AU2021102419A4 - A System and a Method for Isolation of Distributed Denial of Service Attack in Internet of Things - Google Patents
A System and a Method for Isolation of Distributed Denial of Service Attack in Internet of Things Download PDFInfo
- Publication number
- AU2021102419A4 AU2021102419A4 AU2021102419A AU2021102419A AU2021102419A4 AU 2021102419 A4 AU2021102419 A4 AU 2021102419A4 AU 2021102419 A AU2021102419 A AU 2021102419A AU 2021102419 A AU2021102419 A AU 2021102419A AU 2021102419 A4 AU2021102419 A4 AU 2021102419A4
- Authority
- AU
- Australia
- Prior art keywords
- node
- network
- detecting
- malicious
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000002955 isolation Methods 0.000 title claims abstract description 14
- 238000001514 detection method Methods 0.000 claims abstract description 25
- 238000004891 communication Methods 0.000 claims description 7
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 230000036541 health Effects 0.000 claims description 3
- JEIPFZHSYJVQDO-UHFFFAOYSA-N iron(III) oxide Inorganic materials O=[Fe]O[Fe]=O JEIPFZHSYJVQDO-UHFFFAOYSA-N 0.000 claims description 3
- 238000013475 authorization Methods 0.000 abstract description 5
- 238000011160 research Methods 0.000 abstract description 4
- 239000000306 component Substances 0.000 description 11
- 230000007246 mechanism Effects 0.000 description 11
- 230000008901 benefit Effects 0.000 description 10
- 238000007726 management method Methods 0.000 description 7
- 238000012360 testing method Methods 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000008447 perception Effects 0.000 description 3
- 238000004088 simulation Methods 0.000 description 3
- 241000282414 Homo sapiens Species 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000006424 Flood reaction Methods 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 230000002354 daily effect Effects 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000008260 defense mechanism Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000002068 genetic effect Effects 0.000 description 1
- 230000001976 improved effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 230000000116 mitigating effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H10/00—ICT specially adapted for the handling or processing of patient-related medical or healthcare data
- G16H10/60—ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/60—Healthcare; Welfare
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Primary Health Care (AREA)
- General Engineering & Computer Science (AREA)
- Epidemiology (AREA)
- Development Economics (AREA)
- Economics (AREA)
- General Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Public Health (AREA)
- Business, Economics & Management (AREA)
- Bioethics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present disclosure seeks to provide a system and a method for isolation of
distributed denial of service attack in internet of things. A fundamental issue is represented
within the IoT devices as well as services as per the data confidentiality. The assessment of
secure data and authorized objects for the user is the prior objective of IoT. There are two
important considerations involved here in which the initial includes access control as well as
authorization methods and the secondary involves authenticity and identity management
technique. The various types of active and passive attacks are possible in the network which
reduces its efficiency. In this research work, technique is designed which detect and isolate
malicious nodes from the network which are responsible to trigger DDoS attacks. In future,
the proposed algorithm can be compared with the secure techniques of IoT to check its
reliability.
22
100
Internet
Intrusion
SmartE-health MalousNode I Protocol Detection
atew DetectonUnt Spoofing System(IDS)
1021 1 DetectonUnit Node
106 108
Figure 1
200
IAuthenticating client through a smart e-health gateway, wherein in said smart
e-health gateway authentication a certificate Is assIgnedto said client. 202
Inliating session in between said client and smart e-health gateway. 204
Detecting malicious rodes from a network which are responsible to trIgger
distributed denial ofservice (DDOS attack. tVL206
Detecting internet protocol (IP)spoofing. 141y208
Detectirng Doattack upon detecting malicious nodes with mismatched 210
profile from said network. Ym
Terminating said session when said gateway receives packets above a 212
threshold value.
Figure 2
Description
Internet Intrusion SmartE-health MalousNode I Protocol Detection atew DetectonUnt Spoofing System(IDS) 1021 1 DetectonUnit Node 106 108
Figure 1
200 IAuthenticating client through a smart e-health gateway, wherein in said smart e-health gateway authentication a certificate Is assIgnedto said client. 202
Inliating session in between saidclient and smart e-health gateway. 204
Detecting malicious rodes from a network which are responsible to trIgger distributed denial ofservice (DDOS attack. tVL206
Detecting internet protocol (IP)spoofing. 141y208
Detectirng Doattack upon detecting malicious nodes with mismatched 210 profile from said network. Ym
Terminating said session when said gateway receives packets above a 212 threshold value.
Figure 2
A System and a Method for Isolation of Distributed Denial of Service Attack in Internet of Things
The present disclosure relates to a system and a method for isolation of distributed denial of service attack in intemet of things. It further relates to developing a system and a method which attempts to detect the malicious nodes from the network which are responsible to trigger DDoS attack. It should also be a simplified version of mutual authentication mechanism which is considerably complex with reduced processing time.
