1

Prevention and Improvement against

DDOS attacks on IOT Devices based on
5G network

Author: Syed Arfat Ali

 2

Acknowledgement

In the name of Allah, the Most Gracious and the Most Merciful Alhamdulillah, all praises to
Allah for the strengths and His blessing in completing this thesis. Special appreciation goes to
my supervisor Sir________________, for his supervision and constant support. His invaluable
help of constructive comments and suggestions throughout the experimental and thesis works
have contributed to the success of this research. Further I would to thank Sir ______________,
who timely checked my work and appreciated me on every step.

It is one of the infinite blessings of Allah that he bestowed me with the potential and ability to
complete and present thesis and make a material contribution towards the deep oceans of
knowledge.

Hopefully, this masters dissertation will not be the end of my journey in seeking for more
knowledge to understand the meaning of life.
 3

Table of Content

Acknowledgement 02

Abstract ..04

Chapter # 1: Introduction ..05

1.1.Background ..05
1.1. BACKGROUND AND PROBLEM STATEMENT .07
Chapter # 2: The concept of DDOS attacks and Botnet on 5G based IOT Devices 09
2.1. Botnets and DDOS in 5G network ..09
2.2. Recent incidents of Botnets and DDOS attacks on IOT 13
Chapter # 3: IDENTIFICATION & PREVENTION OF DDOS BOTNETS IN IOT 5G15
Chapter # 4: The SDN and NFV based Secure IOT architecture on 5G ..19
4.1. Basic Internet of things Architecture .19
4.2. Proposed IOT network based on Software Defined Network 23
4.3. TESTs and Evaluation of IOT architecture Implementation on 5G .25
A. Scenarios and Results of Test ..25
B. The Evaluation of Implementation performance ..28
Chapter # 5: NFV based Security model for IOT on 5G networks..31
5.1. The Network Functional Virtualization (NFV) 31
5.2. NFV Based Model for prevention of DDOS on IOT 32
Chapter #6: Conclusion and suggestions for Future Researchers 36
6.1. Conclusion .....36
References ...38
 4

Abstract

The global communication and data transferring trends have been leading towards the 5th

generation technology which enables the fast data transfer with less use of bandwidth. Internet of

things has made the huge networks with the involvement of business organizations, distribution,

transportation, operations, and e-commerce on the IOT networks. Since IOT devices are now

starting connected with the 5G networks due to usage pattern and behavior of users. The hackers

and DDOS attackers consider the 5G networks as easy target to attack due to the limited focus on

security and weaker existing security protocols of 5G networks. This study aims to detect and

identify the weaknesses on the 5G based IOT networks using different techniques. The review of

previous researches has also done and SDN and NFV based models and architectures are design

to detect the DDOS attacks on IOT based on 5G network and these architectures are self-

powered to mitigate, remove and minimize the DDOS attacks considering the level of attack and

its intensity to secure the IOT devices connected on 5G network.

Key words: Internet of things, Distributed Denial of Service (DDOS), Network functions

virtualization, 5th generation, hackers, attack, prevention

 5

Chapter # 1: Introduction

1.2.Background

The concept Internet of thing (IOT) has been in consideration in technology based research

today because IOT are made of the combination of devices, objects, users, services and networks

that helps communication, data sharing, and transfer of information so that common benefits

from different areas are obtained. In technologically advanced world the IOT has been used in

different fields like hospitals, production, energy, fleet management, and distribution or supply

chain etc. The identity management approach has been used by the Internet of things (IOT)

devices so that it can be identified in large number of similar devices. The IP address mechanism

is being used to identify the region from where the device is located from among several devices.

The 5G networks are the next generation of mobile networks which is advanced and latest than

the 4G and LTE technologies which is going to be globally adopted by 2020. The capacity and

speed of data transfer in 5G is expected to increase higher density of broadband users that

facilitates the fast device to device communication with additional reliability then technologies

before. The use of 5G ensures lower latency and it further ensures less battery usage if

implemented on Internet on things as compared to previous technologies.

Modern IOT technology works to improve the living style with the help of devices which

act intelligently to do tasks and works on daily basis. The concept of IOT leads to other concepts

of smart homes and smart cities that take the way of life to new level. But it is also the fact that

internet of things (IOT) devices are not secured enough to ensure privacy of information and data

used in different domains. The different types of malwares, Botnets and Dos attacks are effecting

the efficiency of IOT devices but also keep the IOT devices vulnerable for DDOS attacks [3] and

other powerful cyber and internet based attacks [1,2].It is therefore needed to create the security
 6

model to secure the 5G based IOT devices from Distributed denial of services. The weaknesses

of the IOT devices will be used to design its security and mitigate the DDOS attacks by using the

5G network. Software defined network (SDN) and network functions virtualization (NFV) are

important players in facilitating the internet of things operations using 5G and these networks are

used in designing the security model for Internet of things to get them safe from botnets and

Denial of service attacks.

The DOS attacks are one of commonly used weapon by hackers and attackers in I.T

networks which has now taken different shapes to damage the website and other networks badly.

A DOS attack is done to make the resources, machine and information unavailable to its users

for short and long term by disrupting the network and host and attacking the network. The

Distributed Denial of Service Attack is done via multiple systems which are infected and

compromised. The incoming traffic flooded the network and systems that actually comes from

large number of sources to block the IP and make it not accessed for actual users. DDOS attacks

are done on large servers and these are distributed via the Botnets.

In order to control the DDOS attacks on IOT networks a previously proposed and designed

prevention is AntibIOTic which researcher used to prevent the attacks on IOT which works as

actual antibiotic which doctor prescribed to patient and it enters into blood of patient to kill

bacterias inside. DDOS attacks damage the system from un identified multiple sources so it is

important to create a security model which play smartly and dodge the attackers by creating

botnets into system which actual detached IOT devices based on 5G and stop attackers to see it

as option for attack. This major purpose of this research is that to identify the key types of DDOS

attacks, use cases and understand the damage DDOS attacks put to the Internet of thing

networks. The model will take the IOT devices to safer environment whereas the attackers will
 7

face hurdles to find the IOT device to enter and damage its information. Researchers [4,5,6] have

emphasize on the security solution of IOT devices based on 5G networks but the most of them

lacks a proper physical architecture like SDN and NFV, which this study will focus to design a

comprehensive and effective model and architecture that will make more secure IOT networks

and wireless 5G technology would become more practical.

1.2. BACKGROUND AND PROBLEM STATEMENT

Before emphasizing on creating the model for security from DDOS it is crucial to know how

packets transfers and forwarded in IOT devices which used 5G networks. Most of the IOT

devices today schedule the forwarding tables their own which mean internal decision of

forwarding is taken by them. The internet of things networks used routing and hosts to forward

the data to right destination after its scrutiny. It could be understand in a way that a packet reach

to the router and device which further consult to the table so that the actual destination of packet

could be identified and sent to that destination through the interface external that helps forward it

there.

In contrast the Software defined networks architecture distinct the data plane from the control

plane. To understand the network topology a intricate control intelligence is deployed over it [7].

The network further informs the controllers to alter the flow of traffic in the network. The

controllers rely on the condition and it further drop the packets at the OF switches if malwares

and malicious things are found on it.

The Internet of things (IOT) devices are expected to move majorly on the 5G wireless

networks in coming years after the adoption of 5G technology globally. Since the internet of

things (IOT) networks are majorly based on human use and linked with the business operations
 8

of organizations. The DDOS attacks can stop the services on IOT by attacking the network with

wireless network [8]. The wireless 5G networks are based on the rays and signals through which

the data actually forward, transfer and transmit to each layer of users and controllers. There are

weaker security models and architectures exist in to secure the 5G based IOT networks from

DDOS attacks and most of the existing models are limited to the small to medium size networks.

SDN is a powerful tool that is now used in different types of architectures to make networks and

devices secure [9]. There is need to use design a model on SDN based that will identify the

attackers and hackers on time and have capacity to stop the DDOS attacks with control on each

host, switch and routers in the network.

The NFV based security architecture to prevent DDOS attacks is also less focused by

researchers because of complex architecture and its implementation efforts required. There is

need to understand the components, architecture and model of the 5G networks to aupport the

internet of things devices. Furthermore there is research gap to differentiate the traditional

network based IOT and 5G based IOT in terms of exposure to risk, threat and attacks [9]. A

combined and comprehensive architecture based on SDN and NFV is needed to prevent the

DDOS attacks on IOT and provide a safer 5G based IOT model that could be installed and

implement in each domain.

 9

Chapter # 2: The concept of DDOS attacks and Botnet on 5G based IOT Devices

2.1. Botnets and DDOS in 5G network

The term DDOS (distributed Denial of service) attacks are one of most considered form

of cyber attacks in the modern technology era. In the 5G network the IOT devices are linked and

interconnected via the wireless broadband and LTE enabled networks. DDOS attacks controls

the 5G based devices of IOT that are linked with servers through different locations. DDOS

attacks bound the IOT network to a botnet which leads to their action that stop the server to

respond and provide information to end users (see in Figure 1). In simple words the DDOS

attacks can be understand as the scenario where at the main entrance of a retail outlet the crowd

intentionally stand which create hurdle for actual interested buyers to enter the outlet. Thus the

operations and business of the retail brand got effected.

The DDOS attacks had different purpose in past which was to brag the rights but the

DDOS attackers and hackers today have intention to steal and obtain the important information

which is financially beneficial for them or for the purpose of revenge and competition in market.

In 5G networks the DDOS attacks can exhaust the bandwidth and link of IOT devices with the

servers. It leads the unavailability of the server, information and portals which were accessed

through the IOT devices and thus stop the operations and activity which are to be done via the

IOT networks and devices. DDOS attacks block the different resources of servers memory, port,

switch, host, and routers.

 10

Figure 1. Distributed denial of Service (DDOS)

At the time attack the attackers make the server unavailable for the users and at the same

time they further compromise the important information on server. There are two major

techniques used for the DDOS attacks which include amplification and reflection technique. In

the reflection technique the trail and chain is hiding by the hackers and attacker transmit the

diversified packets with the bogus IP address of the targeted system which becomes the source of

information to for different packets destination so the destination servers respond and thus it

create crowded traffic stop server availability. The attacks of implication techniques are done

with reflection technique so that the damage on target would be big. Considering the DDOS

attacks the types of traffic includes UDP, TCP and ACMP. According to the [11] NTP and

SNMP are most favored types of traffic in the attacks both from reflection and amplification.

A crucial aspect today is that the threat actors while doing DDOS execute the layered attack

using diversified attack vectors to make the impact which make identification of attack purpose

complicated. Distract from goals, challenge the security system and disturb operations are major

causes of DDOS attacks. According to report of VeriSign [12] after mid of 2016 the DDOS
 11

attackers design different types of attacks to damage networks. From the recently attacks the

attackers and botnets uses susceptibilities of internet of things (IOT) devices efficiently to do

DDOS. Research of [10] investigates and found that IOT devices are major source of DDOS

attacks which causes almost 96% of attacks whereas the routers contribute 3% and conceded

Linux servers also caused 1 percent of attacks. It is not only the IOT devices which got effected

by the Botnets but other internet users also disturbed. In order to comprehend the malwares on

IOT the restrictions by environment on IOT devices are needed to understand. The

characteristics of environment constraints includes

The embedded Linux uses the different types of LIBC executions to dominate Internet of

things (IOT) landscape.

The small capacity of flash that stored firmwares and OS

Small size of RAM

No or rare integrated UI (user interface)

ARM and MIPS based non x86 infrastructure

The hazard of the IOT devices based on 5G is significant because the prevention and

remedies of attacks are difficult. The IOT devices on wireless networks are convenient target for

attackers. Botnets and DDOS are known threats from last decade but the major danger from it

came to knowledge from year 2016. The characteristics of internet of things malwares which

arrange attacks of DDOS includes,

The Linux origin malwares are major IOT malwares

There is minimal impact of IOT based attacks on the host. Malwares get active and attack

DDOS using the botnet herders.

RAM is residence of the IOT malwares

 12

The conventional method becomes obsolete in IOT malwares attack identification and

prevention because these rejects amplification and reflection technique.

There are very high volume of the IOT botnets based traffic that is around 100 gbps

Figure 2: DNS Water Torture Technique

Infected IOT devices are located worldwide.

During the attacks of DDOS the IOT botnets generates traffic which is unconventional

like GRE and deploy the technique like DNS water torture in the Distributed denial of

service attacks.

The traffic flow from GRE gives very less opportunity to forge the network that is why

DDOS attacks are unusual in this traffic. Most 5G based IOT networks does allow the traffic

from GRE and furthermore GRE is also used in prevention architecture of DDOS attacks.
 13

In figure 2 the DNS water torture structure is demonstrated. DNS structure requires fewer

inquiries from BOT and that makes it different from reflection and amplification technique. It

allows the DNS server to do the DDOS attack on victims DNS server (authoritative). Using this

technique the Bot send the query based on DNS which also contain the domain or victim. A

randomly originated prefix is written as name. The ISPs DNS server send queries to authoritative

servers of that is already overloaded then it is sent to another DNS server, it illustrate that IOT

DDOS attacks originated from ISPs DNS server.

Figure 3. The year Wise large DDOS attacks

2.2. Recent incidents of Botnets and DDOS attacks on IOT

The following are few DDOS incidents happened in recent times,

There is a case of Krebsonsecurity.com in which the year 2016 a blog faced DDOS attack size of

over 620 gbps which were generated from the vulnerable IOT devices based on 5G networks

[13].It is the retaliation act from the ISRAEL based hackers to stop the series of blogs from

Krebs to highlight and stop DDOS attacks. At end two hackers were arrested who involve in

DDOS spread [14,15].

 14

The second case is the OHV case which is a France based cloud computing and hosting

organization that provide the servers (virtual private)and dedicated servers. In September 2016

Mr Octave Klabaon his twitter account post that servers have been under attack of DDOS attacks

most of them are over 100 gbps with largest one was around 800 gbps [16] on next day an attack

of between 1.1 tbps to 1.5 tbps coming from IOT based devices. The traffic coming in DDOS

attack includes the TCp/ack, TCP/SYN and TCP/Ack_ PSH that are send from infected IOT

devices from Mirah and Bashlite.

Figure 4. Representation of DYN DDOS attacks in USA depiction

The third cases of Deutsche Telekom which is a Germany based Telecom Company. The

devices and routers are given by the Deutche Telekom to their customers having brand name

Speedport.On the month of November 2016 in end huge numbers of Deutche customers report

network disconnectivity. The issue were found as the miraj based malware that scanned first and

infect the connected devices to add them to their Botnet network.The attackers used the concept

from a blog released on 7th November 2016 in whichweakness of D1000 modems were

mentioned which was designed by Zyxeland used in Irish telecom.

 15

Chapter # 3: IDENTIFICATION & PREVENTION OF DDOS BOTNETS IN IOT 5G

In the modern telecommunication and internet based networks the risks and threat of

DDOS attack has been increased. Especially the 5G networks are exposed to the threats and

attacks which used the component of this wireless network to launch the cyber-attack like DDOS

on Internet of things devices. It is the real challenge even worst then conventional networks to

identify the botnet and mitigate it because the rate of data transfer is much faster and additional

number of devices to be involved in it. At this point of time we proposed the traditional

technique of Botnet detection named Decoupling, which established into two phases.

In first phase it proactively detects the command and control channel which shows

suspicious activity. Monitor and analyze the flow of network traffic are detection techniques. On

the second phase emphasize on low level where Deep packet inspection is used to understand the

actual presence of control and command channel identified in older phase.

In the first phase the monitoring of the high level flow detection permit the analysis and

evaluation of large size data quickly. since the traffic is massive in initial phase the deep analysis

is not suitable. Due to this reason the detailed analysis is done in second stage considering those

peers which were suspected in first stage. Those sensors who were responsible for obtaining the

flows of traffic network are also analyzed using advanced detection facility and this process is

named Flow based Monitoring. The detailed analysis is done by the DPI like SNORT [17]. It

further act as the sensor in the lower granularity. While going through both the phases the

detection management loops are defined which were included in the use case of 5G networks

based IOT device security in research [18]. This use case is also considered as important point to

work on mitigation of DDOS attacks on 5G network.

