Feraudo, Angelo, Popescu, Diana Andreea, Yadav, Poonam orcid.org/0000-0003-0169-0704 et al. (2 more authors) (2024) Mitigating IoT Botnet DDoS Attacks through MUD and eBPF based Traffic Filtering. In: ACM International Conference Proceeding Series. ACM , pp. 164-173.
Abstract
As the prevalence of Internet-of-Things (IoT) devices becomes more and more dominant, so too do the associated management and security challenges. One such challenge is the exploitation of vulnerable devices for recruitment into botnets, which can be used to carry out Distributed Denial-of-Service (DDoS) attacks. The recent Manufacturer Usage Description (MUD) standard has been proposed as a way to mitigate this problem, by allowing manufacturers to define communication patterns that are permitted for their IoT devices, with enforcement at the gateway home router. In this paper, we present a novel integrated system implementation that uses a MUD manager (osMUD) to parse an extended set of MUD rules, which also allow for rate-limiting of traffic and for setting appropriate thresholds. Additionally, we present two new backends for MUD rule enforcement, one based on eBPF and the other based on the Linux standard iptables. The evaluation results reported show that these techniques are feasible and effective in protecting against attacks, with minimal impact on legitimate traffic and on the home gateway.
Metadata
Item Type: | Proceedings Paper |
---|---|
Authors/Creators: |
|
Dates: |
|
Institution: | The University of York |
Academic Units: | The University of York > Faculty of Sciences (York) > Computer Science (York) The University of York |
Depositing User: | Pure (York) |
Date Deposited: | 31 May 2024 09:20 |
Last Modified: | 16 Dec 2024 00:25 |
Published Version: | https://doi.org/10.1145/3631461.3631549 |
Status: | Published |
Publisher: | ACM |
Identification Number: | 10.1145/3631461.3631549 |
Related URLs: | |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:212997 |