skip to main content
research-article
Public Access

Proactive Defense for Internet-of-things: Moving Target Defense With Cyberdeception

Authors Info & Claims
Published:14 September 2021Publication History
Skip Abstract Section

Abstract

Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers, because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this article, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We evaluate the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software-defined networking (SDN)-based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address “when” to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack path-based optimization/random) to address “how” to perform network topology shuffling on a decoy-populated IoT network, and we analyze which strategy can best achieve a system goal, such as prolonging the system lifetime, maximizing deception effectiveness, maximizing service availability, or minimizing defense cost. We demonstrated that a software-defined IoT network running our intrusion prevention technique at the optimal parameter setting prolongs system lifetime, increases attack complexity of compromising critical nodes, and maintains superior service availability compared with a counterpart IoT network without running our intrusion prevention technique. Further, when given a single goal or a multi-objective goal (e.g., maximizing the system lifetime and service availability while minimizing the defense cost) as input, the best combination of “when” and “how” strategies is identified for executing our proposed technique under which the specified goal can be best achieved.

References

  1. H. Abie and I. Balasingham. 2012. Risk-based adaptive security for smart IoT in eHealth. In Proceedings of the 7th International Conference on Body Area Networks (BodyNets’12). ICST, 269–275. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. H. Alavizadeh, D. S. Kim, and J. Jang-Jaccard. 2020. Model-based evaluation of combinations of Shuffle and Diversity MTD techniques on the cloud. Future Gen. Comput. Syst. 111 (2020), 507–522.Google ScholarGoogle ScholarCross RefCross Ref
  3. A. Almohaimeed, S. Gampa, and G. Singh. 2019. Privacy-preserving IoT devices. In Proceedings of the IEEE Long Island Systems, Applications and Technology Conference (LISAT’19). 1–5.Google ScholarGoogle Scholar
  4. M. Anirudh, S. A. Thileeban, and D. J. Nallathambi. 2017. Use of honeypots for mitigating DoS attacks targeted on IoT networks. In Proceedings of the International Conference on Computer, Communication, and Signal Processing (ICCCSP’17). IEEE, 1–4.Google ScholarGoogle ScholarCross RefCross Ref
  5. C. J. Bernardos, A. de la Oliva, P. Serrano, A. Banchs, L. M. Contreras, H. Jin, and J. C. Zuniga. 2014. An architecture for software defined wireless networking. IEEE Wireless Commun. 21, 3 (2014), 52–61.Google ScholarGoogle ScholarCross RefCross Ref
  6. V. Casola, A. D. Benedictis, and M. Albanese. 2013. Integration of Reusable Systems. Springer International Publishing, Chapter A Multi-Layer Moving Target Defense Approach for Protecting Resource-Constrained Distributed Devices.Google ScholarGoogle Scholar
  7. J. Cho, D. P. Sharma, H. Alavizadeh, S. Yoon, N. Ben-Asher, T. J. Moore, D. S. Kim, H. Lim, and F. F. Nelson. 2020. Toward proactive, adaptive defense: A survey on moving target defense. IEEE Commun. Surveys Tutor. (2020), 1–1.Google ScholarGoogle Scholar
  8. J. H. Cho and N. Ben-Asher. 2018. Cyber defense in breadth: Modeling and analysis of integrated defense systems. J. Defense Model. Simul. 15, 2 (2018), 147–160.Google ScholarGoogle ScholarCross RefCross Ref
  9. J. H. Cho, Y. Wang, I. R. Chen, K. S. Chan, and A. Swami. 2017a. A survey on modeling and optimizing multi-objective systems. IEEE Commun. Surveys Tutor. 19, 3 (2017), 1867–1901.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. J. H. Cho, Y. Wang, R. Chen, K. S. Chan, and A. Swami. 2017b. A survey on modeling and optimizing multi-objective systems. IEEE Commun. Surveys Tutor. 19, 3 (2017), 1867–1901.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. B. T. De Oliveira, L. B. Gabriel, and C. B. Margi. 2015. TinySDN: Enabling multiple controllers for software-defined wireless sensor networks. IEEE Latin America Trans. 13, 11 (2015), 3690–3696.Google ScholarGoogle ScholarCross RefCross Ref
  12. K. Deb, A. Pratap, S. Agarwal, and T. Meyarivan. 2002. A fast and elitist multiobjective genetic algorithm: NSGA-II. IEEE Trans. Evolution. Comput. 6, 2 (2002), 182–197. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. S. Dowling, M. Schukat, and H. Melvin. 2017. A ZigBee Honeypot to assess IoT cyberattack behaviour. In Proceedings of the 28th Irish Signals and Systems Conference (ISSC’17). IEEE, 1–6.Google ScholarGoogle Scholar
