A Distributed MAPE-K Framework for Self-Protective IoT Devices

Internet of Things (IoT) devices have become ubiquitous in our everyday life, with security becoming an evergrowing issue as more and more cyber-attack incidents being reported, primarily due to deficiencies in existing security mechanisms. However, while, for example, cloud-based applications, or industrial automation systems of systems possess significant resources for monitoring health, and determining their status and correct behavior at runtime, IoT devices operate with limited hardware capabilities and under tight resource constraints, making monitoring, analysis, and response activities a challenging endeavor. Following the NIST Cybersecurity Framework, IoT devices need to identify, protect, detect, respond, and recover from cyber-attacks, unauthorized access, and other security threats. A common way to provide self-adaptation to changing conditions is the MAPE-K loop with four pivotal phases: Monitor, Analyze, Plan, and Execute. This paper presents DSec4IoT, a "Distributed MAPE-K Framework for Self-Protective IoT Devices". Our framework leverages the idea of distributed MAPE-K patterns and establishes a model for managing and controlling Self-Protective IoT Devices. We evaluate our approach by simulating port scans and performing adaptation activities. Results have confirmed that DSec4IoT can be easily applied to detect and mitigate them.