The MENTORED project is a cooperative project among the Federal University of Minas Gerais (UFMG), the Federal University of Pernambuco (UFPE), the University of São Paulo (USP), the Federal Institute of Santa Catarina (IFSC), the University of Vale do Itajaí, and Rede Nacional de Pesquisa (RNP). It has been selected as a thematic project in the MCTIC/CGI/FAPESP 2018 public call. The project has the following main goals: (i) Identify, model, and evaluate malicious behavior related to IoT; (ii) help in the construction of advanced and coordinated solutions to enable: prevention, prediction, detection, and mitigation of DDoS attacks; and (iii) provide to the scientific community in Cybersecurity a testbed to allow researchers to experiment their solutions regarding DDoS attacks.
With the increasing IoT applications and their importance to the global economy, the communication infrastructures and services have shown to be an essential tool and a fundamental element to public well-being and economic stability. Concerns about the security of those systems and networks tend to increase. The malicious attacks on the Internet, the interruption due to physical factors, software and hardware failures, and human errors affect essential public services that operate through public telecommunication networks, leading to chaos. These perturbations reveal our society’s increasing dependency on those networks and services and the importance of protecting them. Their importance is increasingly reinforced through the definition of cybersecurity strategies worldwide, as in European countries, Asia, the USA, and Canada, which consider the cyberspace availability, integrity, authenticity, and confidentiality of data a big issue in the 21st century.
Therefore, ensuring cybersecurity has been a central goal for governments, companies, and society, both on a national level and internationally. Different reports of the European Commission highlight the necessity of security and resilience regarding the information and communication infrastructure, particularly considering the Internet's current advances through IoT and IoE. The latter connects many computer devices, many of them embedded in cars, industrial machinery, home appliances, and even in the human body, and offers services that require high availability, efficiency, and security. The IoT and IoE change the actual Internet model, expanding the scale, heterogeneity, and complexity of cyberspace significantly. They need different security solutions that consider their singular characteristics and requirements.
In Brazil, the Annual Report of Security Incidents of the Rede Brasileira de Ensino e Pesquisa (RNP), produced by the Centro de Atendimento a Incidentes de Segurança (CAIS) of the Ipê network, shows that until later 2017, CAIS sent 3.6 million notifications of incidents and vulnerabilities, reinforcing the huge necessity of cybersecurity. Besides that, CAIS highlights the importance and potential of an intelligent analysis of network data to the understanding (characterizing), prediction, and definition of strategies against attacks and threats. The modeling of attacks helps comprehend the behavior of attacks and threats, as in the early prediction of new occurrences and new types (unknown/zero-day) of attacks, reducing financial and moral damage to the institutions.
CAIS, a partner of this project, clearly reinforces that, despite RNP's efforts to implement methodologies to prevent and mitigate attacks, such as Distributed Denial of Service - DDoS, the defense against malicious activities in the Brazilian network of education and research continues to be relevant.
In this scenario, the challenge to maximize efficiency against attacks goes through the coordinated operation of three complementary defense axes: (i) prevention, (ii) prediction, (iii) detection, and mitigation of attacks. Typically, each IoT device communicates with an associated application on smartphones or tablets connected directly or indirectly over a central point (hub) or by the manufacturer's services in the cloud, mainly to remotely access IoT devices. It is also common for communication between IoT and manufacturer's servers for status updates or searches for software updates.
The local monitoring of IoT device flows as well as the interactions between the devices and external devices (neighborhood and Internet) and the imposition of obedience to flow policies by devices are currently treated as a way to prevent DDoS attacks using IoT devices (e.g., FlowFence, IoT-Flows). In order to treat IoT network scenarios without local prevention mechanisms or compromised security mechanisms, it is necessary to identify signs of attack preparation from the IoT devices' behavior in its early stages (prediction). As a complement, determining the behavior of botnets and developing techniques to detect and mitigate the attacks are still relevant to cases where prevention and prediction have not achieved success, given the complexity and big potential logistic, economic, and moral damages of those attacks to people, companies, and governments. Lastly, it is imperative that a large-scale experimentation environment allows the behavior analysis of attacks and the evaluation of proposed solutions.
The MENTORED project's main goal is to advance scientific knowledge, human resources training, and the enhancement of a group with international coverage to cooperate in research and innovation in systems and network security with the participation of academic institutions, a small company, and the government. Besides that, this project aims to identify, model, and evaluate malicious behavior associated with the Internet of Things (IoT) to help build advanced solutions for the prevention, prediction, detection, and mitigation of DDoS attacks.
The specific goals are: