Informatică economică (Jan 2016)

Secure Threat Information Exchange across the Internet of Things for Cyber Defense in a Fog Computing Environment

  • Mihai-Gabriel IONITA,
  • Victor-Valeriu PATRICIU

DOI
https://doi.org/10.12948/issn14531305/20.3.2016.02
Journal volume & issue
Vol. 20, no. 3
pp. 16 – 27

Abstract

Read online

Threat information exchange is a critical part of any security system. Decisions regarding security are taken with more confidence and with more results when the whole security context is known. The fog computing paradigm enhances the use cases of the already used cloud computing systems by bringing all the needed resources to the end-users towards the edge of the network. While fog decentralizes the cloud, it is very important to correlate security events which happen in branch offices around the globe for correct and timely decisions. In this article, we propose an infrastructure based on custom locally installed OSSEC agents which communicate with a central AlienVault deployment for event correlation. The agents are based on a neural network which takes actions based on risk assessment inspired by the human immune system. All of the threat information is defined by STIX expressions and a TAXII server can share this information with foreign organizations. The proposed implementation can successfully be implemented in an IoT scenario, with added security for the “brownfiled” devices.

Keywords