As wireless communication becomes cheaper and faster, more and more devices are being hooked up to the Internet of Things (IoT), promising real-time communication and control across a variety of sensors and devices. Applied in an industrial context—in what is known as industrial IoT (IIoT)—these technologies pave the way for predictive maintenance of machinery and remote monitoring of processes, among other useful functions.
However, with increased connectivity comes greater exposure to cyberattacks. “IIoT systems involve many devices distributed across locations with weak security protection, making them vulnerable to compromise,” said Luying Zhou, a Research Scientist at the A*STAR's Institute for Infocomm Research (I2R).
“They are particularly prone to a distributed-denial-of-service, or DDoS, attack, in which compromised devices swamp the IIoT system in large volumes of communication traffic that consume the system or network resources, leaving the system unavailable for normal operation,” he explained.
A DDoS attack can be defeated by detecting the compromised device and filtering out its suspicious communication. However, peripheral devices may not be able to detect if their fellow devices have been compromised, while the centralized cloud server may only detect an attack too late, after the increased traffic has already knocked out parts of the network.
As such, Zhou and his team devised a ‘fog-computing’ approach with a three-level architecture—field, local and cloud levels—that allows IIoT system operators to carry out in-depth investigation and analysis of malicious network behaviors.
In their scheme, firewalls and station servers at the field and local levels are configured to monitor and control traffic on nearby devices. Meanwhile cloud computing services allow traffic data analyses and time-sensitive tasks to be executed close to the system’s end users. “Our method protects the whole IIoT system while reducing unnecessary data transfers,” Zhou said.
Simulating an IIoT system under DDoS attack, the researchers showed that the fog-computing approach achieves faster detection and mitigation of malicious network behaviors. In their experiments, normal connectivity was restored in milliseconds when fog-computing was applied.
“Since attack traffic could be blocked near the attacking sources, we were able to achieve a faster detection time via cloud server coordination, a higher detection rate, and savings in bandwidth resources,” Zhou said.
“We are confident that our approach will be a valuable resource for effectively detecting and stopping DDoS and other attacks,” he concluded.
The A*STAR-affiliated researchers contributing to this research are from the Institute for Infocomm Research (I2R).