Abstract
Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers, because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this article, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We evaluate the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software-defined networking (SDN)-based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address “when” to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack path-based optimization/random) to address “how” to perform network topology shuffling on a decoy-populated IoT network, and we analyze which strategy can best achieve a system goal, such as prolonging the system lifetime, maximizing deception effectiveness, maximizing service availability, or minimizing defense cost. We demonstrated that a software-defined IoT network running our intrusion prevention technique at the optimal parameter setting prolongs system lifetime, increases attack complexity of compromising critical nodes, and maintains superior service availability compared with a counterpart IoT network without running our intrusion prevention technique. Further, when given a single goal or a multi-objective goal (e.g., maximizing the system lifetime and service availability while minimizing the defense cost) as input, the best combination of “when” and “how” strategies is identified for executing our proposed technique under which the specified goal can be best achieved.
- H. Abie and I. Balasingham. 2012. Risk-based adaptive security for smart IoT in eHealth. In Proceedings of the 7th International Conference on Body Area Networks (BodyNets’12). ICST, 269–275. Google Scholar
Digital Library
- H. Alavizadeh, D. S. Kim, and J. Jang-Jaccard. 2020. Model-based evaluation of combinations of Shuffle and Diversity MTD techniques on the cloud. Future Gen. Comput. Syst. 111 (2020), 507–522.Google Scholar
Cross Ref
- A. Almohaimeed, S. Gampa, and G. Singh. 2019. Privacy-preserving IoT devices. In Proceedings of the IEEE Long Island Systems, Applications and Technology Conference (LISAT’19). 1–5.Google Scholar
- M. Anirudh, S. A. Thileeban, and D. J. Nallathambi. 2017. Use of honeypots for mitigating DoS attacks targeted on IoT networks. In Proceedings of the International Conference on Computer, Communication, and Signal Processing (ICCCSP’17). IEEE, 1–4.Google Scholar
Cross Ref
- C. J. Bernardos, A. de la Oliva, P. Serrano, A. Banchs, L. M. Contreras, H. Jin, and J. C. Zuniga. 2014. An architecture for software defined wireless networking. IEEE Wireless Commun. 21, 3 (2014), 52–61.Google Scholar
Cross Ref
- V. Casola, A. D. Benedictis, and M. Albanese. 2013. Integration of Reusable Systems. Springer International Publishing, Chapter A Multi-Layer Moving Target Defense Approach for Protecting Resource-Constrained Distributed Devices.Google Scholar
- J. Cho, D. P. Sharma, H. Alavizadeh, S. Yoon, N. Ben-Asher, T. J. Moore, D. S. Kim, H. Lim, and F. F. Nelson. 2020. Toward proactive, adaptive defense: A survey on moving target defense. IEEE Commun. Surveys Tutor. (2020), 1–1.Google Scholar
- J. H. Cho and N. Ben-Asher. 2018. Cyber defense in breadth: Modeling and analysis of integrated defense systems. J. Defense Model. Simul. 15, 2 (2018), 147–160.Google Scholar
Cross Ref
- J. H. Cho, Y. Wang, I. R. Chen, K. S. Chan, and A. Swami. 2017a. A survey on modeling and optimizing multi-objective systems. IEEE Commun. Surveys Tutor. 19, 3 (2017), 1867–1901.Google Scholar
Digital Library
- J. H. Cho, Y. Wang, R. Chen, K. S. Chan, and A. Swami. 2017b. A survey on modeling and optimizing multi-objective systems. IEEE Commun. Surveys Tutor. 19, 3 (2017), 1867–1901.Google Scholar
Digital Library
- B. T. De Oliveira, L. B. Gabriel, and C. B. Margi. 2015. TinySDN: Enabling multiple controllers for software-defined wireless sensor networks. IEEE Latin America Trans. 13, 11 (2015), 3690–3696.Google Scholar
Cross Ref
- K. Deb, A. Pratap, S. Agarwal, and T. Meyarivan. 2002. A fast and elitist multiobjective genetic algorithm: NSGA-II. IEEE Trans. Evolution. Comput. 6, 2 (2002), 182–197. Google Scholar
Digital Library
- S. Dowling, M. Schukat, and H. Melvin. 2017. A ZigBee Honeypot to assess IoT cyberattack behaviour. In Proceedings of the 28th Irish Signals and Systems Conference (ISSC’17). IEEE, 1–6.Google Scholar
- Open Network Foundation. 2012. OpenFlow Switch Specification (Version 1.3.0). Technical Report.Google Scholar
- L. Galluccio, S. Milardo, G. Morabito, and S. Palazzo. 2015. SDN-WISE: Design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks. In Proceedings of the IEEE Conference on Computer Communications (INFOCOM’15). 513–521.Google Scholar
- F. C. Gärtner. 2003. Byzantine failures and security: Arbitrary is not (always) random. Technical Report.Google Scholar
