Visible to the public Biblio

Filters: Keyword is core networks  [Clear All Filters]
2021-02-03
Ceron, J. M., Scholten, C., Pras, A., Santanna, J..  2020.  MikroTik Devices Landscape, Realistic Honeypots, and Automated Attack Classification. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium. :1—9.

In 2018, several malware campaigns targeted and succeed to infect millions of low-cost routers (malwares e.g., VPN-Filter, Navidade, and SonarDNS). These routers were used, then, for all sort of cybercrimes: from DDoS attacks to ransomware. MikroTik routers are a peculiar example of low-cost routers. These routers are used to provide both last mile access to home users and are used in core network infrastructure. Half of the core routers used in one of the biggest Internet exchanges in the world are MikroTik devices. The problem is that vulnerable firmwares (RouterOS) used in homeusers houses are also used in core networks. In this paper, we are the first to quantify the problem that infecting MikroTik devices would pose to the Internet. Based on more than 4 TB of data, we reveal more than 4 million MikroTik devices in the world. Then, we propose an easy-to-deploy MikroTik honeypot and collect more than 17 millions packets, in 45 days, from sensors deployed in Australia, Brazil, China, India, Netherlands, and the United States. Finally, we use the collected data from our honeypots to automatically classify and assess attacks tailored to MikroTik devices. All our source-codes and analysis are publicly available. We believe that our honeypots and our findings in this paper foster security improvements in MikroTik devices worldwide.

2018-01-16
Ahmed, M. E., Kim, H..  2017.  DDoS Attack Mitigation in Internet of Things Using Software Defined Networking. 2017 IEEE Third International Conference on Big Data Computing Service and Applications (BigDataService). :271–276.

Securing Internet of Things (IoT) systems is a challenge because of its multiple points of vulnerability. A spate of recent hacks and security breaches has unveiled glaring vulnerabilities in the IoT. Due to the computational and memory requirement constraints associated with anomaly detection algorithms in core networks, commercial in-line (part of the direct line of communication) Anomaly Detection Systems (ADSs) rely on sampling-based anomaly detection approaches to achieve line rates and truly-inline anomaly detection accuracy in real-time. However, packet sampling is inherently a lossy process which might provide an incomplete and biased approximation of the underlying traffic patterns. Moreover, commercial routers uses proprietary software making them closed to be manipulated from the outside. As a result, detecting malicious packets on the given network path is one of the most challenging problems in the field of network security. We argue that the advent of Software Defined Networking (SDN) provides a unique opportunity to effectively detect and mitigate DDoS attacks. Unlike sampling-based approaches for anomaly detection and limitation of proprietary software at routers, we use the SDN infrastructure to relax the sampling-based ADS constraints and collect traffic flow statistics which are maintained at each SDN-enabled switch to achieve high detection accuracy. In order to implement our idea, we discuss how to mitigate DDoS attacks using the features of SDN infrastructure.