RESUMEN
The Internet of Things (IoT) is empowering various sectors and aspects of daily life. Green IoT systems typically involve Low-Power and Lossy Networks (LLNs) with resource-constrained nodes. Lightweight routing protocols, such as the Routing Protocol for Low-Power and Lossy Networks (RPL), are increasingly being applied for efficient communication in LLNs. However, RPL is susceptible to various attacks, such as the black hole attack, which compromises network security. The existing black hole attack detection methods in Green IoT rely on static thresholds and unreliable metrics to compute trust scores. This results in increasing false positive rates, especially in resource-constrained IoT environments. To overcome these limitations, we propose a delta-threshold-based trust model called the Optimized Reporting Module (ORM) to mitigate black hole attacks in Green IoT systems. The proposed scheme comprises both direct trust and indirect trust and utilizes a forgetting curve. Direct trust is derived from performance metrics, including honesty, dishonesty, energy, and unselfishness. Indirect trust requires the use of similarity. The forgetting curve provides a mechanism to consider the most significant and recent feedback from direct and indirect trust. To assess the efficacy of the proposed scheme, we compare it with the well-known trust-based attack detection scheme. Simulation results demonstrate that the proposed scheme has a higher detection rate and low false positive alarms compared to the existing scheme, confirming the applicability of the proposed scheme in green IoT systems.
RESUMEN
Due to the expeditious inclination of online services usage, the incidents of ransomware proliferation being reported are on the rise. Ransomware is a more hazardous threat than other malware as the victim of ransomware cannot regain access to the hijacked device until some form of compensation is paid. In the literature, several dynamic analysis techniques have been employed for the detection of malware including ransomware; however, to the best of our knowledge, hardware execution profile for ransomware analysis has not been investigated for this purpose, as of today. In this study, we show that the true execution picture obtained via a hardware execution profile is beneficial to identify the obfuscated ransomware too. We evaluate the features obtained from hardware performance counters to classify malicious applications into ransomware and non-ransomware categories using several machine learning algorithms such as Random Forest, Decision Tree, Gradient Boosting, and Extreme Gradient Boosting. The employed data set comprises 80 ransomware and 80 non-ransomware applications, which are collected using the VirusShare platform. The results revealed that extracted hardware features play a substantial part in the identification and detection of ransomware with F-measure score of 0.97 achieved by Random Forest and Extreme Gradient Boosting.
RESUMEN
As a promising next-generation network architecture, named data networking (NDN) supports name-based routing and in-network caching to retrieve content in an efficient, fast, and reliable manner. Most of the studies on NDN have proposed innovative and efficient caching mechanisms and retrieval of content via efficient routing. However, very few studies have targeted addressing the vulnerabilities in NDN architecture, which a malicious node can exploit to perform a content poisoning attack (CPA). This potentially results in polluting the in-network caches, the routing of content, and consequently isolates the legitimate content in the network. In the past, several efforts have been made to propose the mitigation strategies for the content poisoning attack, but to the best of our knowledge, no specific work has been done to address an emerging attack-surface in NDN, which we call an interest flooding attack. Handling this attack-surface can potentially make content poisoning attack mitigation schemes more effective, secure, and robust. Hence, in this article, we propose the addition of a security mechanism in the CPA mitigation scheme that is, Name-Key Based Forwarding and Multipath Forwarding Based Inband Probe, in which we block the malicious face of compromised consumers by monitoring the Cache-Miss Ratio values and the Queue Capacity at the Edge Routers. The malicious face is blocked when the cache-miss ratio hits the threshold value, which is adjusted dynamically through monitoring the cache-miss ratio and queue capacity values. The experimental results show that we are successful in mitigating the vulnerability of the CPA mitigation scheme by detecting and blocking the flooding interface, at the cost of very little verification overhead at the NDN Routers.
