Proactive defense mechanisms for the software-defined Internet of Things with non-patchable vulnerabilities

The Internet of Things (IoT) contains a large number of heterogeneous devices with a variety of vulnerabilities. As the vulnerabilities can be exploited by the attackers to break into the system, it is of vital importance to patch all vulnerabilities. However, some vulnerabilities are impossible to patch (e.g., forever-day vulnerabilities). In order to deal with non-patchable vulnerabilities, we propose to change the attack surface of the IoT network to increase the attack effort. With the support of software-defined networking (SDN), we develop two proactive defense mechanisms that reconfigure the IoT network topology. We analyze how the security and performance change when the proposed solutions are deployed by using a graphical security model and various metrics in simulations. The results show our proactive defense mechanisms in the SD-IoT effectively increase the attack effort, while maintaining the average shortest path length.