As the prevalence of Internet-of-Things (IoT) devices becomes more and more dominant, so too do the associated management and security challenges. One such challenge is the exploitation of vulnerable devices for recruitment into botnets, which can be used to carry out Distributed Denial-of-Service (DDoS) attacks. The recent Manufacturer Usage Description (MUD) standard has been proposed as a way to mitigate this problem, by allowing manufacturers to define communication patterns that are permitted for their IoT devices, with enforcement at the gateway home router. In this paper, we present a novel integrated system implementation that uses a MUD manager (osMUD) to parse an extended set of MUD rules, which also allow for rate-limiting of traffic and for setting appropriate thresholds. Additionally, we present two new backends for MUD rule enforcement, one based on eBPF and the other based on the Linux standard iptables. The evaluation results reported show that these techniques are feasible and effective in protecting against attacks, with minimal impact on legitimate traffic and on the home gateway.
Feraudo, A., Popescu, D.A., Yadav, P., Mortier, R., Bellavista, P. (2024). Mitigating IoT Botnet DDoS Attacks through MUD and eBPF based Traffic Filtering. Association for Computing Machinery [10.1145/3631461.3631549].
Mitigating IoT Botnet DDoS Attacks through MUD and eBPF based Traffic Filtering
Feraudo, Angelo;Bellavista, Paolo
2024
Abstract
As the prevalence of Internet-of-Things (IoT) devices becomes more and more dominant, so too do the associated management and security challenges. One such challenge is the exploitation of vulnerable devices for recruitment into botnets, which can be used to carry out Distributed Denial-of-Service (DDoS) attacks. The recent Manufacturer Usage Description (MUD) standard has been proposed as a way to mitigate this problem, by allowing manufacturers to define communication patterns that are permitted for their IoT devices, with enforcement at the gateway home router. In this paper, we present a novel integrated system implementation that uses a MUD manager (osMUD) to parse an extended set of MUD rules, which also allow for rate-limiting of traffic and for setting appropriate thresholds. Additionally, we present two new backends for MUD rule enforcement, one based on eBPF and the other based on the Linux standard iptables. The evaluation results reported show that these techniques are feasible and effective in protecting against attacks, with minimal impact on legitimate traffic and on the home gateway.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
