Uma Taxonomia para Descrever e Caracterizar Estratégias de Mitigação de Ataques DDoS em Ambientes IoT Usando Tecnologias SDN

  • Marcilio Lemos UFRN
  • Esau Silva Instituto Federal de Educação Ciênca e Tecnologia do Rio Grande do Norte
  • Felipe Sampaio Dantas Silva Instituto Federal do Rio Grande do Norte - IFRN
  • Augusto José Venâncio Neto Universidade Federal do Rio Grande do Norte - UFRN

Resumo


A Internet das Coisas têm atraído significativa atenção da comunidade de Tecnologia da Informação e Comunicação (TIC) pela perspectiva de objetos do cotidiano coletando dados do ambiente e transmitindo-os através da Internet para processamento a posteriori, sem que haja necessidade de interação humano-computador. Embora a IoT represente uma poderosa plataforma para criação de novos produtos e serviços que irão beneficiar uma ampla variedade de verticais (\textit{e-health}, V2X, \textit{smart homes}, etc), existem diversas preocupações de segurança que precisam ser remediadas para sua implementação adequada, como as vulnerabilidades explorados por agentes maliciosos para assumir o controle de dispositivos e desferir ataques DDoS em larga escala. Por conseguinte, pesquisas foram iniciadas para desenvolver soluções visando a detecção e contenção de ataques DDoS baseados em IoT, fazendo uso de tecnologias emergentes como o paradigma de Redes Definidas por Software (SDN). Neste sentido, o presente trabalho apresenta uma taxonomia para descrever e caracterizar o corpo de soluções SDN contra ataques DDoS em cenários da IoT.

Palavras-chave: Segurança, Redes Definidas por Software, Internet das Coisas, DDoS

Referências

Al-Fuqaha, A. I., Guizani, M., Mohammadi, M., Aledhari, M., and Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys and Tutorials, 17(4):2347-2376.

Bertino, E. and Islam, N. (2017). Botnets and internet of things security. Computer, 50(2):76-79.

Bhunia, S. S. and Gurusamy, M. (2017). Dynamic attack de-tection and mitigation in iot using sdn. In 2017 27th International Telecommunication Networks and Applications Conference (ITNAC), pages 1-6.

Bull, P., Austin, R., Popov, E., Sharma, M., and Watson, R. (2016). Flow based security for iot devices using an sdn gateway. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), pages 157-163.

Ceron, J. M., Margi, C. B., and Granville, L. Z. (2016). Mars: An sdn-based malware analysis solution. In 2016 IEEE Symposium on Computers and Communication (ISCC), pages 525-530.

Cherian, M. and Chatterjee, M. (2019). Survey of security threats in iot and emerging countermeasures. In Thampi, S. M., Madria, S., Wang, G., Rawat, D. B., and Alcaraz Calero, J. M., editors, Security in Computing and Commu-nications, pages 591-604, Singapore. Springer Singapore.

Dayal, N., Maity, P., Srivastava, S., and Khondoker, R. (2016). Re-search trends in security and ddos in sdn. Security and Communication Networks, 9(18):6386-6411.

Farris, I., Taleb, T., Khettab, Y., and Song, J. (2019). A survey on emer-ging sdn and nfv security mechanisms for iot systems. IEEE Communications Surveys Tutorials, 21(1):812-837.

Kalkan, K., Gur, G., and Alagoz, F. (2017). Defense mechanisms against ddos attacks in sdn environment. IEEE Communications Magazine, 55(9):175-179.

Kalkan, K. and Zeadally, S. (2018). Securing internet of things with software defined networking. IEEE Communications Magazine, 56(9):186-192.

Kanagavelu, R. and Aung, K. M. M. (2019). A survey on sdn based security in internet of things. In Arai, K., Kapoor, S., and Bhatia, R., editors, Advances in Information and Communication Networks, pages 563-577, Cham. Springer International Publishing.

Kolias, C., Kambourakis, G., Stavrou, A., and Voas, J. (2017). Ddos in the iot: Mirai and other botnets. Computer, 50(7):80-84.

Koufopavlou, E. H. K. P. S. D. J. H. S. D. M. O. (2015). Software-Defined Networking (SDN): Layers and Architecture Terminology. RFC 7426.

Kouicem, D. E., Bouabdallah, A., and Lakhlef, H. (2018). Internet of things security: A top-down survey. Computer Networks, 141:199 -221.

