Article
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

As the IoT adoption is growing in several fields, cybersecurity attacks involving low-cost end-user devices are increasing accordingly, undermining the expected deployment of IoT solutions in a broad range of scenarios. To address this challenge, emerging Network Function Virtualization (NFV) and Software Defined Networking (SDN) technologies can introduce new security enablers, thereby endowing IoT systems and networks with higher degree of scalability and flexibility required to cope with the security of massive IoT deployments. In this sense, honeynets can be enhanced with SDN and NFV support, to be applied into IoT scenarios thereby strengthening the overall security. IoT honeynets are virtualized services simulating real IoT networks deployments, so that attackers can be distracted from the real target. In this paper, we present a novel mechanism leveraging SDN and NFV aimed to autonomously deploy and enforce IoT honeynets. The system follows a security policy-based approach that facilitates management, enforcement and orchestration of the honeynets and it has been successfully implemented and tested in the scope of H2020 EU project ANASTACIA, showing its feasibility to mitigate cyber-attacks.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... To this aim, NFV can rely on virtualization and Cloud computing techniques to provide elastic capabilities needed to achieve a fast reaction and recovery from cyberattacks. In this sense, lightweight Virtual network Security Functions (VSF) such as vFirewalls [3], vAAA [4], vIDS or vIoT-Honeynet [5] can be dynamically allocated and orchestrated in the IoT domain, while the SDN approach can help to dynamically (re)configure the network by software, splitting the control and data planes. This security management can be driven by orchestration policies and security intents, that can be translated into security configurations to configure, manage and deploy the associated VSFs and VNFs across edges, fog nodes and Cloud data centers. ...
... In [15], Galeano et al. propose a entropy-based solution to detect and mitigate DDoS Attacks in IoT-Based systems relying on SDN. Likewise, authors in [5] relies on a similar approach for automatic management virtual IoT honeynets to mitigate cyberattacks. However, those research works did not followed a semantic-based approach for the security orchestration, whereby allowing formal verification and conflict detection of the security policies enforced in the system, inferring meaningful conclusions that can be used to drive the orchestration. ...
... "Insu f f icientResources" (5) Similarly, although they are not included here for the sake of space, additional semantic rules are defined to check whether the security level calculated for the MSPL security parameters is higher than the one that can be implemented by the selected VNF. ...
Article
Full-text available
IoT systems can be leveraged by Network Function Virtualization (NFV) and Software-Defined Networking (SDN) technologies, thereby strengthening their overall flexibility, security and resilience. In this sense, adaptive and policy-based security frameworks for SDN/NFV-aware IoT systems can provide a remarkable added value for self-protection and self-healing, by orchestrating and enforcing dynamically security policies and associated Virtual Network Functions (VNF) or Virtual network Security Functions (VSF) according to the actual context. However, this security orchestration is subject to multiple possible inconsistencies between the policies to enforce, the already enforced management policies and the evolving status of the managed IoT system. In this regard, this paper presents a semantic-aware, zero-touch and policy-driven security orchestration framework for autonomic and conflict-less security orchestration in SDN/NFV-aware IoT scenarios while ensuring optimal allocation and Service Function Chaining (SFC) of VSF. The framework relies on Semantic technologies and considers the security policies and the evolving IoT system model to dynamically and formally detect any semantic conflict during the orchestration. In addition, our optimized SFC algorithm maximizes the QoS, security aspects and resources usage during VSF allocation. The orchestration security framework has been implemented and validated showing its feasibility and performance to detect the conflicts and optimally enforce the VSFs.
... Molina et al. [87] presented a self-adaptive high interaction IoT honeynet as part of a full cyber-security framework. Their framework uses Network Function Virtualization (NFV) and Software Defined Networks (SDN) to emulate a network of physical devices and allow IoT systems to self-protect and self-heal from DDoS botnet attacks. ...
... All of the honeypot/honeynet models surveyed were created for research purposes, except for HoneyIo4 [37] and the IoT honeynet presented by Molina [87], which are production, and HIoTPot [90] which is identified as both research and production. All of the decoys use Linux, and all can be classified as having a server role, except for Phype Telnet IoT Honeypot [82], which has both a client and a server role. ...
Article
Full-text available
The Internet of Things (IoT), the Industrial Internet of Things (IIoT), and Cyber-Physical Systems (CPS) have become essential for our daily lives in contexts such as our homes, buildings, cities, health, transportation, manufacturing, infrastructure, and agriculture. However, they have become popular targets of attacks, due to their inherent limitations which create vulnerabilities. Honeypots and honeynets can prove essential to understand and defend against attacks on IoT, IIoT, and CPS environments by attracting attackers and deceiving them into thinking that they have gained access to the real systems. Honeypots and honeynets can complement other security solutions (i.e., firewalls, Intrusion Detection Systems -IDS) to form a strong defense against malicious entities. This paper provides a comprehensive survey of the research that has been carried out on honeypots and honeynets for IoT, IIoT, and CPS. It provides a taxonomy and extensive analysis of the existing honeypots and honeynets, states key design factors for the state-of-the-art honeypot/honeynet research and outlines open issues for future honeypots and honeynets for IoT, IIoT, and CPS environments.
... One way to thwart the cyberattacks against Industry 4.0 and IoT infrastructure is deploying honeynets [6]. A honeynet is an isolated sandbox network with decoy functions (honeypots) mimicking the protected functions. ...
... Honeynets are isolated honeypot (decoy) networks used to detect new attacks, as an intelligence-gathering tool of the current attackers' techniques and, as a general way to prevent damage to the real networks [6]. Their level of interaction classifies honeypots: from Low-Interaction Honeypots (LIH) that only perform the most basic liveness routines of an endpoint (e.g., pretend an IP is in use, when in fact it is not), passing by Medium-Interaction Honeypots (MIH) that simulate the responses to more superficial interactions with some services of the network stack (e.g., a DHCP lease), going all the way to Highly-Interaction Honeypots (HIH) that feature convincing endpoint emulation (e.g., not just more complex responses that may rely on service state, but may also interact with its Operative System and other internal processes). ...
... The multiple parameters addressed by the heuristic algorithm are delay, delay-jitter, bandwidth, link length, and link cost. Zarca et al. [53] presented a novel mechanism by incorporating the SDN and NFV technology to deploy and enforce secure IoT. The proposed scheme, data plane, and control plane are managed based on a SDN architecture. ...
... √ √ X Centralized X √ √ X Abe et al. [52].2015 √ √ X Centralized X √ √ X Zarca et al. [53].2020 X √ √ Centralized √ √ X X Noorani et al. [54].2020 ...
Article
Full-text available
One of the most critical challenges of the Internet of Things (IoT) is to provide real-time services. Therefore, to provide a secure, efficient, and stable communication platform in the Internet of Things, emerging architectures such as software-defined networks (SDN) being significant. This paper proposes a comprehensive SDN based fault-tolerant architecture in IoT environments. In the proposed scheme, a mathematical model called Shared Risk Link Group (SRLG) calculates redundant paths as the main and backup non-overlapping paths between network equipment. In addition to the fault tolerance (FT) discussion in the proposed scheme, service quality is considered in the proposed scheme. Putting the percentage of link usage and the rate of link delay in calculating link costs makes it possible to calculate two completely non-overlapping paths. The end-to-end delay and the degree of link congestion are minimal. We compare our proposed scheme with two policies for building routes from source to destination. The simulation results indicate that, while reducing the error recovery time, the proposed method leads to improved services quality parameters such as packet loss, delay, and packet jitter. The results show that in case of a link failure in the network, the recovery time in large scenarios is a maximum of 16 ms, which improved by 20%, compared to the disjoint paths (DP) method. Our Approach can decrease packet loss by approximately 30% compared to the Dijkstra’s algorithm and roughly 24% compared to the DP method. Also, SLRG reduces latency by approximately 36% compared to the Dijkstra’s algorithm and roughly 19% compared to the DP method. Last, the proposed scheme reduces Jitter by approximately 49% compared to the Dijkstra’s algorithm, and roughly 26% compared to the DP method.