 16

After the confirmation of Botnet on networks post second phase then the deception

approach to stop and compete with the Botnet are deployed so that the attacks like DDOS which

could be result of ti would be reduced. The implementation of the Honeynet which is customized

and virtualized as actuator so that it could isolate Botnets by making the Botnet zombies (clones)

to deceive and remove the Botnets from the network [19]. This technique keeps the Botnet

attacker unaware that its attack is being disabled and removes via Hnet.Sensors and Actuators

are also implementing in the network to secure the IOT devices and this will be named as NFV

application.

For the purpose of operation the network packets are being accessed by the sensors and DPI.

Hnet ensures security by detecting the Command and control channel based network flow which

then directed to rivaled Bots and original bots are blocked as result. A SDN application is

implemented so that the flow table is reconfigure over the virtual switches that have features as

follows,

In order to start the second detection control loop the network flow transfer the data

packets copy to the DPI so that it could be inspected.

The network flow send the flows of peers to HNet and in that place the these flows is

isolated to stop DDOS attacks and learn new ways of changing the patterns of Botnet

behavior.

The Figure 5 demonstrates the overall architecture and flow of identify and prevent the

Botnets in the 5G based networks which further helps the controllers to keep the IOT devices

safer.
 17

Figure 5. Workflow of Identification and Preventing the Botnets on 5G IOT

In the first phase of high level detection the technique used will be one which recognizes

the pattern which is used in SELFNET to identify the bahaviour of peers. The DPI that supports

the 5G will analyze the network packets considering the types of botnet. At this phase of

detection includes the Monitoring and analysis layers (sub layers) that equipped the sublayer of

Autonomic management to control the security issues. Furthermore the causes, symptoms are

identified which then make the action plan.

With a pool of sensors and actuators already deployed in the network, 5G mobile users

can move from one location to another, implying that deployed detection or mitigation

Functions will need to be adapted accordingly. They should be moved following users mobility,

in order to continue monitoring and analyzing those UEs under inspection (detection phase) or

even emulating their behaviors (mitigation phase) as was previously done. As an example,

consider the 5G mobile scenario.One or more UEs served from RAN1 move and are served by

RAN2. In the case that they were being analyzed (by a DPI) or emulated (by a HNet) in RAN1,

the corresponding sensors and/or actuators capabilities will be dynamically migrated to RAN2 to

keep their detection and mitigation processes up and running (either with new deployments or re-

using existing applications in RAN2). For scalability purposes, multiple distributed SDN
 18

controllers may be deployed to control specific segments of the network, all managed by the

Orchestration Sublayer acting as a centralized coordination point.

 19

Chapter # 4: The SDN and NFV based Secure IOT architecture on 5G

4.1. Basic Internet of things Architecture

On the basis of design principles the IOT architecture is proposed which is demonstrated

in Figure 6 as well. Among the four layered architecture device layer is first one in which

diversified formats of data is obtained by the sensors for IOT application that are used in

different domains. Few of the devices play role of actuators which receives commands from

network and perform their tasks accordingly. The second layer is communication layer in

which the SDN controller controls the data transfer and this layer is based on routers and

gateways. Third is computing layer which supports the billing and accounting process consist of

SDN controllers. In this layer the data forwarding as per need is controlled. In service layer the

IOT services are created by developers via SDN controller programming.

Figure 6: IOT Architecture based on SDN

One central or different SDN controllers can perform control function with cooperation

as per the existing deployment capacity. The focus of this study is on creating horizontal IOT

architecture and the scope of this study does not cover the interoperability of dispersed software

defined network controllers. Further this study emphasizes on SDN philosophy which confirms
 20

that physical deployment of controllers is distributed but they are centralized actually. The ability

to function of main component of this IOT architecture includes following,

a) Controllers on SDN: The SDN controllers controls and process the data and perform

functions like,

It manages the equipment; configure the routers, 5G networks, virtual network control,

policy and procedure implementation for data processing under devices corresponding

with each other.

Function of SDN controller includes adding and modifying the gateways supported

service, storing the policies, along with apprising the regulations and algorithms of data

center.

The management of topology like calculation of routing and understanding the intensity

of DDOS attacks

Maintenance and Operations for example maintaining the logs of operations, alarm any

issue, monitor the user interface and monitor the Internet of things (IOT) devices

functional module management.

Detecting the on network verification service access along with identifying the conflicts.
 21

The South bound and North bound SDN implementation

Figure 2: The module of controller and gateways

b) The Routers/ gateways: These are used for forwarding the data throughout the

networks. Gateways have the capability to store and cache its data along with it gateways

follows SDN controllers orders to process the data. The security control, management of

node and converting protocols are also functions of Gateways. In order to process the

data functions includes,

It provides the ability to function to create connection between IOT devices along with

forward the data forwarding to the gateways that are distant.so that data processing

gateways can be removed to enhance living standard

Analyze and process IOT devices data transfer specially through wireless broadband and

5G.

