Design of a Distributed HIDS for IoT Backbone Components
Guilherme de O. Kfouri, Daniel G. V. Gonçalves, Bruno V. Dutra, João F. de Alencastro, Francisco L. de Caldas Filho, Lucas M. C. e Martins, Bruno J. G. Praciano, Robson de O. Albuquerque, Rafael T. de Sousa Jr
DOI: http://dx.doi.org/10.15439/2019F329
Citation: Communication Papers of the 2019 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 20, pages 81–88 (2019)
Abstract. Nowadays DDoS attacks using IoT devices are frequent and exten-sive. Given that IoT network instances are distributed and deployedover conventional Internet gear, DDoS countermeasures in IoT needto be fully distributed and coordinated allover the components thatform each IoT instance. This paper presents a designed and proto-typed distributed host-based intrusion detection systems (HIDS)that aims to protect the components of IoT network backbones,comprising conventional switches and routers. In our design, a setof the proposed HIDS executes conventional security verifications,like default username and password, known attacks signatures,monitoring the usage of resources, processes, ports and open con-nections, while also interacting with a Controller of the HIDS setto allow the coordination of intrusion detection actions relativeto DDoS attacks allover the IoT instance.The designed distributedHIDS is evaluated in a controlled environment that, although beinga local and isolated network, realistically represents IoT networkinstances.
References
- Kaspersky. DDoS attacks in q1 2018. [Online]. Available: https://securelist.com/ddos-report-in-q1-2018/85373/
- M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, and D. Menscher, “Understanding the Mirai Botnet,” in Proceedings of the 26th USENIX Security Symposium. Vancouver, BC, Canada: USENIX, 2017, pp. 1093–1110.
- S. Hilton. Dyn Analysis Summary Of Friday October 21 Attack. [Online]. Available: https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/
- C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and other botnets,” Computer, vol. 50, no. 7, pp. 80–84, 2017.
- “Annual CyberSecurity Report,” Cisco 2018, Tech. Rep., 2018. [Online]. Available: https://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/acr2018/acr2018final.pdf
- P. N. Raju, “State of the Art Intrusion Detection: Technologies, Challenges, and Evaluation,” Master’s Thesis, Linköping University, Linköping, Sweden, 2005.
- R. Gerhards, “The Syslog Protocol - RFC 5424,” Internet Engineering Task Force (IETF), Tech. Rep., March 2009.
- H. G. C. Ferreira and R. T. de Sousa Junior, “Security analysis of a proposed internet of things middleware,” Cluster Computing, vol. 20, no. 1, pp. 651–660, Mar 2017.
- A. Lazarevic, V. Kumar, and J. Srivastava, Intrusion Detection: A Survey. Boston, MA, USA: Springer US, 2005, pp. 19–78.
- A. Patel, Q. Qassim, and C. Wills, “A survey of intrusion detection and prevention systems,” Information Management & Computer Security, vol. 18, no. 4, pp. 277–290, 2010.
- H.-J. Liao, C.-H. R. Lin, Y.-C. Lin, and K.-Y. Tung, “Intrusion detection system: A comprehensive review,” Journal of Network and Computer Applications, vol. 36, no. 1, pp. 16 – 24, 2013.
- G. G. Helmer, J. S. K. Wong, V. Honavar, and L. Miller, “Intelligent Agents for Intrusion Detection,” in 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228). Syracuse, NY, USA: IEEE, Sep. 1998, pp. 121–124.
- “Cisco Port Security,” Cisco, Tech. Rep., 2018. [Online]. Available: https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/port_sec.html
- “DHCP Snooping,” Cisco, Tech. Rep., 2018. [Online]. Available: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ ios/12-2SX/configuration/guide/book/snoodhcp.html
- Y. F. Jou, F. Gong, C. Sargor, X. Wu, S. F. Wu, H. C. Chang, and F. Wang, “Design and implementation of scalable IDS for the protection of Network infraestructure,” in Proceedings DARPA Information Survivability Conference and Exposition. DISCEX’00, vol. 2. Hilton Head, SC, USA: IEEE, Jan 2000, pp. 69–83 vol.2.
- G. Prashanth, V. Prashanth, P. Jayashree, and N. Srinivasan, “Using Random Forests for Network-based Anomaly detection at Active routers,” in 2008 International Conference on Signal Processing, Communications and Networking, Chennai, India, Jan 2008, pp. 93–96.
- S. R. Snapp, J. Brentano, G. V. Dias, T. L. Goan, L. T. Heberlein, C.-L. Ho, K. N. Levitt, B. Mukherjee, S. E. Smaha, T. Grance, D. M. Teal, and D. Mansur, “DIDS (Distributed Intrusion Detection System)-Motivation, Architecture, and An Early Prototype,” in Proceedings of the 14th National Computer Security Conference. Washington, DC, USA: NIST, 1991, pp. 167–176.
- M. Silva, D. Lopes, and Z. Abdelouahab, “A Remote IDS Based on Multi-Agent Systems, Web Services and MDA,” in 2006 International Conference on Software Engineering Advances (ICSEA’06), Tahiti, Tahiti, Oct 2006, pp. 64–64.
- B. V. Dutra, J. F. de Alencastro, F. L. de Caldas Filho, L. M. C. e Martins, R. T. de Sousa Júnior, and R. de O. Albuquerque, “HIDS by signature for embedded devices in IoT networks,” in Actas de las V Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2019). Cáceres, Spain: Universidad de Extremadura, Jun 2019, pp. 53–61.