Certrust:An SDN-Based Framework for the Trust of Certificates against Crossfire Attacks in IoT Scenarios

作     者：Lei Yan Maode Ma Dandan Li Xiaohong Huang Yan Ma Kun Xie 

作者机构：School of Computer Science(National Pilot Software Engineering School)Beijing University of Posts and TelecommunicationsBeijingChina College of EngineeringQatarUniversityDohaQatar 

出 版 物：《工程与科学中的计算机建模（英文）》 (Computer Modeling in Engineering & Sciences)

年 卷 期：2023年第134卷第3期

页      面：2137-2162页

核心收录：

学科分类：08[工学] 0839[工学-网络空间安全] 0701[理学-数学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by Joint Funds of the National Natural Science Foundation of China and Xinjiang under Project U1603261 

主　　题：Trust model certificate SDN Crossfire attack bayesian trust system forgetting curve IoT 

摘      要：The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate *** methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on *** these existing mechanisms,the identification of malicious flows depends on the IP ***,the IP address is easy to be changed by *** the IP address,the certificate ismore challenging to be tampered with or ***,the traffic trend in the network is towards *** certificates are popularly utilized by IoT devices for authentication in encryption *** proposed a new way to verify certificates for resource-constrained IoT devices by using the SDN *** on DTLShps,the SDN controller can collect statistics on *** this paper,we proposeCertrust,a framework based on the trust of certificates,tomitigate the Crossfire attack by using SDN for *** goal is ***,the trust model is built based on the Bayesian trust system with the statistics on the participation of certificates in each Crossfire ***,the forgetting curve is utilized instead of the traditional decay method in the Bayesian trust system for achieving a moderate decay ***,for detecting the Crossfire attack accurately,a method based on graph connectivity is ***,several trust-based routing principles are proposed tomitigate the Crossfire *** principles can also encourage users to use certificates in *** performance evaluation shows that Certrust is more effective in mitigating the Crossfire attack than the traditional rerouting ***,our trust model has a more appropriate decay rate than the traditional methods.