- M. Ge. 2020. IoT_IntegratedDefence. (2020). Retrieved from https://github.com/mmge88/IoT_IntegratedDefence.Google Scholar
- M. Ge, J. Cho, C. A. Kamhoua, and D. S. Kim. 2018. Optimal deployments of defense mechanisms for the internet of things. In Proceedings of the International Workshop on Secure Internet of Things (SIoT’18). IEEE, 8–17.Google Scholar
Cross Ref
- M. Ge, J. H. Cho, B. Ishfaq, and D. S. Kim. 2020. Modeling and Design of Secure Internet of Things. Wiley, Chapter Modeling and Analysis of Proactive Defense Mechanisms for Internet-of-Things. IEEE Press.Google Scholar
- M. Ge, J. B. Hong, W. Guttmann, and D. S. Kim. 2017. A framework for automating security analysis of the internet of things. J. Netw. Comput. Appl. 83 (2017), 12–27. Google Scholar
Digital Library
- M. Ge, J. B. Hong, S. E. Yusuf, and D. S. Kim. 2018. Proactive defense mechanisms for the software-defined Internet of Things with non-patchable vulnerabilities. Future Gen. Comput. Syst. 78 (2018), 568–582.Google Scholar
Cross Ref
- A. O. Hamada, M. Azab, and A. Mokhtar. 2018. Honeypot-like Moving-target Defense for secure IoT Operation. In Proceedings of the IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON’18). 971–977.Google Scholar
- J. B. Hong and D. S. Kim. 2015. Assessing the effectiveness of moving target defenses using security models. IEEE Trans. Depend. Secure Comput. 13, 2 (2015), 163–177. Google Scholar
Digital Library
- Jin B. Hong, Dong Seong Kim, Chun-Jen Chung, and Dijiang Huang. 2017. A survey on the usability and practical applications of graphical security models. Comput. Sci. Rev. 26 (2017), 1–16. Google Scholar
Digital Library
- M. Kahla, M. Azab, and A. Mansour. 2018. Secure, Resilient, and self-configuring fog architecture for untrustworthy IoT environments. In Proceedings of the 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE’18). 49–54.Google Scholar
- D. Kennedy, J. O’Gorman, D. Kearns, and M. Aharoni. 2011. Metasploit: The Penetration Tester’s Guide. No Starch Press. Google Scholar
Digital Library
- A. I. Kouachi, S. Sahraoui, and A. Bachir. 2018. Per packet flow anonymization in 6LoWPAN IoT networks. In Proceedings of the 6th International Conference on Wireless Networks and Mobile Communications (WINCOM’18). 1–7.Google Scholar
- M. Kuźniar, P. Perešíni, and D. Kostić. 2015. What you need to know about SDN flow tables. In Proceedings of the 16th International Conference on Passive and Active Network Measurement. Springer International Publishing, 347–359.Google Scholar
- Q. D. La, T. Q. S. Quek, J. Lee, S. Jin, and H. Zhu. 2016. Deceptive attack and defense game in honeypot-enabled networks for the internet of things. IEEE Internet Things J. 3, 6 (2016), 1025–1035.Google Scholar
Cross Ref
- T. Lei, Z. Lu, X. Wen, X. Zhao, and L. Wang. 2014. SWAN: An SDN Based Campus WLAN framework. In Proceedings of the 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace Electronic Systems (VITAE’14). 1–5.Google Scholar
- G. Lin, M. Dong, K. Ota, J. Li, W. Yang, and J. Wu. 2019. Security function virtualization based moving target defense of SDN-enabled smart grid. In Proceedings of the IEEE International Conference on Communications (ICC’19). 1–6.Google Scholar
- J. Liu, Y. Li, M. Chen, W. Dong, and D. Jin. 2015. Software-defined internet of things for smart urban sensing. IEEE Commun. Mag. 53, 9 (2015), 55–63.Google Scholar
Digital Library
- Y. Liu, G. Grigoryan, C. A. Kamhoua, and L. L. Njilla. 2020. Modeling and Design of Secure Internet of Things. Wiley, Chapter Leverage SDN for Cyber-Security Deception in Internet of Things. IEEE Press.Google Scholar
- K. Mahmood and D. M. Shila. 2016. Moving target defense for Internet of Things using context aware code partitioning and code diversification. In Proceedings of the IEEE 3rd World Forum on Internet of Things (WF-IoT’16). IEEE, 329–330.Google Scholar
Cross Ref
- T. Miyazaki, S. Yamaguchi, K. Kobayashi, J. Kitamichi, Song Guo, T. Tsukahara, and T. Hayashi. 2014. A software defined wireless sensor network. In Proceedings of the IEEE 2014 International Conference on Computing, Networking and Communications (ICNC’14). 847–852.Google Scholar
- NIST. 2005. National Vulnerability Database (NVD). Retrieved from https://nvd.nist.gov/.Google Scholar
- F. Nizzi, T. Pecorella, F. Esposito, L. Pierucci, and R. Fantacci. 2019. IoT security via address shuffling: The easy way. IEEE Internet Things J. 6, 2 (2019), 3764–3774.Google Scholar
Cross Ref
- L. Pingree. 2016. Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities. Retrieved from https://www.gartner.com/doc/reprints?id=1-2LSQOX3&ct=150824&st=sb&aliId=87768.Google Scholar
- S. Plaga, N. Wiedermann, M. Niedermaier, A. Giehl, and T. Newe. 2018. Future proofing iot embedded platforms for cryptographic primitives support. In Proceedings of the 12th International Conference on Sensing Technology (ICST’18). 52–57.Google Scholar
