1
|
Alterazi HA, Kshirsagar PR, Manoharan H, Selvarajan S, Alhebaishi N, Srivastava G, Lin JCW. Prevention of Cyber Security with the Internet of Things Using Particle Swarm Optimization. SENSORS (BASEL, SWITZERLAND) 2022; 22:6117. [PMID: 36015878 PMCID: PMC9413110 DOI: 10.3390/s22166117] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 07/06/2022] [Revised: 08/11/2022] [Accepted: 08/12/2022] [Indexed: 06/15/2023]
Abstract
High security for physical items such as intelligent machinery and residential appliances is provided via the Internet of Things (IoT). The physical objects are given a distinct online address known as the Internet Protocol to communicate with the network's external foreign entities through the Internet (IP). IoT devices are in danger of security issues due to the surge in hacker attacks during Internet data exchange. If such strong attacks are to create a reliable security system, attack detection is essential. Attacks and abnormalities such as user-to-root (U2R), denial-of-service, and data-type probing could have an impact on an IoT system. This article examines various performance-based AI models to predict attacks and problems with IoT devices with accuracy. Particle Swarm Optimization (PSO), genetic algorithms, and ant colony optimization were used to demonstrate the effectiveness of the suggested technique concerning four different parameters. The results of the proposed method employing PSO outperformed those of the existing systems by roughly 73 percent.
Collapse
Affiliation(s)
- Hassan A. Alterazi
- Department of Information Technology, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 22254, Saudi Arabia
| | - Pravin R. Kshirsagar
- Department of Artificial Intelligence, G. H Raisoni College of Engineering, Nagpur 440016, India
| | - Hariprasath Manoharan
- Department of Electronics and Communication Engineering, Panimalar Engineering College, Poonamallee, Chennai 600123, India
| | - Shitharth Selvarajan
- Department of Computer Science, Kebri Dehar University, Kebri Dehar 001, Ethiopia
| | - Nawaf Alhebaishi
- Department of Information Systems, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 22254, Saudi Arabia
| | - Gautam Srivastava
- Department of Mathematics and Computer Science, Brandon University, Brandon, MB R7A 6A9, Canada
- Research Center for Interneural Computing, China Medical University, Taichung 406040, Taiwan
| | - Jerry Chun-Wei Lin
- Department of Computer Science, Electrical Engineering and Mathematical Sciences, Western Norway University of Applied Sciences, 5063 Bergen, Norway
| |
Collapse
|
2
|
A Novel Approach for distributed denial of service defense using continuous wavelet transform and convolutional neural network for software-Defined network. Comput Secur 2022. [DOI: 10.1016/j.cose.2021.102524] [Citation(s) in RCA: 5] [Impact Index Per Article: 2.5] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/20/2022]
|
3
|
Peng JC, Cui YH, Qian Q, Guo C, Jiang CH, Li SF. ADVICE: Towards adaptive scheduling for data collection and DDoS detection in SDN. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2021. [DOI: 10.1016/j.jisa.2021.103017] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/20/2022]
|
4
|
Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data. ELECTRONICS 2021. [DOI: 10.3390/electronics10172160] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
Abstract
Future-oriented networking infrastructures are characterized by highly dynamic Streaming Data (SD) whose volume, speed and number of dimensions increased significantly over the past couple of years, energized by trends such as Software-Defined Networking or Artificial Intelligence. As an essential core component of network security, Intrusion Detection Systems (IDS) help to uncover malicious activity. In particular, consecutively applied alert correlation methods can aid in mining attack patterns based on the alerts generated by IDS. However, most of the existing methods lack the functionality to deal with SD data affected by the phenomenon called concept drift and are mainly designed to operate on the output from signature-based IDS. Although unsupervised Outlier Detection (OD) methods have the ability to detect yet unknown attacks, most of the alert correlation methods cannot handle the outcome of such anomaly-based IDS. In this paper, we introduce a novel framework called Streaming Outlier Analysis and Attack Pattern Recognition, denoted as SOAAPR, which is able to process the output of various online unsupervised OD methods in a streaming fashion to extract information about novel attack patterns. Three different privacy-preserving, fingerprint-like signatures are computed from the clustered set of correlated alerts by SOAAPR, which characterizes and represents the potential attack scenarios with respect to their communication relations, their manifestation in the data’s features and their temporal behavior. Beyond the recognition of known attacks, comparing derived signatures, they can be leveraged to find similarities between yet unknown and novel attack patterns. The evaluation, which is split into two parts, takes advantage of attack scenarios from the widely-used and popular CICIDS2017 and CSE-CIC-IDS2018 datasets. Firstly, the streaming alert correlation capability is evaluated on CICIDS2017 and compared to a state-of-the-art offline algorithm, called Graph-based Alert Correlation (GAC), which has the potential to deal with the outcome of anomaly-based IDS. Secondly, the three types of signatures are computed from attack scenarios in the datasets and compared to each other. The discussion of results, on the one hand, shows that SOAAPR can compete with GAC in terms of alert correlation capability leveraging four different metrics and outperforms it significantly in terms of processing time by an average factor of 70 in 11 attack scenarios. On the other hand, in most cases, all three types of signatures seem to reliably characterize attack scenarios such that similar ones are grouped together, with up to 99.05% similarity between the FTP and SSH Patator attack.
