2,992 research outputs found
Machine Learning DDoS Detection for Consumer Internet of Things Devices
An increasing number of Internet of Things (IoT) devices are connecting to
the Internet, yet many of these devices are fundamentally insecure, exposing
the Internet to a variety of attacks. Botnets such as Mirai have used insecure
consumer IoT devices to conduct distributed denial of service (DDoS) attacks on
critical Internet infrastructure. This motivates the development of new
techniques to automatically detect consumer IoT attack traffic. In this paper,
we demonstrate that using IoT-specific network behaviors (e.g. limited number
of endpoints and regular time intervals between packets) to inform feature
selection can result in high accuracy DDoS detection in IoT network traffic
with a variety of machine learning algorithms, including neural networks. These
results indicate that home gateway routers or other network middleboxes could
automatically detect local IoT device sources of DDoS attacks using low-cost
machine learning algorithms and traffic data that is flow-based and
protocol-agnostic.Comment: 7 pages, 3 figures, 3 tables, appears in the 2018 Workshop on Deep
Learning and Security (DLS '18
Case Study - IPv6 based building automation solution integration into an IPv4 Network Service Provider infrastructure
The case study presents a case study describing an Internet Protocol (IP) version 6 (v6) introduction to an IPv4 Internet Service Provider (ISP) network infrastructure. The case study driver is an ISP willing to introduce a new âkillerâ service related to Internet of Things (IoT) style building automation. The provider and cooperation of third party companies specialized in building automation will provide the service. The ISP has to deliver the network access layer and to accommodate the building automation solution traffic throughout its network infrastructure. The third party companies are system integrators and building automation solution vendors. IPv6 is suitable for such solutions due to the following reasons. The operator canât accommodate large number of IPv4 embedded devices in its current network due to the lack of address space and the fact that many of those will need clear 2 way IP communication channel.
The Authors propose a strategy for IPv6 introduction into operator infrastructure based on the current network architecture present service portfolio and several transition mechanisms. The strategy has been applied in laboratory with setup close enough to the current operatorâs network. The criterion for a successful experiment is full two-way IPv6 application layer connectivity between the IPv6 server and the IPv6 Internet of Things (IoT) cloud
Service Virtualisation of Internet-of-Things Devices: Techniques and Challenges
Service virtualization is an approach that uses virtualized environments to
automatically test enterprise services in production-like conditions. Many
techniques have been proposed to provide such a realistic environment for
enterprise services. The Internet-of-Things (IoT) is an emerging field which
connects a diverse set of devices over different transport layers, using a
variety of protocols. Provisioning a virtual testbed of IoT devices can
accelerate IoT application development by enabling automated testing without
requiring a continuous connection to the physical devices. One solution is to
expand existing enterprise service virtualization to IoT environments. There
are various structural differences between the two environments that should be
considered to implement appropriate service virtualization for IoT. This paper
examines the structural differences between various IoT protocols and
enterprise protocols and identifies key technical challenges that need to be
addressed to implement service virtualization in IoT environments.Comment: 4 page
Surfing the Internet-of-Things: lightweight access and control of wireless sensor networks using industrial low power protocols
Internet-of-Things (IoT) is emerging to play an important role in the continued advancement of information and communication technologies. To accelerate industrial application developments, the use of web services for networking applications is seen as important in IoT communications. In this paper, we present a RESTful web service architecture for energy-constrained wireless sensor networks (WSNs) to enable remote data collection from sensor devices in WSN nodes. Specifically, we consider both IPv6 protocol support in WSN nodes as well as an integrated gateway solution to allow any Internet clients to access these nodes.We describe the implementation of a prototype system, which demonstrates the proposed RESTful approach to collect sensing data from a WSN. A performance evaluation is presented to illustrate the simplicity and efficiency of our proposed scheme
Design Considerations for Low Power Internet Protocols
Over the past 10 years, low-power wireless networks have transitioned to
supporting IPv6 connectivity through 6LoWPAN, a set of standards which specify
how to aggressively compress IPv6 packets over low-power wireless links such as
802.15.4.
We find that different low-power IPv6 stacks are unable to communicate using
6LoWPAN, and therefore IP, due to design tradeoffs between code size and energy
efficiency. We argue that applying traditional protocol design principles to
low-power networks is responsible for these failures, in part because receivers
must accommodate a wide range of senders.
Based on these findings, we propose three design principles for Internet
protocols on low-power networks. These principles are based around the
importance of providing flexible tradeoffs between code size and energy
efficiency. We apply these principles to 6LoWPAN and show that the resulting
design of the protocol provides developers a wide range of tradeoff points
while allowing implementations with different choices to seamlessly
communicate
DTLS Performance in Duty-Cycled Networks
The Datagram Transport Layer Security (DTLS) protocol is the IETF standard
for securing the Internet of Things. The Constrained Application Protocol,
ZigBee IP, and Lightweight Machine-to-Machine (LWM2M) mandate its use for
securing application traffic. There has been much debate in both the
standardization and research communities on the applicability of DTLS to
constrained environments. The main concerns are the communication overhead and
latency of the DTLS handshake, and the memory footprint of a DTLS
implementation. This paper provides a thorough performance evaluation of DTLS
in different duty-cycled networks through real-world experimentation, emulation
and analysis. In particular, we measure the duration of the DTLS handshake when
using three duty cycling link-layer protocols: preamble-sampling, the IEEE
802.15.4 beacon-enabled mode and the IEEE 802.15.4e Time Slotted Channel
Hopping mode. The reported results demonstrate surprisingly poor performance of
DTLS in radio duty-cycled networks. Because a DTLS client and a server exchange
more than 10 signaling packets, the DTLS handshake takes between a handful of
seconds and several tens of seconds, with similar results for different duty
cycling protocols. Moreover, because of their limited memory, typical
constrained nodes can only maintain 3-5 simultaneous DTLS sessions, which
highlights the need for using DTLS parsimoniously.Comment: International Symposium on Personal, Indoor and Mobile Radio
Communications (PIMRC - 2015), IEEE, IEEE, 2015,
http://pimrc2015.eee.hku.hk/index.htm
- âŠ