Research On IoT Security Defense Technology Based On Dynamic Heterogeneous Redundancy

The Internet of Things is already widely used in smart medical,industrial systems and smart homes,but with the rapid growth in the number of IoT devices follows not only numerous application scenarios and demands,but also the increasingly prominent security issues.In addition to network management difficulties and high maintenance costs,the huge number of IoT devices already become the best repository for hackers to form botnets to launch Distributed Denial of Service(DDo S)attacks,which poses a great security risk to both IoT and other Internet applications.Therefore,how to effectively protect these IoT devices is an urgent issue.1)In order to solve the security problems caused by the stability differences among executors and similar vulnerabilities in the actual deployment of DHR architecture,a more feasible improved DHR(MFI-DHR)model is proposed in this thesis,including the Random Distribution Based Dynamic Scheduling Algorithm(RD-DSA)and the Information Weight and Heterogeneity based Arbitrament(IWHA).In the dynamic scheduling algorithm based on random distribution,the probability size of executors being selected is determined by the random distribution function and information weights,which avoids the situation that some executors cannot be selected due to the difference in the stability of executors when the information weights are served as the scheduling basis.In the information weight and heterogeneity-based adjudication,heterogeneity is added to restrict the information weights,which solves the common-mode escape problem caused by multiple identical error output results when similar vulnerabilities exist.The experimental results show that the MFI-DHR model has significant advantages over the traditional DHR model in terms of heterogeneity,the number of dispatches,security,and stability under the same conditions.2)A fused DHR IoT security defense system is proposed in this thesis by combining dynamic heterogeneous redundancy architecture and software-defined networking technology.This defense system uses the DHR architecture to keep security and stability of SDN controllers and switches,while a security protection scheme is designed for IoT devices lacking security protection,which is jointly constructed by the anomaly detection method based on the isolated forest algorithm,the flow table-based traceability mechanism assisted by DPM,and the flow table-based end-address masking method.The adaptability of the isolated forest algorithm to different IoT environments and the true positive rate of anomaly detection is improved by incorporating state updating.To reduce the traceability errors due to coarse-grained matching of flow tables,this thesis chooses to incorporate the DPM algorithm to assist in traceability.Combining the Network Address Translation(NAT)and the Port and Address Hopping techniques in Moving Target Defense(MTD),a flow table-based endaddress masking method is proposed in this thesis,which utilizes the ever-changing virtual IP addresses and ports to hide the real IP addresses and service ports of IoT devices,which makes it more difficult for attackers to maintain the attack chain and forms effective protection against IoT devices.3)In this thesis,an experimental test system is built to experimentally validate the proposed security defense scheme.The tests include the security of the MFI-DHR model,the actual performance of the anomaly detection method based on the isolated forest algorithm,and the defense effect against DDo S attacks.The experimental results show that the IoT security defense scheme incorporating DHR proposed in this thesis is able to form effective protection for IoT devices.