Malware Containment via Firewall Placement in Large Scale Wireless IoT Networks

One of the biggest risks that wireless IoT networks encounter is malware or botnet epidemics. Malware can propagate from one device to another device existing in its coverage range as long as there are no check points (firewalls) to protect that device. Firewalls can be hardware (special devices) or software licenses installed on a limited number of devices. Unfortunately, in both cases the number of firewalls in any network is usually limited due to cost constraints. Therefore, it is crucial to reduce the number of required firewalls and/or make efficient use of the available firewalls. In this paper, we consider two optimization problems to optimize the firewall placement in a massive wireless IoT network. The objective of the first optimization problem is to reduce the number of firewalls required to partition the network into isolated clusters/partitions of a given maximum size. The second problem aims at reducing the maximum size of the isolated partitions that can be achieved given an available number of firewalls. These two clustering problems are non-convex and are known to be NP-complete. However, we provide efficient algorithms, with different variations, to solve the two problems, and we compare their performance to the well known K-Means and Spectral Partitioning algorithms. Simulation results show that in both problems the average performance of the proposed algorithms outperforms the performance of both algorithms. Furthermore, we show that adding the proposed algorithm as a second stage after the Spectral Partitioning algorithm improves the performance of the Spectral Partitioning significantly.