RL and Fingerprinting to Select Moving Target Defense Mechanisms for Zero-day Attacks in IoT

by   Alberto Huertas Celdrán, et al.

Cybercriminals are moving towards zero-day attacks affecting resource-constrained devices such as single-board computers (SBC). Assuming that perfect security is unrealistic, Moving Target Defense (MTD) is a promising approach to mitigate attacks by dynamically altering target attack surfaces. Still, selecting suitable MTD techniques for zero-day attacks is an open challenge. Reinforcement Learning (RL) could be an effective approach to optimize the MTD selection through trial and error, but the literature fails when i) evaluating the performance of RL and MTD solutions in real-world scenarios, ii) studying whether behavioral fingerprinting is suitable for representing SBC's states, and iii) calculating the consumption of resources in SBC. To improve these limitations, the work at hand proposes an online RL-based framework to learn the correct MTD mechanisms mitigating heterogeneous zero-day attacks in SBC. The framework considers behavioral fingerprinting to represent SBCs' states and RL to learn MTD techniques that mitigate each malicious state. It has been deployed on a real IoT crowdsensing scenario with a Raspberry Pi acting as a spectrum sensor. More in detail, the Raspberry Pi has been infected with different samples of command and control malware, rootkits, and ransomware to later select between four existing MTD techniques. A set of experiments demonstrated the suitability of the framework to learn proper MTD techniques mitigating all attacks (except a harmfulness rootkit) while consuming <1 MB of storage and utilizing <55


CyberForce: A Federated Reinforcement Learning Framework for Malware Mitigation

The expansion of the Internet-of-Things (IoT) paradigm is inevitable, bu...

A Lightweight Moving Target Defense Framework for Multi-purpose Malware Affecting IoT Devices

Malware affecting Internet of Things (IoT) devices is rapidly growing du...

A framework for mitigating zero-day attacks in IoT

Internet of Things (IoT) aims at providing connectivity between every co...

MTFS: a Moving Target Defense-Enabled File System for Malware Mitigation

Ransomware has remained one of the most notorious threats in the cyberse...

CyberSpec: Intelligent Behavioral Fingerprinting to Detect Attacks on Crowdsensing Spectrum Sensors

Integrated sensing and communication (ISAC) is a novel paradigm using cr...

Mitigating Communications Threats in Decentralized Federated Learning through Moving Target Defense

The rise of Decentralized Federated Learning (DFL) has enabled the train...

Recover Triggered States: Protect Model Against Backdoor Attack in Reinforcement Learning

A backdoor attack allows a malicious user to manipulate the environment ...

Please sign up or login with your details

Forgot password? Click here to reset