Connecting and interacting with distant IOT devices

Analyzing the data and process it further

 22

c) The Storage center and Data processing: As per the instructions of controllers this

module stores the data which is in network and collected from IOT devices. Controller

further processes the mining of data, reasoning, converting the format under this

component. This component actually came out from the communication layer because its

task is to arrange and provide data in required formats to each user like gateways. The

data which is aggregated and cached from devices (IOT) comes under responsibility of

this component. This component have capability to process the data and remove obsolete

data which were collected by sensors but SDN controllers can not programmed this

component.

d) The Billing and Accounting center: The IOT services uses storage and computing

resources majorly unlike network service that uses network bandwidth. If demanded it

provides the additional services but with backing of developers. It is needed that latest

billing and accounting mechanisms considered. Process of billing and accounting uses

data, consumer time and uses applications services. But it is needed to measure the

resources and its types used by routers and controllers. The policies related to billing are

not in the scope of this research, but the mechanism to measure resources that were used

is considered. The information regarding the controllers responsibility to control routers

is gone through Software defined network NBI (North bound interface). The main

information which SDN NBI carried includes following,

Operations and logic of internet of Things services like rules, programs and algorithm

that helps altering, removing and inquire about service operation.

 23

The policies and mechanism for caching and storage of data like kind of data cached and

should store in storage center.

The policies of security, interoperability and billing processes.

The preservation and operation for network tools for example alarms, logs and ONF

described functions are also included [18].

In the SBI (South Bound Interface) emphasizes to support the different requests and

communication between gateways and controller. Furthermore the router configuration is done

with it OpenFlow protocols. OpenFlow further extend its scope to support the devices which

store and cache the data and need it in diversified formats.

4.2. Proposed IOT network based on Software Defined Network

It is needed to implement the IOT architecture to validate the proposed one furthermore

its performance should be evaluated before reaching final outcomes. IOT modules is implement

in real and virtual devices both which is then tested using diversified test networks. On virtual

machines the analysis of the performance is done as well. The implementation of controller is

done on POX which is a platform to develop and make prototype of network quickly in control

application that will enhance communication with OpenFlow switches [20]. POX provides the

functions like maintenance of topology, measuring path of routers, interact with switch using

OpenFlow but this study go ahead to deploy POX functions that are useful in configuring flow

tables in routers. The control plane on IOT instructed POX to configure flow table along with

data caching and storage in Storage and processing centers.

 24

The deployment of the routers/ gateways are done via vSwitch [21] which is virtual

switch that backing OpenFlow. During implementation the Node management along with data

caching and storage is applied. The data obtained will be stored in routers and it will be

processed as needed by algorithms given by developers of IOT which further then given to

gateways when needed. The open vSwitch 2.3.0 is used during the implementation and testing

process which also configured the routers in similar way where data routing and storing of

sensed data can be done. In the implementation of SDN NBI the JSON is used which

summarized the internet of things services. In Figure 7 demonstrates that in test networks the

data field is deployed. The test field duration in figure is used to understand the duration of

service to complete. The service operation can be understood by effective time.

Figure 7: The JSON Data fields via NBI Software defined Networks on IOT

Figure 8: The openFlow data fields Software Defined networks on IOT

In the testing of prototype for the purpose of SDN south bound interface the openFlow

1.0 is used. In Figure 8 the different fields of extended openFlow protocol is being demonstrated.

Further along with the normal (standard) openFlow fields two additional fields are included to

guide the type of data format will be required to transfer and cache of data from gateway.
 25

4.3. TESTs and Evaluation of IOT architecture Implementation on 5G

B. Scenarios and Results of Test

In order to demonstrates the IOT services which we provided in this IOT architecture a demo

setup has been set in our laboratory so that IOT applications implementation can be test under

diversified scenarios.

Figure 9: The Test networks configuration on 5G network

The figure 9 demonstrates the structure of Test network setup. Via the connection

gateways the Rasberry Pi is configured. The devices used in networks include the smartphones

and beacons. Three beacons 1,2 and 3 are deployed in workroom near the door, where other

three 4,5,and 6 are deployed in the conference room. The corresponding Raspberry Pis started

the beacons. Beacons are further linked with smartphones via Bluetooth and to each

corresponding Raspberry Pi whereas Smartphones are linked with Raspberry Pi via WIFI

technology. The first scenario is set to test Lab check in in network which is deployed in a way

that students when approaching to laboratory then will get the map popping reminds him to do

check in properly in laboratory. Different options of alternative beacons will be available by

 26

using which student can attach to the network. In Figure 6 (a) those beacons are also shown

which are detected by devices but do not have connections yet. Student can chose a beacon to

connect enters his name and Student ID to complete the check in process as demonstrated. Their

data is stored in Raspberry pi number 1.

The laboratory in charge and even professor can check the students presence in Lab on

his Smartphone screen. Professor can connect his smartphone via Raspberry Pi2 to network by

sending the request to Respberry Pi 2 regarding Request Lab. There is possibility of connecting

the Raspberry pi 2 via the path Raspberry Pi 2 -- gateway 2 -- routers but connecting to

Raspberry Pi 1 is challenge. To connect to Raspberry Pi 1 through the controller the message of

connection is sent which helps finding the path Router- Gateway 1- Raspberry Pi 1. The

professor will get the list of students checked in in laboratory as shown in Figure. The

demonstration confirms that only list of names returned to professor.

The second scenario is set up in a way which demonstrates the Conference Room

booking and test on network is done. This service is implemented to confirm the booking or

busy of conference room because when someone enter in conference room a popping came ask

to book the conference room. Person is then enters his name and the time he will use conference

room which Raspberry Pi 2 will store. If any other person or management wants to know the

status of conference room they can obtain the information from network.

