No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Virtual IoT HoneyNets to mitigate cyberattacks in SDN/NFV-enabled IoT networks
Abstract
As the IoT adoption is growing in several fields, cybersecurity attacks involving low-cost end-user devices are increasing accordingly, undermining the expected deployment of IoT solutions in a broad range of scenarios. To address this challenge, emerging Network Function Virtualization (NFV) and Software Defined Networking (SDN) technologies can introduce new security enablers, thereby endowing IoT systems and networks with higher degree of scalability and flexibility required to cope with the security of massive IoT deployments. In this sense, honeynets can be enhanced with SDN and NFV support, to be applied into IoT scenarios thereby strengthening the overall security. IoT honeynets are virtualized services simulating real IoT networks deployments, so that attackers can be distracted from the real target. In this paper, we present a novel mechanism leveraging SDN and NFV aimed to autonomously deploy and enforce IoT honeynets. The system follows a security policy-based approach that facilitates management, enforcement and orchestration of the honeynets and it has been successfully implemented and tested in the scope of H2020 EU project ANASTACIA, showing its feasibility to mitigate cyber-attacks.
... Among the various attacks, DDoS is the most harmful to the network as it exploits network bandwidth and resources. Techniques for DDoS attack detection and mitigation in SDN include machine learning-based classification of malicious traffic [12], entropy-based statistical methods [13], and rule-based approaches [14,15]. Researchers have also improved flow data collection to reduce channel overhead between the control plane and data plane. ...
... The throughput of the SDN-IoT network is measured in different scenarios with varying packet payloads, burst traffic, and attack nodes, and is presented in Fig. 11. The workload processed by the Ryu controller is also measured in different scenarios Table 10 Performance evaluation of network utilization in terms of smart home based on controller workload, CPU usage, network throughput and memory usage during attack scenario in SDN-IoT network is measured with varying number of attack nodes as 4,8,12,15,20 IoT nodes Packet Content courtesy of Springer Nature, terms of use apply. Rights reserved. ...
... The comparison is based on different network parameters, including SDN controller workload, attack detection time, and CPU utilization. Attack Scenario with Varying Attack Nodes There are different numbers of attack nodes in this experiment, including 4,8,12,15, and 20. The number of IoT nodes is kept constant at 30. ...
The IoT network is unique due to heterogeneous IoT nodes and resource-constrained devices; the approach for securing IoT networks needs to be different from the security measures implemented for traditional network communication. In IoT networks, various security vulnerabilities are exploited by an attacker to generate a variety of DDoS attacks. In this paper, the authors propose a unique approach for securing IoT networks using an SDN-enabled framework that incorporates a dynamic counter-based approach and deep learning models. The aim is to detect and mitigate various security vulnerabilities that attackers exploit to generate DDoS attacks in IoT networks. Specifically, the proposed framework is tested using the CICDDoS2019 dataset to identify reflection attacks and exploitation attacks in TCP, UDP, and ICMP. The framework is also analyzed by varying network parameters such as the number of IoT attack nodes and payload to measure the performance of the SDN controller workload, CPU utilization, and attack detection time. The experimental results demonstrate that the proposed framework can efficiently detect and mitigate DDoS attacks while utilizing CPU resources effectively and in a shorter time compared to existing approaches.
... In [45], the authors introduce the concept of virtual IoT honeynets as a strategy for countering cyberattacks in softwarized IoT networks. Enhanced with SDN and NFV support, honeynets operate as virtualized services, replicating real IoT network configurations to divert potential attackers away from actual targets. ...
... It is important to recall that the combination with NFV enhances these benefits, especially for security purposes. Both technologies make it possible to achieve high IoT network security by facilitating the setting of user-defined security policies and global policies, and ensuring the efficient deployment of network security services [45] [46] [48]. ...
The Internet of Things (IoT) is an emerging technology that aims to connect heterogeneous and constrained objects to each other and to the Internet. It has grown significantly in a wide variety of applications such as smart homes, smart cities, smart vehicles, etc. The huge number of connected devices increases the challenges, as IoT provides diverse and complex network services with different requirements on a common infrastructure. Network Softwarization is the latest network paradigm that transforms traditional network processes to the separation of hardware and software by using some enabling network technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV). Machine Learning (ML) plays an essential role in creating smarter IoT networks, as it has shown remarkable results in various domains. Given that the network softwarization allows it to be easily integrated, ML can play a crucial role in efficient and self-adaptive IoT networks. In this paper, we provide a detailed overview of the concepts of IoT, network softwarization, and ML, and we study and discuss the state of the art of intelligent ML-enabled network softwarization for IoT. We also identify the most prominent future research directions to be considered.
... Following the framework [24] evolution, the work of [28] brings a new approach to mitigating attacks on IoT network through the automated implementation of honeynets based on VNFs. The approach is about the creation of network virtualized IoT devices (vIoTHoneynet) without any function so that, upon detection of an attack, traffic is redirected to vIoTHoneynet through updated rules in SDN controller. ...
... In order to compose a realistic IoT network scenario that would match the performance indicators considered in Section III, we created a new data set 2 composed from two [33], [23], [30], [29], [26], [25], [32], [27], [31], [28] RAM BoT-IoT data set [17] Size of processed packets (Bytes) Application ports Packet rates existing ones. Table V summarizes the indicators and their origins. ...
The Internet of Things (IoT) has undergone rapid popularization, reaching a wide range of application domains, such as manufactures. Hence, more and more heterogeneous IoT devices have been deployed in a variety of industrial environments, progressively becoming common objects to the supply chain. The physical infrastructure of manufacturing systems has become complex and requires efficient and dynamic solutions for managing network performance and security. Network Function Virtualization (NFV) has attracted attention when the intention is to respond to security threats on Industrial IoT (IIoT). Few works use NFV to detect and mitigate security threats on IIoT networks, but even less consider performance indicators of the network context when placing the Virtual Network Functions (VNFs). Thus, this work introduces a Machine Learning (ML) approach to place security VNFs based on NFV performance to mitigate Distributed Denial of Service (DDoS) attacks on IIoT. Experiments considering a new composed data set and diverse ML techniques show ML classification as an alternative for IIoT scenarios, achieving, according to the best-performing technique, 99.40% of accuracy in relation to the ideal placement. To facilitate the reproduction of the work, all the code and data produced are publicly available.
... In addition the growth of IoT in the recent years has promoted the development of Federated Security a concept addressing security challenges in the IoT domain. Applications in the domain include user authenticaiton [49], intrusion detection systems (IDS) [50], malware detection [51], data collaboration [52], security through honeynets [53] and a plethora of various applications to ensure security and privacy. Fig. 13 illustrates the taxonomy and challenges that need to be addressed in a federated intrusion detection system such as the one presented in [50]. ...
