An SDN-Enabled Proactive Defense Framework for DDoS Mitigation in IoT Networks

Abstract

The Internet of Things (IoT) is becoming truly ubiquitous in every domain of human lives, and a large number of objects can be connected and enabled to communicate with cloud servers at any time. However, complex connections and vulnerabilities of IoT devices introduce inevitable security threats, in which distributed denial-of-service (DDoS) attacks usually incur catastrophic results. Unfortunately, the existing DDoS mitigation methods cannot provide effective protection. Moreover, the amplifying complexity and increasing delay incurred by defense greatly affect the stability of IoT networks. To tackle these problems, we present a novel framework that can proactively adapt the attack surface of IoT networks, dynamically optimize defense strategies, and rapidly deploy the corresponding defense mechanisms. In particular, we establish hybrid proactive defense mechanisms combining Moving Target Defense (MTD) techniques with cyber deception to spread camouflage information to confuse attackers. Based on these mechanisms, we introduce a defender-led signaling game model to formalize defense scenarios and depict the interactions between the defender and the attacker. Besides, we present an optimal algorithm to solve decision problems and optimize defense implementation in a cost-effective manner. Our extensive experiments demonstrate that the proposed approach can effectively mitigate DDoS attacks and maintain a high level of performance in IoT networks with acceptable overhead.