A Quantitative Study of DDoS and E-DDoS Attacks on WiFi Smart Home Devices

Internet of Things (IoT) has facilitated the prosperity of smart environments such as smart homes. Meanwhile, WiFi is a broadly-used technology for the wireless connectivity of IoT devices. However, smart home IoT devices are often vulnerable to various security attacks. This paper quantifies the impact of Distributed Denial of Service (DDoS) and energyoriented DDoS attacks (E-DDoS) on WiFi smart home devices and explores the underlying reasons from the perspective of attacker, victim device, and access point (AP). Compared to the existing work, which primarily focus on DDoS attacks launched by compromised IoT devices against servers, our work focuses on the connectivity and energy consumption of IoT devices when under attack. Our key findings are three-fold. First, the minimum DDoS attack rate causing service disruptions varies significantly among different IoT smart home devices, and buffer overflow within the victim device is validated as critical. Second, the group key updating process of WiFi, may facilitate DDoS attacks by causing faster victim disconnections. Third, a higher E-DDoS attack rate sent by the attacker may not necessarily lead to a victim’s higher energy consumption. Our study reveals the communication protocols, attack rates, payload sizes, and victim devices’ ports state as the vital factors to determine the energy consumption of victim devices. These findings facilitate a thorough understanding of IoT devices’ potential vulnerabilities within a smart home environment and pave solid foundations for future studies on defense solutions.

[1]  Yujie Li,et al.  User-Oriented Virtual Mobile Network Resource Management for Vehicle Communications , 2021, IEEE Transactions on Intelligent Transportation Systems.

[2]  Francesco Palmieri,et al.  Introducing Fraudulent Energy Consumption in Cloud Infrastructures: A New Generation of Denial-of-Service Attacks , 2017, IEEE Systems Journal.

[3]  Ananay Arora,et al.  Preventing wireless deauthentication attacks over 802.11 Networks , 2018, ArXiv.

[4]  M. Shamim Hossain,et al.  Multi-Aspect Aware Session-Based Recommendation for Intelligent Transportation Services , 2020, IEEE Transactions on Intelligent Transportation Systems.

[5]  May Aye Chan Aung,et al.  Detection and mitigation of wireless link layer attacks , 2017, 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA).

[6]  E. Erdfelder,et al.  Statistical power analyses using G*Power 3.1: Tests for correlation and regression analyses , 2009, Behavior research methods.

[7]  Behnam Dezfouli,et al.  The Impact of DoS Attacks onResource-constrained IoT Devices: A Study on the Mirai Attack , 2021, ArXiv.

[8]  LiuChibiao,et al.  Performance Study of 802.11w for Preventing DoS Attacks on Wireless Local Area Networks , 2017 .

[9]  Paramvir Singh,et al.  Impact analysis of application layer DDoS attacks on web services: a simulation study , 2017, Int. J. Intell. Eng. Informatics.

[10]  Behnam Dezfouli,et al.  Enhancing the Energy-Efficiency and Timeliness of IoT Communication in WiFi Networks , 2019, IEEE Internet of Things Journal.

[11]  Kai Lin,et al.  Emotion-aware system design for the battlefield environment , 2019, Inf. Fusion.

[12]  Hwee Pink Tan,et al.  Modeling low-power wireless communications , 2015, J. Netw. Comput. Appl..

[13]  Ahmad-Reza Sadeghi,et al.  Security analysis on consumer and industrial IoT devices , 2016, 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC).

[14]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[15]  Huimin Lu,et al.  AI-Enabled Emotion Communication , 2019, IEEE Network.

[16]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[17]  Kailas Devadkar,et al.  Understanding DDoS Attack & its Effect in Cloud Environment , 2015 .

[18]  Robert C. Bolles,et al.  Random sample consensus: a paradigm for model fitting with applications to image analysis and automated cartography , 1981, CACM.

[19]  D. Bastos,et al.  Internet of Things: A survey of technologies and security risks in smart home and city environments , 2018, IoT 2018.

[20]  Robert Ayre,et al.  ‘Smart’ Is Not Free: Energy Consumption of Consumer Home Automation Systems , 2020, IEEE Transactions on Consumer Electronics.

[21]  Francesco Palmieri,et al.  Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures , 2014, The Journal of Supercomputing.

[22]  Francesco Palmieri,et al.  Evaluating Network-Based DoS Attacks under the Energy Consumption Perspective: New Security Issues in the Coming Green ICT Area , 2011, 2011 International Conference on Broadband and Wireless Computing, Communication and Applications.

[23]  M. Shamim Hossain,et al.  Emotion-Aware Multimedia Systems Security , 2019, IEEE Transactions on Multimedia.

[24]  Haitao Wu,et al.  Proactive Scan: Fast Handoff with Smart Triggers for 802.11 Wireless LAN , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[25]  Jinming Qiu,et al.  Performance Study of 802.11w for Preventing DoS Attacks on Wireless Local Area Networks , 2017, Wirel. Pers. Commun..

[26]  Konstantina Papagiannaki,et al.  Using smart triggers for improved user performance in 802.11 wireless networks , 2006, MobiSys '06.

[27]  Natalija Vlajic,et al.  IoT as a Land of Opportunity for DDoS Hackers , 2018, Computer.

[28]  Behnam Dezfouli,et al.  EMPIOT: An Energy Measurement Platform for Wireless IoT Devices , 2018, J. Netw. Comput. Appl..

[29]  Fred Baker,et al.  Requirements for IP Version 4 Routers , 1995, RFC.

[30]  Xiapu Luo,et al.  Characterizing the Impacts of Application Layer DDoS Attacks , 2017, 2017 IEEE International Conference on Web Services (ICWS).

[31]  Vijay Sivaraman,et al.  Quantifying the reflective DDoS attack capability of household IoT devices , 2017, WISEC.

[32]  Ítalo S. Cunha,et al.  The Evolution of Bashlite and Mirai IoT Botnets , 2018, 2018 IEEE Symposium on Computers and Communications (ISCC).

[33]  Esraa Alomari,et al.  Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art , 2012, ArXiv.

[34]  Meikang Qiu,et al.  PSAC: Proactive Sequence-Aware Content Caching via Deep Learning at the Network Edge , 2020, IEEE Transactions on Network Science and Engineering.

[35]  Ahmad Jalal,et al.  A Triaxial Acceleration-based Human Motion Detection for Ambient Smart Home System , 2019, 2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST).

[36]  Roksana Boreli,et al.  Smart-Phones Attacking Smart-Homes , 2016, WISEC.

[37]  Georgios Kambourakis,et al.  The Mirai botnet and the IoT Zombie Armies , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[38]  Angelo Spognardi,et al.  Analysis of DDoS-capable IoT malwares , 2017, 2017 Federated Conference on Computer Science and Information Systems (FedCSIS).

[39]  Subhi R. M. Zeebaree,et al.  Impact Analysis of HTTP and SYN Flood DDoS Attacks on Apache 2 and IIS 10.0 Web Servers , 2018, 2018 International Conference on Advanced Science and Engineering (ICOASE).