|
|
- 2017
一种基于无线路由器的IoT设备轻量级防御框架
|
Abstract:
摘要 目前IoT(Internet of things,物联网)设备安全问题很多,然而由于IoT设备自身限制(嵌入式系统,资源紧张),传统PC的保护手段已经不再适用。提出一种基于无线路由器的IoT设备轻量级防御框架WRGuardian(wireless router guardian),利用家用无线路由器在网络流量的掌控能力和拓扑结构优势,从被动防御和主动防御两个方面入手,及时监测并阻断目前针对IoT设备的主要攻击行为,同时定期扫描检测安全问题并修复。该框架无需外部硬件或者修改设备原有系统,降低了部署难度和成本,有利于后期推广。实验结果显示WRGuardian能够有效对抗针对IoT设备弱口令、命令注入等主要攻击手段,且能排查修复已知风险,是一种低成本可行的轻量级防护方案。
| [1] | 陈友,程学旗,李洋,等. 基于特征选择的轻量级入侵检测系统[J]. 软件学报, 2007, 18(7):1639-1651. |
| [2] | Gartner. Gartner says the Internet of things installed base will grow to 26 billion units by 2020. (2013-12-12). http://www.gartner.com/newsroom/id/2636073. |
| [3] | Gamblin J. Leaked Mirai source code for research/IoC development purposes. (2016-10-31). https://github.com/jgamblin/Mirai-Source-Code. |
| [4] | Fazzi F. IRC-based mass router scanner/exploiter. (2015-6-19). https://github.com/eurialo/lightaidra. |
| [5] | Oikarinen J, Reed D. Internet relay chat protocol. (1993-05). https://tools.ietf.org/rfc/rfc1459.txt. |
| [6] | Gailly J, Adler M. The gzip home page. (2003-07-27). http://www.gzip.org/. |
| [7] | Fielding R, UC Irvine, Gettys J, et al. Hypertext transfer protocol:HTTP/1.1. (1999-06). http://www.ietf.org/rfc/rfc2616.txt. |
| [8] | Herzberg B, Bekerman D, Zeifman I. Breaking down Mirai:an IoT DDoS Botnet analysis. (2016-10-10). https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html. |
| [9] | 左青云,陈鸣,王秀磊,等. 一种基于SDN的在线流量异常检测方法[J]. 西安电子科技大学学报, 2015, 42(1):155-160. |
| [10] | 朱应武,杨家海,张金祥. 基于流量信息结构的异常检测[J]. 软件学报, 2010, 21(10):2573-2583. |
| [11] | Acunetix. Web application security with Acunetix Vulnerability Scanner. (2016-11). http://www.acunetix.com/vulnerability-scanner/. |
| [12] | Anonymous. Internet census 2012. (2012-12). http://internetcensus2012.bitbucket.org/paper.html. |
| [13] | Paganini P. Lizard stresser hacking tool relies on compromised home routers. (2015-01-10). http://securityaffairs.co/wordpress/32022/cyber-crime/lizard-stresser-hacking-tool.htmlg. |
| [14] | Krebs B. DDoS on Dyn impacts twitter, spotify, reddit. (2016-10-21). https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/. |
| [15] | Flashpoint. Mirai botnet linked to Dyn DNS DDoS attacks. (2016-10-21). https://www.flashpoint-intel.com/mirai-botnet-linked-dyn-dns-ddos-attacks/. |
| [16] | Proofpoint. Proofpoint uncovers Internet of things (IoT) cyberattack. (2014-01-16). http://investors.proofpoint.com/releasedetail.cfm?ReleaseID=819799. |
| [17] | Krebs B. Who makes the IoT things under attack. (2016-10-03). https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/. |
| [18] | DHS. Strategic principles for securing the Internet of things. (2016-11-16). https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf. |
| [19] | IBM. IBM security AppScan. (2016-11). http://www-03.ibm.com/software/products/en/appscan. |
| [20] | Tenable. Nessus vulnerability scanner. (2016-01-01). http://www.tenable.com/products/nessus-vulnerability-scanner. |
| [21] | Levandoski J, Sommer E, Strait M. Application layer packet classifier for Linux. (2009-01-07). http://l7-filter.sourceforge.net/. |
| [22] | Tecgraf. The programming language Lua. (2016-10-14). http://www.lua.org/. |
| [23] | Nehab D. Network support for the Lua language. (2016-07-23). https://github.com/diegonehab/luasocket. |
| [24] | Andersen E. A C library for embedded Linux. (2012-05-15). https://uclibc.org/. |
| [25] | IETF Working Group. Request for comments (RFC). (2016-10-03). http://www.ietf.org/rfc.html. |