- H. Poston. 2019. Top 10 network recon tools. Retrieved from https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/.Google Scholar
- R. Roman, J. Zhou, and J. Lopez. 2013. On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57, 10 (2013), 2266–2279. Google Scholar
Digital Library
- A. Rullo, D. Midi, E. Serra, and E. Bertino. 2017a. Pareto optimal security resource allocation for internet of things. ACM Trans. Privacy Secur. 20, 4 (2017), 15:1–15:30. Google Scholar
Digital Library
- A. Rullo, E. Serra, E. Bertino, and J. Lobo. 2017b. Shortfall-based optimal placement of security resources for mobile IoT scenarios. In Proceedings of the 22nd European Symposium on Research in Computer Security (ESORICS’17). Springer International Publishing, 419–436.Google Scholar
- K. Rusek, J. Suárez-Varela, A. Mestres, P. Barlet-Ros, and A. Cabellos-Aparicio. 2019. Unveiling the potential of graph neural networks for network modeling and optimization in SDN. In Proceedings of the ACM Symposium on SDN Research (SOSR’19). Association for Computing Machinery, 140–151. DOI:https://doi.org/10.1145/3314148.3314357 Google Scholar
Digital Library
- V. Saini, Q. Duan, and V. Paruchuri. 2008. Threat modeling using attack trees. J. Comput. Sci. Colleges 23, 4 (2008), 124–131. Google Scholar
Digital Library
- R. M. Savola, H. Abie, and M. Sihvonen. 2012. Towards metrics-driven adaptive security management in e-health IoT applications. In Proceedings of the 7th International Conference on Body Area Networks (BodyNets’12). ICST, 276–281. Google Scholar
Digital Library
- S. Sengupta, A. Chowdhary, A. Sabur, A. Alshamrani, Huang D., and S. Kambhampati. 2020. A Survey of Moving Target Defenses for Network Security. Retrieved from https://arXiv:1905.00964.Google Scholar
- M. Sherburne, R. Marchany, and J. Tront. 2014. Implementing moving target ipv6 defense to secure 6lowpan in the internet of things and smart grid. In Proceedings of the 9th Annual Cyber and Information Security Research Conference (CISR’14). ACM, 37–40. Google Scholar
Digital Library
- O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing. 2002. Automated generation and analysis of attack graphs. In Proceedings of the IEEE Symposium on Security and Privacy (SP’02). IEEE Computer Society, 273–284. Google Scholar
Digital Library
- The Python Standard Library. 2021. Generate pseudo-random numbers. Retrieved from https://docs.python.org/3/library/random.html.Google Scholar
- S. Vuppala, A. E. Mady, and A. Kuenzi. 2019. Rekeying-based moving target defence mechanism for side-channel attacks. In Proceedings of the Global IoT Summit (GIoTS’19). 1–5.Google Scholar
- S. Wang, H. Shi, Q. Hu, B. Lin, and X. Cheng. 2019. Moving target defense for internet of things based on the zero-determinant theory. IEEE Internet Things J. (2019), 1–1.Google Scholar
- K. Zeitz, M. Cantrell, R. Marchany, and J. Tront. 2017. Designing a micro-moving target ipv6 defense for the internet of things. In Proceedings of the IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI’17). IEEE, 179–184. Google Scholar
Digital Library
- K. Zeitz, M. Cantrell, R. Marchany, and J. Tront. 2018. Changing the Game: A micro moving target IPv6 Defense for the internet of things. IEEE Wireless Commun. Lett. 7, 4 (2018), 578–581.Google Scholar
Cross Ref
Index Terms
Proactive Defense for Internet-of-things: Moving Target Defense With Cyberdeception
Recommendations
Comparison of Defense Effectiveness between Moving Target Defense and Cyber Deception Defense
DSIT 2021: 2021 4th International Conference on Data Science and Information TechnologyBoth moving target defense and cyber deception defense protect their systems and networks by increasing the uncertainty of information acquired by attackers. Moving target defense randomly changes the IP address, port, operating platform, and other ...
Evaluating Deception and Moving Target Defense with Network Attack Simulation
MTD'22: Proceedings of the 9th ACM Workshop on Moving Target DefenseIn the field of network security, with the ongoing arms race between attackers, seeking new vulnerabilities to bypass defense mechanisms and defenders reinforcing their prevention, detection and response strategies, the novel concept of cyber deception ...
Ransomware protection using the moving target defense perspective
Highlights- We analyzed the ransomware attack process in four phases which are receiving a key from attacker’s server, finding target files, generating an encryption key,...
AbstractRansomware has become the most dangerous threat today because of its unique and destructive characteristics. Ransomware encrypts the victim’s important files and then requires money to decrypt them. Ransomware has become among the most ...






Comments