Critical Analysis of DDoS—An Emerging Security Threat over IoT Networks

Ubiquitous computing facilitated by Internet of things (IoT) devices has made modern day life easier across many areas. It offers capabilities to measure parameters associated with the devices, to infer from their results, and to understand and control millions of such devices in various application domains. The enormous potential of IoT systems enables each and every device to communicate with each other, thereby providing more productivity. In this scenario, heterogeneity of technologies in use is expected to intensify the security threats. Policy enforcement for the assurance of privacy and security plays a key role in these systems. Fulfillment of privacy and security related requirements include confidentiality of data, user and device authentication, access control, and trust assurance among the things. However, recent reported events related to security attacks show colossal vulnerabilities among IoT devices capable of bringing security risks to the whole environment. One of the common uses of these devices by the attackers is to generate powerful distributed denial of service (DDoS) attacks. It is one of the most prominent attacking behaviors over a network by a group of geographically distributed zombie computers that interrupt and block legitimate users to use the network resources and hence, requires great attention. In this regard, the current work being novel in the field puts concentration on variants of DDoS attacks and their impact on IoT networks along with some of the existing countermeasures to defend against these attacks. The paper also discusses the detailed working mechanism of these attacks and highlights some of the commonly used tools that are deployed in such attack scenarios.

[1]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[2]  Ashraf Darwish,et al.  A New Hybrid Cryptosystem for Internet of Things Applications , 2017 .

[3]  David C. Yen,et al.  A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means , 2015, TMIS.

[4]  K. Hypponen,et al.  Man-In-The-Middle attacks on bluetooth: a comparative analysis, a novel attack, and countermeasures , 2008, 2008 3rd International Symposium on Communications, Control and Signal Processing.

[5]  Xiaolin Li,et al.  DeepDefense: Identifying DDoS Attack via Deep Learning , 2017, 2017 IEEE International Conference on Smart Computing (SMARTCOMP).

[6]  Jalel Ben-Othman,et al.  Solution of detecting jamming attacks in vehicle ad hoc networks , 2013, MSWiM.

[7]  Jerome Chifflet,et al.  Proximal decomposition for multicommodity flow problems with convex costs , 1994, Telecommun. Syst..

[8]  Maurizio Aiello,et al.  Remotely Exploiting AT Command Attacks on ZigBee Networks , 2017, Secur. Commun. Networks.

[9]  Krishna Kant Agrawal,et al.  Efficient Content Authentication in AdHoc Networks Mitigating DDoS Attacks , 2011 .

[10]  Sherali Zeadally,et al.  Cybercrime at a Scale: A Practical Study of Deployments of HTTP-Based Botnet Command and Control Panels , 2017, IEEE Communications Magazine.

[11]  S. Kumar,et al.  Smurf-based Distributed Denial of Service (DDoS) Attack Amplification in Internet , 2007, Second International Conference on Internet Monitoring and Protection (ICIMP 2007).

[12]  Partha P. Pal,et al.  Adaptive Resource Management Enabling Deception (ARMED) , 2017, ARES.

[13]  Athanasios V. Vasilakos,et al.  Preventing Distributed Denial-of-Service Flooding Attacks With Dynamic Path Identifiers , 2017, IEEE Transactions on Information Forensics and Security.

[14]  Kevin Borders,et al.  Analyzing websites for user-visible security design flaws , 2008, SOUPS '08.

[15]  Öznur Özkasap,et al.  Ad-Hoc Networks , 2008, Encyclopedia of Algorithms.

[16]  S.Nageswara Rao,et al.  Finding Multiple Optimal Paths in Ad Hoc Networks based on QOS metrics: Maximum Bandwidth and Minimum Delay , 2011 .

[17]  R. Anitha,et al.  Structural analysis and detection of android botnets using machine learning techniques , 2017, International Journal of Information Security.

[18]  Meilin Liu,et al.  A Study on Social Network based P 2 P Botnet , 2017 .

[19]  Christopher Krügel,et al.  Demystifying DDoS as a Service , 2017, IEEE Communications Magazine.

[20]  Yichuan Wang,et al.  Game strategies for distributed denial of service defense in the Cloud of Things , 2017, Journal of Communications and Information Networks.

[21]  Kishore Angrishi,et al.  Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets , 2017, ArXiv.

[22]  Rajeev Agrawal,et al.  A virtual machine platform and methodology for network data analysis with IDS and security visualization , 2017, SoutheastCon 2017.

[23]  Mohammad Iftekhar Husain,et al.  Covert Botnet Command and Control Using Twitter , 2015, ACSAC.

[24]  Yang Longxiang,et al.  Ubiquitous information service networks and technology based on the convergence of communications, computing and control , 2016 .

[25]  Ramesh Chandra Joshi,et al.  An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks , 2009, Comput. Commun..