Collapse
|
5
|
Liu Z, Thapa N, Shaver A, Roy K, Siddula M, Yuan X, Yu A. Using Embedded Feature Selection and CNN for Classification on CCD-INID-V1-A New IoT Dataset. SENSORS 2021; 21:s21144834. [PMID: 34300574 PMCID: PMC8309834 DOI: 10.3390/s21144834] [Citation(s) in RCA: 6] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 05/27/2021] [Revised: 07/09/2021] [Accepted: 07/12/2021] [Indexed: 11/20/2022]
Abstract
As Internet of Things (IoT) networks expand globally with an annual increase of active devices, providing better safeguards to threats is becoming more prominent. An intrusion detection system (IDS) is the most viable solution that mitigates the threats of cyberattacks. Given the many constraints of the ever-changing network environment of IoT devices, an effective yet lightweight IDS is required to detect cyber anomalies and categorize various cyberattacks. Additionally, most publicly available datasets used for research do not reflect the recent network behaviors, nor are they made from IoT networks. To address these issues, in this paper, we have the following contributions: (1) we create a dataset from IoT networks, namely, the Center for Cyber Defense (CCD) IoT Network Intrusion Dataset V1 (CCD-INID-V1); (2) we propose a hybrid lightweight form of IDS—an embedded model (EM) for feature selection and a convolutional neural network (CNN) for attack detection and classification. The proposed method has two models: (a) RCNN: Random Forest (RF) is combined with CNN and (b) XCNN: eXtreme Gradient Boosting (XGBoost) is combined with CNN. RF and XGBoost are the embedded models to reduce less impactful features. (3) We attempt anomaly (binary) classifications and attack-based (multiclass) classifications on CCD-INID-V1 and two other IoT datasets, the detection_of_IoT_botnet_attacks_N_BaIoT dataset (Balot) and the CIRA-CIC-DoHBrw-2020 dataset (DoH20), to explore the effectiveness of these learning-based security models. Using RCNN, we achieved an Area under the Receiver Characteristic Operator (ROC) Curve (AUC) score of 0.956 with a runtime of 32.28 s on CCD-INID-V1, 0.999 with a runtime of 71.46 s on Balot, and 0.986 with a runtime of 35.45 s on DoH20. Using XCNN, we achieved an AUC score of 0.998 with a runtime of 51.38 s for CCD-INID-V1, 0.999 with a runtime of 72.12 s for Balot, and 0.999 with a runtime of 72.91 s for DoH20. Compared to KNN, XCNN required 86.98% less computational time, and RCNN required 91.74% less computational time to achieve equal or better accurate anomaly detections. We find XCNN and RCNN are consistently efficient and handle scalability well; in particular, 1000 times faster than KNN when dealing with a relatively larger dataset-Balot. Finally, we highlight RCNN and XCNN’s ability to accurately detect anomalies with a significant reduction in computational time. This advantage grants flexibility for the IDS placement strategy. Our IDS can be placed at a central server as well as resource-constrained edge devices. Our lightweight IDS requires low train time and hence decreases reaction time to zero-day attacks.
Collapse
|
6
|
Preserving authentication and availability security services through Multivariate Statistical Network Monitoring. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2021. [DOI: 10.1016/j.jisa.2021.102785] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/22/2022]
|
7
|
The Vulnerability of the Production Line Using Industrial IoT Systems under DDoS Attack. ELECTRONICS 2021. [DOI: 10.3390/electronics10040381] [Citation(s) in RCA: 8] [Impact Index Per Article: 2.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 12/20/2022]
Abstract
Internet of Things (IoT) devices are not only finding increasing use in ordinary households, but they have also become a key element for the Industry 4.0 concept. The implementation of industrial IoT devices into production streamlines the production process and reduces production costs. On the other hand, connected IoT devices bring new security risks to production and expose an industrial environment to new types of attacks. The article analyzes the vulnerability of the production line with implemented industrial IoT devices with consideration of a possible Distributed Denial-of-service (DDoS) attack led by attackers from the internet. Various types of DDoS attacks abusing the presence of IoT devices in the system were performed on an automated production line implementing sorting, preparation, and dosing of bulk and liquid materials for filling into containers. The leading attacks caused failure of the production line during the production, as well as the dysfunction of communication with IoT devices. The article also demonstrates the implementation of countermeasures against DDoS attacks and possible strategies to protect and mitigate such attacks on the production line.
Collapse
|
8
|
Churcher A, Ullah R, Ahmad J, ur Rehman S, Masood F, Gogate M, Alqahtani F, Nour B, Buchanan WJ. An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks. SENSORS 2021; 21:s21020446. [PMID: 33435202 PMCID: PMC7827441 DOI: 10.3390/s21020446] [Citation(s) in RCA: 42] [Impact Index Per Article: 14.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Subscribe] [Scholar Register] [Received: 12/12/2020] [Revised: 01/06/2021] [Accepted: 01/07/2021] [Indexed: 11/16/2022]
Abstract
In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As the number of attacks possible on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to cope with these attacks efficiently. In this paper, we highlight several machine learning (ML) methods such as k-nearest neighbour (KNN), support vector machine (SVM), decision tree (DT), naive Bayes (NB), random forest (RF), artificial neural network (ANN), and logistic regression (LR) that can be used in IDS. In this work, ML algorithms are compared for both binary and multi-class classification on Bot-IoT dataset. Based on several parameters such as accuracy, precision, recall, F1 score, and log loss, we experimentally compared the aforementioned ML algorithms. In the case of HTTP distributed denial-of-service (DDoS) attack, the accuracy of RF is 99%. Furthermore, other simulation results-based precision, recall, F1 score, and log loss metric reveal that RF outperforms on all types of attacks in binary classification. However, in multi-class classification, KNN outperforms other ML algorithms with an accuracy of 99%, which is 4% higher than RF.
Collapse
Affiliation(s)
- Andrew Churcher
- School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK; (A.C.); (J.A.); (M.G.); (W.J.B.)
| | - Rehmat Ullah
- School of Electronics, Electrical Engineering and Computer Science, Queen’s University, Belfast BT9 5BN, UK
- Correspondence: ; Tel.: +44-7459-408406
| | - Jawad Ahmad
- School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK; (A.C.); (J.A.); (M.G.); (W.J.B.)
| | - Sadaqat ur Rehman
- Department of Computer Science, Namal Institute, Mianwali 42250, Pakistan;
| | - Fawad Masood
- College of Information Engineering, Yangzhou University, Yangzhou 225127, China;
| | - Mandar Gogate
- School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK; (A.C.); (J.A.); (M.G.); (W.J.B.)
| | - Fehaid Alqahtani
- Department of Computer Science, King Fahad Naval Academy, Al Jubail 35512, Saudi Arabia;
| | - Boubakr Nour
- School of Computer Science and Technology, Beijing Institute of Technology, Beijing 100081, China;
| | - William J. Buchanan
- School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK; (A.C.); (J.A.); (M.G.); (W.J.B.)
