現今通信技術的迅速發展以及物連網裝置的種種特性，包含了受限的運算資源、異質連結性以及脆弱的可用性，使處於物連網上的惡意使用者們能更容易地散佈惡意軟體，從而讓物連網受到巨大的安全挑戰。我們通常假設在傳統無線網路環境中，所有的節點均可以直接進行修補，相較於傳統網路設備而言，物連網裝置不具備足夠的資源，因此傳統的修補方法並無法套用在物連網的領域中。為了能高效率抑制惡意軟體的傳染速率，我們選擇修補通訊用的中介節點(intermediate node)，有別於過往直接修補物連網裝置本身的方法，我們的選擇能有更好的效果。另一方面，我們利用傳染病模型(SIR模型)以及光譜叢集(Spectral Clustering)的概念針對整體網路進行分析，且分群演算法可避免所有的修補資源都被提供給具有最高平均流量的區域，而忽略其他處於需要修補區域中的中介節點。在本篇論文中，我們提出了一個新興的方法來針對物連網中重要的中介節點進行修補，其名為基於分群的流量感測修補法，這方法非常適用於修補資源受限且通訊響應時間被約束的物連網系統。最後我們利用機會網路環境(Opportunistic Network Environment, ONE)模擬器和真實世界的追溯資料來進行模擬，同時印證我們提出的基於分群的流量感測修補法確實能有效減輕惡意軟體的散佈速度。且此方法比起直觀的基於流量修補法有更好的修補效果。

The development of communication technology has provided malicious users formidable means to launch attacks through Internet of Things (IoT). The features of IoT devices which include constrained resources, heterogeneous links, and vulnerable usability facilitate the malware propagation, thereby raising new challenges on handling IoT-empowered malware for cyber security. The malware propagation control scheme in traditional wireless networks where nodes can be directly repaired and secured is not suitable for IoT since IoT devices are hard to be patched. To efficiently and effectively suppress the spreading of harmful information, blocking malware via patching the intermediate nodes (e.g., base stations, access point) instead of the infected mobile devices becomes our better choice. On the other hand, we analyze this network by exploiting the well-known epidemic model and the concept of spectral clustering. The clustering algorithm can avoid that all the patching resources being given to the area with the highest average traffic volume and neglect the intermediate node in other areas which also need to be patched. This article proposes a novel clustered traffic-aware patching scheme to select important infrastructures to patch, which is suitable for the IoT system with limited patching resources and response time constraint. We conduct experiments on real-world trace datasets by using Opportunistic Network Environment (ONE) simulator to show the advantage of clustered traffic-aware patching scheme in mitigating malware propagation, and clustered traffic-aware patching has better performance than intuitive degree-based patching.

1. G. Gan, Z. Lu, and J.Jiang, “Internet of things security analysis,” in Proc. IEEE iTAP 2011, Aug. 2011.
2. J. Granjal, E. Monteiro, and J. Silva, “Security for the Internet of Things: A survey of existing protocols and open research issues,” IEEE Commun. Surveys Tuts., vol. 17, pp. 1294–1312, July 2015.
3. Y. Minn, P. Pa, S. Suzuki, K. Yoshioka, T. Matsumoto, T. Kasama, and C. Rossow, “IoTPOT: Analysing the rise of IoT compromises,” in Proc.
USENIX Workshop 2015, Aug. 2015.
4. G. Zyba, G. M. Voelker, M. Liljenstam, A. Mehes, and P. Johansson, “Defending mobile phones from proximity malware,” in Proc. IEEE Infocom 2009, Apr. 2009, pp. 1503–1511.
5. M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A.-R. Sadeghi, and S. Tarkoma, “IoT Sentinel: Automated device-type identification for security enforcement in IoT,” CoRR, vol. abs/1611.04880v2, 2016.
6. P.-Y. Chen and S.-M. Cheng, “Sequential defense against random and intentional attacks in complex networks,” Phys. Rev. E, vol. 91, p. 022805, Feb. 2015.
7. P.-Y. Chen and A. O. Hero, “Assessing and safeguarding network resilience to nodal attacks,” IEEE Commun. Mag., vol. 52, no. 11, pp. 138–143, Nov. 2014.
8. S.-M. Cheng, P.-Y. Chen, C.-C. Lin, and H.-C. Hsiao, “Traffic-aware patching for cyber security in mobile iot,” arXiv preprint arXiv:1703.05400, July 2017.
9. E. Ronen and A. Shamir, “Extended functionality attacks on IoT devices: The case of smart lights,” in Proc. IEEE S&P Europe 2016, Mar. 2016.
10. J. Habibi, D. Midi, A. Mudgerikar, and E. Bertino, “Heimdall: Mitigating the internet of insecure things,” 2017.
11. P.-Y. Chen, S.-M. Cheng, and K.-C. Chen, “Optimal control of epidemic information dissemination over networks,” IEEE Tran. on Cybernetics, vol. 44, no. 12, pp. 2316–2328, Dec. 2014.
12. P. De, Y. Liu, and S. K. Das, “An epidemic theoretic framework for vulnerability analysis of broadcast protocols in wireless sensor networks,” IEEE Trans. Mobile Comput., vol. 8, no. 3, pp. 413–425, Mar. 2009.
13. S. Peng, S. Yu, and A. Yang, “Smartphone malware and its propagation modeling: A survey,” IEEE Commun. Surveys Tuts., vol. 16, no. 2, pp. 952–941, Apr. 2014.
14. S. Tanachaiwiwat and A. Helmy, “Encounter-based worms: analysis and defense,” Ad Hoc Netw., vol. 7, no. 7, pp. 1414–1430, Sept. 2009.
15. P. Wang, M. C. Gonzalez, C. A. Hidalgo, and A.-L. Barabasi, “Understanding the spreading patterns of mobile phone viruses,” Science, vol. 324, no. 5930, pp. 1071–1075, May 2009.
16. S.-M. Cheng, W. C. Ao, P.-Y. Chen, and K.-C. Chen, “On modeling malware propagation in generalized social networks,” IEEE Commun. Lett., vol. 15, no. 1, pp. 25–27, Jan. 2011.
17. V. L. Ulrike, “A tutorial on spectral clustering,” Statistics and computing, vol. 17, no. 4, pp. 395–416, Aug. 2007.
18. W. Dong, B. Lepri, and A. Pentland, “Modeling the co-evolution of behaviors and social relationships using mobile phone data,” in Proc. MUM 2011, Dec. 2011, pp. 134–143.
19. P.-Y. Chen, C.-C. Lin, S.-M. Cheng, H.-C. Hsiao, and C.-Y. Huang, “Decapitation via digital epidemics: A bio-inspired transmissive attack,” IEEE Commun. Mag., vol. 54, p. 75—81, June 2016.