The sensors and actuators are chief components of the Internet of Things (IoT). These IoT devices are connected with each other across the Internet. Further, in IoT system, the Internet protocol (IP) addresses are assigned to artificial or man-made stuff and thus enable them to transfer data over networks system. It has been observed that around 8.3 billion IoT devices were in use till 2017. It is also envisaged that this number will reach 20.3 billion by 2020. Moreover, substantial quantities of these devices are pragmatically implemented in consumer products like smart TVs and smart speakers in China, America and Europe. It has also been observed that the IoT devices are widely used in smart electric meters and commercial security cameras etc. Indeed, in IoT system analysis, integration and automation is required so that higher accuracy can be obtained in different application domains such as sensing, networking as well as robotics.
Perhaps, the emergence of IoT systems has attracted the concentration of many researchers owing to the fact that it provides multifaceted benefits in comparison to other systems. Moreover, this system also renders considerable services to the customers which are relevant to social, economic and political sectors. In fact, huge amount of data can be transferred in quick and efficient manner with the help of connections built by IoT devices. Therefore, various activities and operations can be supported by IoT applications in order to provide efficient communications. However, IoT technology applications still require further modifications such as improvement in efficiency, higher performance level as well as ensured security. Perhaps, it is due to the fact that there is a huge impact of IoT systems on the lives of people in terms of their safety, healthcare, privacy, transportation and various other such applications. Moreover, security issue is of the prime concern in IoT systems because new types of data are generated when various new devices are connected to each other. Further, it is pertinent to mention that IoT network entails different objects and unique addresses can be given to these objects as per the Radio Frequency Identification (RFID) group. Further, by utilizing the standard protocols, communication can be provided amongst these objects.
It is intuitive to think that in future almost all electronic, electromagnetic devices, human beings or traffic systems will be associated with IoT. Security issues are of the prime concern in IoT devices as smart devices are associated together. It is obvious that hackers can attack or access the data in different ways or try to compose nodes very busy so that users are unable to access data. This phenomenon will be more prominent if the smart devices which are linked with Internet are not properly equipped with effective security measures. Further, in case of DoS only one device transmit malicious request but in case of DDoS data accessing is being defined by multiple system.
In a study, a pattern matching algorithm has been designed to detect the DDoS attacks. Furthermore, it is observed that due to colossal applications of IoT in government and private sectors, attacking techniques have increased. In order to minimize such types of attack, different algorithms have been designed to monitor and detect the DDoS attacks with the help of traffic matrix using genetic algorithm and these algorithms displayed the satisfactory detection rate. No doubt, IoT has very important role to perform the controlling and co-ordination among electro-mechanical devices. However, it has substantially multifarious and challenging role to display the error free transmission by using standard protocol.
The major responsibility of IoT is to control and analyzed traffic. Perhaps, the smart cities depend upon several phenomena which are related with proper management of workstations, automatic traffic monitoring systems, proper hospitalization management etc. It is also explicit that the facilities provided by government to live smartly entails technology based infrastructures. In another study, it is given that IoT can be perceived as the group of nodes and association of social network with IoT has emerged the new perspective of using heuristic for selection of people in society.
Moreover, in another study, it is mentioned that cloud computing possesses considerably significant role for accessing and analyzing the data in a global network that supports wide range of wireless access technologies for high densities and high mobility shipping. Perhaps, the integration of Internet with local IoT has no substantial effect on security protection or interoperability. In contrast, the global mobility network connected with local IoT system incorporates the middle layer which is capable to link heterogeneous hardware. A core component of IoT known as the resolution service has been introduced which defines the protocol required to establish the trust behavior in IoT devices. Further, attack and anomaly detection in IoT sensors for IoT sites is discussed using machine learning approaches. Furthermore, impact of class distribution for the detection of slow HTTP DoS attacks is proposed using big data. An extensive survey of DDoS attacking techniques and defense mechanism in the IoT network is given by researchers. Moreover, detection and mitigation of DoS and DDoS attacks in IoT is also proposed in a study.
The DDoS is generally triggered by the malicious node on the network layer. The malicious node selects target node and target node will flood the victim node with raw packets. This scenario creates the situation of jamming and thus reduces the network performance in terms of bandwidth consumption, routing overhead, and packet delivery ratio (PDR). Further, the session resumption is technique which prevents DDoS attack in IoT. In the session resumption technique, the three way handshake protocol is used in which client gets authenticated with the smart e-health gateway. In this smart e-health gateway authentication a certificate is assigned to the client. The session is initiated between the client and the smart e-health gateway and the session gets terminated when the gateway receives packets above the threshold value.
There is a need to develop a system and a method which attempts to detect the malicious nodes from the network which are responsible to trigger DDoS attack. It should also be a simplified version of mutual authentication mechanism which is considerably complex with reduced processing time. In order to overcome aforementioned problems a system and a method for isolation of distributed denial of service attack in internet of things needs to be developed.
