Malware Containment Via Firewall Placement in IoT Networks

One of the biggest risks that wireless IoT networks encounter is malware or botnet epidemics. Malware can propagate from one device to another device that exists in its coverage range as long as there are no check points (firewalls) to protect that device. Firewalls can be hardware (special devices) or software licensed to be activated on a limited number of devices. Unfortunately, in both cases the number of firewalls that can be installed in any network is limited due to cost constraints. Therefore, it is mandatory to make efficient use of that available number of firewalls. In this paper we consider optimization of the firewall placement in a massive IoT network. The objective of the optimization problem is to reduce the number of firewalls required to divide the network into a given number of virtually isolated clusters. This clustering problems is non-convex and is known to be NP- hard. However, we provide an efficient algorithm to solve it, and we compare its performance to the well known K-Means clustering algorithm. Simulation results show that the average performance of the proposed algorithms outperforms performance of the the K-Means algorithm. Although many network clustering algorithms have been considered in the literature with different objectives, to the best of our knowledge, the objective of the clustering considered in this paper has not been considered before. Furthermore, the proposed clustering algorithm does not contradict with any other clustering objective. Once the firewalls are placed, any other clustering algorithm can be used to satisfy a different objective.

Malware Containment Via Firewall Placement in IoT Networks

Wessam Mesbah, King Fahd University of Petroleum and Minerals