| |
Collapse
|
9
|
Sense–Analyze–Respond–Actuate (SARA) Paradigm: Proof of Concept System Spanning Nanoscale and Macroscale Actuation for Detection of Escherichia coli in Aqueous Media. ACTUATORS 2020. [DOI: 10.3390/act10010002] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 12/15/2022]
Abstract
Foodborne pathogens are a major concern for public health. We demonstrate for the first time a partially automated sensing system for rapid (~17 min), label-free impedimetric detection of Escherichia coli spp. in food samples (vegetable broth) and hydroponic media (aeroponic lettuce system) based on temperature-responsive poly(N-isopropylacrylamide) (PNIPAAm) nanobrushes. This proof of concept (PoC) for the Sense-Analyze-Respond-Actuate (SARA) paradigm uses a biomimetic nanostructure that is analyzed and actuated with a smartphone. The bio-inspired soft material and sensing mechanism is inspired by binary symbiotic systems found in nature, where low concentrations of bacteria are captured from complex matrices by brush actuation driven by concentration gradients at the tissue surface. To mimic this natural actuation system, carbon-metal nanohybrid sensors were fabricated as the transducer layer, and coated with PNIPAAm nanobrushes. The most effective coating and actuation protocol for E. coli detection at various temperatures above/below the critical solution temperature of PNIPAAm was determined using a series of electrochemical experiments. After analyzing nanobrush actuation in stagnant media, we developed a flow through system using a series of pumps that are triggered by electrochemical events at the surface of the biosensor. SARA PoC may be viewed as a cyber-physical system that actuates nanomaterials using smartphone-based electroanalytical testing of samples. This study demonstrates thermal actuation of polymer nanobrushes to detect (sense) bacteria using a cyber-physical systems (CPS) approach. This PoC may catalyze the development of smart sensors capable of actuation at the nanoscale (stimulus-response polymer) and macroscale (non-microfluidic pumping).
Collapse
|
10
|
Explainable Security in SDN-Based IoT Networks. SENSORS 2020; 20:s20247326. [PMID: 33419302 PMCID: PMC7765879 DOI: 10.3390/s20247326] [Citation(s) in RCA: 7] [Impact Index Per Article: 1.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 11/20/2020] [Revised: 12/11/2020] [Accepted: 12/14/2020] [Indexed: 11/16/2022]
Abstract
The significant advances in wireless networks in the past decade have made a variety of Internet of Things (IoT) use cases possible, greatly facilitating many operations in our daily lives. IoT is only expected to grow with 5G and beyond networks, which will primarily rely on software-defined networking (SDN) and network functions virtualization for achieving the promised quality of service. The prevalence of IoT and the large attack surface that it has created calls for SDN-based intelligent security solutions that achieve real-time, automated intrusion detection and mitigation. In this paper, we propose a real-time intrusion detection and mitigation solution for SDN, which aims to provide autonomous security in the high-traffic IoT networks of the 5G and beyond era, while achieving a high degree of interpretability by human experts. The proposed approach is built upon automated flow feature extraction and classification of flows while using random forest classifiers at the SDN application layer. We present an SDN-specific dataset that we generated for IoT and provide results on the accuracy of intrusion detection in addition to performance results in the presence and absence of our proposed security mechanism. The experimental results demonstrate that the proposed security approach is promising for achieving real-time, highly accurate detection and mitigation of attacks in SDN-managed IoT networks.
Collapse
|
11
|
Observer-Based Event-Triggered Predictive Control for Networked Control Systems under DoS Attacks. SENSORS 2020; 20:s20236866. [PMID: 33266332 PMCID: PMC7730070 DOI: 10.3390/s20236866] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 11/02/2020] [Revised: 11/21/2020] [Accepted: 11/24/2020] [Indexed: 11/17/2022]
Abstract
This paper studies the problem of DoS attack defense based on static observer-based event-triggered predictive control in networked control systems (NCSs). First, under the conditions of limited network bandwidth resources and the incomplete observability of the state of the system, we introduce the event-triggered function to provide a discrete event-triggered transmission scheme for the observer. Then, we analyze denial-of-service (DoS) attacks that occur on the network transmission channel. Using the above-mentioned event-triggered scheme, a novel class of predictive control algorithms is designed on the control node to proactively save network bandwidth and compensate for DoS attacks, which ensures the stability of NCSs. Meanwhile, a closed-loop system with an observer-based event-triggered predictive control scheme for analysis is created. Through linear matrix inequality (LMI) and the Lyapunov function method, the design of the controller, observer and event-triggered matrices is established, and the stability of the scheme is analyzed. The results show that the proposed solution can effectively compensate DoS attacks and save network bandwidth resources by combining event-triggered mechanisms. Finally, a smart grid simulation example is employed to verify the feasibility and effectiveness of the scheme's defense against DoS attacks.
Collapse
|
12
|
Abreu Maranhão JP, Carvalho Lustosa da Costa JP, Pignaton de Freitas E, Javidi E, Timóteo de Sousa Júnior R. Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique. SENSORS 2020; 20:s20205845. [PMID: 33081079 PMCID: PMC7602739 DOI: 10.3390/s20205845] [Citation(s) in RCA: 8] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 07/27/2020] [Revised: 09/10/2020] [Accepted: 09/18/2020] [Indexed: 11/18/2022]
Abstract
In recent years, advanced threats against Cyber–Physical Systems (CPSs), such as Distributed Denial of Service (DDoS) attacks, are increasing. Furthermore, traditional machine learning-based intrusion detection systems (IDSs) often fail to efficiently detect such attacks when corrupted datasets are used for IDS training. To face these challenges, this paper proposes a novel error-robust multidimensional technique for DDoS attack detection. By applying the well-known Higher Order Singular Value Decomposition (HOSVD), initially, the average value of the common features among instances is filtered out from the dataset. Next, the filtered data are forwarded to machine learning classification algorithms in which traffic information is classified as a legitimate or a DDoS attack. In terms of results, the proposed scheme outperforms traditional low-rank approximation techniques, presenting an accuracy of 98.94%, detection rate of 97.70% and false alarm rate of 4.35% for a dataset corruption level of 30% with a random forest algorithm applied for classification. In addition, for error-free conditions, it is found that the proposed approach outperforms other related works, showing accuracy, detection rate and false alarm rate of 99.87%, 99.86% and 0.16%, respectively, for the gradient boosting classifier.
Collapse
Affiliation(s)
- João Paulo Abreu Maranhão
- Department of Electrical Engineering, University of Brasília, Brasília 70910-900, Brazil; (J.P.C.L.d.C.); (R.T.d.S.J.)
- Correspondence:
| | - João Paulo Carvalho Lustosa da Costa
- Department of Electrical Engineering, University of Brasília, Brasília 70910-900, Brazil; (J.P.C.L.d.C.); (R.T.d.S.J.)
- Department 2-Campus Lippstadt, Hamm-Lippstadt University of Applied Sciences, 59063 Hamm, Germany
| | | | - Elnaz Javidi
- Department of Mechanical Engineering, University of Brasília, Brasília 70910-900, Brazil;
| | | |
Collapse
|
13
|
The Design of Large Scale IP Address and Port Scanning Tool. SENSORS 2020; 20:s20164423. [PMID: 32784387 PMCID: PMC7472026 DOI: 10.3390/s20164423] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 07/02/2020] [Revised: 07/25/2020] [Accepted: 08/04/2020] [Indexed: 12/02/2022]
Abstract
The control network is an important supporting environment for the control system of the heavy ion accelerator in Lanzhou (HIRFL). It is of great importance to maintain the accelerator system’s network security for the stable operation of the accelerator. With the rapid expansion of the network scale and the increasing complexity of accelerator system equipment, the security situation of the control network is becoming increasingly severe. Port scanning detection can effectively reduce the losses caused by viruses and Trojan horses. This article uses Go Concurrency Patterns, combined with transmission control protocol (TCP) full connection scanning and GIMP Toolkit (GTK) graphic display technology, to develop a tool called HIRFL Scanner. It can scan IP addresses in any range with any ports. This is a very fast, installation-free, cross-platform IP address and port scanning tool. Finally, a series of experiments show that the tool developed in this paper is much faster than the same type of software, and meets the expected development needs.
