Design of a distributed HIDS for IoT backbone components

• Autorzy: de O. Kfouri Guilherme , Gonçalves Daniel G. V. , Dutra Bruno V. , de Alencastro João F. , de Caldas Filho Francisco L. , e Martins Lucas M. C. , Praciano Bruno J. G. , de O. Albuquerque Robson , de Sousa Jr Rafael T.

Identyfikatory

DOI

10.15439/2019F329

• Konferencja: Federated Conference on Computer Science and Information Systems (14 ; 01-04.09.2019 ; Leipzig, Germany)
• Języki publikacji: EN

Abstrakty

EN

Nowadays DDoS attacks using IoT devices are frequent and extensive. Given that IoT network instances are distributed and deployed over conventional Internet gear, DDoS countermeasures in IoT need to be fully distributed and coordinated all over the components that form each IoT instance. This paper presents a designed and prototyped distributed host-based intrusion detection systems (HIDS) that aims to protect the components of IoT network backbones, comprising conventional switches and routers. In our design, a set of the proposed HIDS executes conventional security verifications, like default username and password, known attacks signatures, monitoring the usage of resources, processes, ports and open connections, while also interacting with a Controller of the HIDS set to allow the coordination of intrusion detection actions relative to DDoS attacks all over the IoT instance. The designed distributed HIDS is evaluated in a controlled environment that, although being a local and isolated network, realistically represents IoT network instances.

Słowa kluczowe

EN

Internet of things; IoT; IoT security; distributed denial of service; DDoS; host-based intrusion detection system; HIDS; distributed HIDS; Mirai Botnet

PL

Internet rzeczy; bezpieczeństwo IoT; DDoS; rozproszona odmowa usługi; HIDS; hostowe systemy wykrywania intruzów; Mirai botnet

• Wydawca: Polskie Towarzystwo Informatyczne
• Czasopismo: Annals of Computer Science and Information Systems
• Rocznik: 2019
• Tom: Vol. 20
• Strony: 81--88
• Opis fizyczny: Bibliogr. 19 poz., wykr., tab.

Twórcy

autor

de O. Kfouri Guilherme

• National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília–DF, Brazil, CEP 70910-900

autor

Gonçalves Daniel G. V.

• National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília–DF, Brazil, CEP 70910-900

autor

Dutra Bruno V.

• National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília–DF, Brazil, CEP 70910-900

autor

de Alencastro João F.

• National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília–DF, Brazil, CEP 70910-900

autor

de Caldas Filho Francisco L.

• National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília–DF, Brazil, CEP 70910-900

autor

e Martins Lucas M. C.

• National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília–DF, Brazil, CEP 70910-900

autor

Praciano Bruno J. G.

• National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília–DF, Brazil, CEP 70910-900

autor

de O. Albuquerque Robson

• National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília–DF, Brazil, CEP 70910-900

autor

de Sousa Jr Rafael T.

• National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília–DF, Brazil, CEP 70910-900

Bibliografia

• 1. Kaspersky. DDoS attacks in q1 2018. [Online]. Available: https://securelist.com/ddos-report-in-q1-2018/85373/
• 2. M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, and D. Menscher, “Understanding the Mirai Botnet,” in Proceedings of the 26th USENIX Security Symposium. Vancouver, BC, Canada: USENIX, 2017, pp. 1093–1110.
• 3. S. Hilton. Dyn Analysis Summary Of Friday October 21 Attack. [Online]. Available: https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/
• 4. C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and other botnets,” Computer, vol. 50, no. 7, pp. 80–84, 2017.
• 5. “Annual CyberSecurity Report,” Cisco 2018, Tech. Rep., 2018. [Online]. Available: https://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/acr2018/acr2018final.pdf
• 6. P. N. Raju, “State of the Art Intrusion Detection: Technologies, Challenges, and Evaluation,” Master’s Thesis, Linköping University, Linköping, Sweden, 2005.
• 7. R. Gerhards, “The Syslog Protocol - RFC 5424,” Internet Engineering Task Force (IETF), Tech. Rep., March 2009.
• 8. H. G. C. Ferreira and R. T. de Sousa Junior, “Security analysis of a proposed internet of things middleware,” Cluster Computing, vol. 20, no. 1, pp. 651–660, Mar 2017.
• 9. A. Lazarevic, V. Kumar, and J. Srivastava, Intrusion Detection: A Survey. Boston, MA, USA: Springer US, 2005, pp. 19–78.
• 10. A. Patel, Q. Qassim, and C. Wills, “A survey of intrusion detection and prevention systems,” Information Management & Computer Security, vol. 18, no. 4, pp. 277–290, 2010.
• 11. H.-J. Liao, C.-H. R. Lin, Y.-C. Lin, and K.-Y. Tung, “Intrusion detection system: A comprehensive review,” Journal of Network and Computer Applications, vol. 36, no. 1, pp. 16 – 24, 2013.
• 12. G. G. Helmer, J. S. K. Wong, V. Honavar, and L. Miller, “Intelligent Agents for Intrusion Detection,” in 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228). Syracuse, NY, USA: IEEE, Sep. 1998, pp. 121–124.
• 13. “Cisco Port Security,” Cisco, Tech. Rep., 2018. [Online]. Available: https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/port_sec.html
• 14. “DHCP Snooping,” Cisco, Tech. Rep., 2018. [Online]. Available: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ ios/12-2SX/configuration/guide/book/snoodhcp.html
• 15. Y. F. Jou, F. Gong, C. Sargor, X. Wu, S. F. Wu, H. C. Chang, and F. Wang, “Design and implementation of scalable IDS for the protection of Network infraestructure,” in Proceedings DARPA Information Survivability Conference and Exposition. DISCEX’00, vol. 2. Hilton Head, SC, USA: IEEE, Jan 2000, pp. 69–83 vol.2.
• 16. G. Prashanth, V. Prashanth, P. Jayashree, and N. Srinivasan, “Using Random Forests for Network-based Anomaly detection at Active routers,” in 2008 International Conference on Signal Processing, Communications and Networking, Chennai, India, Jan 2008, pp. 93–96.
• 17. S. R. Snapp, J. Brentano, G. V. Dias, T. L. Goan, L. T. Heberlein, C.-L. Ho, K. N. Levitt, B. Mukherjee, S. E. Smaha, T. Grance, D. M. Teal, and D. Mansur, “DIDS (Distributed Intrusion Detection System)-Motivation, Architecture, and An Early Prototype,” in Proceedings of the 14th National Computer Security Conference. Washington, DC, USA: NIST, 1991, pp. 167–176.
• 18. M. Silva, D. Lopes, and Z. Abdelouahab, “A Remote IDS Based on Multi-Agent Systems, Web Services and MDA,” in 2006 International Conference on Software Engineering Advances (ICSEA’06), Tahiti, Tahiti, Oct 2006, pp. 64–64.
• 19. B. V. Dutra, J. F. de Alencastro, F. L. de Caldas Filho, L. M. C. e Martins, R. T. de Sousa Júnior, and R. de O. Albuquerque, “HIDS by signature for embedded devices in IoT networks,” in Actas de las V Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2019). Cáceres, Spain: Universidad de Extremadura, Jun 2019, pp. 53–61.

Uwagi

1. Track 3: Network Systems and Applications

2. Technical Session: 3rd Workshop on Internet of Things - Enablers, Challenges and Applications

3. Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2020).