The third scenario is that professor wants to conduct conference with students when he

has free time and students are present in the lab. To check the students presence he can use the

Lab check in service to confirm the number of students present there. Further professor will use

conference room booking service to find which conference room is free. Professor may found it
 27

complex to dual check availability of students and conference room. So he wants a service which

could facilitate this issue by discussing it with the IOP developers. Developers found no need to

install new beacon because vi Raspberry pi 1 they use both services students list and conference

room. A new application is developed by the IOT developers which ensure number of students in

lab and also confirms the availability of conference room. This information will be uploaded to

both Raspberry Pis.

The new service named conference possibility which emphasize on availability of

students in lab and availability of conference room. It ensures providing the information of

conference possibility and students available, the controller then upload this information on

router. Without adding new sensors this IOT service can be used. When query is initiated to

know conference possibility it will be the router who find students quantity and conference

rooms free from Raspberry Pi 1 & 2 the result if which directly send to professors Smartphone.

The three major dormancies are calculated during the implementation of above scenario.

It took almost 420 minutes to installed the new service like conference possibility to router by

controller; this value came out after ten tests. The time it took actually covers the time which

controller used to resolve JSON, understand and transmit it to router, and duration router takes to

get it implemented for the purpose of configuring the correspondence. Further ten experiments

also demonstrate that it took 58 minutes to router when a new path is requested and responded.

The whole process includes the routers request to controller; controller measurements of path,

information sharing with router and router get it installed and started using the Flow table. The

average value measured for the transmission of request from Raspberry Pi 2 to raspberry Pi 1 and
 28

receiving the data is 0.8 minute. The measurements of different test scenarios demonstrates that

proposed IOT architecture is useful in introducing, and installing with fast pace by reusing the

data and service does exist. It is also found that SDN technique demonstrates its effectiveness for

IOT services.

B. The Evaluation of Implementation performance

The implementation of newly proposed IOT architecture is evaluated considering the

Trip time and rate of packet loss in both new and existing IOT services by comparing values.

The whole experiment includes 10 routers, nine hosts and single controller which work as virtual

machine and installed on server.

Figure 10: Evaluation of Network Topology

The figure & demonstrates the network topology in which the measurement to send

packet to receiving host named H1 to H9. Two conditions are applied to evaluation first one is

that a path exists between the host and second is no path in SDN controller performance

evaluation.
 29

Figure 11: RTT in presence of path between hosts

The figure number 11 demonstrates the Round trip time average for the paths that exist

already showing the functions of large number of routers in between hosts. Whereas in figure 12

the condition of round trip time in no host existence is demonstrates. Under this scenario the

nearest gateway to sending host transmit the request of packet forwarding to controller. In order

to configure the Flow table it is controller who measures corresponding path needs and send the

data back to openFlow communication. On the basis of flow table the packets then transfer to

second router. It is important to remember that controller communicate to every node via

openFlow from its message source to its destination. The router have information about packet

receiving before it actually receives that is why the packet immediately transferred. In case of no

configuration of Flow table because of network interruption the request of forwarding directly

reached to controllers router. But there is no need now controller to measure the path because it

has this information based on the request of first router. Because all of gateways with path are

setup before time, there will be no difference found in Round trip time (RTT) with the increment

in routers as demonstrated in Figure 12.

 30

Figure 12: RTT in absence of path between hosts

In the figure # 10 the rate of packet loss is shown because the IOT service uses different

rates to send the packets and that receiver and sender have diversified paths exist also. While

conducting this test the bandwidth of network is set at 300M level p/s whereas the data send

through applications are transfer with different rates. A test were also conducted in condition

with paths exist between hosts. Controller plays important role in identifying the path.
 31

Chapter # 5: NFV based Security model for IOT on 5G networks

5.1. The Network Functional Virtualization (NFV)

The term network functional virtualization (NFV) is concept of architecture which

virtualize network as building blocks using the technology of virtualization [22], [23]. The

blocks further created communication services in a chain process. The architecture of NFV is

created as it uses single or more virtual machines to support and operate the process and software

like storage, cloud, switches and servers on network. It minimizes the effort because the

customization of network functions is not needed. With the inclusion of SDN and NFV in IOT

architecture the efficiency and flexibility of network is influenced whereas programmability also

influenced [23], [24], [25]. By using the Open Flow based software defined networks at the time

of NFV execution helps achieving the functions of Internet of things (IOT) based networking for

example firewall control, routing, more secure tunneling in routers and servers along with it

further give preference to control the traffic QoS under the circumstance of centralized

controller[25].
 32

Figure 13. Architecture of network using Conventional internet of things

The figure 13 demonstrates the architecture of network with Conventional Internet of

things whereas in figure 14 the SDN-OF and NFV based network architecture is demonstrated.

The network effectiveness and quickness of the Internet of things (IOT) is influenced by the

virtualization of network functions for Software defined network IOT architecture.

Figure 14: IOT Network Architecture using SDN- OF and NFV technologies

5.2. NFV Based Model for prevention of DDOS on IOT

The significance of controller in SDN based architecture is very high. Controller manages

the QOS, network firewall, routers, balancing of load and ensure network charging. The control

of complete network is in hands of centralized controller. Well this characteristic of controller is

needed for the development and implementation the system effectively. The limitation of

controller is that it can not manage the whole network in case of large size networks [26], [27].
 33

The research of Hu et al. [26] conducts the survey to find controllers performance and suggest

the method to improve performance of controllers. The [27] investigated that the in a Software

defined network the controllers are placed in a way which is bodily, hierarchically and rationally

distributed. [28] Demonstrates a model of efficient programming in which the algorithms are

designed to control the software defined networks. It is motivating idea to use 4G networks of

cellular in M2M (machine to machine) communiqu which is proposed by [29]. The framework

which was proposed highly dependable on architecture based on 4G cellular network. To design

the Software defined network (SDN) the extended MINA (multi network information

architecture) is planned with SDN controller which is layered [30]. But there is need to proposed

and implement the Internet of Things (IOT) architecture which is based on SDN and NFV is

implemented on it because previous studies have not covered this area. This study proposed and

implement the IOT architecture based on SDN with NFV implemented.