Collapse
|
14
|
Semantic-Aware Security Orchestration in SDN/NFV-Enabled IoT Systems. SENSORS 2020; 20:s20133622. [PMID: 32605111 PMCID: PMC7374451 DOI: 10.3390/s20133622] [Citation(s) in RCA: 9] [Impact Index Per Article: 2.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 06/06/2020] [Revised: 06/22/2020] [Accepted: 06/23/2020] [Indexed: 11/25/2022]
Abstract
IoT systems can be leveraged by Network Function Virtualization (NFV) and Software-Defined Networking (SDN) technologies, thereby strengthening their overall flexibility, security and resilience. In this sense, adaptive and policy-based security frameworks for SDN/NFV-aware IoT systems can provide a remarkable added value for self-protection and self-healing, by orchestrating and enforcing dynamically security policies and associated Virtual Network Functions (VNF) or Virtual network Security Functions (VSF) according to the actual context. However, this security orchestration is subject to multiple possible inconsistencies between the policies to enforce, the already enforced management policies and the evolving status of the managed IoT system. In this regard, this paper presents a semantic-aware, zero-touch and policy-driven security orchestration framework for autonomic and conflict-less security orchestration in SDN/NFV-aware IoT scenarios while ensuring optimal allocation and Service Function Chaining (SFC) of VSF. The framework relies on Semantic technologies and considers the security policies and the evolving IoT system model to dynamically and formally detect any semantic conflict during the orchestration. In addition, our optimized SFC algorithm maximizes the QoS, security aspects and resources usage during VSF allocation. The orchestration security framework has been implemented and validated showing its feasibility and performance to detect the conflicts and optimally enforce the VSFs.
Collapse
|
15
|
Li Y, Su X, Ding AY, Lindgren A, Liu X, Prehofer C, Riekki J, Rahmani R, Tarkoma S, Hui P. Enhancing the Internet of Things with Knowledge-Driven Software-Defined Networking Technology: Future Perspectives. SENSORS 2020; 20:s20123459. [PMID: 32575354 PMCID: PMC7349240 DOI: 10.3390/s20123459] [Citation(s) in RCA: 12] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 04/30/2020] [Revised: 06/10/2020] [Accepted: 06/12/2020] [Indexed: 11/18/2022]
Abstract
The Internet of Things (IoT) connects smart devices to enable various intelligent services. The deployment of IoT encounters several challenges, such as difficulties in controlling and managing IoT applications and networks, problems in programming existing IoT devices, long service provisioning time, underused resources, as well as complexity, isolation and scalability, among others. One fundamental concern is that current IoT networks lack flexibility and intelligence. A network-wide flexible control and management are missing in IoT networks. In addition, huge numbers of devices and large amounts of data are involved in IoT, but none of them have been tuned for supporting network management and control. In this paper, we argue that Software-defined Networking (SDN) together with the data generated by IoT applications can enhance the control and management of IoT in terms of flexibility and intelligence. We present a review for the evolution of SDN and IoT and analyze the benefits and challenges brought by the integration of SDN and IoT with the help of IoT data. We discuss the perspectives of knowledge-driven SDN for IoT through a new IoT architecture and illustrate how to realize Industry IoT by using the architecture. We also highlight the challenges and future research works toward realizing IoT with the knowledge-driven SDN.
Collapse
Affiliation(s)
- Yuhong Li
- State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
- Department of Computer and Systems Sciences, Stockholm University, 16407 Stockholm, Sweden;
- Correspondence:
| | - Xiang Su
- Department of Computer Science, University of Helsinki, FI-00014 Helsinki, Finland; (X.S.); (X.L.); (S.T.); (P.H.)
- Center for Ubiquitous Computing, University of Oulu, FI-90014 Oulu, Finland;
| | - Aaron Yi Ding
- Department Engineering Systems and Services, Delft University of Technology, 2628BX Delft, The Netherlands;
| | - Anders Lindgren
- RISE Research Institutes of Sweden, 16440 Kista, Sweden;
- Luleå University of Technology, 97187 Luleå, Sweden
| | - Xiaoli Liu
- Department of Computer Science, University of Helsinki, FI-00014 Helsinki, Finland; (X.S.); (X.L.); (S.T.); (P.H.)