The present disclosure seeks to provide a system and a method for isolation of distributed denial of service attack in internet of things. A fundamental issue is represented within the IoT devices as well as services as per the data confidentiality. The assessment of secure data and authorized objects for the user is the prior objective of IoT. There are two important considerations involved here in which the initial includes access control as well as authorization methods and the secondary involves authenticity and identity management technique. The various types of active and passive attacks are possible in the network which reduces its efficiency. In this research work, technique is designed which detect and isolate malicious nodes from the network which are responsible to trigger DDoS attacks. In future, the proposed algorithm can be compared with the secure techniques of IoT to check its reliability. Also, the proposed algorithm can be further improved for the admission control in IoT. In an embodiment, the system100 for isolation of distributed denial of service attack in internet of things comprises: a smart e-health gateway 102 for authenticating client by assigning a certificate to said client and thereafter initiating session in between said client and smart e-health gateway; a malicious node detection unit 104 for detecting malicious nodes from a network which are responsible to trigger distributed denial of service (DDoS) attack, wherein said malicious node detection unit consists a sensor node to analyze bandwidth consumption, a central controller to check type of packets send by malicious node; an internet protocol spoofing detection unit 106 for detecting internet protocol (IP) spoofing; an intrusion detection system (IDS) node 108 for detecting DDoS attack upon detecting malicious nodes with mismatched profile from said network by comparing previous profile of each node with current profile; and wherein said session is terminated when said gateway receives packets above a threshold value.
In an embodiment, the method200 for isolation of distributed denial of service attack in internet of things comprises of the following steps: at step 202, authenticating client through a smart e-health gateway, wherein in said smart e-health gateway authentication a certificate is assigned to said client; at step 204, initiating session in between said client and smart e-health gateway; at step 206, detecting malicious nodes from a network which are responsible to trigger distributed denial of service (DDoS) attack; at step 208, detecting internet protocol (IP) spoofing; at step 210, detecting DDoS attack upon detecting malicious nodes with mismatched profile from said network; and at step 212, terminating said session when said gateway receives packets above a threshold value.
To further clarify advantages and features of the present disclosure, a more particular description of the invention will be rendered by reference to specific embodiments thereof, which is illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail with the accompanying drawings.
These and other features, aspects, and advantages of the present disclosure will become better understood when the following detailed description is read with reference to the accompanying drawings in which like characters represent like parts throughout the drawings, wherein:
Figure 1 illustrates a system for isolation of distributed denial of service attack in internet of things in accordance with an embodiment of the present disclosure.
Figure 2 illustrates a method for isolation of distributed denial of service attack in internet of things in accordance with an embodiment of the present disclosure.
Figure 3 illustrates the architecture of Internet of Things in accordance with an embodiment of the present disclosure.
Figure 4 illustrates (a) Security landscape of Internet of Things and(b)Flow diagram for bandwidth consumption in accordance with an embodiment of the present disclosure.
Figure 5 illustrates (a) Network deployment; (b) Flooding of route request packets;(c) Reply with route reply packets; and (d)Selection of pathin accordance with an embodiment of the present disclosure.
Figure 6 illustrates (a) Trigger of Attack; (b)Threshold value analyzing; and (c) Detection of malicious nodes in accordance with an embodiment of the present disclosure.
Figure 7 illustrates (a) Bandwidth Consumption; (b) Routing overhead; and (c) PDR comparison in accordance with an embodiment of the present disclosure.
Further, skilled artisans will appreciate that elements in the drawings are illustrated for simplicity and may not have been necessarily been drawn to scale. For example, the flow charts illustrate the method in terms of the most prominent steps involved to help to improve understanding of aspects of the present disclosure. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the drawings by conventional symbols, and the drawings may show only those specific details that are pertinent to understanding the embodiments of the present disclosure so as not to obscure the drawings with details that will be readily apparent to those of ordinary skill in the art having benefit of the description herein.
For the purpose of promoting an understanding of the principles of the invention, reference will now be made to the embodiment illustrated in the drawings and specific language will be used to describe the same. It will nevertheless be understood that no limitation of the scope of the invention is thereby intended, such alterations and further modifications in the illustrated system, and such further applications of the principles of the invention as illustrated therein being contemplated as would normally occur to one skilled in the art to which the invention relates.
It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the invention and are not intended to be restrictive thereof.
Reference throughout this specification to "an aspect", "another aspect" or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Thus, appearances of the phrase "in an embodiment", "in another embodiment" and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.
The terms "comprises", "comprising", or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such process or method. Similarly, one or more devices or sub-systems or elements or structures or components proceeded by "comprises...a" does not, without more constraints, preclude the existence of other devices or other sub-systems or other elements or other structures or other components or additional devices or additional sub-systems or additional elements or additional structures or additional components.
Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The system, methods, and examples provided herein are illustrative only and not intended to be limiting.
Embodiments of the present disclosure will be described below in detail with reference to the accompanying drawings.
Referring to, Figure 1 illustrates a system for isolation of distributed denial of service attack in internet of thingsin accordance with an embodiment of the present disclosure. The system 100 comprises: a smart e-health gateway 102 for authenticating client by assigning a certificate to said client and thereafter initiating session in between said client and smart e health gateway; a malicious node detection unit 104 for detecting malicious nodes from a network which are responsible to trigger distributed denial of service (DDoS) attack, wherein said malicious node detection unit consists a sensor node to analyze bandwidth consumption, a central controller to check type of packets send by malicious node; an internet protocol spoofing detection unit 106 for detecting internet protocol (IP) spoofing; an intrusion detection system (IDS) node 108 for detecting DDoS attack upon detecting malicious nodes with mismatched profile from said network by comparing previous profile of each node with current profile; and wherein said session is terminated when said gateway receives packets above a threshold value.
Figure 2 illustrates a method for isolation of distributed denial of service attack in internet of things in accordance with an embodiment of the present disclosure. The method 200 comprises of the following steps: at step 202, authenticating client through a smart e health gateway, wherein in said smart e-health gateway authentication a certificate is assigned to said client; at step 204, initiating session in between said client and smart e-health gateway; at step 206, detecting malicious nodes from a network which are responsible to trigger distributed denial of service (DDoS) attack; at step 208, detecting internet protocol (IP) spoofing; at step 210, detecting DDoS attack upon detecting malicious nodes with mismatched profile from said network; and at step 212, terminating said session when said gateway receives packets above a threshold value.
Figure 3 illustrates the architecture of Internet of Things in accordance with an embodiment of the present disclosure.
Structure of IoT Systems
IoT is considered as a highly demanding technological domain. Perhaps, it is because of the fact that it contains dynamic, mobile, and undefined perimeters of heterogeneous properties. These complex properties can make a serious threat to the security of IoT system and thus can render the entire system vulnerable and risky. However, appropriate and optimized solutions to such problems are difficult to identify because IoT is deployed on different types of platforms. Thus, it is very challenging to understand the generation and the components involved within these IoT systems. Indeed, there are different types of components involved within the genuine computing system whose major objective is to link the daily utilized objects with network by involving technological platforms. These technological platforms are mainly hardware and middleware presentation. Further, when considering the structures of IoT, similar pattern can be observed in which there are three major factors. These are:
• Internet-oriented • Things-oriented • Semantic-oriented
There are three different layers involved within the IoT architecture. These are the perception layer, network layer and application layer. The functioning of perception layer is to collect the data from surroundings. Further, the data collected by the perception layer is processed and transmitted by the network layer. The network layer includes wired as well as wireless systems. The requirements of users can be satisfied on the basis of solutions with the help of applications layer. Over and above, in order to provide efficient and effective functioning, the architectural solutions are required by the IoT system so that the different heterogeneous states can be handled.
The IoT architecture framework and various security objectives required within it is illustrated in Fig. 3. There is although, no unified view in which the IoT framework can be presented. There are some standards as well as strategy provided on the basis of technology within few engineering bodies. The major focus here is on fulfilling the requirements of users for which the developers provide various architecture and model implementations. The scalability, analysis, data collection, device management and other various factors are also kept under consideration during the designing process involved. Further, in order to simply the systems, unification is applied in which the major focus is made on securing the systems along with facilitating the users of IoT. Furthermore, in order to provide standards to IoT protocols and technology, the scientific community plays a very important role along with the industrial domain. A security-based architecture is provided here in which there is no mobility considered and the important requirements involved are resiliency, authentication access restriction, and privacy. Moreover, the various security and service requests are also provided through a trustworthy architecture. For generating protected IoT architectures, there is a need to include corpulent and reliable standards along with the security systems.
Figure 4 illustrates (a) Security landscape of Internet of Things and(b)Flow diagram for bandwidth consumption in accordance with an embodiment of the present disclosure.
Security Threats, Attacks and Vulnerabilities in IoT
The security of IoT system is considerably vulnerable because there is probability of entering the large number of attackers when any device is connected with the system. This phenomenon is also true even for a single small sized device. Indeed, there are huge amount of risks present within the IoT systems which are mainly caused during the transferring of data, accessing of devices, or making connections amongst the devices. Therefore, in order to provide the security, it is of the paramount importance to protect the IoT devices as well as services from any kind of unauthorized access from external devices. Moreover, the various services, hardware resources, as well as information present within the transition and storage needs to be protected through security. There are three major issues pertaining to security of IoT devices and services as given below: • Data confidentiality • Privacy and • Trust.
Data confidentiality is a fundamental issue within the IoT devices and services as well. It is given that the assessment of secure data and authorized objects for the user is the prime objective of IoT system. Perhaps, there are two important considerations while dealing with security issues of IoT systems. These are the access control as well as authorization methods and authenticity and identity management (IdM) technique. Further, in order to confirm that the person is authorized for accessing a service the verification of an entity is provided by the IoT device. The objective of authorization mechanism is to identify that whether the person or device can receive a service or not.
By considering the wide array of criteria, it is decided that whether the service required is granted or denied within the access control mechanism. Indeed, in order to generate a secure link amongst the numerous devices and services, it is important to establish the authorization and access control within these systems. The generation, understanding as well as manipulation of the scenarios can be performed with the help of various access control rules. Furthermore, a different aspect is involved when the authentication and identity management is incorporated. It is because of the fact that there is a need to authenticate the multiple users, objects and devices with the help of trustable services. No doubt, a secure mechanism is required for this purpose as it is the major issue to be resolved.
Furthermore, privacy is a major issue to be considered within the devices and services involved in IoT. It is explicit that in IoT framework, the objects are linked and the data is transmitted across the internet. Therefore, due considerations are required for securing the users' privacy. Perhaps, this is the reason behind the fact that the sharing and management of data along with providing privacy within the collected data is an important research domain.
