TY - JOUR
T1 - A cybersecurity framework to identify malicious edge device in fog computing and cloud-of-things environments
AU - Sohal, Amandeep Singh
AU - Sandhu, Rajinder
AU - Sood, Sandeep K.
AU - Chang, Victor
N1 - Publisher Copyright:
© 2017 Elsevier Ltd
PY - 2018/5
Y1 - 2018/5
N2 - Device security is one of the major challenges for successful implementation of Internet of Things and fog computing environment in current IT space. Researchers and Information Technology (IT) organizations have explored many solutions to protect systems from unauthenticated device attacks (known as outside device attacks). Fog computing uses network devices (e.g. router, switch and hub) for latency-aware processing of collected data using IoT. Then, identification of malicious edge device is one of the critical activities in data security of fog computing environment. Preventing attacks from malicious edge devices in fog computing environment is more difficult because they have certain granted privileges to use and process the data. In this paper, proposed cybersecurity framework uses three technologies which are Markov model, Intrusion Detection System (IDS) and Virtual Honeypot Device (VHD) to identify malicious edge device in fog computing environment. A two-stage hidden Markov model is used to effectively categorize edge devices in four different levels. VHD is designed to store and maintain log repository of all identified malicious devices which assists the system to defend itself from any unknown attacks in the future. Proposed cybersecurity framework is tested with real attacks in virtual environment created using OpenStack and Microsoft Azure. Results indicated that proposed cybersecurity framework is successful in identifying the malicious device as well as reducing the false IDS alarm rate.
AB - Device security is one of the major challenges for successful implementation of Internet of Things and fog computing environment in current IT space. Researchers and Information Technology (IT) organizations have explored many solutions to protect systems from unauthenticated device attacks (known as outside device attacks). Fog computing uses network devices (e.g. router, switch and hub) for latency-aware processing of collected data using IoT. Then, identification of malicious edge device is one of the critical activities in data security of fog computing environment. Preventing attacks from malicious edge devices in fog computing environment is more difficult because they have certain granted privileges to use and process the data. In this paper, proposed cybersecurity framework uses three technologies which are Markov model, Intrusion Detection System (IDS) and Virtual Honeypot Device (VHD) to identify malicious edge device in fog computing environment. A two-stage hidden Markov model is used to effectively categorize edge devices in four different levels. VHD is designed to store and maintain log repository of all identified malicious devices which assists the system to defend itself from any unknown attacks in the future. Proposed cybersecurity framework is tested with real attacks in virtual environment created using OpenStack and Microsoft Azure. Results indicated that proposed cybersecurity framework is successful in identifying the malicious device as well as reducing the false IDS alarm rate.
KW - Edge device
KW - Fog computing
KW - Internet of Things
KW - Intrusion detection system
KW - Two-stage Markov model
KW - Virtual Honeypot Device
UR - http://www.scopus.com/inward/record.url?scp=85029784320&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2017.08.016
DO - 10.1016/j.cose.2017.08.016
M3 - Article
AN - SCOPUS:85029784320
SN - 0167-4048
VL - 74
SP - 340
EP - 354
JO - Computers and Security
JF - Computers and Security
ER -