Krishnan, P., Najeem, J. S., and Achuthan, K. (2018). Sdn framework for securing iot networks. In Kumar, N. and Thakre, A., editors, Ubiquitous Com-munications and Network Computing, pages 116-129, Cham. Springer International Publishing.

Lohachab, A. and Karambir, B. (2018). Critical analysis of ddos-an emerging security threat over iot networks. Journal of Communications and Information Networks, 3(3):57-78.

Marzano, A., Alexander, D., Fonseca, O., Fazzion, E., Hoepers, C., Steding-Jessen, K., Chaves, M. H. P. C., Cunha, , Guedes, D., and Meira, W. (2018). The evolution of bashlite and mirai iot botnets. In 2018 IEEE Symposium on Compu-ters and Communications (ISCC), pages 00813-00818.

Molina Zarca, A., Bernal Bernabe, J., Farris, I., Khettab, Y., Ta-leb, T., and Skarmeta, A. (2018). Enhancing iot security through network softwariza-tion and virtual security appliances. International Journal of Network Management, 28(5):e2038. e2038 nem.2038.

Noor, M. and Hassan, H. (2019). Current research on internet of things (iot) security: A survey. Computer Networks, 148:283-294.

Ozcelik, M., Chalabianloo, N., and Gür, G. (2017). Software-defined edge defense against iot-based ddos. In 2017 IEEE International Conference on Com-puter and Information Technology (CIT), pages 308-313.

Salva-Garcia, P., Alcaraz-Calero, J. M., Wang, A., Qi, B., Bernal, J., and Skarmeta, A. (2018). 5g nb-iot: Efficient network traffic filtering for multitenant iot cellular networks. Security and Communication Networks.

Shameli-Sendi, A., Pourzandi, M., Fekih-Ahmed, M., and Che-riet, M. (2015). Taxonomy of distributed denial of service mitigation approaches for cloud computing. Journal of Network and Computer Applications, 58:165 -179.

Sharma, P. K., Park, J. H., Jeong, Y.-S., and Park, J. H. (2018). Sh-sec: Sdn based secure smart home network architecture for internet of things. Mobile Networks and Applications.

Sharma, P. K., Singh, S., Jeong, Y., and Park, J. H. (2017). Distblock-net: A distributed blockchains-based secure sdn architecture for iot networks. IEEE Communications Magazine, 55(9):78-85.

Shi, Y., Dai, F., and Ye, Z. (2017). An enhanced security framework of soft-ware defined network based on attribute-based encryption. In 2017 4th International Conference on Systems and Informatics (ICSAI), pages 965-969.

Yakasai, S. T. and Guy, C. G. (2015). Flowidentity: Software-defined network access control. In 2015 IEEE Conference on Network Function Virtu-alization and Software Defined Network (NFV-SDN), pages 115-120.

Yan, Q., Huang, W., Luo, X., Gong, Q., and Yu, F. R. (2018). A multi-level ddos mitigation framework for the industrial internet of things. IEEE Communications Magazine, 56(2):30-36.

Yan, Q., Yu, F. R., Gong, Q., and Li, J. (2016). Software-defined networ-king (sdn) and distributed denial of service (ddos) attacks in cloud computing environ-ments: A survey, some research issues, and challenges. IEEE Communications Surveys Tutorials, 18(1):602-622.

Yin, D., Zhang, L., and Yang, K. (2018). A ddos attack detection and mitigation with software-defined internet of things framework. IEEE Access, 6:24694-24705.

Zargar, S. T., Joshi, J., and Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (ddos) flooding attacks. IEEE Com-munications Surveys Tutorials, 15(4):2046-2069.
Publicado
24/09/2019
LEMOS, Marcilio ; SILVA, Esau ; SAMPAIO DANTAS SILVA, Felipe ; NETO, Augusto José Venâncio. Uma Taxonomia para Descrever e Caracterizar Estratégias de Mitigação de Ataques DDoS em Ambientes IoT Usando Tecnologias SDN. In: WORKSHOP DE SEGURANÇA CIBERNÉTICA EM DISPOSITIVOS CONECTADOS (WSCDC), 2. , 2019, Gramado. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2019 . p. 88-101. DOI: https://doi.org/10.5753/wscdc.2019.7709.