... Molina et al. [87] presented a self-adaptive high interaction IoT honeynet as part of a full cyber-security framework. Their framework uses Network Function Virtualization (NFV) and Software Defined Networks (SDN) to emulate a network of physical devices and allow IoT systems to self-protect and self-heal from DDoS botnet attacks. ...
... All of the honeypot/honeynet models surveyed were created for research purposes, except for HoneyIo4 [37] and the IoT honeynet presented by Molina [87], which are production, and HIoTPot [90] which is identified as both research and production. All of the decoys use Linux, and all can be classified as having a server role, except for Phype Telnet IoT Honeypot [82], which has both a client and a server role. ...
Preprint
Full-text available
The Internet of Things (IoT), the Industrial Internet of Things (IIoT), and Cyber-Physical Systems (CPS) have become essential for our daily lives in contexts such as our homes, buildings, cities, health, transportation, manufacturing, infrastructure, and agriculture. However, they have become popular targets of attacks, due to their inherent limitations which create vulnerabilities. Honeypots and honeynets can prove essential to understand and defend against attacks on IoT, IIoT, and CPS environments by attracting attackers and deceiving them into thinking that they have gained access to the real systems. Honeypots and honeynets can complement other security solutions (i.e., firewalls, Intrusion Detection Systems - IDS) to form a strong defense against malicious entities. This paper provides a comprehensive survey of the research that has been carried out on honeypots and honeynets for IoT, IIoT, and CPS. It provides a taxonomy and extensive analysis of the existing honeypots and honeynets, states key design factors for the state-of-the-art honeypot/honeynet research and outlines open issues for future honeypots and honeynets for IoT, IIoT, and CPS environments.
... Molina et al. [17] have proposed a high interactive honeypot system that uses network function virtualization (NFV) and software-defined network (SDN). NFV is used to deploy network nodes with the possibility of their dynamic configuration and reconfiguration, and SDN is applied to change the configuration of the virtual network, filtering traffic and its redirection between the real network and the honeypot system. ...
Article
Full-text available
Rapid progress of computing and info-communication technologies (ICT) has changed the ecosystem of power production and delivery. Today, an energy network is a complex set of interrelated devices and information systems covering all areas of electric power operations and applying ICT based on open standards, such as IEC 60870, IEC 61850, and IEC 61970. According to IEC 62351, the energy networks are faced with high cybersecurity risks caused by open communications, security requirements rarely considered in the energy facilities, partial and difficult upgrades, and incompatibility of secure tools with industrial solutions. This situation results in new security challenges, e.g. denial of service attacks on the connected controllers, dispatching centers, process control systems, and terminals. IEC 62351 describes possible ways to comprehensive security in the energy networks. Most of them used in traditional networks (e.g., firewalls, intrusion detection systems) can be adapted to the energy networks. Honeypot systems as a protection measure help us to mitigate the attacks and maintain necessary security in the networks. Due to the large scale of an energy network and heterogeneity of its components, a new design, deployment, and management strategy for the honeypot systems are required. The paper suggests a new method for organizing a virtual network infrastructure of a hybrid honeypot system and a dynamic management method that adapts the network topology to the attacker’s actions according to the development graph of potential attacks. This technique allows us to dynamically build virtual networks of arbitrary scale. Because of the similarity of the virtual network to the virtualized origin and providing the level of interactivity of its nodes corresponding to real devices, this technique deploys an energy network indistinguishable from the real one for the attackers. A prototype of our honeypot system has been implemented, and experiments on it have demonstrated the more efficient use of the computing resources, the faster reaction to the attacker’s actions, and the deployment of different sizes of virtual networks for the given limits of the computing resources.
... On the other hand, SDN enables the network control and management softwarization by decoupling control and data-plane, which increases network control and management flexibility. SDN and NFV are the pillars to realize a truly zero-touch security orchestration of softwarized and virtualized security appliances, implemented as Virtual Security Functions (VSF), such as vFirewalls [2], vAAA [3], vIDS, vChannelProtection or vIoTHoneynet [4]. ...
Article
Full-text available
Software Defined Network (SDN) and Network Function Virtualization (NFV) are bringing many advantages to optimize and automatize security management at the network edge, enabling the deployment of virtual network security functions (VSFs) in MEC nodes, to strengthen the end-to-end security in IoT environments. The benefits could exploit in mobile MEC nodes on-boarded in Unmanned Aerial Vehicles (UAV), as the UAVs would carry on-demand VSFs to particular physical locations. To that aim, this paper proposes a novel NFV/SDN-based zero-touch security management framework for automatic orchestration, configuration and deployment of lightweight VSF in MEC-UAVs, that considers diverse contextual factors, related to both physical and virtual conditions, to optimize the security orchestration. Our solution aims to deploy on-demand VSFs, such as virtual Firewalls (vFirewalls), vProxies, vIDS (Intrusion Detection Systems) and vAAA, to assist during emerging situations in particular physical locations, protecting and optimizing the managed IoT network, as well as replacing or supporting compromised physical devices like IoT gateways. The proposed solution has been implemented, deployed and evaluated in a real testbed with real drones, showing its feasibility and performance.
... For instance, the authors in [126] introduce a virtualized framework simulating a real IoT deployement, where virtual IoT honeynets are used to distract possible intruders from the real targets. The key idea is to transform the physical model into a common interoperable data model and, in turn, translate it into a software-based setting composed of Virtualized Network Functions (VNFs). ...
Preprint
Full-text available
Anomaly detection is concerned with identifying data patterns that deviate remarkably from the expected behaviour. This is an important research problem, due to its broad set of application domains, from data analysis to e-health, cybersecurity, predictive maintenance, fault prevention, and industrial automation. Herein, we review state-of-the-art methods that may be employed to detect anomalies in the specific area of sensor systems, which poses hard challenges in terms of information fusion, data volumes, data speed, and network/energy efficiency, to mention but the most pressing ones. In this context, anomaly detection is a particularly hard problem, given the need to find computing-energy accuracy trade-offs in a constrained environment. We taxonomize methods ranging from conventional techniques (statistical methods, time-series analysis, signal processing, etc.) to data-driven techniques (supervised learning, reinforcement learning, deep learning, etc.). We also look at the impact that different architectural environments (Cloud, Fog, Edge) can have on the sensors ecosystem. The review points to the most promising intelligent-sensing methods, and pinpoints a set of interesting open issues and challenges.
... Everything could be a honeypot, not only computer but also password, application, network of computers, etc.. For example, in [94], some flexible honeynets are efficiently managed through the use of NFV and SDN and deployed for the security of IoT networks. The implementation of honeypots as intrusion detection tools in cloud computing is common in the literature [95] [96] [97]. ...
Article
Full-text available
Besides significantly outperforming past generations in terms of capacity and throughput, 5G networks and systems will provide an infrastructure for the support of highly diversified services and “verticals”. Indeed, the major paradigm shift with respect to previous cellular network generations, specifically oriented to one class of terminals (namely, people’s cell phones), is the largely heterogeneous nature of the multiplicity of end systems supported. Within a 5G infrastructure, playing the role of “network of networks”, traditionally independent technical and business stakeholders are now called to cooperate in the deployment of crucial infrastructure components relying on innovative (for the Telecom world) technologies such as virtualization, not in the traditional operators’ portfolio, and eventually placed in security-critical parts of the network - think e.g. to Multi Access Edge Computing systems. Goal of this survey is to analyze the complex threat landscape of 5G systems, by taking the point of view of the involved stakeholders. The motivation behind our proposed analysis revolves on the observation that, in complex and virtualized systems such as the 5G infrastructure, an attack to a system component under the responsibility of a given stakeholder may yield a dramatic impact to a completely different player. Therefore, while reviewing the many 5G security risks and relevant threats which the main stakeholders operating in virtualized 5G cellular networks are exposed to, we will try to showcase the sometimes non-obvious relation between impact and responsibility, as well as identify shared responsibilities.
... The work carried out by Yuan et al. [27] has used a secret sharing mechanism in order to forward secured data for effective control over the attacks of varied kinds. The work of Zarca et al. [28] [29] has developed a comprehensive architecture of the security, considering network function virtualization for dealing with existing cybersecurity problems over IoT architecture that uses SDN. The author has used a honeynet strategy in order to address this problem. ...
