Feraudo, Angelo, Popescu, Diana Andreea, Yadav, Poonam orcid.org/0000-0003-0169-0704 et al. (2 more authors) (2023) Mitigating IoT Botnet DDos Attacks through MUD and eBPF based Traffic Filtering. [Preprint]
Abstract
As the prevalence of Internet-of-Things (IoT) devices becomes more and more dominant, so too do the associated management and security challenges. One such challenge is the exploitation of vulnerable devices for recruitment into botnets, which can be used to carry out Distributed Denial-of-Service (DDoS) attacks. The recent Manufacturer Usage Description (MUD) standard has been proposed as a way to mitigate this problem, by allowing manufacturers to define communication patterns that are permitted for their IoT devices, with enforcement at the gateway home router. In this paper, we present a novel integrated system implementation that uses a MUD manager (osMUD) to parse an extended set of MUD rules, which also allow for rate-limiting of traffic and for setting appropriate thresholds. Additionally, we present two new backends for MUD rule enforcement, one based on eBPF and the other based on the Linux standard iptables. The reported evaluation results show that these techniques are feasible and effective in protecting against attacks and in terms of their impact on legitimate traffic and on the home gateway.
Metadata
Item Type: | Preprint |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | 12 pages, 10 figures, in review currently |
Keywords: | cs.NI,cs.CR |
Dates: |
|
Institution: | The University of York |
Academic Units: | The University of York > Faculty of Sciences (York) > Computer Science (York) |
Depositing User: | Pure (York) |
Date Deposited: | 31 May 2024 08:50 |
Last Modified: | 03 Dec 2024 11:07 |
Published Version: | https://doi.org/10.48550/arXiv.2305.02186 |
Status: | Published |
Publisher: | arXiv |
Identification Number: | 10.48550/arXiv.2305.02186 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:212946 |