Research On Moving Target Defense Against IoT DDoS Attacks

With the development of information and communication technology,Io T technology has become more and more mature,and Io T terminal devices are widely deployed in application scenarios such as smart homes and smart agriculture.However,due to practical and economic considerations,the security of Io T terminal equipment is often ignored by manufacturers,and there are common security defects such as weak passwords and system code vulnerabilities.Therefore,malicious attackers can easily launch large-scale Distribute Denial of Service(DDo S)attacks with the help of Io T terminal devices,which seriously threatens cyberspace security.This thesis studies how to defend against Io T DDo S attacks from two aspects: Io T terminal devices and application servers.The specific research contents are as follows:(1)First,the thesis studies the malicious encrypted traffic labeling and detection method on the terminal side of the Internet of Things,and the detection results can provide trigger conditions for the defense of mobile targets on the terminal side.The malicious encrypted traffic labeling method proposed in this thesis realizes the automatic labeling of malicious encrypted traffic by constructing program call control flow graph and analyzing malicious code.On this basis,a deep learning-based Io T malicious encrypted traffic detection algorithm is realized,and the Res Net-18 model is used to achieve accurate detection of Io T malicious encrypted traffic.(2)Secondly,in order to prevent the further spread of malicious attacks to other Io T terminal devices,this thesis proposes a moving target defense mechanism for Io T terminals that combines network deception technology and network topology transformation—DNMTD(Dynamic Network Moving Target Defense).At the same time,a DNLA(Dynamic Network Lightweight Algorithm)lightweight algorithm is proposed to generate a new network topology to help DNMTD make decisions.The DNLA algorithm can adjust the connection mode between the terminal devices according to the real-time network traffic rate of the terminal devices of the Internet of Things,so as to protect the terminal devices of the Internet of Things.(3)Finally,if the attacker has occupied a large number of Io T terminal devices and launched a DDo S attack,it is necessary to provide corresponding security defense measures on the application server side.Accordingly,this thesis proposes a moving target defense strategy for application servers based on blockchain and IPv6 address switching.This thesis makes full use of the existing three-layer architecture of client,proxy node and application server,and effectively defends against DDo S attacks by quickly switching the IPv6 addresses of proxy nodes.Specifically,the thesis proposes a method for proxy node IPv6 address encryption,decryption and fast switching based on public key cryptography,and a client authentication mechanism based on Ethereum.This method has the advantages of strong dynamics and can traceback the source of attack.