Federated Learning has emerged as a revolutionary technology in Machine Learning (ML), enabling collaborative training of models in a distributed environment while ensuring privacy and security. This work discusses the topic of FL by providing insights into its various dimensions, perspectives, and components, leading to a comprehensive understanding of the technology. The survey begins by introducing the basic principles of FL and provides a high-level taxonomy of its methods. It continues by presenting application domains and associating challenges, categories and their applications. This mapping allows for an understanding of how particular challenges manifest in different contexts and applications. The main body delves into the various aspects of FL, including centralized and decentralized variants, methods for improving efficiency and effectiveness, and concerns regarding security, privacy, dynamic conditions, fairness, scalability and integration with other new technologies. Ultimately, the goal is to present recent advancements in these areas, along with new challenges and opportunities for future exploration. FL is poised to reshape the landscape of intelligent systems while promoting data privacy in decentralized and collaborative learning. Finally, this survey can serve as a reference point for methodological improvements as it highlights the strengths and weaknesses of existing approaches.
... By leveraging these advanced algorithms, IDSs can learn from past data, identify patterns, and make accurate predictions about potential attacks. This shift towards ML and deep learning has opened up new possibilities in terms of the accuracy, efficiency, and adaptability of IDSs [8], [9]. The overarching goal of research in this area is to develop robust and effective security systems that can proactively identify and mitigate threats in real-time [10]. ...
As cyberspace has emerged, security in all the domains like networks, cloud, and databases has become a greater concern in real-time distributed systems. Existing systems for detecting intrusions (IDS) are having challenges coping with constantly changing threats. The proposed model, DR-DBMS (dimensionality reduction in database management systems), creates a unique strategy that combines supervised machine learning algorithms, dimensionality reduction approaches and advanced rule-based classifiers to improve intrusion detection accuracy in terms of different types of attacks. According to simulation results, the DR-DBMS system detected the intrusion attack in 0.07 seconds and with a smaller number of features using the dimensionality reduction and feature selection techniques efficiently.
... The planned intelligent platform includes a monitoring agent and a response agent which distinguishes network traffic patterns using ML models in IoT. The detection rate of anomalies was encouraging [49,50]. ...
... The IoT devices are classified as easily patchable or non-patchable, vulnerable or hard-to-exploit, and a proactive defense mechanism is provided by changing the attack surface in case the device is vulnerable and non-patchable. The features of SDN are exploited to provide a honeypot as a service by steering the traffic through Virtualized Functions (VF) as proposed in [31]. The honeypot acts as a proactive as well as a reactive defense mechanism against attacks. ...
Group management is practiced to deploy access control and to ease multicast and broadcast communication. However, the devices that constitute the Internet of Things (IoT) are resource-constrained, and the network of IoT is heterogeneous with variable topologies interconnected. Hence, to tackle heterogeneity, SDN-aided centralized group management as a service framework is proposed to provide a global network perspective and administration. Group management as a service includes a group key management function, which can be either centralized or decentralized. Decentralized approaches use complex cryptographic primitives, making centralized techniques the optimal option for the IoT ecosystem. It is also necessary to use a safe, scalable approach that addresses dynamic membership changes with minimal overhead to provide a centralized group key management service. A group key management strategy called a one-way Function Tree (OFT) was put forth to lower communication costs in sizable dynamic groups. The technique, however, is vulnerable to collusion attacks in which an appending and withdrawing device colludes and conspires to obtain unauthorized keys for an unauthorized timeline. Several collusion-deprived improvements to the OFT method are suggested; however, they come at an increased cost for both communication and computation. The Modified One-Way Function Tree (MOFT), a novel technique, is suggested in this proposed work. The collusion resistance of the proposed MOFT system was demonstrated via security analysis. According to performance studies, MOFT lowers communication costs when compared to the original OFT scheme. In comparison to the OFT’s collusion-deprived upgrades, the computation cost is smaller.
... In this research, the au thors proposed a unique mechanism that uses SDN and NFV to build and enforce IoT honeynets autonomously. It demonstrates t hat it is possible to protect against cyber-attacks [18]. This work addresses this challenge by proposing a novel data driven IoT/ I IoT dataset with ground truth that includes a label feature showing normal and attack classes, along with type feature indicating sub-classes of attacks targeting IoT/IIoT applications for multi-classification problems. ...
... Today's technologies, such as SDN and NFV, get deployed in an environment where the carriers are more convinced of their CapEx and OpEx expenses in creating services that benefit virtualized networking [12]. Recent CSPs provide smoother interoperability through vCloud NFV [13]. It reaps the benefits of an open-source cloud community by instantiating OpenStack functions at the VIM layer. ...
Network Function Virtualization (NFV) is an approach to virtualizing network services that traditionally run on proprietary hardware, such as firewalls, routers, and load balancers. The NFV cloud is a data center network built to host, deploy, and service Virtual Network Functions (VNFs). Currently, the Virtualized Infrastructure Manager (VIM) spends much time in auto interoperability test sessions to initiate new network services. Hence, auto lifecycle management has become an underlying concern for NFV automation. We implemented a Zero Touch Management Provisioning (ZTMP) algorithm with the following strategies: 1) VNF onboarding through cloud-native DevOps automation 2) vCloud NFV network for performing zero-touch operations 3) Auto-provisioning of policy-based lifecycle management for ZTMP PoD deployment. NFV networks delivered their infrastructure components (Compute, Network, and Storage) in 5.8 minutes compared to the current operational parsing time. The key performance indicator measures the performance of VNFs, where the agility of software-based networks is increased to 87.44% through the dynamic orchestration of network services. There is an uplift in operational time and a decrease in time consumption in legacy networks due to ZTMP.
... Production honeypots can also operate alongside their real counterpart, serving as a "jail" by reactively switching the connection to the honeypot. Zarca et al. [15] demonstrated this idea by using software-defined networking (SDN) to redirect flows to virtual versions of IoT devices by a security orchestrator after the initial compromise. ...
Honeypots are utilized as defensive tools within a monitored environment to engage attackers and gather artifacts for the development of indicators of compromise. However, once these honeypots are deployed, they are rarely updated, making them obsolete and easier to fingerprint as time passes. Furthermore, using fully functional computing and networking devices as honeypots presents the risk of an attacker breaking out from the controlled environment. Large-scale text-generating models, commonly referred to as Large Language Models (LLMs), have seen wide implementation using generative-pretrained transformer (GPT) models. These models have seen an explosion in popularity and have been tuned for various use cases. This paper investigates the use of these models to simulate honeypots that are adaptive to threat engagement without the risk of unintended breakouts. This investigation finds that the method these models use to generate output has limitations that can reveal the deception to a dedicated attacker in extended sessions. To overcome this challenge, this paper presents a method to manage the inputs and outputs to reduce non-deterministic output and token usage of a model generating text in a way that simulates a terminal. An example honeypot is evaluated against a traditional low-risk honeypot, Cowrie, where greater similarity to an actual machine for single commands is achieved. Furthermore, in several multi-step attack scenarios, the proposed architecture reduced the token usage by up to 77% when compared to a baseline scenario that did not manage the inputs to and outputs from an example model. A discussion on the utilization of LLMs for cyber deception, as well as the limitations hindering their broader adoption indicates that LLMs exhibit promise for cyber deception but necessitate further research before achieving widespread implementation.
