IoTSecSim: A framework for modelling and simulation of security in Internet of things

The proliferation of the Internet of Things (IoT) devices has provided attackers with tremendous opportunities to launch various cyber-attacks. It has been challenging to analyse the impact of cyber-attacks and evaluate the effectiveness of defences in real IoT environments due to the scale and heterogeneity of IoT networks. In this work, we propose a novel simulation framework and a software tool, IoT Security Simulator (IoTSecSim). IoTSecSim is operated based on a framework we propose for modelling and simulating cyber-attacks and various defences in IoT networks. IoTSecSim is not only able to support the creation of an IoT network with flexible settings of IoT devices and topology information but also models the attack behaviours, node-level, and network level defences. Moreover, a systematic security evaluation can be performed by comparing the results based on the calculation of security metrics. We perform simulations with case studies on Mirai malware and its variants to model cyber-attack behaviours on IoT networks and evaluate the impact of these attacks and the effectiveness of defence techniques via IoTSecSim. Then, we carry out a sensitivity analysis to justify that the simulation results produced by IoTSecSim are accurate and feasible when compared with related works. We also perform a comparative performance analysis with four combinations of cyber-attack behaviours and show that these behaviours can influence IoT malware propagation in different situations. We consider multiple attacker models and deploy conventional defence techniques (including firewall, intrusion detection, and vulnerability patching) to investigate the effectiveness of defence techniques. IoTSecSim provides a generalised and extensible simulation framework that enables users to model emerging cyber-attacks against IoT networks and evaluate the effectiveness of defences against these attacks. This helps users focus on the design and performance evaluation of new defences before the actual implementation and deployment of the defences are required.