Some other related security issues that arise within IoT are: Unpredictable Behavior, Device Similarity, Problematic Deployment, Long Device Life and Expired Support, No Upgrade Support,: Poor or No Transparency, Vulnerabilities Exposure and Threats. A security landscape of IoT is depicted in Fig. 4a. Various Security Measures for IoT
It is an obvious fact that the devices exist in IoT operate in a continuous manner and therefore securities provided by direct human observations are not accessible. Thus, it is beneficial to provide the devices that are tamper-proof and tamper-evident so that only the designated people can access them and they can remain isolated from unauthorized users. This method can block any kinds of attackers that are possibly trying to access the data. Furthermore, a layered technique is the secure endpoint for the purpose of data protection because in this technique the attackers are required to cross various obstacles. There are also the devices which can be deployed in the system for recognizing the vulnerabilities within the system. It is pertinent to mention that a device firmware can be modified only with the application of proper digital signature. However, in terms of functionality as well as accountability there is a need to develop highly interconnected IoT systems because there are various modifications being required as per regular utilization of these systems. Moreover, a proper taxing mechanism is also required and a security baseline is to be provided within the IoT systems.
It is worthy to mention that the static testing is not useful to identify the vulnerabilities presented within the components. However, the dynamic testing can be utilized to expose the weaknesses of code as well as to highlight the vulnerabilities involved in hardware. The dynamic testing can also expose the vulnerabilities which are not viewed within a static testing. In case, when a new code is utilized within old processors, the vulnerabilities can be discovered by dynamic testing. Perhaps, this is the reason that the dynamic testing is widely performed by the manufacturers when they buy the hardware and software to keep the objects secure. It is also a common practice to consider the device obsolete after utilizing it for some time duration and should be thrown out. Moreover, it must be ensured that the private data presented within such devices is completely removed so that it cannot be disclosed by other users. Perhaps, it is due to the fact that there are malicious purposes that can be achieved by the unauthorized users if the data gets into their hands. In order to avoid such conditions to arise, security methods are to be applied. Similarly, if the already utilized devices are sent for sale, they need to be erased completely since the information already available within them can be utilized by other users. Thus, this concern must be considered within the security mechanisms and proper security mechanism must be incorporated to avoid such drawbacks.
Securing Networks
The main function of authentication is to make sure that it is not easy to guess the credentials given to the IoT devices. Further, it is desirable that the credentials that are invariant within numerous devices should not be used because if in any case the intruder is able to guess any one password, it is possible to enter the other devices as well through it. Thus, a unique username/password is to be given to all the devices within the system and they should not be same. There should be availability of resetting the passwords only the user and the security level should be set at high level. Any kinds of guessing or occurrence of brute force techniques should be completely avoided within these systems.
Further, the encryption and secure protocols is possible to hack the communications amongst the devices even though there are passwords provided within a device. There are numerous protocols involved within the IoT systems such as Wi-Fi, cellular, NFC, Sigfox, Bluetooth, Zigbee, and so on, which helps in performing the several tasks. It is possible for a system to involve strong encryption on the basis of the protocols available within the computing resources. On the basis of various cases, the situation is to be examined and the strongest encryption mechanism possible is to be examined by the manufacturers. Within huge global campaigns, the IoT systems have become zombie systems due to the presence of huge armies that have caused DDoS attacks in systems that are not protected in right manner. There are vastly overpowered network capabilities provided within the commodity components which result in causing the congestion within IoT devices. Moreover, this results in increasing the costs for the systems that are targets of the DDoS attacks.
The VLANs, IP address ranges, or their combinations are utilized to partition the network into smaller local networks. Further, in order to recognize one or more source and destination interfaces within the platform, next-generation firewall security policies are utilized by network segmentations. Over and above, before processing the traffic, each interface on the firewall must be assigned to a security zone and various security zones are generated by the organizations in order to represent different segments to which the connections are being provided.
Secure the Overall IoT System
The linking of everyday objects with the help of Internet or ad hoc network is a basic idea of IoT systems. The sensitive personally identifiable information (PII) is leaked by most of the protocols involved within the systems. A link might be generated to other information sources such that it can be utilized further for personal use. In order to make sure that the authorized user can only discover the device, various service mechanisms and authentication protocols are presented. It of the paramount importance that the presence of vulnerabilities is to be known a priori to the developers so that the vulnerabilities related to security can be fixed. It is also indispensable that any sort of vulnerabilities identified by the researchers must quickly be communicated to the industries so that solution can be provided. This method is similar to the method followed by the users that use automobiles and other machinery devices. Moreover, it is also necessary to verify and fix each of the vulnerability in individual manner within reasonable time. It is also important to ensure that the engineers involved in developing the systems are highly efficient in their work and there are some basic criteria that must fulfilled as per the certification body. Further, there must be a liable managing, utilization, fortification as well as distribution of the data and the information must not be leaked by the protocols being utilized. Furthermore, in case the privacy issue arises the swift response must be given to the apprehensive users by the certified provider. Undoubtedly, the use of highly strong authentication and implementation of approved protocols are recommendable. There is no over-protection or under-protection found within the devices. It must be ascertain that the devices available within the systems cannot be forged in unproblematic manner. The certification status should be provided to the users that provides the description of devices through a web link.