  14. Open Network Foundation. 2012. OpenFlow Switch Specification (Version 1.3.0). Technical Report.Google ScholarGoogle Scholar
  15. L. Galluccio, S. Milardo, G. Morabito, and S. Palazzo. 2015. SDN-WISE: Design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks. In Proceedings of the IEEE Conference on Computer Communications (INFOCOM’15). 513–521.Google ScholarGoogle Scholar
  16. F. C. Gärtner. 2003. Byzantine failures and security: Arbitrary is not (always) random. Technical Report.Google ScholarGoogle Scholar
  17. M. Ge. 2020. IoT_IntegratedDefence. (2020). Retrieved from https://github.com/mmge88/IoT_IntegratedDefence.Google ScholarGoogle Scholar
  18. M. Ge, J. Cho, C. A. Kamhoua, and D. S. Kim. 2018. Optimal deployments of defense mechanisms for the internet of things. In Proceedings of the International Workshop on Secure Internet of Things (SIoT’18). IEEE, 8–17.Google ScholarGoogle ScholarCross RefCross Ref
  19. M. Ge, J. H. Cho, B. Ishfaq, and D. S. Kim. 2020. Modeling and Design of Secure Internet of Things. Wiley, Chapter Modeling and Analysis of Proactive Defense Mechanisms for Internet-of-Things. IEEE Press.Google ScholarGoogle Scholar
  20. M. Ge, J. B. Hong, W. Guttmann, and D. S. Kim. 2017. A framework for automating security analysis of the internet of things. J. Netw. Comput. Appl. 83 (2017), 12–27. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. M. Ge, J. B. Hong, S. E. Yusuf, and D. S. Kim. 2018. Proactive defense mechanisms for the software-defined Internet of Things with non-patchable vulnerabilities. Future Gen. Comput. Syst. 78 (2018), 568–582.Google ScholarGoogle ScholarCross RefCross Ref
  22. A. O. Hamada, M. Azab, and A. Mokhtar. 2018. Honeypot-like Moving-target Defense for secure IoT Operation. In Proceedings of the IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON’18). 971–977.Google ScholarGoogle Scholar
  23. J. B. Hong and D. S. Kim. 2015. Assessing the effectiveness of moving target defenses using security models. IEEE Trans. Depend. Secure Comput. 13, 2 (2015), 163–177. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Jin B. Hong, Dong Seong Kim, Chun-Jen Chung, and Dijiang Huang. 2017. A survey on the usability and practical applications of graphical security models. Comput. Sci. Rev. 26 (2017), 1–16. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. M. Kahla, M. Azab, and A. Mansour. 2018. Secure, Resilient, and self-configuring fog architecture for untrustworthy IoT environments. In Proceedings of the 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE’18). 49–54.Google ScholarGoogle Scholar
  26. D. Kennedy, J. O’Gorman, D. Kearns, and M. Aharoni. 2011. Metasploit: The Penetration Tester’s Guide. No Starch Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. A. I. Kouachi, S. Sahraoui, and A. Bachir. 2018. Per packet flow anonymization in 6LoWPAN IoT networks. In Proceedings of the 6th International Conference on Wireless Networks and Mobile Communications (WINCOM’18). 1–7.Google ScholarGoogle Scholar
  28. M. Kuźniar, P. Perešíni, and D. Kostić. 2015. What you need to know about SDN flow tables. In Proceedings of the 16th International Conference on Passive and Active Network Measurement. Springer International Publishing, 347–359.Google ScholarGoogle Scholar
  29. Q. D. La, T. Q. S. Quek, J. Lee, S. Jin, and H. Zhu. 2016. Deceptive attack and defense game in honeypot-enabled networks for the internet of things. IEEE Internet Things J. 3, 6 (2016), 1025–1035.Google ScholarGoogle ScholarCross RefCross Ref
  30. T. Lei, Z. Lu, X. Wen, X. Zhao, and L. Wang. 2014. SWAN: An SDN Based Campus WLAN framework. In Proceedings of the 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace Electronic Systems (VITAE’14). 1–5.Google ScholarGoogle Scholar
  31. G. Lin, M. Dong, K. Ota, J. Li, W. Yang, and J. Wu. 2019. Security function virtualization based moving target defense of SDN-enabled smart grid. In Proceedings of the IEEE International Conference on Communications (ICC’19). 1–6.Google ScholarGoogle Scholar
  32. J. Liu, Y. Li, M. Chen, W. Dong, and D. Jin. 2015. Software-defined internet of things for smart urban sensing. IEEE Commun. Mag. 53, 9 (2015), 55–63.Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Y. Liu, G. Grigoryan, C. A. Kamhoua, and L. L. Njilla. 2020. Modeling and Design of Secure Internet of Things. Wiley, Chapter Leverage SDN for Cyber-Security Deception in Internet of Things. IEEE Press.Google ScholarGoogle Scholar
  34. K. Mahmood and D. M. Shila. 2016. Moving target defense for Internet of Things using context aware code partitioning and code diversification. In Proceedings of the IEEE 3rd World Forum on Internet of Things (WF-IoT’16). IEEE, 329–330.Google ScholarGoogle ScholarCross RefCross Ref