... As the key applications in VSNs, video transmission and compression technology have been increasingly used in the field of communication and broadcasting. Especially with the development of Internet of Things [3][4][5][6] and 5G techniques [7,8], the transmission of video and multimedia information in mobile communication have become the current hot technology, and improving the compression performance of mobile videos could combine the mobile application with communication better in VSNs. Due to the increasing pressure of video storage and transmission [9,10], more and more efficient video coding standards have been put out in the last few decades. ...
Article
Full-text available
Visual sensor networks (VSNs) can be widely used in multimedia, security monitoring, network camera, industrial detection, and other fields. However, with the development of new communication technology and the increase of the number of camera nodes in VSN, transmitting and compressing the huge amounts of video and image data generated by video and image sensors has become a major challenge. The next-generation video coding standard—versatile video coding (VVC), can effectively compress the visual data, but the higher compression rate is at the cost of heavy computational complexity. Therefore, it is vital to reduce the coding complexity for the VVC encoder to be used in VSNs. In this paper, we propose a sample adaptive offset (SAO) acceleration method by jointly considering the histogram of oriented gradient (HOG) features and the depth information for VVC, which reduces the computational complexity in VSNs. Specifically, first, the offset mode selection (select band offset (BO) mode or edge offset (EO) mode) is simplified by utilizing the partition depth of coding tree unit (CTU). Then, for EO mode, the directional pattern selection is simplified by using HOG features and support vector machine (SVM). Finally, experimental results show that the proposed method averagely saves 67.79% of SAO encoding time only with 0.52% BD-rate degradation compared to the state-of-the-art method in VVC reference software (VTM 5.0) for VSNs.
... The projected intelligent platform incorporates the monitoring agent and reaction agent that uses machine learning models in IoT to differentiate network traffic patterns. The rate of anomalies' identification was promising [20,21]. ...
Article
Full-text available
With the rising demand for data access, network service providers face the challenge of growing their capital and operating costs while at the same time enhancing network capacity and meeting the increased demand for access. To increase efficacy of Software Defined Network (SDN) and Network Function Virtualization (NFV) framework, we need to eradicate network security configuration errors that may create vulnerabilities to affect overall efficiency, reduce network performance, and increase maintenance cost. The existing frameworks lack in security, and computer systems face few abnormalities, which prompts the need for different recognition and mitigation methods to keep the system in the operational state proactively. The fundamental concept behind SDN-NFV is the encroachment from specific resource execution to the programming-based structure. This research is around the combination of SDN and NFV for rational decision making to control and monitor traffic in the virtualized environment. The combination is often seen as an extra burden in terms of resources usage in a heterogeneous network environment, but as well as it provides the solution for critical problems specially regarding massive network traffic issues. The attacks have been expanding step by step; therefore, it is hard to recognize and protect by conventional methods. To overcome these issues, there must be an autonomous system to recognize and characterize the network traffic's abnormal conduct if there is any. Only four types of assaults, including HTTP Flood, UDP Flood, Smurf Flood, and SiDDoS Flood, are considered in the identified dataset, to optimize the stability of the SDN-NFV environment and security management, through several machine learning based characterization techniques like Support Vector Machine (SVM), K-Nearest Neighbors (KNN), Logistic Regression (LR) and Isolation Forest (IF). Python is used for simulation purposes, including several valuable utilities like the mine package, the open-source Python ML libraries Scikit-learn, NumPy, SciPy, Matplotlib. Few Flood assaults and Structured Query Language (SQL) injections anomalies are validated and effectively-identified through the anticipated procedure. The classification results are promising and show that overall accuracy lies between 87% to 95% for SVM, LR, KNN, and IF classifiers in the scrutiny of traffic, whether the network traffic is normal or anomalous in the SDN-NFV environment.
... In [8], the authors describe the latest DDoS attack detection and mitigation techniques for SD-IoT network. There are many DDoS detection approaches including entropy-based statistical methods [9], machine learning-based classification of malicious traffic techniques [10], and rule-based approach [11] which are implemented using SDN paradigm. ...
Article
Full-text available
Billions of IoT devices and smart objects are already in operation today and even more are expected to be on the network over time. These IoT devices will generate enormous amounts of data that cannot be allowed to transmit on the network without end-to-end encryption or any trust and security mechanism. Currently, we have certificate authorities that certify the identity of a network device by binding its identity with its public key. However, these certificate authorities are centralized in structure and will not be able to individually certify billions of IoT devices entirely. In this paper, we propose that in an SDN-based IoT network, the identities, i.e., public keys and trust indices of IoT devices, can be stored on a blockchain to ensure immutability and tamper-resistance. The paper presents a novel scalable solution for key and trust management of IoT devices in IoT networks, with a successful proof-of-concept that proves the scalability of the proposed solution. The combination of an IoT network along with blockchain technology and software-defined networking (SDN) is effectively demonstrated through simulation that is able to store the public keys of IoT devices on the blockchain and route the network traffic efficiently through SDN. The performance of the proposed solution is evaluated in terms of throughput and access time delay. The results illustrate that access delay and throughput were not affected linearly or exponentially and the proposed solution shows no significant degradation in the performance with the increase in the number of IoT nodes and packets.
... In the communication world, nodes are expected to identify, communicate and cooperate with other nodes to provide enhanced quality of service through the internet. Interconnection between objects and their ability to make universal communication is a prime factor of integrated IoT-based networks [22]. The main intention of IoT-based CRMANET is to minimize the energy consumption of nodes to send data, where the protocols intents to choose the shortest cum efficient route for data transmission. ...
Article
Full-text available
Internet of Things (IoT) based applications are being evolved in multiple fields to provide enhanced service to the world. IoT is a recent computing concept interconnecting the wired and wireless networks through the internet. Most mobile devices function only in an ad-hoc manner. Infrastructureless networks are called ad-hoc networks. IoT is an effective technology to utilize in Cognitive Radio Mobile Ad-hoc Network (CRMANET) instantaneously. The protocols that are developed for common ad-hoc networks will never suit for IoT-based-CRMANET because the delay they face is inversely proportional with real-time applications. Hence, there exists a need for designing and developing a better routing protocol that suits IoT-based ad-hoc networks. Multi adaptive route indicates the optimum cum efficient path which is selected when the priority of the node gets changed or failed, it may be due to problems that arise in nodes or network components. Multi-adaptive routes make sure the connectivity of the network and its operations before sending the data packet. This paper focuses on developing a Multi-Adaptive Routing Protocol (MARP) inspired by natural characteristics of fish for IoT-based ad-hoc networks to minimize the delay and the energy consumption to extend a network lifetime. NS3 simulation results indicate that MARP gives its best performance than other routing protocols in terms of Throughput, Packet Delivery Ratio, Packet Drop Ratio, Delay and Energy Consumption.
... In [8], the authors describe the latest DDoS attack detection and mitigation techniques for SD-IoT network. There are many DDoS detection approaches including entropy-based statistical methods [9], machine learning-based classification of malicious traffic techniques [10], and rule-based approach [11] which are implemented using SDN paradigm. ...
Article
Full-text available
The Internet of things (IoT) introduces emerging applications (i.e., smart homes, smart cities, smart health, and smart gird) that assist the traditional infrastructure environments to be connected with smart objects. Things are connected with the Internet and numerous new IoT devices are developing at a rapid pace. As these smart objects are connected and able to communicate with each other in unprotected environments; therefore, the whole communication ecosystem requires security solutions at different levels. IoT technology possesses unique characteristics with various resource constraints and heterogeneous network protocol requirements, unlike traditional networks. The attacker exploits numerous security vulnerabilities of an IoT infrastructure, to generate a DDoS attack. The increase in DDoS attacks has made it important to address the consequences which imply in the IoT industry. This research proposes an SD-IoT based framework that provides security services to the IoT network. We developed a C-DAD (Counter-based DDoS Attack Detection) application that is based on counter values of different network parameters, which helps to detect DDoS attack successfully. C-DAD is a dynamic and programmable solution, and is deeply tested with different network parameters. The algorithm demonstrates a good performance with better results through SDN. Moreover, the proposed framework detects the attack efficiently in a minimum amount of time and with lesser consumption of CPU and memory resources.