DDoS attack in IoT
As the processing of IoT is very simple, the security within these systems has become a major issue. One such attack that occurs in these systems is the denial of service attacks. Indeed, the devices are converted into potential generators which can create congestion within the communication networks in IoT systems to deal with the illegitimate traffic. Further, the Distributed Denial of Service (DDoS) attacks can affects the frequently utilized devices within the IoT systems. In the DDoS attack, the malicious node will send the control packets to the legitimate nodes which subsequently send the rouge data packets to the victim node to trigger the attack.
There are large numbers of computers that are infected by a worm or Torjan horse which result in causing the DDoS type of attack. The consequence of this attack is to generate more than one type of attacks to one particular target within small time duration. Further, the users cannot utilize the system because the attack might cause the system to stop working completely. The attacker host sends huge number of requests to the target continuously. Thus, the legitimate users might not be able to provide services to the users and the scenario generated is known as flooding. There are two broader categories for the classification of DDoS attacks. These are the Network-centric attacks which involve the utilization of bandwidth by overloading one service and Application-layer attacks in which the applications calls are used to overload the service or the database.
The DDoS is generally triggered by the malicious node on the network layer. The malicious node selects target node and target node will flood the victim node with raw packets. This scenario creates the situation of jamming and thus reduces the network performance in terms of bandwidth consumption, routing overhead, and packet delivery ratio (PDR). Further, the session resumption is technique which prevents DDoS attack in IoT. In the session resumption technique, the three way handshake protocol is used in which client gets authenticated with the smart e-health gateway. In this smart e-health gateway authentication a certificate is assigned to the client. The session is initiated between the client and the smart e-health gateway and the session gets terminated when the gateway receives packets above the threshold value. The research work proposed in this paper renders a simplified version of mutual authentication mechanism which is considerably complex. The proposed technique also displays the reduced processing time. The algorithm proposed in this work attempts to detect the malicious nodes from the network which are responsible to trigger DDoS attack. The proposed algorithm entails the following steps.
Step1. The network is deployed with finite number of nodes and fixed bandwidth is allocated to each sensor node in the network. Step2. The sensor nodes start analyzing the bandwidth consumption of each sensor node. Further, the node which is using the bandwidth above allocated value is treated as malicious nodes. Step3. In this step, the central controller checks the type of packets sends by the malicious node i.e., the node using bandwidth above the allocated value. It is possible that when the node is sending data packets to the victim node, it may be the malicious node.
Step4. In the last step, if the node is sending the rouge data packets and receives control packets from any node then that node will be detected as the malicious node responsible to trigger DDoS attack. Fig. 4c represents the flow diagram for the bandwidth consumption as per the above mentioned algorithm. Further, the proposed Technique is based on two steps. In the first step the IP spoofing is detected and in second step the node triggering DDoS attack is detected from the network.
Algorithm 1: IP spoofing Detection
1. The IP spoofing is the attack in which malicious node spoof the IP address of the legitimate node and communicate on the behalf of the legitimate node. 2. The path will be established from the source to destination on the basis of three way handshake protocol. 3. The source when send the data to destination, the destination node will back track the path from where it receives the data. 4. The legitimate node will send negative reply to destination because it do not send message to the node. 5. The destination when receive the negative reply will stop receiving the packets from the particular IP which is spoofed in the network.
Algorithm 2: Detection of DDoS attack
1. In the network the IDS node need to be created which is the node inside the network. The IDS node is the node which is maximum stable and cannot change its location frequently. 2. The IDS node start creating the profile of each node, the IDS node will sense its adjacent node and information of its adjacent node is stored. 3. The stored information contains the packet type with respect to send control packet or data packet, data rate of sending packets (CBR or VBR) which is related with threshold values. 4. When the network throughput is reduced to threshold values then the IDS node compare the previous profile of each node with the current profile. 5. The node which has mismatched profile will be detected as malicious nodes from the network.
Figure 5 illustrates (a) Network deployment; (b) Flooding of route request packets; (c) Reply with route reply packets; and (d)Selection of pathin accordance with an embodiment of the present disclosure.
The simulation is the technique, which is applied to analyze the performance of the model which have developed when actually it is implemented in the real time environment. The simulators are of two types, the first type of event based simulator and second type is time based simulators. The network simulator version two is the event based simulator in which created events are trigger on the defined amount of time. The Network simulator is the simulator which is used to simulate the network models. The network simulator has various versions and latest version is NS2-2.35. The networks simulator version 2 is the Linux based simulator which run on various types of Linux like fedora, red hat etc. The NS2 is the complex architecture in which tool commands language is used for the front end and for the backend C++ is used as programming language. The performance analysis tools are used with NS2 and these tools are xgraph, ngraphs etc.
As shown in fig. 5a, the network is deployed with the finite number of sensor nodes. The network is decentralized in nature due to which mobile nodes can join or leave the network when they want. As shown in fig.5b, the source node flood the route request packets in the network and nodes which adjacent to destination will respond back with route reply packets. As show in fig. 5c, the nodes which are adjacent to destination will respond back with the route reply packets. The source selects best path from source to destination on the basis of hop count and sequence number. As shown in fig. 5d, the source node receives multiple route reply packets from the adjacent nodes. In this figure, the source search best path from the available paths.