  35. T. Miyazaki, S. Yamaguchi, K. Kobayashi, J. Kitamichi, Song Guo, T. Tsukahara, and T. Hayashi. 2014. A software defined wireless sensor network. In Proceedings of the IEEE 2014 International Conference on Computing, Networking and Communications (ICNC’14). 847–852.Google ScholarGoogle Scholar
  36. NIST. 2005. National Vulnerability Database (NVD). Retrieved from https://nvd.nist.gov/.Google ScholarGoogle Scholar
  37. F. Nizzi, T. Pecorella, F. Esposito, L. Pierucci, and R. Fantacci. 2019. IoT security via address shuffling: The easy way. IEEE Internet Things J. 6, 2 (2019), 3764–3774.Google ScholarGoogle ScholarCross RefCross Ref
  38. L. Pingree. 2016. Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities. Retrieved from https://www.gartner.com/doc/reprints?id=1-2LSQOX3&ct=150824&st=sb&aliId=87768.Google ScholarGoogle Scholar
  39. S. Plaga, N. Wiedermann, M. Niedermaier, A. Giehl, and T. Newe. 2018. Future proofing iot embedded platforms for cryptographic primitives support. In Proceedings of the 12th International Conference on Sensing Technology (ICST’18). 52–57.Google ScholarGoogle Scholar
  40. H. Poston. 2019. Top 10 network recon tools. Retrieved from https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/.Google ScholarGoogle Scholar
  41. R. Roman, J. Zhou, and J. Lopez. 2013. On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57, 10 (2013), 2266–2279. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. A. Rullo, D. Midi, E. Serra, and E. Bertino. 2017a. Pareto optimal security resource allocation for internet of things. ACM Trans. Privacy Secur. 20, 4 (2017), 15:1–15:30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. A. Rullo, E. Serra, E. Bertino, and J. Lobo. 2017b. Shortfall-based optimal placement of security resources for mobile IoT scenarios. In Proceedings of the 22nd European Symposium on Research in Computer Security (ESORICS’17). Springer International Publishing, 419–436.Google ScholarGoogle Scholar
  44. K. Rusek, J. Suárez-Varela, A. Mestres, P. Barlet-Ros, and A. Cabellos-Aparicio. 2019. Unveiling the potential of graph neural networks for network modeling and optimization in SDN. In Proceedings of the ACM Symposium on SDN Research (SOSR’19). Association for Computing Machinery, 140–151. DOI:https://doi.org/10.1145/3314148.3314357 Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. V. Saini, Q. Duan, and V. Paruchuri. 2008. Threat modeling using attack trees. J. Comput. Sci. Colleges 23, 4 (2008), 124–131. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. R. M. Savola, H. Abie, and M. Sihvonen. 2012. Towards metrics-driven adaptive security management in e-health IoT applications. In Proceedings of the 7th International Conference on Body Area Networks (BodyNets’12). ICST, 276–281. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. S. Sengupta, A. Chowdhary, A. Sabur, A. Alshamrani, Huang D., and S. Kambhampati. 2020. A Survey of Moving Target Defenses for Network Security. Retrieved from https://arXiv:1905.00964.Google ScholarGoogle Scholar
  48. M. Sherburne, R. Marchany, and J. Tront. 2014. Implementing moving target ipv6 defense to secure 6lowpan in the internet of things and smart grid. In Proceedings of the 9th Annual Cyber and Information Security Research Conference (CISR’14). ACM, 37–40. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing. 2002. Automated generation and analysis of attack graphs. In Proceedings of the IEEE Symposium on Security and Privacy (SP’02). IEEE Computer Society, 273–284. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. The Python Standard Library. 2021. Generate pseudo-random numbers. Retrieved from https://docs.python.org/3/library/random.html.Google ScholarGoogle Scholar
  51. S. Vuppala, A. E. Mady, and A. Kuenzi. 2019. Rekeying-based moving target defence mechanism for side-channel attacks. In Proceedings of the Global IoT Summit (GIoTS’19). 1–5.Google ScholarGoogle Scholar
  52. S. Wang, H. Shi, Q. Hu, B. Lin, and X. Cheng. 2019. Moving target defense for internet of things based on the zero-determinant theory. IEEE Internet Things J. (2019), 1–1.Google ScholarGoogle Scholar
  53. K. Zeitz, M. Cantrell, R. Marchany, and J. Tront. 2017. Designing a micro-moving target ipv6 defense for the internet of things. In Proceedings of the IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI’17). IEEE, 179–184. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. K. Zeitz, M. Cantrell, R. Marchany, and J. Tront. 2018. Changing the Game: A micro moving target IPv6 Defense for the internet of things. IEEE Wireless Commun. Lett. 7, 4 (2018), 578–581.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Proactive Defense for Internet-of-things: Moving Target Defense With Cyberdeception

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format .

    View HTML Format
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!