| 一种基于无线路由器的IoT设备轻量级防御框架 |
| |
| 作者姓名: | 严志涛 方滨兴 刘奇旭 崔翔 |
| |
| 作者单位: | 1. 中国科学院大学网络空间安全学院, 北京 100049;
2. 中国科学院信息工程研究所, 北京 100093;
3. 北京邮电大学, 北京 100876;
4. 东莞电子科技大学电子信息工程研究院, 广东 东莞 523808 |
| |
| 基金项目: | 国家重点研发计划(2016YFB0801604)、国家自然科学基金(61303239)和广东省产学研合作项目(2016B090921001)资助 |
| |
| 摘 要: | 目前IoT(Internet of things,物联网)设备安全问题很多,然而由于IoT设备自身限制(嵌入式系统,资源紧张),传统PC的保护手段已经不再适用。提出一种基于无线路由器的IoT设备轻量级防御框架WRGuardian(wireless router guardian),利用家用无线路由器在网络流量的掌控能力和拓扑结构优势,从被动防御和主动防御两个方面入手,及时监测并阻断目前针对IoT设备的主要攻击行为,同时定期扫描检测安全问题并修复。该框架无需外部硬件或者修改设备原有系统,降低了部署难度和成本,有利于后期推广。实验结果显示WRGuardian能够有效对抗针对IoT设备弱口令、命令注入等主要攻击手段,且能排查修复已知风险,是一种低成本可行的轻量级防护方案。
|
| 关 键 词: | 无线路由器 IoT设备 安全防护 网络流量 |
| 收稿时间: | 2016-11-29 |
| 修稿时间: | 2017-02-22 |
A wireless router-based lightweight defense framework for IoT devices |
| |
| Authors: | YAN Zhitao FANG Binxing LIU Qixu CUI Xiang |
| |
| Institution: | 1. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;
2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
3. Beijing University of Posts and Telecommunications, Beijing 100876, China;
4. Institute of Electronic and Information Engineering, Dongguan University of Electronic Science and Technology, Dongguan 523808, Guangdong, China |
| |
| Abstract: | It is well known that IoT (Internet of things) devices are vulnerable and can be easily intruded by attackers. However, traditional protection methods for PCs are no longer suitable for IoT devices. In this work, we design a router-based lightweight defense framework WRGuardian (wireless router guardian) which uses the router's network traffic controllability and computing capacity to protect IoT devices. It will monitor and block the attack behaviors to IoT devices, and it will detect and fix the security issues by simulating attacks. Because there is no requirement of additional security hardware for the IoT devices, this protection framework has a low cost, and it is convenient to deploy and beneficial for promotion. Our experimental results show that WRGuardian is feasible and protects IoT devices from main attacks. It is an effective lightweight solution. |
| |
| Keywords: | wireless router IoT device protection network traffic |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
|
