With the increasing of IoT applications and their importance to the global economy, the communication infrastructures and services had shown to be an essential tool and a fundamental element to public well-being and economic stability. Concerns about the security of those systems and networks tend to increase. The malicious attacks on the Internet, the interruption due to physical factors, software and hardware failures, and human errors affect essential public services that operate through public telecommunication networks, leading to chaos. These perturbations reveal our society’s increasing dependency on those networks and services and the importance of protecting them. Its importance is increasingly reinforced through the definition of cybersecurity strategies worldwide, as in European countries, Asia, the USA, and Canada, which consider the cyberspace availability, integrity, authenticity, and confidentiality of data a big issue to the 21st century.
Therefore, ensuring cybersecurity has been a central goal to governments, companies, and society, as much as on the national level as internationally. Different reports of the European Commission highlight the necessity of security and resilience about the information and communication infrastructure, particularly considering the Internet’s current advances through IoT and IoE. The last one connects many computer devices, many of them embedded in cars, industrial machinery, home appliances, and even in the human body, and offer services that require high availability, efficiency, and security. The IoT and IoE change the actual Internet model, expanding scale, heterogeneity, and complexity of cyberspace, significantly. They need different security solutions that consider their singular characteristics and requirements.
In Brazil, the Annual Report of Security Incidents of the Rede Brasileira de Ensino e Pesquisa (RNP), produced by the Centro de Atendimento a Incidentes de Segurança (CAIS) of the Ipê network, shows that until later 2017, CAIS sent 3.6 million notifications of incidents and vulnerabilities, reinforcing the huge necessity of cybersecurity. Besides that, CAIS highlights the importance and potential of an intelligent analysis of the network data to the understanding (characterizing), prediction, and definition of strategies against attacks and threats. The modeling of attacks helps comprehend the behavior of attacks and threats, as in the early prediction of new occurrences and new types (unknown/zero-day) of attacks, reducing financial and moral damage to the institutions.
CAIS, a partner of this project, clearly reinforces that, despite RNP efforts to implement methodologies to prevent and mitigate attacks, as in Distributed Denial of Service - DDoS, the defense against malicious activities in the Brazilian network of education and research continues being relevant.
In this scenario, the challenge to maximize the efficiency against attacks goes through the coordinated operation of three complementary defense axes: (i) prevention, (ii) prediction, (iii) detection and mitigation of attacks. Typically, each IoT device communicates with an associated application on smartphones or tablets connected directly or indirectly over a central point (hub) or by the manufacturer’s services in the cloud, mainly to remotely access IoT devices. It is also common the communication between IoT and manufacturer’s servers to status updates or searches for software updates.
The local monitoring of IoT devices flow as well as the interactions between the devices and external devices (neighborhood and Internet) and the imposition of obedience to flow policies by devices have been treated currently as a way to prevent DDoS attacks using IoT devices (e.g., FlowFence, IoT-Flows). In order to treat IoT network scenarios without local prevention mechanisms or security mechanisms compromised, it is necessary to identify signs of attack preparation from the IoT devices’ behavior in its early stages (prediction). As a complement, determining the behavior of botnets and developing techniques to detect and mitigate the attacks are still relevant to cases where prevention and prediction had not achieved success, given the complexity and big potential logistic, economic and moral damages of those attacks to people, companies, and government. Lastly, it is imperative that a large-scale experimentation environment allows the behavior analysis of attacks and the evaluation of proposed solutions. Main goals
The MENTORED project main goal consists of advancing scientific knowledge, human resources training, and enhancement of a group with international coverage to cooperate in research and innovation in systems and network security with the participation of academic institutions, a small company, and the government. Besides that, this project aims to identify, model, and evaluate malicious behavior associated with the Internet of Things (IoT) to help build advanced solutions to the prevention, prediction, detection, and mitigation of DDoS attacks.
The specific goals are:
Objective 1: The design of a monitoring solution of IoT flows to prevent attacks and help the modeling, detection, and prediction of botnets and DDoS attacks;
Objective 2: The risk analysis by the identification of botnets formed by IoT devices and the prediction of known and unknown (zero-day) DDoS attacks;
Objective 3: The identification and classification of malicious behavior related to DDoS attacks and the proposition of a solution to detect and mitigate those attacks;
Objective 4: The design and implementation of an experimentation environment (testbed), with access control, in which the solutions proposed in this project can be tested.