دانلود رایگان مقاله انگلیسی تشخیص و مقابله حمله DDoS با چارچوب اینترنت اشیای تعریف شده توسط نرم افزار - IEEE 2018

ABSTRACT

With the spread of Internet of Things’ (IoT) applications, security has become extremely important. A recent distributed denial-of-service (DDoS) attack revealed the ubiquity of vulnerabilities in IoT, and many IoT devices unwittingly contributed to the DDoS attack. The emerging software-defined anything (SDx) paradigm provides a way to safely manage IoT devices. In this paper, we first present a general framework for software-defined Internet of Things (SD-IoT) based on the SDx paradigm. The proposed framework consists of a controller pool containing SD-IoT controllers, SD-IoT switches integrated with an IoT gateway, and IoT devices. We then propose an algorithm for detecting and mitigating DDoS attacks using the proposed SD-IoT framework, and in the proposed algorithm, the cosine similarity of the vectors of the packet-in message rate at boundary SD-IoT switch ports is used to determine whether DDoS attacks occur in the IoT. Finally, experimental results show that the proposed algorithm has good performance, and the proposed framework adapts to strengthen the security of the IoT with heterogeneous and vulnerable devices.

VI. CONCLUSIONS

In this paper, we describe a general framework for SD-IoT composed of an SD-IoT controller pool with controllers, SD-IoT switches integrated with the IoT gateway, and terminal IoT devices. Then, we propose an algorithm for detecting and mitigating DDoS attacks with the proposed SD-IoT framework. In the proposed algorithm, we obtain the threshold value of the cosine similarity of the vectors of the packet-in rate at the ports of the SD-IoT boundary switches; we use the threshold value to determine whether a DDoS attack has occurred, find the real DDoS attacker, and block the DDoS attack at the source. Finally, the simulation results show that the proposed algorithm can find the IoT device from which a DDoS attack is launched within a shorter time period, quickly handle and mitigate the DDoS attack, and ultimately improve the unveiled glaring vulnerabilities in IoT, in which the terminal devices have computational and memory requirement constraints. Future work will focus on how to proactively defend against DDoS attacks in SD-IoT. In addition, dynamic load-balancing algorithms in the controller pool will be designed and implemented, and more efficient algorithms for detecting and mitigating DDoS attacks based on the SD-IoT framework will be investigated.