AAU Student Projects is unavailable between June 15th 1.30pm and 17th 1.30pm due to planned system maintenance. The projects cannot be downloaded during this period.
AAU Student Projects - visit Aalborg University's student projects portal
An executive master's programme thesis from Aalborg University
Book cover


Moving Target Defense for IoT

Authors

;

Term

4. semester

Education

Cyber Security, Master

Publication year

2026

Submitted on

Abstract

This thesis examines whether Moving Target Defense (MTD) can strengthen the security of resource‑constrained IoT networks by continuously changing exposed network identifiers before attackers can exploit them. We develop a lightweight, rule‑based orchestration framework for 6LoWPAN/RPL environments that combines IPv6 address shuffling and application‑layer port‑token rotation with a reactive rate limiter to mitigate floods. A border‑router orchestrator monitors stale‑port events, sensor silence, and packet‑rate anomalies, then selects appropriate proactive or reactive responses. We implement the prototype in Contiki‑NG and evaluate it in the Cooja simulator on a Tmote Sky‑based topology under three attack scenarios: IPv6 address scanning, a DIO‑shaped UDP radio‑disruption approximation of an RPL sinkhole, and CoAP flooding. The evaluation shows that the approach invalidates attacker reconnaissance, triggers timely adaptive defenses, and reduces the impact of flooding while keeping energy and performance overhead acceptable. These results provide simulation‑based evidence that lightweight, rule‑driven MTD is a feasible path to improving resilience in constrained IoT networks.

Denne afhandling undersøger, om Moving Target Defense (MTD) kan styrke sikkerheden i ressourcebegrænsede IoT‑net ved løbende at ændre eksponerede netværksidentifikatorer, før angribere kan udnytte dem. Vi udvikler et letvægts, regelbaseret orkestreringsrammeværk til 6LoWPAN/RPL‑miljøer, der kombinerer IPv6‑adresseskift (shuffling) og port‑token‑rotation på applikationslaget med en reaktiv ratelimiter til at dæmpe trafikfloder. En orkestrator placeret på grænserouteren overvåger hændelser med forældede porte, sensorstilhed og pakkefrekvensanomalier og vælger derefter passende proaktive eller reaktive forsvar. Prototypen er implementeret i Contiki‑NG og evalueret i Cooja‑simulatoren på en Tmote Sky‑baseret topologi under tre angrebsscenarier: IPv6‑adressescanning, en DIO‑formet UDP‑radioforstyrrelse som en approksimation af en RPL‑sinkhole og CoAP‑flooding. Evalueringen viser, at tilgangen gør angriberens rekognosceringsdata hurtigt ugyldige, udløser adaptive forsvar i tide og reducerer effekten af flooding, samtidig med at energi‑ og ydelsesoverhead holdes på et acceptabelt niveau. Resultaterne giver simuleringsbaseret evidens for, at letvægts, regelstyret MTD er en realistisk vej til at øge robustheden i begrænsede IoT‑net.

[This apstract has been generated with the help of AI directly from the project full text]

Documents

Download PDF
View record in AAU Student Projects