Abstract
Managing the huge IoT infrastructure poses a vital challenge to the network community. Software Defined Networking (SDN), due to its characteristics of centralized network management has been considered as an optimal choice to manage IoT. Edge computing brings cloud recourses near the IoT to localize the cloud demands. Consequently, SDN, IoT, and edge computing can be combined into a framework to create a resourceful SDIoT-Edge architecture to efficiently orchestrate cloud services and utilize resource-limited IoT devices in a flexible way. Besides a wide adoption of IoT, the vulnerabilities present in this less secure infrastructure can be exploited by the adversaries to attack the OpenFlow channel using Distributed Denial of Service (DDoS) attacks. DDoS on OpenFlow channel have the ability to disrupt the whole network hence, providing security for the OpenFlow channel is a key challenge in SDIoT-Edge. We propose a security framework called SDIoT-Edge Security (SIESec) against the security vulnerabilities present in this architecture. SIESec prototype employs machine learning-based classification strategy, blacklist integration, and contextual network flow filtering to efficiently defend against the DDoS attacks. We perform extensive simulations using Floodlight controller and Mininet network emulator. Our results proclaim that SIESec provides extensive security against OpenFlow channel DDoS attacks and pose a very less overhead on the network.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This attack targeted DNS systems of Dyn which caused major network services outage in Europe and North America.
References
SDN architecture. https://www.opennetworking.org/wp-content/uploads/2013/02/
DNS products trusted by the worlds most admired digital brands (2019). http://dyn.com/dns/
Administrator: MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled (2016). http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html
Afshar, V.: Cisco: Enterprises are leading the internet of things innovation (2017). https://www.huffingtonpost.com/entry/cisco-enterprises-are-leading-the-internet-of-things_us_59a41fcee4b0a62d0987b0c6
Aldaej, A.: Enhancing cyber security in modern internet of things (IoT) using intrusion prevention algorithm for IoT (IPAI). IEEE Access (2019, In press)
Aleroud, A., Karabatis, G.: Contextual information fusion for intrusion detection: a survey and taxonomy. Knowl. Inform. Syst. 52(3), 563–619 (2017)
Ambrosin, M., Conti, M., De Gaspari, F., Poovendran, R.: LineSwitch: tackling control plane saturation attacks in software-defined networking. IEEE/ACM Trans. Netw. 25(2), 1206–1219 (2017)
Baker, C.: Recent IoT-based attacks: what is the impact on managed DNS operators? (2016), http://dyn.com/blog/dyn-analysis-summary-of-fridayoctober-21-attack/
Bhardwaj, K., Miranda, J.C., Gavrilovska, A.: Towards IoT-DDoS prevention using edge computing. In: \(\{\)USENIX\(\}\) Workshop on Hot Topics in Edge Computing (HotEdge 2018), Boston, MA (2018)
Cheng, L., Qin, Z., Novak, E., Li, Q.: Securing SDN infrastructure of IoTfog networks from MitM attacks. IEEE Internet Things J. 4(5), 1156–1164 (2017)
De Donno, M., Dragoni, N., Giaretta, A., Spognardi, A.: DDoS-capable IoT malwares: comparative analysis and Mirai investigation. Secur. Commun. Netw. 2018 (2018)
Deng, S., Gao, X., Lu, Z., Li, Z., Gao, X.: Dos vulnerabilities and mitigation strategies in software-defined networks. J. Netw. Comput. Appl. 125, 209–219 (2019)
Farris, I., Taleb, T., Khettab, Y., Song, J.: A survey on emerging SDN and NFV security mechanisms for IoT systems. IEEE Commun. Surv. Tutor. 21(1), 812–837 (2019)
George, G., Thampi, S.M.: A graph-based security framework for securing industrial IoT networks from vulnerability exploitations. IEEE Access 6, 43586–43601 (2018)
Jararweh, Y., Al-Ayyoub, M., Benkhelifa, E., et al.: An experimental framework for future smart cities using data fusion and software defined systems: the case of environmental monitoring for smart healthcare. Future Gener. Comput. Syst. (2018, In press)
Jararweh, Y., et al.: Software-defined system support for enabling ubiquitous mobile edge computing. Comput. J. 60(10), 1443–1457 (2017)
Lyu, M., Sherratt, D., Sivanathan, A., Gharakheili, H.H., Radford, A., Sivaraman, V.: Quantifying the reflective DDoS attack capability of household iot devices. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 46–51. ACM, Montreal (2017)
Rasool, R.U., Ashraf, U., Ahmed, K., Wang, H., Rafique, W., Anwar, Z.: Cyberpulse: a machine learning based link flooding attack mitigation system for software defined networks. IEEE Access 7, 34885–34899 (2019)
Sabet, K.A.: IoT revenue opportunity to exceed \$1 trillion by 2025 (2018). https://www.itpro.co.uk/internet-of-things-iot/31218/iot-revenue-opportunity-to-exceed-1-trillion-by-2025
Salman, O., Elhajj, I., Chehab, A., Kayssi, A.: IoT survey: An SDN and fog computing perspective. Comput. Netw. 143, 221–246 (2018)
Shang, G., Zhe, P., Xiao, B., Hu, A., Ren, K.: FloodDefender: protecting data and control plane resources under SDN-aimed DoS attacks. In: IEEE Conference on Computer Communications (INFOCOM), Atlanta, GA, USA, pp. 1–9 (2017)
Sunnyvale, C.: Proofpoint uncovers internet of things (IoT) cyberattack (2014). https://docplayer.net/16470381-Proofpoint-uncovers-internet-of-things-iot-cyberattack.html
Tao, W., Chen, H.: SGuard: a lightweight sdn safe-guard architecture for DoS attacks. Chin. J. 14(6), 113–125 (2017)
Wang, H., Xu, L., Gu, G.: FloodGuard: a DoS attack prevention extension in software-defined networks. In: IEEE/IFIP International Conference on Dependable Systems and Networks, Washington, DC, USA (2015)
Wang, H., Chen, Z., Zhao, J., Di, X., Liu, D.: A vulnerability assessment method in industrial internet of things based on attack graph and maximum flow. IEEE Access 6, 8599–8609 (2018)
Wang, J., Miao, Y., Zhou, P., Hossain, M.S., Rahman, S.M.M.: A software defined network routing in wireless multihop network. J. Netw. Comput. Appl. 85, 76–83 (2017)
Wang, T., Guo, Z., Chen, H., Liu, W.: Bwmanager: mitigating denial of service attacks in software-defined networks through bandwidth prediction. IEEE Trans. Netw. Serv. Manage. 15(4), 1235–1248 (2018)
Weiser, M.: The computer for the 21st century. IEEE Pervasive Comput. 1(1), 19–25 (2002)
Acknowledgment
This research is supported by the National Science Foundation of China under Grant No. 61672276 and 61702277 and the Collaborative Innovation Center of Novel Software Technology and Industrialization, Nanjing University.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Rafique, W., Khan, M., Sarwar, N., Dou, W. (2019). A Security Framework to Protect Edge Supported Software Defined Internet of Things Infrastructure. In: Wang, X., Gao, H., Iqbal, M., Min, G. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 292. Springer, Cham. https://doi.org/10.1007/978-3-030-30146-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-30146-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30145-3
Online ISBN: 978-3-030-30146-0
eBook Packages: Computer ScienceComputer Science (R0)