Abstract
A 2.3Tbps DDoS attack was recently mitigated by Amazon, which is a new record after the 2018 GitHub attack, or the famous 2016 Dyn DNS attack launched from hundreds of thousands of hijacked Internet of Things (IoT) devices. These attacks may disrupt the lives of billions of people worldwide, as we increasingly rely on the Internet. In this paper, we tackle the problem that hijacked IoT devices are often the origin of these attacks. With the goal of protecting the Internet and local networks, we propose Autopolicy: a system that automatically limits the IP traffic bandwidth—and other network resources—available to IoT devices in a particular network. We make use of the fact that devices, such as sensors, cameras, and smart home appliances, rarely need their high-speed network interfaces for normal operation. We present a simple yet flexible architecture for Autopolicy, specifying its functional blocks, message sequences, and general operation in a Software Defined Network. We present the experimental validation results, and release a prototype open source implementation.
Highlights
Large Distributed Denial of Service (DDoS) attacks that are caused by multitude of hijackedInternet of Things (IoT) devices are currently one of the most important threats to the Internet [1].Botnets comprised of hundreds of thousands of popular end-devices, like video cameras or home routers, became an everyday reality to administrators of world’s largest and, most important, Internet services—for instance, the DNS [2]
Will the Internet survive new bursts of gigantic DDoS attacks—and more importantly—how? Should we, as the Internet community, keep waiting until our devices are secure, or should we rather distrust all IoT devices by default, restricting their Internet access the moment they are plugged into the network?
We present a practical architecture, which allows for automatically building traffic profiles, in case an IoT device does not directly support our proposal
Summary
Large Distributed Denial of Service (DDoS) attacks that are caused by multitude of hijacked. No automated update procedures, and the use of default authentication credentials make it easy to remotely exploit IoT devices Some of these simple techniques for hijacking Internet hosts were identified decades ago, yet they remain profitable until now, with no effective remedy deployed Internet-wide. Autopolicy requires each device in a network to obey a strict set of rules on its generated IP traffic, for instance, the maximum consumed bandwidth and the set of contacted IP addresses It resembles the concept of a firewall, but in contrary it is largely automatic, primarily applies to upstream traffic, and it takes advantage of the intrinsic features of IoT-generated traffic.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