 34

Figure 15: A general SDN based IOT framework with NFV implementation

The figure 15 by considering the studies on Internet of Things Architecture propose the

implementation of NFV on SDN based IOT architecture. Control layer have Internet of things

(IOT) servers which supports diversified applications and APIs. In the control layer the

distributed operating system based SDN controllers are placed. For the purpose of network data

forwarding the distributed operating system supports the centralized control along with the

understanding of the Internet of things (IOT) in the network environment which is physically

distributed. The Internet of things (IOT) gateways and SDN switches are placed on infrastructure

layer for the purpose to access diversified IOT devices like the sensors and RFIDs via control

interface of data plane. It is crucial to have effective distributed operating system that can run the

proposed SDN (software defined network) IOT framework/ architecture. Being on the control

plane the distributed operating system work as mind of Software defined network based Internet

of things (IOT) framework where implementation of NFV is happening. It further provides the

centralized control and makes the IOT more visible. It is more of a challenge to design first and

then execute the distributed operating system which can handle the needs of diversified

infrastructure and convenient for users in an IOT framework.

In order to resolve this problem, the SDN associations like ONF and openFlow have

emphasized to standardize the APIs. The study of [31] proposed the NOSIX which help to

enhance performance of SDN switches and leads to portability of these switches. A light weight

layer based on portability for the Software defined network operating systems are providing in

NOSIX. The research of [32] and [33] discussed the critical issues and resolve these related to
 35

availability, scalability and performance of a control plane based on software defined network.

The implementation and designing of the operating system based on SDN works for Internet of

things is in process.
 36

Chapter #6: Conclusion and suggestions for Future Researchers

6.1. Conclusion

The emphasize of this paper is to understand the types of DDOS attacks and

vulnerabilities which IOT devices demonstrates to the attackers along with weaknesses of the 5G

network which motivates the hackers to perform DDOS attacks on these networks. For the

prevention of DDOS attacks and Botnet attacks on 5G based Internet of things devices that are in

millions spreading across the world there is need to fully understand the architecture of IOT and

wireless networks. The ways attackers plan their attacks on IOT are also identified to prepare the

models and architecture which can stops these attacks and timely identifies the entrance of

hackers into networks. The model and architecture of NFV and SDN are proposed, implemented

and tested to make sure the security and prevention of DDOS attacks on the IOT devices are

stopped. The secure model is also made to make 5G networks more reliable, secure and stable

while hosting the IOT devices and controlling the traffic flow over it.

The development of layered architecture along with the programmable devices which

were open as well on diversified data levels were implemented as well. This study demonstrates

in detail the principle of design and architecture of network. Implementation of IOT architecture,

three kinds of tests and evaluation of the implementation and performance of tests are also done

in this study. Review of previous works on NFV implementation along with proposed brief

architecture of NFV on SDN networks are demonstrates. The of designing and implementing the

horizontal IOT solution based on SDN is that it supports the different services covering

diversified domains by facing different scenarios in work environment. The architecture which

was proposed not only helps to run IOT services but fast pace service provision is also ensured.

It further enables the reuse of data and devices on Internet of things infrastructure. The
 37

evaluation process and implementation process confirms the feasibility and effectiveness of

using IOT architecture and implementation of NFC based on SDN.The additional security of

network is not emphasized on the proposed architecture but it is considerable thing that security

is an important aspect of Software defined network. Strict security procedures must be imposed

so that a more protected controller is ensured. Higher security also confirms the trust in entities

and help making strong policy in network operations, functions and security. In order to secure

the network availability, reliability and privacy of resources, data and information in an IOT

architecture it is needed to design more secure network.

 38

References

[1] K. York, Dyn statement on 10/21/2016 DDoS attack." Dyn Blog, October 2016.

http://dyn:com/blog/dyn-statement-on-10212016-ddos-attack/, accessed October 2017.

[2] S. Hilton, Dyn Analysis Summary Of Friday October 21 Attack." Dyn Blog, Oct. 2016.

http://dyn:com/blog/dyn-analysis-summary-of-friday-october-21-attack, accessed October 2017.

[3] M. De Donno, N. Dragoni, A. Giaretta, and A. Spognardi, Analysis of ddoscapable iot

malwares," in Proceedings of the 1st International Conference on Se-curity, Privacy, and Trust

(INSERT), IEEE, 2017.

[4] M. Ballano, Is there an Internet-of-Things vigilante out there?." Symantec Blog, October

2015. https://www:symantec:com/connect/blogs/there- internet-things-vigilante-out-there,

accessed October 2017.

[5] W. Grange, Hajime worm battles Mirai for control of the Internet of Things." Symantec

Blog, April 2017. https://www:symantec:com/connect/blogs/hajime-worm-battles-mirai-control-

internet-things, accessed October 2017.

[6] C. Cimpanu, New malware intentionally bricks IoT devices." Bleeping Computer, April

2017. https://www:bleepingcomputer:com/news/security/new-malware- intentionally-bricks-iot-

devices/, accessed October 2017.

[7] Network Services/Service Providers, Software Defined Networking (SDN) Explained,

COMMSBUSINESS, October 2016.

