Friend or Foe? Detecting and Isolating Malicious Nodes in Mobile Edge Computing Platforms

The evolution of mobile devices into highly capable computing platforms that sense, store, and execute complex tasks is making them attractive candidates for edge computational micro-cloud settings. Such solutions are creating novel security challenges due to the increased push for more seamless computational cyber-foraging that leverages the exploding proliferation of mobile devices. A major concern is that security challenges stemming from these trends, are growing at a rate exceeding the evolution of security solutions. In this paper, we consider an environment in which computational offloading is performed among a set of mobile devices. We propose HoneyBot, a defense technique for device-to-device (d2d) malicious communication. While classical honeypots designed to isolate distributed denial of service (DDoS) botnet attacks fail to detect d2d insider attacks, HoneyBot nodes detect, track, and isolate such attacks. We propose and investigate detection and tracking algorithms that leverage insecure d2d infected communication channels to accurately and efficiently identify suspect malicious nodes and isolate them. Our data driven evaluation and analysis, based on 3 real world mobility traces, show that the number and placement of HoneyBot nodes (Hb) in the network considerably impact the tracking delay and the detection accuracy.

[1]  Dharma P. Agrawal,et al.  Routing security in wireless ad hoc networks , 2002, IEEE Commun. Mag..

[2]  George Varghese,et al.  MobiClique: middleware for mobile social networking , 2009, WOSN '09.

[3]  Thomas F. La Porta,et al.  On cellular botnets: measuring the impact of malicious devices on a cellular network core , 2009, CCS.

[4]  Mostafa H. Ammar,et al.  PeopleRank: Social Opportunistic Forwarding , 2010, 2010 Proceedings IEEE INFOCOM.

[5]  Khaled A. Harras,et al.  Towards resource sharing in mobile device clouds: power balancing across mobile devices , 2013, MCC '13.

[6]  Khaled A. Harras,et al.  Exploiting social information for dynamic tuning in cluster based WiFi localization , 2015, 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[7]  Heejo Lee,et al.  BotGAD: detecting botnets by capturing group activities in network traffic , 2009, COMSWARE '09.

[8]  Ellen W. Zegura,et al.  Serendipity: enabling remote computing among intermittently connected mobile devices , 2012, MobiHoc '12.

[9]  Aniket Kate,et al.  Anonymity and security in delay tolerant networks , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[10]  Khaled A. Harras,et al.  Femto Clouds: Leveraging Mobile Devices to Provide Cloud Service at the Edge , 2015, 2015 IEEE 8th International Conference on Cloud Computing.

[11]  Paramvir Bahl,et al.  RADAR: an in-building RF-based user location and tracking system , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[12]  Rituparna Chaki,et al.  Intrusion Detection in Wireless Ad-Hoc Networks , 2014 .

[13]  Kang G. Shin,et al.  Design of SMS commanded-and-controlled and P2P-structured mobile botnets , 2012, WISEC '12.

[14]  Paramvir Bahl,et al.  The Case for VM-Based Cloudlets in Mobile Computing , 2009, IEEE Pervasive Computing.

[15]  Jason Flinn,et al.  Cyber Foraging: Bridging Mobile and Cloud Computing , 2012, Cyber Foraging: Bridging Mobile and Cloud Computing.

[16]  Henry L. Owen,et al.  The use of Honeynets to detect exploited systems across large enterprise networks , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[17]  Khaled A. Harras,et al.  Malicious attacks in Mobile Device Clouds: A data driven risk assessment , 2014, 2014 23rd International Conference on Computer Communication and Networks (ICCCN).

[18]  Khaled A. Harras,et al.  Towards Computational Offloading in Mobile Device Clouds , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[19]  M. Eslahi,et al.  MoBots: A new generation of botnets on mobile devices and networks , 2012, 2012 International Symposium on Computer Applications and Industrial Electronics (ISCAIE).

[20]  Mostafa H. Ammar,et al.  On the Relevance of Social Information to Opportunistic Forwarding , 2010, 2010 IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.

[21]  Laurent Massoulié,et al.  The diameter of opportunistic mobile networks , 2007, CoNEXT '07.

[22]  Hein S. Venter,et al.  Mobile Botnet Detection Using Network Forensics , 2010, FIS.

[23]  Christophe Diot,et al.  Are you moved by your social network application? , 2008, WOSN '08.

[24]  Khaled A. Harras,et al.  From botnets to MobiBots: a novel malicious communication paradigm for mobile botnets , 2015, IEEE Communications Magazine.

[25]  Byung-Gon Chun,et al.  CloneCloud: elastic execution between mobile device and cloud , 2011, EuroSys '11.

[26]  Khaled A. Harras,et al.  Towards Mobile Opportunistic Computing , 2015, 2015 IEEE 8th International Conference on Cloud Computing.

[27]  Alec Wolman,et al.  MAUI: making smartphones last longer with code offload , 2010, MobiSys '10.

[28]  Robin Kravets,et al.  Security-aware ad hoc routing for wireless networks , 2001, MobiHoc '01.