Proactive defense mechanism: Enhancing IoT security through diversity-based moving target defense and cyber deception

Abstract

The Internet of Things (IoT) has become increasingly prevalent in various aspects of our lives, enabling billions of devices to connect and communicate seamlessly. However, the intricate nature of IoT connections and device vulnerabilities exposes the devices to security threats. To address the security challenges, we propose a proactive defense framework that leverages a model-based approach for security analysis and facilitates the defense strategies. Our proposed approach incorporates proactive defense mechanisms that combine Moving Target Defense techniques with cyber deception. The proposed approach involves the use of a decoy nodes as a deception technique and operating system based diversity as a moving target defense strategy to change the attack surface area of IoT networks. Additionally, we introduce a technique known as Important Measure-based Operating System Diversity to reduce defense cost. The effectiveness of the defense mechanisms was evaluated by using a graphical security model in a Software Defined Networking-based IoT network. Simulation results demonstrate the effectiveness of our approach in mitigating the impact of attacks while maintaining high performance levels in IoT networks.