Figure 6 illustrates (a) Trigger of Attack; (b)Threshold value analyzing; and (c)Detection of malicious nodes in accordance with an embodiment of the present disclosure.
The simulation is the technique, which is applied to analyze the performance of the model which have developed when actually it is implemented in the real time environment. The simulators are of two types, the first type of event based simulator and second type is time based simulators. The network simulator version two is the event based simulator in which created events are trigger on the defined amount of time. The Network simulator is the simulator which is used to simulate the network models. The network simulator has various versions and latest version is NS2-2.35. The networks simulator version 2 is the Linux based simulator which run on various types of Linux like fedora, red hat etc. The NS2 is the complex architecture in which tool commands language is used for the front end and for the backend C++ is used as programming language. The performance analysis tools are used with NS2 and these tools are xgraph, ngraphs etc.
As shown in fig. 6a, the source selects best path from source to destination on the basis hop count and sequence number. The malicious node is present in the network which floods the channel with the rough packets to trigger DDoS attack in the network. As shown in fig. 6b, in the network some IDS nodes are formed which will analyze the data rate of each node in the network. When the data rate is increased then the flooding takes place in the network. As shown in fig. 6c, the nodes which sending packets above the data rate will flood the network with the rough number of packets. The IDS nodes in the network will apply multipath routing to isolate that from the network.
Figure 7 illustrates (a) Bandwidth Consumption; (b) Routing overhead; and (c) PDR comparison in accordance with an embodiment of the present disclosure.
The simulation is the technique, which is applied to analyze the performance of the model which have developed when actually it is implemented in the real time environment. The simulators are of two types, the first type of event based simulator and second type is time based simulators. The network simulator version two is the event based simulator in which created events are trigger on the defined amount of time. The Network simulator is the simulator which is used to simulate the network models. The network simulator has various versions and latest version is NS2-2.35. The networks simulator version 2 is the Linux based simulator which run on various types of Linux like fedora, red hat etc. The NS2 is the complex architecture in which tool commands language is used for the front end and for the backend C++ is used as programming language. The performance analysis tools are used with NS2 and these tools are xgraph, ngraphs etc.
As shown in fig. 7a, the performance of attack scenario compared with the proposed technique. It has been analyzed that bandwidth consumption is reduced when malicious nodes detected from the network .As shown in fig. 7b, the performance of proposed algorithm is analyzed in terms of overhead. It has been analyzed that when malicious nodes detected from the network then routing overhead get reduced. As shown in fig. 7c, the network packet delivery ratio (PDR) is compared with the attack scenario. Due to packet loss happened in the network PDR is reduced and when the malicious node isolated from the network then PDR increased in the network.
The drawings and the forgoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment. For example, orders of processes described herein may be changed and are not limited to the manner described herein. Moreover, the actions of any flow diagram need not be implemented in the order shown; nor do all of the acts necessarily need to be performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. The scope of embodiments is by no means limited by these specific examples. Numerous variations, whether explicitly given in the specification or not, such as differences in structure, dimension, and use of material, are possible. The scope of embodiments is at least as broad as given by the following claims.
Benefits, other advantages, and solutions to problems have been described above with regard to specific embodiments. However, the benefits, advantages, solutions to problems, and any component(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as a critical, required, or essential feature or component of any or all the claims.
Claims (10)
1. A method for isolation of distributed denial of service attack in internet of things, the method comprises:
authenticating client through a smart e-health gateway, wherein in said smart e health gateway authentication a certificate is assigned to said client; initiating session in between said client and smart e-health gateway; detecting malicious nodes from a network which are responsible to trigger distributed denial of service (DDoS) attack; detecting internet protocol (IP) spoofing; detecting DDoS attack upon detecting malicious nodes with mismatched profile from said network; and terminating said session when said gateway receives packets above a threshold value.
2. The method as claimed in claim 1, wherein detect said malicious nodes comprises:
deploying network with finite number of nodes and allocating fixed bandwidth to each sensor node in said deployed network; analyzing bandwidth consumption of each sensor node using sensor nodes, wherein a node using bandwidth above allocated value is treated as malicious nodes; checking type of packets send by said malicious node through a central controller upon checking node using bandwidth above said allocated value; and detecting malicious node responsible to trigger DDoS attack if said node is sending rouge data packets and receiving control packets from any node.
3. The method as claimed in claim 1, wherein IP spoofing is an attack in which malicious node spoof an IP address of a legitimate node and communicate on behalf of said legitimate node.
4. The method as claimed in claim 1 and 3, wherein detection of internet protocol (IP) spoofing comprises: establishing a path from a source to destination using a three-way handshake protocol; backtracking a path of a data sent by a source to a destination using a destination node; sending negative reply to destination through said legitimate node; and preventing receiving of packets from particular IP which is spoofed in network if destination receives negative reply.
5. The method as claimed in claim 4, wherein said legitimate node sends said negative reply to destination due to incapability of sensing message to said node.