... The use-case examples presented in [6,11,78] bring attention to wireless communication security and performance metrics for I4.0 and [42,47] provide methods for improving M2M/IoT security at the component level. The authors of [25,44,82,83] indicate different cybersecurity issues (data integrity, dependability metrics) and risk parameters [73][74][75][76][77][78][79] which IIoT [71,83] might be susceptible to due to the 5G threat landscape [44,56,84,85] and SDNs [4,26]. Furthermore [5,51,97,98] discuss the architectural challenges associated with IoT/M2M communication using wireless standards [51,57,60]. ...
Research
Full-text available
Industrial IoT (IIoT) is a novel concept of a fully connected, transparent, automated, and intelligent factory setup improving manufacturing processes and efficiency. To achieve this, existing hierarchical models must transition to a fully connected vertical model. Since IIoT is a novel approach, the environment is susceptible to cyber threat vectors, standardization, and interoperability issues, bridging the gaps at the IT/OT ICS (industrial control systems) level. IIoT M2M communication relies on new communication models (5G, TSN ethernet, self-driving networks, etc.) and technologies which require challenging approaches to achieve the desired levels of data security. Currently there are no methods to assess the vulnerabilities/risk impact which may be exploited by malicious actors through system gaps left due to improper implementation of security standards. The authors are currently working on an Industry 4.0 cybersecurity project and the insights provided in this paper are derived from the project. This research enables an understanding of converged/hybrid cybersecurity standards, reviews the best practices, and provides a roadmap for identifying, aligning, mapping, converging, and implementing the right cybersecurity standards and strategies for securing M2M communications in the IIoT.
... In recent years, the number of smart devices has also shown a blowout growth along with the vigorous development of Internet-of-Things (IoT) [1], [2]. There will be more than 28 billion devices connected to wireless networks in 2022 according to Cisco's forecast [3]. ...
Preprint
Full-text available
In this paper, a novel intelligent reflecting surface (IRS)-assisted wireless powered communication network (WPCN) architecture is proposed for low-power Internet-of-Things (IoT) devices, where the IRS is exploited to improve the performance of WPCN under imperfect channel state information (CSI). We formulate a hybrid access point (HAP) transmission energy minimization problem by a joint design of time allocation, HAP energy beamforming, receiving beamforming, user transmit power allocation, IRS energy reflection coefficient and information reflection coefficient under the imperfect CSI and non-linear energy harvesting model. Due to the high coupling of optimization variables, this problem is a non-convex optimization problem, which is difficult to solve directly. In order to solve the above-mentioned challenging problems, the alternating optimization (AO) is applied to decouple the optimization variables to solve the problem. Specifically, through AO, time allocation, HAP energy beamforming, receiving beamforming, user transmit power allocation, IRS energy reflection coefficient and information reflection coefficient are divided into three sub-problems to be solved alternately. The difference-of-convex (DC) programming is applied to solve the non-convex rank-one constraint in solving the IRS energy reflection coefficient and information reflection coefficient. Numerical simulations verify the effectiveness of our proposed algorithm in reducing HAP transmission energy compared to other benchmarks.
... Although it is out of the scope of this paper, for the sake of completeness, it is worth mentioning that our framework when deployed in the smart building testbed scenario, enforces a mitigation plan that 1) re-configures the vAAA (virtual authentication agent), 2) enables a vChannelProtection to establish secure DTLs communications, 3) enforces new traffic filtering rules with SDN to drop malicious traffic, and 4) optionally turns-off and/or flashes the IoT device. These reaction countermeasures are being implemented and evaluated in the scope of Anastacia EU project [26], [48], [49], and are beyond the scope of this paper, which focuses on evaluating the machine learning mechanisms to detect the cyber-attacks in IoT systems. ...
Article
Full-text available
Internet of Things security is attracting a growing attention from both academic and industry communities. Indeed, IoT devices are prone to various security attacks varying from Denial of Service (DoS) to network intrusion and data leakage. This paper presents a novel machine learning (ML) based security framework that automatically copes with the expanding security aspects related to IoT domain. This framework leverages both Software Defined Networking (SDN) and Network Function Virtualization (NFV) enablers for mitigating different threats. This AI framework combines monitoring agent and AIbased reaction agent that use ML-Models divided into network patterns analysis, along with anomalybased intrusion detection in IoT systems. The framework exploits the supervised learning, distributed data mining system and neural network for achieving its goals. Experiments results demonstrate the efficiency of the proposed scheme. In particular, the distribution of the attacks using the data mining approach is highly successful in detecting the attacks with high performance and low cost. Regarding our anomalybased intrusion detection system (IDS) for IoT, we have evaluated the experiment in a real Smart building scenario using one-class SVM. The detection accuracy of anomalies achieved 99.71%. A feasibility study is conducted to identify the current potential solutions to be adopted and to promote the research towards the open challenges.
... MIMIC then creates a virtual layer for holding the virtualization of all the sensing devices and the remote users are allowed to query only on the virtual space disabling the direct access to physical devices. In [58], Zarca et al. proposed a novel approach of utilizing SDN and NFV to deploy IoT honeynets to distract cyberattackers and make IoT system secure. Administrators of IoT system can deploy IoT honeynets as a service through high-level security policies defined over SDN controller and NFV Management and Network Orchestration by replicating the physical IoT architecture on a virtual environment as VNFs. ...
... The IoT architecture is defined as the network constructed through the interconnection of different devices associated with the retial, business and home environments in order to achieve potential and relaible communication [16]. This IoT architecture comprises of four significant layers that includes, i) Perception Layer, ii) Network Layer, iii) Support Layer, iv) Application Layer, and v) Business Layer [17] portrayed in Fig. 2. i) Perception Layer. ...
Article
Full-text available
Internet of Things (IoT) is the predominant emerging technology that targets on facilitating interconnection of internet-enabled resources. IoT applications concentrate on automating different tasks that facilitate physical objects to act autonomously without any human interventions. The emerging and current IoT applications are determined to be highly significant for improving the degree of efficiency, comfort and automation for its users. Any kind of security breach on the system will directly influences the life of the humans In this paper, a comprehensive review on Privacy requirements and application layer Security in Internet of Things (IoT) is presented for exploring the possible security issues in IoT that could be launched over the individual layers of IoT architecture. This review explores different challenges of classical security solutions that are related to authentication, key management and cryptographic solutions.It also presents the details of existing access control and device authentication schemes with their pros and cons.
... However, only a few deploy SDN and NFV technologies to improve or automate security configurations in these networks. Notably, the authors in [255] specifically enhanced the IoT honeynets using SDN and NFV technologies by optimizing the security automation process. The proposed solution adopts a security policy-based mechanism to enforce honeynets orchestration and facilitate IoT network management. ...
Article
Full-text available
Software-defined networking (SDN) is a networking paradigm to enable dynamic, flexible, and programmatically efficient configuration of networks to revolutionize network control and management via separation of the control plane and data plane. The SDN market has evolved in response to the demands from large data centers toward the aggregation of multiple types of network connections. On the one hand, SDNs have provided solutions for high-demand resources, managing unpredictable data traffic patterns, and rapid network reconfiguration. They are further used to enhance network virtualization and security. On the other hand, SDN is still subject to many traditional network security threats. It also introduces new security vulnerabilities, primarily due to its logically centralized control plane infrastructure and functions. In this paper, we conduct a comprehensive survey on the core functionality of SDN from the perspective of secure communication infrastructure at different scales. A specific focus is put forward to address the challenges in securing SDN-based communications, with efforts taken up to address them. We further categorize the appropriate solutions for specific threats at each layer of SDN infrastructure. Lastly, security implications and future research trends are highlighted to provide insights for future research in the domain.
... Other than the reviewed ML-DL-based IDS solutions in SDN, researchers all over the world also adopted numerous other technologies to detect various attacks in the context of SDNs. For instance, statistics algorithms [37], [111], [253]- [255], [134], [144], [159], [167], [170]- [172], [226], similarity-based methods [256], graph model-based methods [257]- [259], third-party software like Snort [57], [94], [95], [260]- [262], threshold-based methods [51], [108], [254], [263], [264], fuzzy evaluations [265]- [267], inference-based methods [257], [268], blockchainbased methods [269]- [271], and honeynet-based methods [71], [272]- [274]. ...
