عرض بسيط للتسجيلة

المؤلفYan, Lei
المؤلفMa, ode
المؤلفLi, Dandan
المؤلفHuang, Xiaohong
المؤلفMa, Yan
المؤلفXie, Kun
تاريخ الإتاحة2023-12-03T11:07:39Z
تاريخ النشر2023
اسم المنشورCMES - Computer Modeling in Engineering and Sciences
المصدرScopus
الرقم المعياري الدولي للكتاب15261492
معرّف المصادر الموحدhttp://dx.doi.org/10.32604/cmes.2022.022462
معرّف المصادر الموحدhttp://hdl.handle.net/10576/50048
الملخصThe low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows. Traditional methods to identify the malicious flows in Crossfire attacks are rerouting, which is based on statistics. In these existing mechanisms, the identification of malicious flows depends on the IP address. However, the IP address is easy to be changed by attacks. Compared with the IP address, the certificate is more challenging to be tampered with or forged. Moreover, the traffic trend in the network is towards encryption. The certificates are popularly utilized by IoT devices for authentication in encryption protocols. DTLShps proposed a new way to verify certificates for resource-constrained IoT devices by using the SDN controller. Based on DTLShps, the SDN controller can collect statistics on certificates. In this paper, we propose Certrust, a framework based on the trust of certificates, to mitigate the Crossfire attack by using SDN for IoT. Our goal is threefold. First, the trust model is built based on the Bayesian trust system with the statistics on the participation of certificates in each Crossfire attack. Moreover, the forgetting curve is utilized instead of the traditional decay method in the Bayesian trust system for achieving a moderate decay rate. Second, for detecting the Crossfire attack accurately, a method based on graph connectivity is proposed. Third, several trust-based routing principles are proposed to mitigate the Crossfire attack. These principles can also encourage users to use certificates in communication. The performance evaluation shows that Certrust is more effective in mitigating the Crossfire attack than the traditional rerouting schemes. Moreover, our trust model has a more appropriate decay rate than the traditional methods.
راعي المشروعFunding Statement: This work was supported by Joint Funds of the National Natural Science Foundation of China and Xinjiang under Project U1603261.
اللغةen
الناشرTech Science Press
الموضوعbayesian trust system
certificate
Crossfire attack
forgetting curve
IoT
SDN
Trust model
العنوانCertrust: An SDN-Based Framework for the Trust of Certificates against Crossfire Attacks in IoT Scenarios
النوعArticle
الصفحات2137-2162
رقم العدد3
رقم المجلد134
dc.accessType Open Access


الملفات في هذه التسجيلة

Thumbnail

هذه التسجيلة تظهر في المجموعات التالية

عرض بسيط للتسجيلة