[8]V. Tikhvinsky, "5G and internet of things as next elements of mobile world", LastMile, vol.

65, no. 4, pp. 62-68, 2017.

[9]W. Ejaz, A. Anpalagan, M. Imran, M. Jo, M. Naeem, S. Qaisar and W. Wang, "Internet of

Things (IoT) in 5G Wireless Communications", IEEE Access, vol. 4, pp. 10310-10314, 2016.
 39

[10] Level 3 Threat Research Labs, "Attack of Things!", August 2016,

Source:http://blog.level3.com/security/attack-of-things/

[11] J. Graham-Cumming, "Understanding and mitigating NTP-based DDoS attacks," in

Cloudfare, Cloudflare Blog, 2014. Source:https://blog.cloudflare.com/understanding-and-

mitigating-ntp-based-ddos-attacks/.

[12] "Verisign Distributed Denial of Service Report Volume 3, Issue 2 - 2nd Quarter 2016," in

Verisign. Source:https://www.verisign.com/assets/report-ddos-trends-Q22016.pdf.

[13] B. Krebs, "KrebsOnSecurity hit with record DDoS," in KrebsonSecurity, 2016.

Source:https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/.

[14] B. Krebs, "Alleged vDOS Proprietors Arrested in Israel," in KrebsonSecurity, 2016.

Source:https://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/.

[15] B. Krebs, "The Democratization of Censorship,"in KrebsonSecurity, 2016.

Source:https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/.

[16] R. Millman, "OVH suffers 1.1Tbps DDoS attack,"in News, SC Magazine UK, 2016.

Source:http://www.scmagazineuk.com/ovh-suffers-11tbps-ddos-attack/article/524826/.

[17] Sourcefire, Inc., Snort: An open source network intrusion detection and prevention

system, https://www.snort.org [retrieved: March, 2017]

[18] M. Gil Perez and G. Bernini, Self-protection against botnet attacks -Solutions by 5G PPP

project SELFNET, Eurescom Message, pp. 13-14, Winter 2016.

[19] W. Fan, D. Fernandez, and Z. Du, Versatile virtual honeynet management framework,

IET Information Security, vol. 11, no. 1, pp. 38-45,

Jan. 2017.
 40

[20] POX,. Available: http://www.noxrepo.org/pox/about-pox/ accessed October 2017

[21] Open vSwitch, 2016. [Online]. Available: http://openvswitch.org/

[22] R. Jain and S. Paul,Network virtualization and software defined networking for cloud

computing: a survey,IEEE Communications Magazine, vol. 51, no. 11, pp. 24-31, Nov. 2013.

doi: 10.1109/MCOM.2013.6658648.

[23] Open Networking Foundation OpenFlowEnabled SDN and Net work Functions

Virtualization. Available: https://www.opennetworking.org/iimages/stories/downloads/sdn

resources/solutionbriefs/sbsdnnvfsolution.pdf accessed October 2017

[24] Open Networking Foundation. SDN in the Campus Environment. Available:

https://www.opennetworking.org/images/stories/downloads/sdnresources/solutionbriefs/sb

enterprisecampus.pdf accessed October 2017

[25] V. R. Tadinada,Software defined newtorks: redefining the future of internet in IoT and

cloud era,in Proc. International Conference on Future Internet of Things and Cloud, Barcelona,

Spain, 2014, pp. 296- 301. doi: 10.1109/FiCloud.2014.53.

[26] F. Hu, Q. Hao, and K. Bao,Survey on softwaredefined network and OpenFlow: from

concept to implementation,IEEE Communications Surveys & Tutorials, vol. 16, no. 4, pp.

2181-2206, May 2014. doi: 10.1109/COMST.2014.2326417.

 41

[27] H. F. Xavier and S. Seol,A comparative study on control models of softwaredefined

networking (SDN),Contemporary Engineering Sciences, vol. 7, no. 32,pp. 1747-1753, 2015.

[28] A. Voellmy, J. Wang, Y. R. Yang, et al.,Maple: simplifying SDN programming using

algorithmic policies,in Proc. ACM SIGCOMM 2015, Hong Kong, China,pp. 87-98.

[29] G. Savarese, M. Vaser, and M. Ruggieri,A software defined networkingbased context

aware framework combining 4G cellular networks with M2M,in Proc.16th International

Symposium on Wireless Personal Multimedia Communications, Atlantic, USA, pp. 1-6, June,

2013.

[30] Z. Qin, G. Denker, C. Giannelli, et al.,A software defined networking architec ture for the

internetofthings,in Proc. IEEE Network Operations and Manage ment Symposium, Krakow,

Poland, pp. 1- 9, May, 2014. doi: 10.1145/2535372.2535373.

[31] M. Raju, A. Wundsam, and M. Yu,NOSIX: a lightweight portability layer for the SDN

OS,ACM SIGCOMM Computer Communication Review, vol. 44, no.2, pp. 29-35, accessed

October 2017

[32] ONOS. (2015, Apr. 6). Raising the Bar on SDN Control Plane Performance and Scalability

[Online]. Available: http://onosproject.org/wpcontent/uploads/2014/11/Whitepaper

ONOSBlackbirdperformancegeneralaudienceApr7.pdf

[33] ONOS. (2015, Apr. 6). Raising the Bar on SDN Control Plane Performance, Scalability,

and High Availability. Available: http://onosproject.org/wp

 42

content/uploads/2014/11/PerformanceWhitepaperBlackbirdrelease technical.pdf accessed

October 2017