Abstract
The expected advent of the Internet of Things (IoT) has triggered a large demand of embedded devices, which envisions the autonomous interaction of sensors and actuators while offering all sort of smart services. However, these IoT devices are limited in computation, storage, and network capacity, which makes them easy to hack and compromise. To achieve secure development of IoT, it is necessary to engineer scalable security solutions optimized for the IoT ecosystem. To this end, Software Defined Networking (SDN) is a promising paradigm that serves as a pillar in the fifth generation of mobile systems (5G) that could help to detect and mitigate Denial of Service (DoS) and Distributed DoS (DDoS) threats. In this work, we propose to experimentally evaluate an entropy-based solution to detect and mitigate DoS and DDoS attacks in IoT scenarios using a stateful SDN data plane. The obtained results demonstrate for the first time the effectiveness of this technique targeting real IoT data traffic.
Highlights
In recent years, we have witnessed a popularization of communications networks, which has allowed users to be connected at any time and almost anywhere, generating growing traffic demand
We describe a stateful Software Defined Networking (SDN) solution that is able to detect and mitigate Denial of Service (DoS) and Distributed DoS (DDoS)
The mechanism is based on OpenState, an extension to current OpenFlow that exploits in-switch capabilities and has been proved to be a promising approach for network monitoring since it avoids sending packets to the controller
Summary
We have witnessed a popularization of communications networks, which has allowed users to be connected at any time and almost anywhere, generating growing traffic demand. SDN and NFV have achieved great success, recent research in these technologies reveals potential security challenges that must be addressed to ensure the required security of new 5G services and infrastructures [10] In this 5G environment, the massive use and growing expectation of IoT technology requires sophisticated mechanisms that are able to detect and mitigate the threats that IoT devices and smart objects may be exposed. As mentioned in Reference [20], it is critical for a statistical (D)DoS solution to have both the capacity of detection and mitigation as well as to bring reasonable computational complexity in SDN network architectures In this context, the key contributions in our work can be summarized as follows:.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.