Autopolicy: Automated Traffic Policing for Improved IoT Network Security
Creators
- 1. Institute of Theoretical and Applied Informatics of the Polish Academy of Sciences (IITiS PAN), Gliwice 44100, Poland
- 2. European Commission, Joint Research Centre (JRC), 21027 Ispra, Italy
Description
A 2.3Tbps DDoS attack was recently mitigated by Amazon, which is a new record after
the 2018 GitHub attack, or the famous 2016 Dyn DNS attack launched from hundreds of thousands
of hijacked Internet of Things (IoT) devices. These attacks may disrupt the lives of billions of
people worldwide, as we increasingly rely on the Internet. In this paper, we tackle the problem that
hijacked IoT devices are often the origin of these attacks. With the goal of protecting the Internet
and local networks, we propose Autopolicy: a system that automatically limits the IP traffic
bandwidth—and other network resources—available to IoT devices in a particular network. We make
use of the fact that devices, such as sensors, cameras, and smart home appliances, rarely need their
high-speed network interfaces for normal operation. We present a simple yet flexible architecture for
Autopolicy, specifying its functional blocks, message sequences, and general operation in a Software
Defined Network. We present the experimental validation results, and release a prototype open
source implementation.
Files
(18) foremski2020autopolicy - we need older version.pdf
Files
(1.1 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:23c9f00de85d4d3b166b1a8c2864b20f
|
1.1 MB | Preview Download |