6. The method as claimed in claim 1, wherein steps for detecting DDoS attack comprises:
creating an intrusion detection system (IDS) node inside network; creating profile of adjacent nodes of said IDS node by employing said IDS node; comparing previous profile of each node with current profile when network throughput is reduced to threshold values; and detecting malicious nodes from said network upon detection of mismatched profile node(s).
7. The method as claimed in claim 6, wherein said IDS node is a node which is maximum stable and does not changes its location frequently, wherein said IDS node senses its adjacent node and thereby stores information of said adjacent nodes.
8. The method as claimed in claim 7, wherein said stored information contains packet type with respect to send control packet or data packet, data rate of sending packets (CBR or VBR) which is related with threshold values.
9. The method as claimed in claim 2, wherein steps for detecting bandwidth consumption comprises:
deploying a network with finite number of nodes; starting communication in said network and thereafter checking bandwidth consumption of each node; checking channel on which data rate is higher than allocated value if bandwidth consumption of each node is higher than threshold; detecting node which is sending data rate above said threshold and detect node which is sending control packets above said threshold; and starting communication in said network from source to destination, wherein communication in said network from source to destination is started just after checking bandwidth consumption of each node if bandwidth consumption of each node is not higher than threshold.
10. A system for isolation of distributed denial of service attack in internet of things, the system comprises:
a smart e-health gateway for authenticating client by assigning a certificate to said client and thereafter initiating session in between said client and smart e-health gateway; a malicious node detection unit for detecting malicious nodes from a network which are responsible to trigger distributed denial of service (DDoS) attack, wherein said malicious node detection unit consists a sensor node to analyze bandwidth consumption, a central controller to check type of packets send by malicious node; an internet protocol spoofing detection unit for detecting internet protocol (IP) spoofing; an intrusion detection system (IDS) node for detecting DDoS attack upon detecting malicious nodes with mismatched profile from said network by comparing previous profile of each node with current profile; and wherein said session is terminated when said gateway receives packets above a threshold value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2021102419A AU2021102419A4 (en) | 2021-05-09 | 2021-05-09 | A System and a Method for Isolation of Distributed Denial of Service Attack in Internet of Things |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2021102419A AU2021102419A4 (en) | 2021-05-09 | 2021-05-09 | A System and a Method for Isolation of Distributed Denial of Service Attack in Internet of Things |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2021102419A4 true AU2021102419A4 (en) | 2022-03-17 |
Family
ID=80629171
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2021102419A Ceased AU2021102419A4 (en) | 2021-05-09 | 2021-05-09 | A System and a Method for Isolation of Distributed Denial of Service Attack in Internet of Things |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2021102419A4 (en) |
-
2021
- 2021-05-09 AU AU2021102419A patent/AU2021102419A4/en not_active Ceased
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mehta et al. | Blockchain envisioned UAV networks: Challenges, solutions, and comparisons | |
| Al‐Turjman et al. | An overview of security and privacy in smart cities' IoT communications | |
| Banerjee et al. | A blockchain future for internet of things security: a position paper | |
| Javaid et al. | Mitigating loT device based DDoS attacks using blockchain | |
| Razzaq et al. | Security issues in the Internet of Things (IoT): A comprehensive study | |
| Alferidah et al. | A review on security and privacy issues and challenges in internet of things | |
| Nazir et al. | Survey on wireless network security | |
| Hongsong et al. | Security and trust research in M2M system | |
| Anathi et al. | An intelligent approach for dynamic network traffic restriction using MAC address verification | |
| Abdullah et al. | A review of cyber security challenges attacks and solutions for Internet of Things based smart home | |
| Salahdine et al. | Security in 5G and beyond recent advances and future challenges | |
| Guerber et al. | Machine Learning and Software Defined Network to secure communications in a swarm of drones | |
| Humayun | Industry 4.0 and cyber security issues and challenges | |
| Ghadeer | Cybersecurity issues in internet of things and countermeasures | |
| Kumar et al. | Isolation of ddos attack in iot: A new perspective | |
| Lone et al. | A comprehensive study on cybersecurity challenges and opportunities in the IoT world | |
| Özalp et al. | Layer-based examination of cyber-attacks in IoT | |
| Ahsan et al. | IoT devices, user authentication, and data management in a secure, validated manner through the blockchain system | |
| Badr et al. | Security and privacy in the Internet of Things: threats and challenges | |
| CN115051836A (en) | APT attack dynamic defense method and system based on SDN | |
| Anand et al. | Localized DoS attack detection architecture for reliable data transmission over wireless sensor network | |
| Hasan et al. | Towards a threat model and privacy analysis for v2p in 5g networks | |
| Valadares et al. | Security Challenges and Recommendations in 5G-IoT Scenarios | |
| AU2021102419A4 (en) | A System and a Method for Isolation of Distributed Denial of Service Attack in Internet of Things | |
| Panwar et al. | IoT security issues and solutions with blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| TH | Corrigenda |
Free format text: IN VOL 35 , NO 32 , PAGE(S) 6462 UNDER THE HEADING APPLICATIONS LAPSED, REFUSED OR WITHDRAWN, PATENTS CEASED OR EXPIRED - 2021 DELETE ALL REFERENCE TO 2021102419. |
|
| FGI | Letters patent sealed or granted (innovation patent) | ||
| MK22 | Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry |