Show simple item record

dc.contributor.authorFebro, Aldo Kiki
dc.date.accessioned2021-03-18T11:08:02Z
dc.date.available2021-03-18T11:08:02Z
dc.date.issued2021-02-19
dc.identifier.urihttp://hdl.handle.net/2299/24127
dc.description.abstractAn unintended consequence of the global deployment of IoT devices is that they provide a fertile breeding ground for IoT botnets. An adversary can take advantage of an IoT botnet to launch DDoS attacks against telecommunication services. Due to the magnitude of such an attack, legacy security systems are not able to provide adequate protection. The impact ranges from loss of revenue for businesses to endangering public safety. This risk has prompted academia, government, and industry to reevaluate the existing de- fence model. The current model relies on point solutions and the assumption that adversaries and their attacks are readily identifiable. But adversaries have challenged this assumption, building a botnet from thousands of hijacked IoT devices to launch DDoS attacks. With bot- net DDoS attacks there are no clear boundary where the attacks originate and what defensive measures to use. The research question is: in what ways programmable networks could defend against Session Initiation Protocol (SIP) Distributed Denial-of-Service (DDoS) flooding attacks from IoT botnets? My significant and original contribution to the knowledge is a scalable and collaborative defence framework that secures the edges of IoT networks with Virtual Network Function (VNF), Software-Defined Networking (SDN), and Blockchain technology to prevent, detect, and mitigate SIP DDoS flooding attacks from IoT botnets. Successful experiments were performed using VNF, SDN, and Blockchain. Three kinds of SIP attacks (scan, brute force, and DDoS) were launched against a VNF running on a virtual switch and each was successfully detected and mitigated. The SDN controller gathers threat intelligence from the switch where the attacks originate and installs them as packet filtering rules on all switches in the organisation. With the switches synchronised, the same botnet outbreak is prevented from attacking other parts of the organisation. A distributed application scales this framework further by writing the threat intelligence to a smart contract on the Ethereum Blockchain so that it is available for external organisations. The receiving organisation retrieves the threat intelligence from the smart contract and installs them as packet filtering rules on their switches. In this collaborative framework, attack detection/mitigation efforts by one organisation can be leveraged as attack prevention efforts by other organisations in the community.en_US
dc.language.isoenen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.rightsAttribution 3.0 United States*
dc.rights.urihttp://creativecommons.org/licenses/by/3.0/us/*
dc.subjectSIPen_US
dc.subjectDDoSen_US
dc.subjectVNFen_US
dc.subjectSDNen_US
dc.subjectEthereumen_US
dc.subjectBlockchainen_US
dc.subjectIoTen_US
dc.subjectbotneten_US
dc.subjectIOCen_US
dc.subjectCTIen_US
dc.titleSecuring the Edges of IoT Networks: a Scalable SIP DDoS Defense Framework with VNF, SDN, and Blockchainen_US
dc.typeinfo:eu-repo/semantics/doctoralThesisen_US
dc.identifier.doidoi:10.18745/th.24127*
dc.identifier.doi10.18745/th.24127
dc.type.qualificationlevelDoctoralen_US
dc.type.qualificationnamePhDen_US
dcterms.dateAccepted2021-02-19
rioxxterms.funderDefault funderen_US
rioxxterms.identifier.projectDefault projecten_US
rioxxterms.versionNAen_US
rioxxterms.licenseref.urihttps://creativecommons.org/licenses/by/4.0/en_US
rioxxterms.licenseref.startdate2021-03-18
herts.preservation.rarelyaccessedtrue
rioxxterms.funder.projectba3b3abd-b137-4d1d-949a-23012ce7d7b9en_US


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record

info:eu-repo/semantics/openAccess
Except where otherwise noted, this item's license is described as info:eu-repo/semantics/openAccess