TY - JOUR
T1 - A multi-stage attack mitigation mechanism for software-defined home networks
AU - Luo, Shibo
AU - Wu, Jun
AU - Li, Jianhua
AU - Guo, Longhua
N1 - Publisher Copyright:
© 1975-2011 IEEE.
PY - 2016/5
Y1 - 2016/5
N2 - Software-defined Home Networks (SDHN) is a key development trend of smart home which is proposed to realize multi-home visual sharing. With the improved openness and programming ability, SDHN faces increased network threat than traditional home networks. Especially, because of the diversity and heterogeneity of smart home products, multi-stage attack is more convenient to be performed in SDHN. To mitigate multi-stage attack in SDHN, some significant problems are needed to be addressed. The first problem is security assessment along with attack events. The second one is countermeasure selection problem based on security assessment result and security policy. The third one is attack mitigation countermeasure deployment problem according to current network context to meet the countermeasure decision instantly. In this paper, a multi-stage attack mitigation mechanism is proposed for SDHN using Software-Defined Networking (SDN) and Network Function Virtualization (NFV). Firstly, an evidence-driven security assessment method using SDN factors and NFV-based detection is designed to perform security assessment along with observed security events. Secondly, an attack mitigation countermeasure selection method is proposed. The evaluation shows that the proposed mechanism is effective for multi-stage attack mitigation in SDHN1.
AB - Software-defined Home Networks (SDHN) is a key development trend of smart home which is proposed to realize multi-home visual sharing. With the improved openness and programming ability, SDHN faces increased network threat than traditional home networks. Especially, because of the diversity and heterogeneity of smart home products, multi-stage attack is more convenient to be performed in SDHN. To mitigate multi-stage attack in SDHN, some significant problems are needed to be addressed. The first problem is security assessment along with attack events. The second one is countermeasure selection problem based on security assessment result and security policy. The third one is attack mitigation countermeasure deployment problem according to current network context to meet the countermeasure decision instantly. In this paper, a multi-stage attack mitigation mechanism is proposed for SDHN using Software-Defined Networking (SDN) and Network Function Virtualization (NFV). Firstly, an evidence-driven security assessment method using SDN factors and NFV-based detection is designed to perform security assessment along with observed security events. Secondly, an attack mitigation countermeasure selection method is proposed. The evaluation shows that the proposed mechanism is effective for multi-stage attack mitigation in SDHN1.
KW - Attack graph
KW - Multi-stage attack mitigation
KW - Network function virtualization
KW - Software-defined home networks
UR - http://www.scopus.com/inward/record.url?scp=84979497548&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84979497548&partnerID=8YFLogxK
U2 - 10.1109/TCE.2016.7514720
DO - 10.1109/TCE.2016.7514720
M3 - Article
AN - SCOPUS:84979497548
SN - 0098-3063
VL - 62
SP - 200
EP - 207
JO - IEEE Transactions on Consumer Electronics
JF - IEEE Transactions on Consumer Electronics
IS - 2
M1 - 7514720
ER -