Proactive defense mechanisms for the software-defined Internet of Things with non-patchable vulnerabilities

Mengmeng Ge, Jin B. Hong, Simon Enoch Yusuf, Dong Seong Kim

Research output: Contribution to journalArticle

10 Citations (Scopus)

Abstract

The Internet of Things (IoT) contains a large number of heterogeneous devices with a variety of vulnerabilities. As the vulnerabilities can be exploited by the attackers to break into the system, it is of vital importance to patch all vulnerabilities. However, some vulnerabilities are impossible to patch (e.g., forever-day vulnerabilities). In order to deal with non-patchable vulnerabilities, we propose to change the attack surface of the IoT network to increase the attack effort. With the support of software-defined networking (SDN), we develop two proactive defense mechanisms that reconfigure the IoT network topology. We analyze how the security and performance change when the proposed solutions are deployed by using a graphical security model and various metrics in simulations. The results show our proactive defense mechanisms in the SD-IoT effectively increase the attack effort, while maintaining the average shortest path length.

Original languageEnglish
Pages (from-to)568-582
Number of pages15
JournalFuture Generation Computer Systems
Volume78
DOIs
Publication statusPublished - 1 Jan 2018
Externally publishedYes

Fingerprint Dive into the research topics of 'Proactive defense mechanisms for the software-defined Internet of Things with non-patchable vulnerabilities'. Together they form a unique fingerprint.

  • Cite this