Final published version
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - MUD-Based Behavioral Profiling Security Framework for Software-Defined IoT Networks
AU - Krishnan, Prabhakar
AU - Jain, Kurunandan
AU - Buyya, Rajkumar
AU - Vijayakumar, Pandi
AU - Nayyar, Anand
AU - Bilal, Muhammad
AU - Song, Houbing
PY - 2022/5/1
Y1 - 2022/5/1
N2 - The rapid development and deployment of Internet of Things (IoT) devices in modern networks and Industry 4.0 have attracted substantial interest from cybersecurity researchers. In this study, we propose a software-defined framework that improves network intrusion detection systems by using manufacturer usage description (MUD) to enhance the behavioral monitoring in IoT networks. We aim to explore whether Industrial IoT (IIoT) devices typically serve a common role in cyber-physical systems, and their communications exhibit predictable patterns that can be defined in MUD profile(s) formally and succinctly. We design a framework that utilizes the concept of digital twins and software-defined networking to improve the security of IIoT environments. The MUD data are profiled, and the actions are evaluated on the network digital twin before they are used in the physical network. The behavioral profiling system is updated in real time, thereby improving the overall system security and compliance to policies in the IoT deployment. Evaluation results show that our solution outperforms existing approaches substantially in terms of attack detection accuracy, predicting security incidents, response time, and resource usage.
AB - The rapid development and deployment of Internet of Things (IoT) devices in modern networks and Industry 4.0 have attracted substantial interest from cybersecurity researchers. In this study, we propose a software-defined framework that improves network intrusion detection systems by using manufacturer usage description (MUD) to enhance the behavioral monitoring in IoT networks. We aim to explore whether Industrial IoT (IIoT) devices typically serve a common role in cyber-physical systems, and their communications exhibit predictable patterns that can be defined in MUD profile(s) formally and succinctly. We design a framework that utilizes the concept of digital twins and software-defined networking to improve the security of IIoT environments. The MUD data are profiled, and the actions are evaluated on the network digital twin before they are used in the physical network. The behavioral profiling system is updated in real time, thereby improving the overall system security and compliance to policies in the IoT deployment. Evaluation results show that our solution outperforms existing approaches substantially in terms of attack detection accuracy, predicting security incidents, response time, and resource usage.
KW - Digital twin
KW - Manufacturer usage description (MUD)
KW - Network security
KW - Software-defined networking (SDN)
U2 - 10.1109/JIOT.2021.3113577
DO - 10.1109/JIOT.2021.3113577
M3 - Journal article
AN - SCOPUS:85115146064
VL - 9
SP - 6611
EP - 6622
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
SN - 2327-4662
IS - 9
ER -