart home networks. They pose a great threat to to network systems with Application Layer DDoS attacks being especially hard to detect due to their stealth and seemingly legitimacy. In this paper, we propose we propose ForChaos, a lightweight detection algorithm for IoT devices, that is based on forecasting and chaos theory to identify flooding and DDoS attacks. For every time-series behaviour collected, a forecasting-technique prediction is generated, based on a number of features, and the error between the two values is calcualted. In order to assess the error of the forecasting from the actual value, the lyapunov exponent is used to detect potential malicious behaviour. In NS-3 we evaluate our detection algorithm through a series of experiments in Flooding and Slow-Rate DDoS attacks. The results are presented and discussed in detail and compared with related studies, demonstrating its effectiveness and robustness
IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT
With the rapid growth of the Internet-of-Things (IoT), concerns about the
security of IoT devices have become prominent. Several vendors are producing
IP-connected devices for home and small office networks that often suffer from
flawed security designs and implementations. They also tend to lack mechanisms
for firmware updates or patches that can help eliminate security
vulnerabilities. Securing networks where the presence of such vulnerable
devices is given, requires a brownfield approach: applying necessary protection
measures within the network so that potentially vulnerable devices can coexist
without endangering the security of other devices in the same network. In this
paper, we present IOT SENTINEL, a system capable of automatically identifying
the types of devices being connected to an IoT network and enabling enforcement
of rules for constraining the communications of vulnerable devices so as to
minimize damage resulting from their compromise. We show that IOT SENTINEL is
effective in identifying device types and has minimal performance overhead
On the Activity Privacy of Blockchain for IoT
Security is one of the fundamental challenges in the Internet of Things (IoT)
due to the heterogeneity and resource constraints of the IoT devices. Device
classification methods are employed to enhance the security of IoT by detecting
unregistered devices or traffic patterns. In recent years, blockchain has
received tremendous attention as a distributed trustless platform to enhance
the security of IoT. Conventional device identification methods are not
directly applicable in blockchain-based IoT as network layer packets are not
stored in the blockchain. Moreover, the transactions are broadcast and thus
have no destination IP address and contain a public key as the user identity,
and are stored permanently in blockchain which can be read by any entity in the
network. We show that device identification in blockchain introduces privacy
risks as the malicious nodes can identify users' activity pattern by analyzing
the temporal pattern of their transactions in the blockchain. We study the
likelihood of classifying IoT devices by analyzing their information stored in
the blockchain, which to the best of our knowledge, is the first work of its
kind. We use a smart home as a representative IoT scenario. First, a blockchain
is populated according to a real-world smart home traffic dataset. We then
apply machine learning algorithms on the data stored in the blockchain to
analyze the success rate of device classification, modeling both an informed
and a blind attacker. Our results demonstrate success rates over 90\% in
classifying devices. We propose three timestamp obfuscation methods, namely
combining multiple packets into a single transaction, merging ledgers of
multiple devices, and randomly delaying transactions, to reduce the success
rate in classifying devices. The proposed timestamp obfuscation methods can
reduce the classification success rates to as low as 20%
Responsibility and non-repudiation in resource-constrained Internet of Things scenarios
The proliferation and popularity of smart
autonomous systems necessitates the development
of methods and models for ensuring the effective
identification of their owners and controllers. The aim
of this paper is to critically discuss the responsibility of
Things and their impact on human affairs. This starts
with an in-depth analysis of IoT Characteristics such
as Autonomy, Ubiquity and Pervasiveness. We argue
that Things governed by a controller should have an
identifiable relationship between the two parties and
that authentication and non-repudiation are essential
characteristics in all IoT scenarios which require
trustworthy communications. However, resources can
be a problem, for instance, many Things are designed
to perform in low-powered hardware. Hence, we also
propose a protocol to demonstrate how we can achieve the
authenticity of participating Things in a connectionless
and resource-constrained environment
- …