Not logged in.
Quick Search - Contribution
Contribution Details
| Type | Master's Thesis |
| Scope | Discipline-based scholarship |
| Title | Design and Implementation of a Cooperative MTD Framework for IoT Devices |
| Organization Unit | |
| Authors |
|
| Supervisors |
|
| Language |
|
| Institution | University of Zurich |
| Faculty | Faculty of Business, Economics and Informatics |
| Date | 2023 |
| Abstract Text | The Internet of Things (IoT) offers many advantages to our society, including benefits regarding the economy and human convenience. While these are not empty promises, IoT devices have the major drawback of being inherently vulnerable to malware due to various characteristics. As the number of IoT devices is expected to triple by 2030, possible defense mechanisms against such malware (e.g. Bashlite or Mirai) are essential. This thesis proposed and implemented a prototype of a cooperative and reactive Moving Target Defense (MTD) framework that exploits the weaknesses of Bashlite, a well-known IoT malware. The first weakness is the ability to disrupt the connection of a Bashlite client from the Bashlite server by changing the client's IP address. The second vulnerability is that Bashlite scans and distributes itself via the Telnet port 23. Hence, the infected device is instructed to change its local IP address to disconnect itself from the Bashlite server, and the other devices in the network are instructed to temporarily move their Telnet service port to hide until Bashlite is rendered harmless. Three different evaluation scenarios were created, all consisting of two virtual machines, one of which is infected with Bashlite that attempts to infect the second machine. The scenarios differed in the inclusion of the cooperative component and the trigger of the execution of the MTD techniques. The two possibilities for the trigger were proactive (every minute) and reactive (after the detection of Bashlite). The evaluation scenarios have shown that the proposed cooperative and reactive framework and techniques have significant advantages over a non-cooperative and reactive approach and a cooperative but proactive approach. In addition to halving the overall infection time in the system, the overall availability of the machines, defined by outgoing packet losses and outgoing and incoming Telnet connections, was also significantly improved. In addition, the CPU and RAM usage of the framework and techniques executed were minimal. Although the cooperative and reactive approach provided by far the best results, each MTD approach has its advantages and further research is required to make use of this promising defense mechanism. |
| PDF File |
Download
|
| Export |
BibTeX
|