An Architecture of Enhanced Profiling Assurance for IoT Networks-Reference-Cited by-同舟云学术

An Architecture of Enhanced Profiling Assurance for IoT Networks

Published:2024-07-18 Issue:14 Volume:13 Page:2832
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Aroon Nut¹^ORCID,Liu Vicky¹^ORCID,Kane Luke¹^ORCID,Li Yuefeng¹^ORCID,Tesfamicael Aklilu Daniel¹,McKague Matthew¹

Affiliation:

1. Faculty of Science, Queensland University of Technology, Brisbane, QLD 4000, Australia

Abstract

Attacks launched from IoT networks can cause significant damage to critical network systems and services. IoT networks may contain a large volume of devices. Protecting these devices from being abused to launch traffic amplification attacks is critical. The manufacturer usage description (MUD) architecture uses pre-defined stateless access control rules to allow or block specific network traffic without stateful communication inspection. This can lead to false negative filtering of malicious traffic, as the MUD architecture does not include the monitoring of communication states to determine which connections to allow through. This study presents a novel solution, the enhanced profiling assurance (EPA) architecture. It incorporates both stateless and stateful communication inspection, a unique approach that enhances the detection effectiveness of the MUD architecture. EPA contains layered intrusion detection and prevention systems to monitor stateful and stateless communication. It adopts three-way decision theory with three outcomes: allow, deny, and uncertain. Packets that are marked as uncertain must be continuously monitored to determine access permission. Our analysis, conducted with two network scenarios, demonstrates the superiority of the EPA over the MUD architecture in detecting malicious activities.

Publisher

MDPI AG

Link

https://www.mdpi.com/2079-9292/13/14/2832/pdf

Reference51 articles.

1. Nayak, G., Mishra, A., Samal, U., and Mishra, B.K. (2022). Depth Analysis on DoS & DDoS Attacks. Wireless Communication Security, Scrivener Publishing.

2. Gamblin, J. (2024, March 15). Mirai BotNet. Available online: https://github.com/jgamblin/Mirai-Source-Code.

3. The Aftermath of the Dyn DDOS Attack;Greenstein;IEEE Micro,2019

4. Yoachimik, O., and Pacheco, J. (2024, April 17). DDoS threat report for 2024 Q1. Available online: https://blog.cloudflare.com/ddos-threat-report-for-2024-q1.

5. Lear, E., Droms, R., and Romascanu, D. (2024, March 15). RFC 8520: Manufacturer Usage Description Specification. Available online: https://datatracker.ietf.org/doc/html/rfc8520.