... On the other hand, silicon PUFs have been widely adopted and utilized in a number of applications. It is fabricated and integrated as silicon [48]-based circuits and considered as a class of PUF, while its subclass is considered as an electronic PUF. ...
This research paper introduces a novel paradigm that synergizes innovative algorithms, namely efficient data encryption, the Quondam Signature Algorithm (QSA), and federated learning, to effectively counteract random attacks targeting Internet of Things (IoT) systems. The incorporation of federated learning not only fosters continuous learning but also upholds data privacy, bolsters security measures, and provides a robust defence mechanism against evolving threats. The Quondam Signature Algorithm (QSA) emerges as a formidable solution, adept at mitigating vulnerabilities linked to man-in-the-middle attacks. Remarkably, the QSA algorithm achieves noteworthy cost savings in IoT communication by optimizing communication bit requirements. By seamlessly integrating federated learning, IoT systems attain the ability to harmoniously aggregate and analyse data from an array of devices while zealously guarding data privacy. The decentralized approach of federated learning orchestrates local machine-learning model training on individual devices, subsequently amalgamating these models into a global one. Such a mechanism not only nurtures data privacy but also empowers the system to harness diverse data sources, enhancing its analytical capabilities. A thorough comparative analysis scrutinizes varied cost-in-communication schemes, meticulously weighing both encryption and federated learning facets. The proposed approach shines by virtue of its optimization of time complexity through the synergy of offline phase computations and online phase signature generation, hinged on an elliptic curve digital signature algorithm-based online/offline scheme. In contrast, the Slow Block Move (SBM) scheme lags behind, necessitating over 25 rounds, 1500 signature generations, and an equal number of verifications. The proposed scheme, fortified by its marriage of federated learning and efficient encryption techniques, emerges as an embodiment of improved efficiency and reduced communication costs. The culmination of this research underscores the intrinsic benefits of the proposed approach: marked reduction in communication costs, elevated analytical prowess, and heightened resilience against the spectrum of attacks that IoT systems confront.
... Moreover, the SDN controller delivers visibility into the entire network, providing a more comprehensive picture of security concerns and becoming a practical means of deploying modern cyber threat detection solutions. In fact, the potential applications of SDN in cybersecurity solutions have been shown on [13,14,15]. Moreover, there have also been many studies [16,17,18] that have already succeeded in leveraging this aspect of SDN and FL methods to detect cyber attacks. ...
Advanced Persistent Threat (APT) attacks are highly sophisticated and employ a multitude of advanced methods and techniques to target organizations and steal sensitive and confidential information. APT attacks consist of multiple stages and have a defined strategy, utilizing new and innovative techniques and technologies developed by hackers to evade security software monitoring. To effectively protect against APTs, detecting and predicting APT indicators with an explanation from Machine Learning (ML) prediction is crucial to reveal the characteristics of attackers lurking in the network system. Meanwhile, Federated Learning (FL) has emerged as a promising approach for building intelligent applications without compromising privacy. This is particularly important in cybersecurity, where sensitive data and high-quality labeling play a critical role in constructing effective machine learning models for detecting cyber threats. Therefore, this work proposes XFedHunter, an explainable federated learning framework for APT detection in Software-Defined Networking (SDN) leveraging local cyber threat knowledge from many training collaborators. In XFedHunter, Graph Neural Network (GNN) and Deep Learning model are utilized to reveal the malicious events effectively in the large number of normal ones in the network system. The experimental results on NF-ToN-IoT and DARPA TCE3 datasets indicate that our framework can enhance the trust and accountability of ML-based systems utilized for cybersecurity purposes without privacy leakage.
... We down selected articles to a final sample of 23 (Table 2) in total or 16 unique articles. Notably, four articles [46,53,34,47] appear in multiple categories. Overall, the inclusion criteria consisted of a publication date in the range of 2018 to 2022, available PDF or text of the paper downloadable, and a demonstrated implementation of associated keywords. ...
Cyber threats, such as advanced persistent threats (APTs), ransomware, and zero-day exploits, are rapidly evolving and demand improved security measures. Honeypots and honeynets, as deceptive systems, offer valuable insights into attacker behavior, helping researchers and practitioners develop innovative defense strategies and enhance detection mechanisms. However, their deployment involves significant maintenance and overhead expenses. At the same time, the complexity of modern computing has prompted the rise of autonomic computing, aiming for systems that can operate without human intervention. Recent honeypot and honeynet research claims to incorporate autonomic computing principles, often using terms like adaptive, dynamic, intelligent, and learning. This study investigates such claims by measuring the extent to which autonomic principles principles are expressed in honeypot and honeynet literature. The findings reveal that autonomic computing keywords are present in the literature sample, suggesting an evolution from self-adaptation to autonomic computing implementations. Yet, despite these findings, the analysis also shows low frequencies of self-configuration, self-healing, and self-protection keywords. Interestingly, self-optimization appeared prominently in the literature. While this study presents a foundation for the convergence of autonomic computing and deceptive systems, future research could explore technical implementations in sample articles and test them for autonomic behavior. Additionally, investigations into the design and implementation of individual autonomic computing principles in honeypots and determining the necessary ratio of these principles for a system to exhibit autonomic behavior could provide valuable insights for both researchers and practitioners.
... With the development of the Artificial Intelligence of Things (AIoT), massive devices are deployed at the edge of the network to provide support for various applications [1,2]. However, the increasing number of AIoT devices at the edge layer brings serious challenges to the traditional access network architecture. ...
The increasing number of Artificial Intelligence of Things (AIoT) devices at the edge layer brings serious challenges to the traditional access network architecture, which results in a decrease in data transmission due to different QoS requirements. To improve the QoS of the URLLC service and mMTC service in the AIoT, a Hybrid Services Collaborative Resource Scheduling Strategy (HSCRS) is proposed. First, a multi-layer collaborative resource scheduling framework for the AIoT hybrid services is designed based on the F-RAN. Then, a throughput weighting model for hybrid services is constructed to analyze the throughput characteristics of mMTC service and URLLC service. Furthermore, a sub-channel allocation and power control method is designed to solve the resource scheduling strategy of hybrid services. Experimental results show that the proposed method can largely improve the network throughput performance.
... There has been considerable research on using honeypots [34,35] to deceive the attackers. Many open-source or commercial honeypots have been deployed, especially for computer network services such as honeyd [36] and nepenthes [37], etc. ...
As IoT devices are becoming widely deployed, there exist many threats to IoT-based systems due to their inherent vulnerabilities. One effective approach to improving IoT security is to deploy IoT honeypot systems, which can collect attack information and reveal the methods and strategies used by attackers. However, building high-interaction IoT honeypots is challenging due to the heterogeneity of IoT devices. Vulnerabilities in IoT devices typically depend on specific device types or firmware versions, which encourages attackers to perform pre-attack checks to gather device information before launching attacks. Moreover, conventional honeypots are easily detected because their replying logic differs from that of the IoT devices they try to mimic. To address these problems, we develop an adaptive high-interaction honeypot for IoT devices, called HoneyIoT. We first build a real device based attack trace collection system to learn how attackers interact with IoT devices. We then model the attack behavior through markov decision process and leverage reinforcement learning techniques to learn the best responses to engage attackers based on the attack trace. We also use differential analysis techniques to mutate response values in some fields to generate high-fidelity responses. HoneyIoT has been deployed on the public Internet. Experimental results show that HoneyIoT can effectively bypass the pre-attack checks and mislead the attackers into uploading malware. Furthermore, HoneyIoT is covert against widely used reconnaissance and honeypot detection tools.
... Another source based blocking technique for mitigation was used by Cui et al. (2016) , which identified the attack source dynamically using SDN backtracking and dropped the flows from the backtracked attack source. Another article ( Zarca et al., 2020 ) suggested policy based filtering of packets in the network. Wei et al. in Lei Wei (2015) proposed rate limiting of flows based on the past behavior of the users. ...
... XL-SIEM and policy editor mechanism to analyze and monitor. 110 ...
As an emerging technology, blockchain (BC) has been playing a promising role in today's software‐defined networking (SDN)‐enabled Internet of Things (IoT) applications. Because of the salient feature of the network function virtualization (NFV) techniques, SDN can ensure an IoT system runs efficiently and smoothly in a cloud‐driven ecosystem. When cloud‐enabled systems encounter immense security and operational challenges caused mainly by third‐party dependency, large‐scale data communication, and maintenance, BC offers effective and robust data transfer solutions without incorporating intermediaries over the distributed network. With the increased SDN‐BC convergence in the IoT domain, the underlying challenges and perspectives deserve proper attention methodically and structurally. From the motivation of addressing such issues, this study provides necessary insights to combine those for successful plug‐and‐play. Therefore, the study includes purposefully investigating current state‐of‐the‐art to extract the research trends, future directions, and perspectives in this domain. This study provides a comprehensive survey of IoT, SDN, NFV, and BC‐enabled emerging technologies. More importantly, the authors intelligently integrated the four different technologies—IoT, SDN, BC, and NFV based on characteristics, scopes, challenges, taxonomies, and tables in numerous areas. Initially, the authors introduce the SDN‐IoT ecosystem in brief and address the features and applications. We took a close look at the SDN's overall taxonomy based on security, environment, scopes, and challenges. We also briefly describe the integration of SDN‐IoT with the NFV ecosystems. Moreover, we review the prospect of BC technology from security perspectives, its extent, challenges of practical implementation, and the possible integration of IoT regarding smart applications. Finally, this study highlights several future directions based on these technologies.
... The most harmful attack on a network that can exploit the network bandwidth and resources is DDoS. Techniques for DDoS attack detection and mitigation in SDN include applying machine learning-based classification of malicious traffic [12], entropy-based statistical method [13] and rule-based approach are used in [14] [15]. Additionally, a small number of researchers improved flow data collecting to reduce the channel overhead between the control plane and data plane. ...
The IoT network is unique due to heterogeneous IoT nodes and resource-constrained devices; the approach for securing IoT networks needs to be different from the security measures implemented for traditional network communication. In IoT networks, various security vulnera-bilities are exploited by an attacker to generate a variety of DDoS attacks. In this paper, a SDN enabled secure framework is designed using a dynamic counter-based approach and deep learning models to detect and mitigate occurrences of malicious network attacks over SDN-IoT framework with CICDDoS2019 dataset. This framework is used to detect types of DDoS attacks namely reflection attacks and exploitation attacks in TCP, UDP and ICMP. Also, this framework is tested and analyzed by varying network parameters such as number of IoT attack nodes and payload to measure performance of SDN controller workload, CPU utilization, and attack detection time to analyze above types of DDoS attacks. The experimental analysis of the framework helps to detect and mitigate by identifying the above type of DDoS attacks efficiently in lesser time by utilizing CPU effectively.
The idea behind the Internet of Things (IoT) is to connect everything, including laptops, smartphones, sensors, and other devices, to the Internet. To build an autonomous environment without human intervention. This novel network was used in several industries, including smart homes, smart cities, healthcare, etc. For this reason, IoT networks are growing in infrastructure. As a result, the administration of this vast array of linked devices and produced data becomes more complicated. Thus, a new elastic mechanism is required for this dynamic and rapid evolution in configuration, control, management, etc. Network Function Virtualization (NFV) and Software Defined Networking (SDN) have become essential points in scientific research to overcome IoT challenges such as security, heterogeneity, energy efficiency, interoperability, and more. These two approaches have proven their efficiency in adapting to dynamic and evolving networks. SDN reduces network latency by up to 30% and increases device scalability by 40%. At the same time, NFV optimizes resource allocation, achieving up to a 35% reduction in energy consumption and a 20% decrease in operational costs through virtualized infrastructure. In this review, we systematically analyze solutions designed for IoT systems by developing a state-of-the-art for NFV and SDN and thoroughly researching the various problems that IoT will face. Thus, we compare SDN- and NFV-based IoT solutions to overcome these challenges. Lastly, we will discuss the different obstacles that can lower the performance of SDN/NFV applications on the IoT. The contribution of this review lies in its systematic evaluation and comparison of current NFV and SDN approaches, providing valuable insights and paving the way for future research to enhance the integration and management of IoT systems.
In this paper, cyber-attacks in IOT-WSN are detected through proposed optimized-Neural Network algorithms such as (i) Equilibrium Optimizer Neural Network (EO-NN), (ii) Particle Swarm Optimization (PSO-NN), (iii) Single Candidate Optimizer Neural Network (SCO-NN) and (iv) Single Candidate Optimizer Long Short-Term Memory (SCO-LSTM) with different connecting, hidden neural network layers and threat intelligence data. The proposed algorithms detect the attacker node, which frequently changes the behaviour such as attacker node/ normal node. Existing IDS system detects the attacks in WSN and unable to detect the changing behavior attacker nodes in IOT-WSN. The behaviour of attacker node changes from normal behaviour to attacker behaviour due to nodes connected to internet continuously. The classification accuracy rates of proposed SCO-LSTM algorithm without and with threat intelligence are about 99.7% and 99.89%, respectively.
Pervasive Computing has become more personal with the widespread adoption of the Internet of Things(IoT) in our day-to-day lives. The emerging domain that encompasses devices, sensors, storage, and computing of personal use and surroundings leads to Personal IoT(PIoT). PIoT offers users high levels of personalization, automation, and convenience. This proliferation of PIoT technology has extended into society, social engagement, and the interconnectivity of PIoT objects, resulting in the emergence of the Social Internet of Things (SIoT). The combination of PIoT and SIoT has spurred the need for autonomous learning, comprehension, and understanding of both the physical and social worlds. Current research on PIoT is dedicated to enabling seamless communication among devices, striking a balance between observation, sensing, and perceiving the extended physical and social environment, and facilitating information exchange. Furthermore, the virtualization of independent learning from the social environment has given rise to Artificial Social Intelligence (ASI) in PIoT systems. However, autonomous data communication between different nodes within a social setup presents various resource management challenges that require careful consideration. This paper provides a comprehensive review of the evolving domains of PIoT, SIoT, and ASI. Moreover, the paper offers insightful modeling and a case study exploring the role of PIoT in post-COVID scenarios. This study contributes to a deeper understanding of the intricacies of PIoT and its various dimensions, paving the way for further advancements in this transformative field.
With the emergence of various attack techniques, defending against malicious behavior and attacks is very important for industrial control systems. Unlike defenses such as firewalls, intrusion detection, and anti-virus software, honeynet is a more proactive and deceptive defense. This paper addresses the specific design and implementation challenges of honeynets by proposing an innovative approach that leverages a dynamic Human-Machine Interface (HMI) interface for virtual honeypots. This approach enables active trapping of attackers and enhances the overall effectiveness of the honeynet. Additionally, the paper introduces a realistic and dynamic physical process simulation to enhance the functionality of physical honeypots within the honeynet. To achieve dynamic configuration of the honeypots, an online prediction model based on the Follow-the-Regularized-Leader (FTRL) algorithm is presented. The proposed solution is evaluated through the deployment and testing of a high interaction hybrid honeypot system called Baggage Handling System (BHS). The experimental results demonstrate that the honeynet presented in this paper exhibits exceptional concealment, camouflage capability, and interaction capability, while maintaining a high level of cost effectiveness.
The prevalence of Artificial Intelligence and Multi-access Mobile Edge Computing (MMEC) technologies has laid a solid foundation for next-generation Internet of Things (IoT) applications, e.g., industrial automation and smart healthcare fields. However, the explosive data and ubiquitous services significantly exacerbate the consumption and unreliability of constrained edge resources. In this paper, we investigate a joint resource orchestration problem for IoT-MMEC networks with different service performances. We first develop an identifier space mapping model to represent the matching relationship between access attributes and space resources, which respectively denote the computing task description and the set of allocated resources. To obtain an optimal resource partition policy for dependable and low-budget auxiliary calculation, we formulate a mixed- integer nonlinear programming problem. Then, we devise an identifier-driven resource orchestration scheme, which decouples the problem into computation offloading and resource allocation subproblems. Based on the expected utility function theory and access attributes, we apply a mixed deep neural network inference model to infer the offloading location, for realizing the resource supply-demand balance. To derive the optimal resource allocation scheme, we exploit the quantum genetic algorithm and multi-path offloading factor, which can explore a large search space to find potential solutions while exploiting the best solutions. Finally, the experimental simulations validate our theoretical analysis, and the results indicate that the proposed scheme can achieve lower consumption and enhance offloading reliability.
Agriculture Internet of Things (AIoTs) deployments require design of high-efficiency Quality of Service (QoS) & security models that can provide stable network performance even under large-scale communication requests. Existing security models that use blockchains are either highly complex or require large delays & have higher energy consumption for larger networks. Moreover, the efficiency of these models depends directly on consensus-efficiency & miner-efficiency, which restricts their scalability under real-time scenarios. To overcome these limitations, this study proposes the design of an efficient Q-Learning bioinspired model for enhancing QoS of AIoT deployments via customized shards. The model initially collects temporal information about the deployed AIoT Nodes, and continuously updates individual recurring trust metrics. These trust metrics are used by a Q-Learning process for identification of miners that can participate in the block-addition process. The blocks are added via a novel Proof-of-Performance (PoP) based consensus model, which uses a dynamic consensus function that is based on temporal performance of miner nodes. The PoP consensus is facilitated via customized shards, wherein each shard is deployed based on its context of deployment, that decides the shard-length, hashing model used for the shard, and encryption technique used by these shards. This is facilitated by a Mayfly Optimization (MO) Model that uses PoP scores for selecting shard configurations. These shards are further segregated into smaller shards via a Bacterial Foraging Optimization (BFO) Model, which assists in identification of optimal shard length for underlying deployment contexts. Due to these optimizations, the model is able to improve the speed of mining by 4.5%, while reducing energy needed for mining by 10.4%, improving the throughput during AIoT communications by 8.3%, and improving the packet delivery consistency by 2.5% when compared with existing blockchain-based AIoT deployment models under similar scenarios. This performance was observed to be consistent even under large-scale attacks.
As a promising architecture of next‐generation network, software defined‐information centric network (SD‐ICN) inherits the advantages of software defined network (SDN) and information‐centric network (ICN) to enable flexible and fast content retrieval, especially in the current era of artificial intelligence. However, the existing researches mainly focus on a single respective in this field, which motivates in comprehensively providing a forward‐looking guidance and development direction for scholars and engineers. To this end, the latest developments of SD‐ICN is presented. First, the widely‐accepted concepts and impacts on traditional networks are introduced. Second, the shortcomings of SDN and ICN over conventional networks are respectively analyzed to illustrate the necessity of SD‐ICN. Third, based on extensive analysis and deep deliberation, a methodical taxonomy for existing combination studies is proposed. They are divided into SDN over ICN, ICN over SDN, and mutual immersive pattern. Fourth, the performances of three integration categories are compared and the limitations of related works are highlighted. Fifth, the maturity index from six development indicators are evaluated. Further, the maturity and practicality of these schemes are generalized. Based on the above studies and comparisons, the lessons learned by SDN and ICN developments are concluded. Finally, future research directions and opportunities are discussed for the readers.
The proliferation of unmanned aerial vehicles (UAVs) opens up new opportunities for on-demand service provision anywhere and anytime, but also exposes UAVs to a variety of cyber threats. Low/medium interaction honeypots offer a promising lightweight defense for actively protecting mobile Internet of things, particularly UAV networks. While previous research has primarily focused on honeypot system design and attack pattern recognition, the incentive issue for motivating UAV’s participation (e.g., sharing trapped attack data in honeypots) to collaboratively resist distributed and sophisticated attacks remains unexplored. This paper proposes a novel game-theoretical collaborative defense approach to address optimal, fair, and feasible incentive design, in the presence of network dynamics and UAVs’ multi-dimensional private information (e.g., valid defense data (VDD) volume, communication delay, and UAV cost). Specifically, we first develop a honeypot game between UAVs and the network operator under both partial and complete information asymmetry scenarios. The optimal VDD-reward contract design problem with partial information asymmetry is then solved using a contract-theoretic approach that ensures budget feasibility, truthfulness, fairness, and computational efficiency. In addition, under complete information asymmetry, we devise a distributed reinforcement learning algorithm to dynamically design optimal contracts for distinct types of UAVs in the time-varying UAV network. Extensive simulations demonstrate that the proposed scheme can motivate UAV’s cooperation in VDD sharing and improve defensive effectiveness, compared with conventional schemes.
The size and complexity of modern computer networks are progressively increasing, as a consequence of novel architectural paradigms such as the Internet of Things and network virtualization. Consequently, a manual orchestration and configuration of network security functions is no more feasible, in an environment where cyber attacks can dramatically exploit breaches related to any minimum configuration error. A new frontier is then the introduction of automation in network security configuration, i.e., automatically designing the architecture of security services and the configurations of network security functions, such as firewalls, VPN gateways, etc. This opportunity has been enabled by modern computer networks technologies, such as virtualization. In view of these considerations, the motivations for the introduction of automation in network security configuration are first introduced, alongside with the key automation enablers. Then, the current state of the art in this context is surveyed, focusing on both the achieved improvements and the current limitations. Finally, possible future trends in the field are illustrated.
The dawn of softwarized networks enables Network Slicing (NS) as an important technology towards allocating end-to-end logical networks to facilitate diverse requirements of emerging applications in fifth-generation (5G) mobile networks. However, the emergence of NS also exposes novel security and privacy challenges, primarily related to aspects such as NS life-cycle security, inter-slice security, intra-slice security, slice broker security, zero-touch network and management security, and blockchain security. Hence, enhancing NS security, privacy, and trust has become a key research area toward realizing the true capabilities of 5G. This paper presents a comprehensive and up-to-date survey on NS security. The paper articulates a taxonomy for NS security and privacy, laying the structure for the survey. Accordingly, the paper presents key attack scenarios specific to NS-enabled networks. Furthermore, the paper explores NS security threats, challenges, and issues while elaborating on NS security solutions available in the literature. In addition, NS trust and privacy aspects, along with possible solutions, are explained. The paper also highlights future research directions in NS security and privacy. It is envisaged that this survey will concentrate on existing research work, highlight research gaps and shed light on future research, development, and standardization work to realize secure NS in 5G and beyond mobile communication networks.
This publication is a Science for Policy report by the Joint Research Centre (JRC), the European Commission’s science and knowledge service. It aims to provide evidence-based scientific support to the European policymaking process.
With the rise of the Internet of Things (IoT), tiny devices capable of computation and data transmission are being deployed across various technological domains. Due to the wide deployment of these devices, manual setup and management are infeasible and inefficient. To address this inefficiency, intelligent procedures must be established to enable autonomy that allows devices and networks to operate efficiently with minimal human intervention. In the traditional client-server paradigm, autonomic computing has been proven effective in minimising user intervention in computer systems management and will benefit IoT networks. However, IoT networks tend to be heterogeneous, distributed and resource-constrained, mandating the need for new approaches to implement autonomic principles compared to traditional approaches. We begin by introducing the basic principles of autonomic computing and its significance in IoT. We then discuss the self-* paradigm and MAPE loop from an IoT perspective, followed by recent works in IoT and key enabling technologies for enabling autonomic properties in IoT. Based on the self-* paradigm and MAPE loop analysis from the existing literature, we propose a set of qualitative characteristics for evaluating the autonomy of the IoT network. Lastly, we provide a comprehensive list of challenges associated with achieving autonomic IoT and directions for future research.
With the development of telecommunication technologies and the proliferation of network applications in the past decades, the traditional cloud network architecture becomes unable to accommodate such demands due to the heavy burden on the backhaul links and long latency. Therefore, edge computing, which brings network functions close to end-users by providing caching, computing and communication resources at network edges, turns into a promising paradigm. Benefit from its nature, edge computing enables emerging scenarios and use cases like Augmented Reality (AR) and Internet of Things (IowT). However, it also creates complexities to efficiently orchestrate heterogeneous services and manage distributed resources in the edge network. In this survey, we make a comprehensive review of the research efforts on service orchestration and resource management for edge computing. We first give an overview of edge computing, including architectures, advantages, enabling technologies and standardization. Next, a comprehensive survey of state-of-the-art techniques in the management and orchestration of edge computing is presented. Subsequently, the state-of-the-art research on the infrastructure of edge computing is discussed in various aspects. Finally, open research challenges and future directions are presented as well.
In software‐defined networking (SDN), the controller relies on the information collected from the data plane for route planning, load balancing, and other functions. Statistics information is the most important kind of information among them, so the correctness of statistics information is the key to the proper operation of the network. Most of the current research on data plane focuses on policy consistency, rule redundancy, forwarding anomalies, and so on, and little attention is paid to whether the statistics information uploaded by the switches to the controller is correct. However, incorrect statistics information inevitably leads the controller to make wrong decisions. Therefore, this paper proposes an audit‐based malicious information correction mechanism to address the problem of wrong statistics information uploaded by the switches. This mechanism audits the statistics information and locates malicious switches before uploading the statistics information to the controller. It identifies and corrects the statistics information errors by combining flow path and statistics information. We have performed simulations on Nsfnet, Abilene, and Fat‐Tree, and the results show that our method can correct about 70% of the statistical information errors with less computational cost. To the best of our knowledge, this paper is the first malicious statistics information correction scheme for wildcard rules. Incorrect statistics information will inevitably lead controllers to make wrong decisions, which has been mostly ignored in current research. To address this problem, this paper proposes an audit‐based malicious information correction mechanism. This mechanism can audit and correct the statistics information before it reaches the controller and discover malicious switches.
Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios.
In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens' privacy while keeping usability levels.
The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects.
Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project's overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project.
The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS.
Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects.
The increase of Software Defined Networks (SDN) and Network Function Virtualization (NFV) technologies is bringing many security management benefits that can be exploited at the edge of Internet of Things (IoT) networks to deal with cyber-threats. In this sense, this paper presents and evaluates a novel policy-based and cyber-situational awareness security framework for continuous and dynamic management of Authentication, Authorization, Accounting (AAA) as well as Channel Protection virtual security functions in IoT networks enabled with SDN/NFV. The virtual AAA, including network authenticators, are deployed as VNF (Virtual Network Function) dynamically at the edge, in order to enable scalable device’s bootstrapping and managing the access control of IoT devices to the network. In addition, our solution allows distributing dynamically the necessary crypto-keys for IoT Machine to Machine (M2M) communications and deploy virtual Channel-protection proxys as VNFs, with the aim of establishing secure tunnels among IoT devices and services, according to the contextual decisions inferred by the cognitive framework. The solution has been implemented and evaluated, demonstrating its feasibility to manage dynamically AAA and channel protection in SDN/NFV-enabled IoT scenarios.
Accounting for the exponential increase of security threats, the development of new defense strategies for pervasive environments is acquiring an even growing importance. The expected avalanche of heterogeneous IoT devices which will populate our industrial factories and houses will increase the complexity of managing security requirements in a comprehensive way. To this aim, cloud-based security services are gaining notable impetus to provide security mechanisms according to Security-as-a-Service (SECaaS) model. However, the deployment of security applications in remote cloud data-centers can introduce several drawbacks in terms of traffic overhead and latency increase. To cope with this, edge computing can provide remarkable advantages avoiding long routing detours. On the other hand, the reduced capabilities of edge node introduce potential constraints in the overall management. This paper focuses on the provisioning of virtualized security services in resource-constrained edge nodes by leveraging lightweight virtualization technologies. Our analysis aims at shedding light on the feasibility of container-based security solutions, thus providing useful guidelines towards the orchestration of security at the edge. Our experiments show that the overhead introduced by the containerization is very light.
Recent years have seen rapid development and deployment of Internet-of-Things (IoT) applications in a diversity of application domains. This has resulted in creation of new applications (e.g., vehicle networking, smart grid, and wearables) as well as advancement, consolidation, and transformation of various traditional domains (e.g., medical and automotive). One upshot of this scale and diversity of applications is the emergence of new and critical threats to security and privacy: it is getting increasingly easier for an adversary to break into an application, make it unusable, or steal sensitive information and data. This paper provides a summary of IoT security attacks and develops a taxonomy and classification based on the application domain and underlying system architecture. We also discuss some key characteristics of IoT that make it difficult to develop robust security architectures for IoT applications.
Honeypot Internet of Things (IoT) (HIoTPOT) keep a secret eye on IoT devices and analyzes the various recent threats which are dangerous to IoT devices. In this paper, implementation of a research honeypot is presented which is used to learn the recent tactics and ethics used by black hat community to attack on IoT devices. As IoT is open and easy for accessing, all the intruders are highly attracted towards IoT. Recently Telnet based attacks are very famous on IoT devices to get easy access and attack on other devices. To reduce these kinds of threats, it is necessary to know in details about intruder, therefore the aim of this research work is to implement novel based secret eye server known as HIoTPOT which will make the IoT environment more safe and secure.
Honeypots have been largely used to capture and investigate malicious behavior through deliberately sacrificing their own resources in order to be attacked. Hybrid honeypot architectures consisting of frontends and backends are widely used in the research area, specially due to the benefits of their high scalability and fidelity for detailed attacking data collection. A hybrid honeypot system often needs a facility aimed to tightly control the network traffic, for purposes such as redirecting the traffic from the frontends to the backends for in-depth attack analysis. However, the current traffic redirection approaches, particularly the TCP connection handover mechanisms, are not stealthy and they can be easily detected by attackers. This paper proposes an SDN based network data controller for hybrid honeypot systems that uses a transparent TCP connection handover mechanism and provides a traffic filtering approach based on the Snort alert functionality. The controller is implemented as an application based on the open-source Ryu SDN framework. It allows the users to configure their own network data control rules, which based on the Snort alert messages will forward or redirect the traffic to the corresponding honeypots. The experiments validate the proposed mechanism and the testing results show that the controller can efficiently perform the stealthy TCP connection handover as well.
Honeypots are designed to investigate malicious behaviour. Each type of homogeneous honeypot system has its own characteristics in respect of specific security functionality, and also suffers functional drawbacks that restrict its application scenario. In practical scenarios, therefore, security researchers always need to apply heterogeneous honeypots to cope with different attacks. However, there is a lack of general tools or platforms that can support versatile honeynet deployment in order to investigate the malicious behavior. In this study, the authors propose a versatile virtual honeynet management tool to address this problem. It is a flexible tool that offers security researchers the versatility to deploy various types of honeypots. It can also generate and manage the virtual honeynet through a dynamic configuration approach adapting to the mutable network environment. The experimental results demonstrate that this tool is effective to perform automated honeynet deployment toward a variety of heterogeneous honeypots.
The Internet of Things (IoT) introduces a vision of a future Internet where users, computing systems and everyday objects possessing sensing and actuating capabilities cooperate with unprecedented convenience and economical benefits. As with the current Internet architecture, IP-based communication protocols will play a key role in enabling the ubiquitous connectivity of devices in the context of IoT applications. Such communication technologies are being developed in line with the constraints of the sensing platforms likely to be employed by IoT applications, forming a communications stack able to provide the required power-efficiency, reliability and Internet connectivity. As security will be a fundamental enabling factor of most IoT applications, mechanisms must also be designed to protect communications enabled by such technologies. This survey analyzes existing protocols and mechanisms to secure communications in the IoT, as well as open research issues. We analyze how existing approaches ensure fundamental security requirements and protect communications on the IoT, together with the open challenges and strategies for future research work in the area. This is, as far as our knowledge goes, the first survey with such goals.
Wireless sensor networks are composed of large numbers of tiny networked devices that communicate untethered. For large scale networks, it is important to be able to download code into the network dynamically. We present Contiki, a lightweight operating system with support for dynamic loading and replacement of individual programs and services. Contiki is built around an event-driven kernel but provides optional preemptive multithreading that can be applied to individual processes. We show that dynamic loading and unloading is feasible in a resource constrained environment, while keeping the base system lightweight and compact.
The Internet of Things brings a multi-disciplinary revolution in several application areas. However, security and privacy concerns are undermining a reliable and resilient broad-scale deployment of IoT-enabled Critical Infrastructures (IoT-CIs). To fill this gap, this paper proposes a comprehensive architectural design that captures the main security and privacy challenges related to Cyber-physical Systems and IoT-CIs. The architecture is devised to empower IoT systems and networks to make autonomous security decisions through the usage of novel technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), as well as endowing them with intelligent and dynamic security reaction capabilities by relying on monitoring methodologies and cyber-situational tools. The architecture has been successfully implemented and evaluated in the scope of ANASTACIA H2020 EU research project.
The Internet of Things (IoT) is a framework in which every real-world object can be identified uniquely and has the capacity to send and receive data to the network. This paper presents analysis and survey on IOT security, also discusses the current status and challenges of IOT security. Typically, there are three layers in IoT architecture, i.e. perception layer, network layer, and application layer. For secure internet of things realization, at each layer a number of security principles should be enforced. In the future the implementation of IoT is only possible if the security issues related to each layer are resolved and addressed. A number of researchers try to address and to give corresponding countermeasures to secure each layer of IoT. This paper provides an overview on proposed countermeasures and challenges of Security.
The Internet of Things (IoT) refers to variety of smart devices such as smartphones, tablets, and sensors that can interact and exchange of data among devices through the Internet. The diversity of IoT devices and their services have posed a larger range requirements of availability, throughput, latency, and performance in heterogeneous connectivity environments. Meanwhile, the existing networks often struggle with such of limitations in complex control protocols and difficulty in internetworking with billions of smart devices with different requirements such as latency and bandwidth allocations. These obstacles become substantial barriers to deploy services, as well as isolate between multiple co-existing tenants on the same physical network, deploy simultaneous protocols in the network, be stable to maintain the bandwidth and latency according to predefined QoS demands. These obstacles have recently been facilitated by Software Defined Network (SDN) and Network Function Virtualization (NFV) technologies that enable the programming and monitoring in data plane. In this study, firstly, the authors investigate and propose a SDN/NFV based architecture for multi-tenant networks with plenty of network slices working in a shared physical infrastructure. Secondly, P4 and ONOS Controller are used to implement a deep programming in BMv2 devices to efficiently maintain the network motoring in order to guarantee the E2E latency of communicating channels. Finally, the VXLAN technologies are exploited to for network slicing with different purposes and applications, and Inband Network Telemetry (INT) is used to monitor network latency.