| | - Christian Prehofer
- DENSO Automotive Germany GmbH, 85386 Eching, Germany;
- Department of Informatics, Technical University of Munich, 80333 München, Germany
| | - Jukka Riekki
- Center for Ubiquitous Computing, University of Oulu, FI-90014 Oulu, Finland;
| | - Rahim Rahmani
- Department of Computer and Systems Sciences, Stockholm University, 16407 Stockholm, Sweden;
| | - Sasu Tarkoma
- Department of Computer Science, University of Helsinki, FI-00014 Helsinki, Finland; (X.S.); (X.L.); (S.T.); (P.H.)
| | - Pan Hui
- Department of Computer Science, University of Helsinki, FI-00014 Helsinki, Finland; (X.S.); (X.L.); (S.T.); (P.H.)
- Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Clear Water Bay, Hong Kong
| |
Collapse
|
16
|
Dantas Silva FS, Silva E, Neto EP, Lemos M, Venancio Neto AJ, Esposito F. A Taxonomy of DDoS Attack Mitigation Approaches Featured by SDN Technologies in IoT Scenarios. SENSORS 2020; 20:s20113078. [PMID: 32485943 PMCID: PMC7309081 DOI: 10.3390/s20113078] [Citation(s) in RCA: 23] [Impact Index Per Article: 5.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 05/01/2020] [Revised: 05/16/2020] [Accepted: 05/19/2020] [Indexed: 11/16/2022]
Abstract
The Internet of Things (IoT) has attracted much attention from the Information and Communication Technology (ICT) community in recent years. One of the main reasons for this is the availability of techniques provided by this paradigm, such as environmental monitoring employing user data and everyday objects. The facilities provided by the IoT infrastructure allow the development of a wide range of new business models and applications (e.g., smart homes, smart cities, or e-health). However, there are still concerns over the security measures which need to be addressed to ensure a suitable deployment. Distributed Denial of Service (DDoS) attacks are among the most severe virtual threats at present and occur prominently in this scenario, which can be mainly owed to their ease of execution. In light of this, several research studies have been conducted to find new strategies as well as improve existing techniques and solutions. The use of emerging technologies such as those based on the Software-Defined Networking (SDN) paradigm has proved to be a promising alternative as a means of mitigating DDoS attacks. However, the high granularity that characterizes the IoT scenarios and the wide range of techniques explored during the DDoS attacks make the task of finding and implementing new solutions quite challenging. This problem is exacerbated by the lack of benchmarks that can assist developers when designing new solutions for mitigating DDoS attacks for increasingly complex IoT scenarios. To fill this knowledge gap, in this study we carry out an in-depth investigation of the state-of-the-art and create a taxonomy that describes and characterizes existing solutions and highlights their main limitations. Our taxonomy provides a comprehensive view of the reasons for the deployment of the solutions, and the scenario in which they operate. The results of this study demonstrate the main benefits and drawbacks of each solution set when applied to specific scenarios by examining current trends and future perspectives, for example, the adoption of emerging technologies based on Cloud and Edge (or Fog) Computing.
Collapse
Affiliation(s)
- Felipe S. Dantas Silva
- LaTARC Research Lab (IFRN), Federal Institute of Education, Science and Technology of Rio Grande do Norte (IFRN), Natal, RN 59015-000, Brazil; (E.S.); (E.P.N.); (M.L.)
- Department of Informatics and Applied Mathematics (DIMAp), Federal University of Rio Grande do Norte (UFRN), Natal, RN 59078-970, Brazil;
- Correspondence:
| | - Esau Silva
- LaTARC Research Lab (IFRN), Federal Institute of Education, Science and Technology of Rio Grande do Norte (IFRN), Natal, RN 59015-000, Brazil; (E.S.); (E.P.N.); (M.L.)
| | - Emidio P. Neto
- LaTARC Research Lab (IFRN), Federal Institute of Education, Science and Technology of Rio Grande do Norte (IFRN), Natal, RN 59015-000, Brazil; (E.S.); (E.P.N.); (M.L.)
- Department of Informatics and Applied Mathematics (DIMAp), Federal University of Rio Grande do Norte (UFRN), Natal, RN 59078-970, Brazil;
| | - Marcilio Lemos
- LaTARC Research Lab (IFRN), Federal Institute of Education, Science and Technology of Rio Grande do Norte (IFRN), Natal, RN 59015-000, Brazil; (E.S.); (E.P.N.); (M.L.)