Preprint
Full-text available
div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div
... They have implemented and tested the proposed architecture on real NB-IoT gateways and showed how SDN/NFV could significantly improve real-time network control and data plane monitoring according to the pre-defined QoS requirements at the gateway level. Zarca et al 45 presented an SDN/NFV-based framework to complement traditional security approaches in IoT systems with the capabilities for self-protection, recovery, and repair. They proposed enhancing virtual IoT honeynets with SDN and NFV support for dynamical mitigation of cyber attacks in IoT networks (e.g., in smart buildings). ...
Article
Full-text available
The vast number of smart cloud applications that communicate with the “things” over a variety of physical networks and communication protocols contribute to the rise of complexity in Internet of Things (IoT) systems. The diversity of end‐user requirements related to the volume of generated data, its variety, and the velocity of its transmission makes quality of service (QoS) provisioning even more crucial and challenging in IoT. This paper provides a comprehensive and up‐to‐date survey of QoS support in IoT networks and communication protocols. An analysis of the QoS‐aware IoT architectures, layer‐dependent QoS metrics, and network resource optimization methods utilized in IoT systems are given. The limitations of the current state‐of‐the‐art studies for efficient delivery of QoS metrics are discussed. The paper concludes with future research directions on end‐to‐end QoS provisioning in IoT. This paper provides a comprehensive and up‐to‐date survey of QoS support in IoT networks and communication protocols. An analysis of the QoS‐aware IoT architectures, layer‐dependent QoS metrics, and network resource optimization methods utilized in IoT systems are given. The limitations of the current state of the art studies for efficient delivery of QoS metrics are discussed. The paper concludes with future research directions on end‐to‐end QoS provisioning in IoT.
... However, the work [105] has a drawback in terms of scalability and programmability in large-scale deployment. Zarca et al. [106] further propose SDN-enabled virtual honeynet services with higher degree of scalability and flexibility, and the efficiency of the proposed approach is validated using real implementations and tests. However, the trust issues and resilience of compromised domain operators in aggregating local situational awareness into the global one require further investigation. ...
Preprint
Full-text available
div>Metaverse, as an evolving paradigm of the next-generation Internet, aims to build a fully immersive, hyper spatiotemporal, and self-sustaining virtual shared space for humans to play, work, and socialize. Driven by recent advances in emerging technologies such as extended reality, artificial intelligence, and blockchain, metaverse is stepping from the science fiction to an upcoming reality. However, severe privacy invasions and security breaches (inherited from underlying technologies or emerged in the new digital ecology) of metaverse can impede its wide deployment. At the same time, a series of fundamental challenges (e.g., scalability and interoperability) can arise in metaverse security provisioning owing to the intrinsic characteristics of metaverse, such as immersive realism, hyper spatiotemporality, sustainability, and heterogeneity. In this paper, we present a comprehensive survey of the fundamentals, security, and privacy of metaverse. Specifically, we first investigate a novel distributed metaverse architecture and its key characteristics with ternary-world interactions. Then, we discuss the security and privacy threats, present the critical challenges of metaverse systems, and review the state-of-the-art countermeasures. Finally, we draw open research directions for building future metaverse systems.</div
Article
Cyber-physical systems (CPS) have been growing exponentially due to improved cloud-datacenter infrastructure-as-a-service (CDIaaS). Incremental expandability (scalability), Quality of Service (QoS) performance, and reliability are currently the automation focus on healthy Tier 4 CDIaaS. However, stable QoS is yet to be fully addressed in Cyber-physical data centers (CP-DCS). Also, balanced agility and flexibility for the application workloads need urgent attention. There is a need for a resilient and fault-tolerance scheme in terms of CPS routing service including Pod cluster reliability analytics that meets QoS requirements. Motivated by these concerns, our contributions are fourfold. First, a Distributed Non-Recursive Cloud Model (DNRCM) is proposed to support cyber-physical workloads for remote lab activities. Second, an efficient QoS stability model with Routh-Hurwitz criteria is established. Third, an evaluation of the CDIaaS DCN topology is validated for handling large-scale, traffic workloads. Network Function Virtualization (NFV) with Floodlight SDN controllers was adopted for the implementation of DNRCM with embedded rule-base in Open vSwitch engines. Fourth, QoS evaluation is carried out experimentally. Considering the non-recursive queuing delays with SDN isolation (logical), a lower queuing delay (19.65%) is observed. Without logical isolation, the average queuing delay is 80.34%. Without logical resource isolation, the fault tolerance yields 33.55%, while with logical isolation, it yields 66.44%. In terms of throughput, DNRCM, recursive BCube, and DCell offered 38.30%, 36.37%, and 25.53% respectively. Similarly, the DNRCM had an improved incremental scalability profile of 40.00%, while BCube and Recursive DCell had 33.33%, and 26.67% respectively. In terms of service availability, the DNRCM offered 52.10% compared with recursive BCube and DCell which yielded 34.72% and 13.18% respectively. The average delays obtained for DNRCM, recursive BCube, and DCell are 32.81%, 33.44%, and 33.75% respectively. Finally, workload utilization for DNRCM, recursive BCube, and DCell yielded 50.28%, 27.93%, and 21.79% respectively
Article
Full-text available
Content Based Image Retrieval (CBIR) system is an efficient search engine which has the potentiality of retrieving the images from huge repositories by extracting the visual features. It includes color, texture and shape. Texture is the most eminent feature among all. This investigation focuses upon the classification complications that crop up in case of big datasets. In this, texture techniques are explored with machine learning algorithms in order to increase the retrieval efficiency. We have tested our system on three texture techniques using various classifiers which are Support vector machine, K-Nearest Neighbor (KNN), Naïve Bayes and Decision Tree (DT). Variant evaluation metrics precision, recall, false alarm rate, accuracy etc. are figured out to measure the competence of the designed CBIR system on two benchmark datasets, i.e. Wang and Brodatz. Result shows that with both these datasets the KNN and DT classifier hand over superior results as compared to others.
Article
The honeynet, as a promising technology, is increasingly used to actively discover novel network viruses in order to provide more effective defense strategies for the protected network in advance. The state-of-the-art network models aim to investigate the mutual effect between the honeynet and the protected network, however they have not fully exploited the potential of the intelligent honeynet. Compared with the conventional honeynet, the intelligent honeynet has made great progress in data control, data analysis, dynamic deployment, etc., which can provide more valuable information and flexible defense mechanisms for network defenders. In this paper, we propose a novel mathematical model of the intelligent honeynet to explore and prevent the propagation of industrial viruses in the Supervisory Control and Data Acquisition (SCADA) network. Through combining the intelligent honeynet with some traditional defense measures, we present a comprehensive and practical defense mechanism for the SCADA network, which can provide active and dynamic system-level and network-level defense. A theoretical analysis is provided to obtain the virus-free and virose equilibriums and demonstrate the locally and globally asymptotic stabilities of the proposed model. Moreover, A large number of numerical experiments are conducted to confirm the theoretical analysis and the superior defense performance of the proposed defense mechanism over the existing models.
Article
Full-text available
The Internet of Things (IoT) is the network of smart devices, sensors, and machines that continuously monitored the surrounding environment and execute meaningful decisions on the data or information it receives. The Internet‐enabled devices could facilitate computer‐mediated strategies for various tasks, for example, smart health care, managing the cities or smart factories, smart manufacturing, automating the home and business, etc. IoT commonly uses Internet technology for establishing communication among devices, thus inherits all the security threats that are currently affecting Internet users along with other security threats that are specific to IoTs due to resources constrained nature of the smart devices and sensors. The greater footprint, the distributed nature of the network and the existence of a huge number of IoT devices has also attracted criminals, fraudsters, and attackers to utilize this medium for spreading malicious content or making devices unavailable for legitimate use. It is imperative to ensure that the Confidentiality, Integrity, Security, and Privacy of information and users should remain intact while using these devices and thus they require an effective security system. Software‐defined Networks (SDN) and Network Function are the way to control and configure devices from a centralized location and have been proven to offer scalability and versatility to their deployed ecosystems. In this paper, we systematically review the adoption of SDN and Network Function Virtualization (NFV) for securing the IoT network from emerging threats. To this extent, we provide a comprehensive survey on security solutions based on SDN, Blockchain, NFV, and SDN/NFV proposed for the security of the IoT network. We have also identified open challenges in this domain which includes lack of standardization, low cost, and effective machine learning systems for identifying malicious traffic and handling great attack surface and different attack vectors. The deployed technologies exhibit positive strides in their usage for the provision of security in IoT environments offering security enhancements, scalability, and versatility. The increasing demand and influence of the Internet of Things devices in the daily lives of individuals cannot be overstated providing great benefits in different aspects of the lives of the individuals. The Internet of Things environment consists of different devices connected and communicating with each other. It is imperative to ensure the Confidentiality, Integrity, Authentication, Security, and Privacy of information within the environment. Software Defined Network (SDN) and Network Function Virtualization (NFV) have been proven to offer scalability and versatility to their deployed systems. In this paper, we reviewed the usage of Software Defined Network (SDN) and Network Function Virtualization (NFV) in safeguarding the information within the environment based on the attributes of these technologies. To this extent, we provide a comprehensive survey on security solutions based on SDN, Blockchain, NFV and SDN/NFV IoT security mechanisms. Open challenges in this area includes lack of standardisation, machine learning algorithms and Large attack surface are also discussed and future work direction is highlighted. SDN/NFV based security solutions. These deployed technologies exhibit positive strides in their usage for the provision of security in IoT environments offering security enhancements, scalability, and versatility.
Article
It is critical to lower the power consumption of battery powered nodes in Internet of things (IoT) applications while maintaining a high transmission throughput. In this paper, a novel Turbo coded light-weight rate compatible modulation (TLRCM) with a simple weight set (±1) is proposed for IoT uplink transmission. Unlike NB-IoT standard where the whole data block will be retransmitted repeatedly until the data is recovered successfully, the proposed TLRCM works in a rateless manner and can achieve a smooth rate adaptation to channel variations, reducing the number of symbols to be retransmitted. Thus, TLRCM can significantly reduce the power consumption of IoT device and improve transmission throughput. To reduce computational complexity, a 1-bit subtraction and memory reading algorithm, which can be easily implemented in limited computing capability IoT devices, is proposed for the generation of TLRCM symbols. In addition, an iterative algorithm with significantly reduced complexity is proposed for TLRCM demodulation. Moreover, the reliable soft information from the output of TLRCM demodulator enables a fast convergence of Turbo codes decoding. Simulation results show that, compared with the repetition transmission scheme in NB-IoT standard, the proposed TLRCM can reduce by over 37% the average transmission power consumption while maintaining a high throughput of transmission in both Gaussian channels and fading channels. The uniqueness of low power consumption, high throughput transmission, and low-complexity implementation enables the proposed TLRCM to be a potential technique for IoT applications.
Article
Internet of Medical Things (IoMT) supports traditional healthcare systems by providing enhanced scalability, efficiency, reliability, and accuracy of healthcare services. It enables the development of smart hardware as well as software platforms that operate on the basis of communication systems and the algorithms that process the data collected by the sensors to support decision-making. Although IoMT is involved in large-scale services provisioning in the medical paradigm; however, the resource-constrained nature of these devices makes them vulnerable to immense security and privacy issues. These vulnerabilities are not only disastrous for IoMT but threaten the whole healthcare ecosystem, which can in turn bring human lives in danger. During the past few years, threat vectors against IoMT have been evolved in terms of scalability, complexity, and diversity, which makes it challenging to detect and provide stringent defense solutions against these attacks. In this paper, we classify security and privacy challenges against different IoMT variants based on their actual usage in the healthcare domain. We provide a comprehensive attack taxonomy on the overall IoMT infrastructure comprising different device variants as well as elaborate taxonomies of security protocols to mitigate attacks against different devices, algorithms and describe their strengths and weaknesses. We also outline the security and privacy requirements for the development of novel security solutions for all the attack types against IoMT. Finally, we provide a comprehensive list of current challenges and future research directions that must be considered while developing sustainable security solutions for the IoMT infrastructure.
Article
Blockchain is a promising emerging technology that is envisioned to play a key role in establishing secure and reliable Internet of Things (IoT) ecosystems without the involvement of any third party. Hyperledger Fabric, a permissioned blockchain system that can yield high throughput and low consensus delay, has shown its capability in enhancing security and privacy protection for delay-sensitive Internet of Things (IoT) services. The literature however has not considered the conflicting transaction problem which may substantially limit the system performance and degrade QoS for the end users. In this paper, we propose CATP-Fabric, a new blockchain system to address the conflicting transaction problem by reducing the number of potentially conflicting transactions with less overhead. First, the transactions within a block are divided into different groups to facilitate parallel transaction processing. Then, CATP-Fabric filters stale transactions and prioritizes the read-only transactions in each group to eliminate unnecessary overhead. Finally, we formulate the selection of aborting transactions in CATP-Fabric as a binary integer programming problem and develop a low-complexity optimization algorithm to minimize the number of aborted transactions. Illustrative results show that our proposed CATP-Fabric blockchain system achieves high throughput of successful transactions while maintaining a lower aborting transaction rate compared to the benchmark blockchain systems.
Article
Defending networks is becoming more challenging due to the growing number and variety of cyber threats. On the other hand, network security professionals have new technologies and tools at their disposal. This paper focuses on a few of these technologies and investigates new ways to take advantage of them. To this end, we present Citadel, a novel security system utilizing cyber threat intelligence (CTI) to construct automated defense solutions in software-defined networking (SDN) environments. Citadel also incorporates network function virtualization (NFV) and service function chaining (SFC) to achieve flexible, cost-efficient, and proactive network defense. We examine CTI data to extract common attacker models and design security services as virtual network functions chained together using SFC to counter these threats. The modular and extensible nature of Citadel makes it suitable for incremental deployment in networks. Besides, we propose a new CTI data model to use as an extension of the existing CTI models for better compatibility with automated network defense. Extensive evaluations demonstrate that our proposals are applicable and effectively facilitate the management of agile defense in SDN/NFV-enabled networks.
Article
Software-defined networking (SDN) is a network paradigm that decouples control and data planes from network devices and places them into separate entities. In SDN, the controller is responsible for controlling the logic of the entire network while network switches become forwarding elements that follow rules to dispatch flows. There are, however, several limitations in such a paradigm, as compared to conventional networking. For example, the controller is sensitive to a broad range of attacks, being DDoS attacks especially important due to the centralized nature of the controller and to their huge increment during 2020, since the number of DDoS attacks during Q2 increased three-fold to the same period compared to 2019. In this paper, we provide a systematic survey of existing DDoS detection and mitigation strategies in SDN. Based on the review of articles published between 2013 and May 2020, we provide an original taxonomy that includes well-known strategies to DDoS detection like statistical, SDN architecture, machine learning, and we also include in the taxonomy emerging technologies like network function virtualization, blockchain, honeynet, network slicing, and moving target defense-based strategies for DDoS detection and mitigation. We also discuss existing challenges associated with SDN security and with the implementation of these emerging technologies and finally, we identify several future research opportunities.
Conference Paper
The use of artificial intelligence (AI) within the finance industry can be considered as a transformative approach as it enables the financial institutions to enhance their performance capacity. The use of artificial intelligence within the finance sector helps the industries to streamline the processes and optimise their management efficiently for various types of operations pertaining to credit decisions-making, financial risk assessment and management and quantitative trading. The paper aims at analysing the proactive approach that can be taken with the use of AI in order to enhance effective management within the financial sector. The empirical study conducted in the paper utilizes various types of secondary materials with a qualitative approach. The findings of the study demonstrate the enhanced capacity of AI that can be used for a proactive approach, utilised for the assessment of risks or threats prior to any mismanagement incident. In this regard, fintech companies such as Enova, Ocrolus, ZestFinance, and DataRobot and so on have taken a predominant position in aiding the financial industries to use AI-based systems that aids the management process. However, the inclusion of AI within the financial sector is faced with certain challenges such as lack of knowledge regarding technological infrastructure, poor financial investment especially for government aided banks, unawareness of the employees and weak collaboration with the IT industry. Regardless, AI technologies in recent years have achieved great advancement, leading to the enhancement of its capacity to assist the effective management within the financial sector.
Article
Full-text available
Cyber-attacks are becoming more common and over the last decade, many attacks have made top news, targeting manufacturing firms and governmental organisations. Such attacks have triggered substantial financial damage and they've been trying to obstruct key public sector operations. Furthermore, as the Internet of Things (IoT) has arisen, the number of Internetconnected devices is increasingly growing and being an easy target of cyber-attacks. To counter cyber-attacks, information security researchers rely extensively on intrusion detection systems (IDSs) that can identify suspicious activities by comparing patterns of documented attacks or detecting anomaly-based activities. This survey aims to tackle Trust, Protection, identification and activity on wide scale networks and Internet of Things. The proposed research aims at developing a practically deployable cyber security solution to one or more of the cyber-attacks. Multi-Stage Attacks (MSAs), APT, DoS attacks, wireless injection attacks, botnets or other malicious activities will be investigated. In this literature survey, we are highlighting the work Performed throughout the area of cyber security by various researchers, various types of cyber-attacks and its stages, various approaches to prevent cyber-attacks, different challenges faced by a preventer, and some gaps in the research. This literature review is carried out by using the secondary data obtained from peer-reviewed journals and other sources on the web. This review aims to explain Detecting Malicious Activities in Network Traffic.
Book
Full-text available
Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens' privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project's overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects.
Article
Full-text available
The increase of Software Defined Networks (SDN) and Network Function Virtualization (NFV) technologies is bringing many security management benefits that can be exploited at the edge of Internet of Things (IoT) networks to deal with cyber-threats. In this sense, this paper presents and evaluates a novel policy-based and cyber-situational awareness security framework for continuous and dynamic management of Authentication, Authorization, Accounting (AAA) as well as Channel Protection virtual security functions in IoT networks enabled with SDN/NFV. The virtual AAA, including network authenticators, are deployed as VNF (Virtual Network Function) dynamically at the edge, in order to enable scalable device’s bootstrapping and managing the access control of IoT devices to the network. In addition, our solution allows distributing dynamically the necessary crypto-keys for IoT Machine to Machine (M2M) communications and deploy virtual Channel-protection proxys as VNFs, with the aim of establishing secure tunnels among IoT devices and services, according to the contextual decisions inferred by the cognitive framework. The solution has been implemented and evaluated, demonstrating its feasibility to manage dynamically AAA and channel protection in SDN/NFV-enabled IoT scenarios.
Article
Full-text available
Accounting for the exponential increase of security threats, the development of new defense strategies for pervasive environments is acquiring an even growing importance. The expected avalanche of heterogeneous IoT devices which will populate our industrial factories and houses will increase the complexity of managing security requirements in a comprehensive way. To this aim, cloud-based security services are gaining notable impetus to provide security mechanisms according to Security-as-a-Service (SECaaS) model. However, the deployment of security applications in remote cloud data-centers can introduce several drawbacks in terms of traffic overhead and latency increase. To cope with this, edge computing can provide remarkable advantages avoiding long routing detours. On the other hand, the reduced capabilities of edge node introduce potential constraints in the overall management. This paper focuses on the provisioning of virtualized security services in resource-constrained edge nodes by leveraging lightweight virtualization technologies. Our analysis aims at shedding light on the feasibility of container-based security solutions, thus providing useful guidelines towards the orchestration of security at the edge. Our experiments show that the overhead introduced by the containerization is very light.
Article
Full-text available
Recent years have seen rapid development and deployment of Internet-of-Things (IoT) applications in a diversity of application domains. This has resulted in creation of new applications (e.g., vehicle networking, smart grid, and wearables) as well as advancement, consolidation, and transformation of various traditional domains (e.g., medical and automotive). One upshot of this scale and diversity of applications is the emergence of new and critical threats to security and privacy: it is getting increasingly easier for an adversary to break into an application, make it unusable, or steal sensitive information and data. This paper provides a summary of IoT security attacks and develops a taxonomy and classification based on the application domain and underlying system architecture. We also discuss some key characteristics of IoT that make it difficult to develop robust security architectures for IoT applications.
Article
Full-text available
Honeypot Internet of Things (IoT) (HIoTPOT) keep a secret eye on IoT devices and analyzes the various recent threats which are dangerous to IoT devices. In this paper, implementation of a research honeypot is presented which is used to learn the recent tactics and ethics used by black hat community to attack on IoT devices. As IoT is open and easy for accessing, all the intruders are highly attracted towards IoT. Recently Telnet based attacks are very famous on IoT devices to get easy access and attack on other devices. To reduce these kinds of threats, it is necessary to know in details about intruder, therefore the aim of this research work is to implement novel based secret eye server known as HIoTPOT which will make the IoT environment more safe and secure.
Conference Paper
Full-text available
Honeypots have been largely used to capture and investigate malicious behavior through deliberately sacrificing their own resources in order to be attacked. Hybrid honeypot architectures consisting of frontends and backends are widely used in the research area, specially due to the benefits of their high scalability and fidelity for detailed attacking data collection. A hybrid honeypot system often needs a facility aimed to tightly control the network traffic, for purposes such as redirecting the traffic from the frontends to the backends for in-depth attack analysis. However, the current traffic redirection approaches, particularly the TCP connection handover mechanisms, are not stealthy and they can be easily detected by attackers. This paper proposes an SDN based network data controller for hybrid honeypot systems that uses a transparent TCP connection handover mechanism and provides a traffic filtering approach based on the Snort alert functionality. The controller is implemented as an application based on the open-source Ryu SDN framework. It allows the users to configure their own network data control rules, which based on the Snort alert messages will forward or redirect the traffic to the corresponding honeypots. The experiments validate the proposed mechanism and the testing results show that the controller can efficiently perform the stealthy TCP connection handover as well.
Article
Full-text available
Honeypots are designed to investigate malicious behaviour. Each type of homogeneous honeypot system has its own characteristics in respect of specific security functionality, and also suffers functional drawbacks that restrict its application scenario. In practical scenarios, therefore, security researchers always need to apply heterogeneous honeypots to cope with different attacks. However, there is a lack of general tools or platforms that can support versatile honeynet deployment in order to investigate the malicious behavior. In this study, the authors propose a versatile virtual honeynet management tool to address this problem. It is a flexible tool that offers security researchers the versatility to deploy various types of honeypots. It can also generate and manage the virtual honeynet through a dynamic configuration approach adapting to the mutable network environment. The experimental results demonstrate that this tool is effective to perform automated honeynet deployment toward a variety of heterogeneous honeypots.
Article
Full-text available
The Internet of Things (IoT) introduces a vision of a future Internet where users, computing systems and everyday objects possessing sensing and actuating capabilities cooperate with unprecedented convenience and economical benefits. As with the current Internet architecture, IP-based communication protocols will play a key role in enabling the ubiquitous connectivity of devices in the context of IoT applications. Such communication technologies are being developed in line with the constraints of the sensing platforms likely to be employed by IoT applications, forming a communications stack able to provide the required power-efficiency, reliability and Internet connectivity. As security will be a fundamental enabling factor of most IoT applications, mechanisms must also be designed to protect communications enabled by such technologies. This survey analyzes existing protocols and mechanisms to secure communications in the IoT, as well as open research issues. We analyze how existing approaches ensure fundamental security requirements and protect communications on the IoT, together with the open challenges and strategies for future research work in the area. This is, as far as our knowledge goes, the first survey with such goals.
Conference Paper
Full-text available
Wireless sensor networks are composed of large numbers of tiny networked devices that communicate untethered. For large scale networks, it is important to be able to download code into the network dynamically. We present Contiki, a lightweight operating system with support for dynamic loading and replacement of individual programs and services. Contiki is built around an event-driven kernel but provides optional preemptive multithreading that can be applied to individual processes. We show that dynamic loading and unloading is feasible in a resource constrained environment, while keeping the base system lightweight and compact.
