A wireless router-based lightweight defense framework for IoT devices

doi:10.7523/j.issn.2095-6134.2017.06.013

Abstract

Abstract: It is well known that IoT (Internet of things) devices are vulnerable and can be easily intruded by attackers. However, traditional protection methods for PCs are no longer suitable for IoT devices. In this work, we design a router-based lightweight defense framework WRGuardian (wireless router guardian) which uses the router's network traffic controllability and computing capacity to protect IoT devices. It will monitor and block the attack behaviors to IoT devices, and it will detect and fix the security issues by simulating attacks. Because there is no requirement of additional security hardware for the IoT devices, this protection framework has a low cost, and it is convenient to deploy and beneficial for promotion. Our experimental results show that WRGuardian is feasible and protects IoT devices from main attacks. It is an effective lightweight solution.

Key words: wireless router, IoT device, protection, network traffic

CLC Number:

TP393

YAN Zhitao, FANG Binxing, LIU Qixu, CUI Xiang. A wireless router-based lightweight defense framework for IoT devices[J]. , 2017, 34(6): 759-770.

References

[1] Gartner. Gartner says the Internet of things installed base will grow to 26 billion units by 2020. (2013-12-12). http://www.gartner.com/newsroom/id/2636073.
[2] Anonymous. Internet census 2012. (2012-12). http://internetcensus2012.bitbucket.org/paper.html.
[3] Paganini P. Lizard stresser hacking tool relies on compromised home routers. (2015-01-10). http://securityaffairs.co/wordpress/32022/cyber-crime/lizard-stresser-hacking-tool.htmlg.
[4] Krebs B. DDoS on Dyn impacts twitter, spotify, reddit. (2016-10-21). https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/.
[5] Flashpoint. Mirai botnet linked to Dyn DNS DDoS attacks. (2016-10-21). https://www.flashpoint-intel.com/mirai-botnet-linked-dyn-dns-ddos-attacks/.
[6] Gamblin J. Leaked Mirai source code for research/IoC development purposes. (2016-10-31). https://github.com/jgamblin/Mirai-Source-Code.
[7] Fazzi F. IRC-based mass router scanner/exploiter. (2015-6-19). https://github.com/eurialo/lightaidra.
[8] Oikarinen J, Reed D. Internet relay chat protocol. (1993-05). https://tools.ietf.org/rfc/rfc1459.txt.
[9] Proofpoint. Proofpoint uncovers Internet of things (IoT) cyberattack. (2014-01-16). http://investors.proofpoint.com/releasedetail.cfm?ReleaseID=819799.
[10] Krebs B. Who makes the IoT things under attack. (2016-10-03). https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/.
[11] DHS. Strategic principles for securing the Internet of things. (2016-11-16). https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf.
[12] 左青云,陈鸣,王秀磊,等. 一种基于SDN的在线流量异常检测方法[J]. 西安电子科技大学学报, 2015, 42(1):155-160.
[13] 陈友,程学旗,李洋,等. 基于特征选择的轻量级入侵检测系统[J]. 软件学报, 2007, 18(7):1639-1651.
[14] 朱应武,杨家海,张金祥. 基于流量信息结构的异常检测[J]. 软件学报, 2010, 21(10):2573-2583.
[15] Acunetix. Web application security with Acunetix Vulnerability Scanner. (2016-11). http://www.acunetix.com/vulnerability-scanner/.
[16] IBM. IBM security AppScan. (2016-11). http://www-03.ibm.com/software/products/en/appscan.
[17] Tenable. Nessus vulnerability scanner. (2016-01-01). http://www.tenable.com/products/nessus-vulnerability-scanner.
[18] Levandoski J, Sommer E, Strait M. Application layer packet classifier for Linux. (2009-01-07). http://l7-filter.sourceforge.net/.
[19] Tecgraf. The programming language Lua. (2016-10-14). http://www.lua.org/.
[20] Nehab D. Network support for the Lua language. (2016-07-23). https://github.com/diegonehab/luasocket.
[21] Andersen E. A C library for embedded Linux. (2012-05-15). https://uclibc.org/.
[22] IETF Working Group. Request for comments (RFC). (2016-10-03). http://www.ietf.org/rfc.html.
[23] Gailly J, Adler M. The gzip home page. (2003-07-27). http://www.gzip.org/.
[24] Fielding R, UC Irvine, Gettys J, et al. Hypertext transfer protocol:HTTP/1.1. (1999-06). http://www.ietf.org/rfc/rfc2616.txt.
[25] Herzberg B, Bekerman D, Zeifman I. Breaking down Mirai:an IoT DDoS Botnet analysis. (2016-10-10). https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html.