- Department of Informatics and Applied Mathematics (DIMAp), Federal University of Rio Grande do Norte (UFRN), Natal, RN 59078-970, Brazil;
| | - Augusto J. Venancio Neto
- Department of Informatics and Applied Mathematics (DIMAp), Federal University of Rio Grande do Norte (UFRN), Natal, RN 59078-970, Brazil;
- Instituto de Telecomunicações, 3810-193 Aveiro, Portugal
| | - Flavio Esposito
- Department of Computer Science, Saint Louis University, Saint Louis, MO 63103, USA;
| |
Collapse
|
17
|
Song W, Beshley M, Przystupa K, Beshley H, Kochan O, Pryslupskyi A, Pieniak D, Su J. A Software Deep Packet Inspection System for Network Traffic Analysis and Anomaly Detection. SENSORS 2020; 20:s20061637. [PMID: 32183399 PMCID: PMC7146318 DOI: 10.3390/s20061637] [Citation(s) in RCA: 26] [Impact Index Per Article: 6.5] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 02/09/2020] [Revised: 03/08/2020] [Accepted: 03/12/2020] [Indexed: 12/04/2022]
Abstract
In this paper, to solve the problem of detecting network anomalies, a method of forming a set of informative features formalizing the normal and anomalous behavior of the system on the basis of evaluating the Hurst (H) parameter of the network traffic has been proposed. Criteria to detect and prevent various types of network anomalies using the Three Sigma Rule and Hurst parameter have been defined. A rescaled range (RS) method to evaluate the Hurst parameter has been chosen. The practical value of the proposed method is conditioned by a set of the following factors: low time spent on calculations, short time required for monitoring, the possibility of self-training, as well as the possibility of observing a wide range of traffic types. For new DPI (Deep Packet Inspection) system implementation, algorithms for analyzing and captured traffic with protocol detection and determining statistical load parameters have been developed. In addition, algorithms that are responsible for flow regulation to ensure the QoS (Quality of Services) based on the conducted static analysis of flows and the proposed method of detection of anomalies using the parameter Hurst have been developed. We compared the proposed software DPI system with the existing SolarWinds Deep Packet Inspection for the possibility of network traffic anomaly detection and prevention. The created software components of the proposed DPI system increase the efficiency of using standard intrusion detection and prevention systems by identifying and taking into account new non-standard factors and dependencies. The use of the developed system in the IoT communication infrastructure will increase the level of information security and significantly reduce the risks of its loss.
Collapse
Affiliation(s)
- Wenguang Song
- School of Computer Science, Yangtze University, Jingzhou 434023, China;
| | - Mykola Beshley
- Department of telecommunications, Lviv Polytechnic National University, Bandery 12, 79013 Lviv, Ukraine; (M.B.); (H.B.); (O.K.); (A.P.)
| | - Krzysztof Przystupa
- Department of Automation, Lublin University of Technology, Nadbystrzycka 36, 20-618 Lublin, Poland
- Correspondence:
| | - Halyna Beshley
- Department of telecommunications, Lviv Polytechnic National University, Bandery 12, 79013 Lviv, Ukraine; (M.B.); (H.B.); (O.K.); (A.P.)
| | - Orest Kochan
- Department of telecommunications, Lviv Polytechnic National University, Bandery 12, 79013 Lviv, Ukraine; (M.B.); (H.B.); (O.K.); (A.P.)
- Department of Automation, Lublin University of Technology, Nadbystrzycka 36, 20-618 Lublin, Poland
| | - Andrii Pryslupskyi
- Department of telecommunications, Lviv Polytechnic National University, Bandery 12, 79013 Lviv, Ukraine; (M.B.); (H.B.); (O.K.); (A.P.)
| | - Daniel Pieniak
- Department of Mechanics and Machine Building, University of Economics and Innovations in Lublin, Projektowa 4, 20-209 Lublin, Poland;
| | - Jun Su
- School of Computer Science, Hubei University of Technology, Wuhan 430068, China;
| |
Collapse
|