Article
The Internet of Things brings a multi-disciplinary revolution in several application areas. However, security and privacy concerns are undermining a reliable and resilient broad-scale deployment of IoT-enabled Critical Infrastructures (IoT-CIs). To fill this gap, this paper proposes a comprehensive architectural design that captures the main security and privacy challenges related to Cyber-physical Systems and IoT-CIs. The architecture is devised to empower IoT systems and networks to make autonomous security decisions through the usage of novel technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), as well as endowing them with intelligent and dynamic security reaction capabilities by relying on monitoring methodologies and cyber-situational tools. The architecture has been successfully implemented and evaluated in the scope of ANASTACIA H2020 EU research project.
Chapter
The Internet of Things (IoT) is a framework in which every real-world object can be identified uniquely and has the capacity to send and receive data to the network. This paper presents analysis and survey on IOT security, also discusses the current status and challenges of IOT security. Typically, there are three layers in IoT architecture, i.e. perception layer, network layer, and application layer. For secure internet of things realization, at each layer a number of security principles should be enforced. In the future the implementation of IoT is only possible if the security issues related to each layer are resolved and addressed. A number of researchers try to address and to give corresponding countermeasures to secure each layer of IoT. This paper provides an overview on proposed countermeasures and challenges of Security.
Article
The explosive rise of Internet of Things (IoT) systems have notably increased the potential attack surfaces for cybercriminals. Accounting for the features and constraints of IoT devices, traditional security countermeasures can be inefficient in dynamic IoT environments. In this vein, the advantages introduced by Software Defined Networking (SDN) and Network Function Virtualization (NFV) have the potential to reshape the landscape of cybersecurity for IoT systems. To this aim, we provide a comprehensive analysis of security features introduced by NFV and SDN, describing the manifold strategies able to monitor, protect, and react to IoT security threats. We also present lessons learned in the adoption of SDN/NFV-based protection approaches in IoT environments, comparing them with conventional security countermeasures. Finally, we deeply discuss the open challenges related to emerging SDN- and NFV-based security mechanisms, aiming to provide promising directives to conduct future research in this fervent area. IEEE
Article
This paper presents an intelligent honeypot that uses reinforcement learning to proactively engage with and learn from attacker interactions. It adapts its behaviour for automated malware to optimise the volume of data collected. Malware employs highly automated methods to create a global botnet. These automated methods are used to self-propagate and compromise hosts. Honeypots have been deployed to capture these automated interactions. Machine-learning techniques have previously been employed to retrospectively model botnet interactions. We develop a honeypot that uses reinforcement learning with a specific state action space formalism to interact with automated malware. It compares functionality with similar intelligent honeypots which target human interaction. It also demonstrates that datasets collected from an intelligent honeypot deployment are considerably larger than standard high interaction deployments and existing adaptive honeypots.
Article
Billions of Internet of Things (IoT) devices are expected to populate our environments and provide novel pervasive services by interconnecting the physical and digital world. However, the increased connectivity of everyday objects can open manifold security vectors for cybercriminals to perform malicious attacks. These threats are even augmented by the resource constraints and heterogeneity of low‐cost IoT devices, which make current host‐based and static perimeter‐oriented defense mechanisms unsuitable for dynamic IoT environments. Accounting for all these considerations, we reckon that the novel softwarization capabilities of Telco network can fully leverage its privileged position to provide the desired levels of security. To this aim, the emerging software‐defined networking (SDN) and network function virtualization (NFV) paradigms can introduce new security enablers able to increase the level of IoT systems protection. In this paper, we design a novel policy‐based framework aiming to exploit SDN/NFV‐based security features, by efficiently coupling with existing IoT security approaches. A proof of concept test bed has been developed to assess the feasibility of the proposed architecture. The presented performance evaluation illustrates the benefits of adopting SDN security mechanisms in integrated IoT environments and provides interesting insights in the policy enforcement process to drive future research.
Conference Paper
This article presents an innovative approach to address a rapidly evolving and polymorphic threat environment related to the emergence of the Internet of Things in the global Internet, with a focus on Cyber Physical Systems, Cloud architecture and SDN/NFV technologies. The article presents the view and methodological approach of ANASTACIA research project to address this evolution. ANASTACIA researches, develops and demonstrates a holistic solution enabling trust and security by-design for cyber physical systems (CPS) based on IoT and cloud architectures.
Article
Nowadays, mobile networks are complex sets of heterogeneous equipments that use proprietary management applications, resulting in a huge expenditure, a large effort and a time-consuming process to manage all network elements by means of currently manual or semi-automatical approaches. With the emergency of new technologies, such software-defined networking, network function virtualization, and cloud computing, the current configurable networks are capable of becoming programmable, which will facilitate advanced autonomous network management. This article presents capabilities of a novel framework proposed by the SELFNET project that enables highly autonomic management functionalities. It focuses on the proposed self-healing use case that can be applied to reactively or preventively deal with the detected or predicted network failures. The SELFNET can provide the upcoming 5G system: an autonomic management framework, which brings a remarkable reduction upon operational expenditure and a substantial improvement of quality-of-experience(QoE) in terms of reliability, availability, service continuity and security.
Chapter
In this chapter, we introduce transformation techniques which serve to further optimize OBDD representations. The optimization space in this framework goes far beyond the optimization space established by the optimization of the variable order.
Article
Governments, enterprises and research institutions have participated the research and development of cyber-physical systems (CPS). However, the development of cyber-physical systems will be restricted by security threats and vulnerabilities. We summarize security threats and to the cyber-physical systems to provide a theoretical reference for research on cyber-physical systems and to provide effective security measures. The architecture of cyber-physical systems is used to classify threats in the physical layer, network layer and application layer. This paper presents the security threats in the three layers. Then it lists the vulnerabilities of cyber-physical systems from the three aspects of management and policy, platform and network. Correspondingly, it also provides some security measures and recommendations for the security threats and vulnerabilities in each section.
Conference Paper
Several languages have been proposed for the task of describing networks of systems, either to help on managing, simulate or deploy testbeds for testing purposes. However, there is no one specifically designed to describe the honeynets, covering the specific characteristics in terms of applications and tools included in the honeypot systems that make the honeynet. In this paper, the requirements of honeynet description are studied and a survey of existing description languages is presented, concluding that a CIM (Common Information Model) match the basic requirements. Thus, a CIM like technology independent honeynet description language (TIHDL) is proposed. The language is defined being independent of the platform where the honeynet will be deployed later, and it can be translated, either using model-driven techniques or other translation mechanisms, into the description languages of honeynet deployment platforms and tools. This approach gives flexibility to allow the use of a combination of heterogeneous deployment platforms. Besides, a flexible virtual honeynet generation tool (HoneyGen) based on the approach and description language proposed and capable of deploying honeynets over VNX (Virtual Networks over LinuX) and Honeyd platforms is presented for validation purposes.
Article
Simulators for wireless sensor networks are a valuable tool for system development. However, current simulators can only simulate a single level of a system at once. This makes system development and evolution difficult since developers cannot use the same simulator for both high-level algorithm development and low-level development such as device-driver implementations. We propose cross-level simulation, a novel type of wireless sensor network simulation that enables holistic simultaneous simulation at different levels. We present an implementation of such a simulator, COOJA, a simulator for the Contiki sensor node operating system. COOJA allows for simultaneous simulation at the network level, the operating system level, and the machine code instruction set level. With COOJA, we show the feasibility of the cross-level simulation approach
Honeyio4: The construction of a virtual, low-interaction IoT honeypot
  • A G Manzanares
Network traffic analysis based IoT botnet detection using honeynet data applying classification techniques
  • M Banerjee
  • S Samantaray
ThingPot: An interactive Internet-of-Things honeypot
  • M Wang
  • J Santillan
  • F Kuipers
Mirai botnet detection and countermeasures
  • S Mamoru
  • N Masafumi
  • K Tadashi
  • K Minoru
  • S Yuji
SDN-based in-network honeypot: Preemptively disrupt and mislead attacks in IoT networks
  • H Lin