The explosive rise of Internet of Things (IoT) systems have notably increased the potential attack surfaces for cybercriminals. Accounting for the features and constraints of IoT devices, traditional security countermeasures can be inefficient in dynamic IoT environments. In this vein, the advantages introduced by Software Defined Networking (SDN) and Network Function Virtualization (NFV) have the potential to reshape the landscape of cybersecurity for IoT systems. To this aim, we provide a comprehensive analysis of security features introduced by NFV and SDN, describing the manifold strategies able to monitor, protect, and react to IoT security threats. We also present lessons learned in the adoption of SDN/NFV-based protection approaches in IoT environments, comparing them with conventional security countermeasures. Finally, we deeply discuss the open challenges related to emerging SDN- and NFV-based security mechanisms, aiming to provide promising directives to conduct future research in this fervent area. IEEE
This paper presents an intelligent honeypot that uses reinforcement learning to proactively engage with and learn from attacker interactions. It adapts its behaviour for automated malware to optimise the volume of data collected. Malware employs highly automated methods to create a global botnet. These automated methods are used to self-propagate and compromise hosts. Honeypots have been deployed to capture these automated interactions. Machine-learning techniques have previously been employed to retrospectively model botnet interactions. We develop a honeypot that uses reinforcement learning with a specific state action space formalism to interact with automated malware. It compares functionality with similar intelligent honeypots which target human interaction. It also demonstrates that datasets collected from an intelligent honeypot deployment are considerably larger than standard high interaction deployments and existing adaptive honeypots.
Billions of Internet of Things (IoT) devices are expected to populate our environments and provide novel pervasive services by interconnecting the physical and digital world. However, the increased connectivity of everyday objects can open manifold security vectors for cybercriminals to perform malicious attacks. These threats are even augmented by the resource constraints and heterogeneity of low‐cost IoT devices, which make current host‐based and static perimeter‐oriented defense mechanisms unsuitable for dynamic IoT environments. Accounting for all these considerations, we reckon that the novel softwarization capabilities of Telco network can fully leverage its privileged position to provide the desired levels of security. To this aim, the emerging software‐defined networking (SDN) and network function virtualization (NFV) paradigms can introduce new security enablers able to increase the level of IoT systems protection. In this paper, we design a novel policy‐based framework aiming to exploit SDN/NFV‐based security features, by efficiently coupling with existing IoT security approaches. A proof of concept test bed has been developed to assess the feasibility of the proposed architecture. The presented performance evaluation illustrates the benefits of adopting SDN security mechanisms in integrated IoT environments and provides interesting insights in the policy enforcement process to drive future research.
This article presents an innovative approach to address a rapidly evolving and polymorphic threat environment related to the emergence of the Internet of Things in the global Internet, with a focus on Cyber Physical Systems, Cloud architecture and SDN/NFV technologies. The article presents the view and methodological approach of ANASTACIA research project to address this evolution. ANASTACIA researches, develops and demonstrates a holistic solution enabling trust and security by-design for cyber physical systems (CPS) based on IoT and cloud architectures.
Nowadays, mobile networks are complex sets of heterogeneous equipments that use proprietary management applications, resulting in a huge expenditure, a large effort and a time-consuming process to manage all network elements by means of currently manual or semi-automatical approaches. With the emergency of new technologies, such software-defined networking, network function virtualization, and cloud computing, the current configurable networks are capable of becoming programmable, which will facilitate advanced autonomous network management. This article presents capabilities of a novel framework proposed by the SELFNET project that enables highly autonomic management functionalities. It focuses on the proposed self-healing use case that can be applied to reactively or preventively deal with the detected or predicted network failures. The SELFNET can provide the upcoming 5G system: an autonomic management framework, which brings a remarkable reduction upon operational expenditure and a substantial improvement of quality-of-experience(QoE) in terms of reliability, availability, service continuity and security.
In this chapter, we introduce transformation techniques which serve to further optimize OBDD representations. The optimization space in this framework goes far beyond the optimization space established by the optimization of the variable order.
Governments, enterprises and research institutions have participated the research and development of cyber-physical systems (CPS). However, the development of cyber-physical systems will be restricted by security threats and vulnerabilities. We summarize security threats and to the cyber-physical systems to provide a theoretical reference for research on cyber-physical systems and to provide effective security measures. The architecture of cyber-physical systems is used to classify threats in the physical layer, network layer and application layer. This paper presents the security threats in the three layers. Then it lists the vulnerabilities of cyber-physical systems from the three aspects of management and policy, platform and network. Correspondingly, it also provides some security measures and recommendations for the security threats and vulnerabilities in each section.
Several languages have been proposed for the task of describing networks of systems, either to help on managing, simulate or deploy testbeds for testing purposes. However, there is no one specifically designed to describe the honeynets, covering the specific characteristics in terms of applications and tools included in the honeypot systems that make the honeynet. In this paper, the requirements of honeynet description are studied and a survey of existing description languages is presented, concluding that a CIM (Common Information Model) match the basic requirements. Thus, a CIM like technology independent honeynet description language (TIHDL) is proposed. The language is defined being independent of the platform where the honeynet will be deployed later, and it can be translated, either using model-driven techniques or other translation mechanisms, into the description languages of honeynet deployment platforms and tools. This approach gives flexibility to allow the use of a combination of heterogeneous deployment platforms. Besides, a flexible virtual honeynet generation tool (HoneyGen) based on the approach and description language proposed and capable of deploying honeynets over VNX (Virtual Networks over LinuX) and Honeyd platforms is presented for validation purposes.
Simulators for wireless sensor networks are a valuable tool for system development. However, current simulators can only simulate a single level of a system at once. This makes system development and evolution difficult since developers cannot use the same simulator for both high-level algorithm development and low-level development such as device-driver implementations. We propose cross-level simulation, a novel type of wireless sensor network simulation that enables holistic simultaneous simulation at different levels. We present an implementation of such a simulator, COOJA, a simulator for the Contiki sensor node operating system. COOJA allows for simultaneous simulation at the network level, the operating system level, and the machine code instruction set level. With COOJA, we show the feasibility of the cross-level simulation approach
Honeyio4: The construction of a virtual, low-interaction IoT honeypot
- A G Manzanares
Network traffic analysis based IoT botnet detection using honeynet data applying classification techniques
- M Banerjee
- S Samantaray
ThingPot: An interactive Internet-of-Things honeypot
- M Wang
- J Santillan
- F Kuipers
Mirai botnet detection and countermeasures
- S Mamoru
- N Masafumi
- K Tadashi
- K Minoru
- S Yuji
SDN-based in-network honeypot: Preemptively disrupt and mislead attacks in IoT networks
- H Lin
ThingPot: An interactive Internet-of-Things honeypot
- wang
Mirai botnet detection and countermeasures
- mamoru