Snort’s Role in IoT Deployment

Abstract

The need for the detection of attacks against our networks has exploded with the "Internet of Things" (or IoT). The users have become habituated to the Internet of Things (IoT) devices. The increased growth of devices had led to prioritizing security measures in the development cycle of IoT devices. The main objective of opting for security in IoT deployments is to provide a more secured domain or environment for seamless activities and data privacy against malicious attacks. The physical interfaces of devices in a network are most viable to vulnerabilities. Assessing and analyzing the attacks in terms of volume and severity and sequentially developing the ability to counteract them becomes indispensable. In an IoT deployment, the devices are mostly designed for the specified function with limited resources for computing, so in such scenarios, prevention from DDoS attacks becomes quite challenging. The most common cyber-attacks are Malware, Phishing, Man-in-the- middle attack, DDoS attack, SQL injection, Zero-day exploit. Distributed Denial of Service attacks are of three types namely volume-based attacks, protocol attacks, and application layer attacks, and are commonly made to bring down the performance of servers or networks. The experimental results show the detection and prevention methods of the intrusions in a wired environment. This work is designed to detect and prevent the DDoS attack within a network, where one device acts as a server, the other as a target,   and with one host made as a botnet and the other tries to prevent the victim from being attacked. The botnet architecture is worked out by replaying packet captures through tcpreplay. The software used are Snort, Wireshark, and various other attack implementation tools such as Kali Linux, Slowloris, Golden Eye, etc. The attack in the network is either internal or external. So, the connected component becomes the victim. In a wired mode the connections are done via a centralized hub providing faster detections. In wireless deployment, Wi-Fi is used to make a LAN of devices. Our approach analyzes the threats, vulnerabilities, attacks, and Intrusion Detection and Prevention System (IDPS) methods applicable for an IoT environment.