[26]  Kuen-ho Lee,et al.  Constructing a secure hacking-resistant IoT U-healthcare environment , 2018, Journal of Computer Virology and Hacking Techniques.

[27]  Neha Thakur Introduction to Jamming Attacks and Prevention Techniques using Honeypots in Wireless Networks , .

[28]  Dengguo Feng,et al.  AAoT: Lightweight attestation and authentication of low-resource things in IoT and CPS , 2018, Comput. Networks.

[29]  Ali A. Ghorbani,et al.  SMS mobile botnet detection using a multi-agent system: research in progress , 2014, ACySE '14.

[30]  Ji Xiang,et al.  Hey, you, keep away from my device: remotely implanting a virus expeller to defeat Mirai on IoT devices , 2017, ArXiv.

[31]  Syed Taqi Ali,et al.  A DDoS prevention scheme for session resumption SEA architecture in healthcare IoT , 2017, 2017 3rd International Conference on Computational Intelligence & Communication Technology (CICT).

[32]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[33]  Yanfei Sun,et al.  Strategic Honeypot Game Model for Distributed Denial of Service Attacks in the Smart Grid , 2017, IEEE Transactions on Smart Grid.

[34]  Ali A. Ghorbani,et al.  Botnet detection based on traffic behavior analysis and flow intervals , 2013, Comput. Secur..

[35]  Ying Wang,et al.  Load balancing for multiple controllers in SDN based on switches group , 2017, 2017 19th Asia-Pacific Network Operations and Management Symposium (APNOMS).

[36]  Daesung Moon,et al.  DFA-AD: a distributed framework architecture for the detection of advanced persistent threats , 2017, Cluster Computing.

[37]  Jingsha He,et al.  Authentication and En-route Data Filtering for Wireless Sensor Networks in the Internet of Things Scenario , 2013 .

[38]  James A. Jerkins Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code , 2017, 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC).

[39]  R. Anitha,et al.  A multi-feature approach to detect Stegobot: a covert multimedia social network botnet , 2017, Multimedia Tools and Applications.

[40]  Madeline Carr,et al.  Regulating IoT: Enabling or Disabling the Capacity of the Internet of Things? , 2017 .

[41]  Nir Kshetri,et al.  Banking on Availability , 2017, Computer.

[42]  V. Natarajan,et al.  Detection of StegoBot: a covert social network botnet , 2012, SecurIT '12.

[43]  Mohammad Reza Aref,et al.  Desynchronization attack on RAPP ultralightweight authentication protocol , 2013, Inf. Process. Lett..

[44]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[45]  Zhuang Yi,et al.  A Load Balancing Algorithm with Key Resource Relevance for Virtual Cluster , 2013 .

[46]  Tadayoshi Kohno,et al.  Securing vulnerable home IoT devices with an in-hub security manager , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[47]  Robert Green,et al.  Communication security in internet of thing: preventive measure and avoid DDoS attack over IoT network , 2015, SpringSim.

[48]  Liu Jing,et al.  FL-GUARD: A Detection and Defense System for DDoS Attack in SDN , 2017 .

[49]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[50]  D. P. Gaikwad,et al.  Real time hybrid intrusion detection system using signature matching algorithm and fuzzy-GA , 2016, 2016 IEEE International Conference on Advances in Electronics, Communication and Computer Technology (ICAECCT).

[51]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[52]  Ruigang Liang,et al.  An Inside Look at IoT Malware , 2017 .

[53]  Awadhesh Kumar Singh,et al.  Super-Router: A Collaborative Filtering Technique Against DDoS Attacks , 2017 .

[54]  Meng Wang,et al.  An Easy Defense Mechanism Against Botnet-based DDoS Flooding Attack Originated in SDN Environment Using sFlow , 2016, CFI.

[55]  C. P. Katti,et al.  Security architectures in wireless sensor network , 2020 .

[56]  Yan Li,et al.  An Efficient DDoS TCP Flood Attack Detection and Prevention System in a Cloud Environment , 2017, IEEE Access.

[57]  B. B. Gupta,et al.  Security in Internet of Things: issues, challenges, taxonomy, and architecture , 2017, Telecommunication Systems.

[58]  Xinghuo Yu,et al.  Sliding-mode observers for real-time DDoS detection , 2016, 2016 IEEE 11th Conference on Industrial Electronics and Applications (ICIEA).

[59]  Zhu Hong-bo,et al.  Ubiquitous information service networks and technology based on the convergence of communications, computing and control , 2016 .

[60]  Heejo Lee,et al.  PsyBoG: A scalable botnet detection method for large-scale DNS traffic , 2016, Comput. Networks.

[61]  Deep Medhi,et al.  Using SEIRS Epidemic Models for IoT Botnets Attacks , 2017 .

[62]  Mais Nijim,et al.  FastDetict: A Data Mining Engine for predecting and preventing DDoS attacks , 2017, 2017 IEEE International Symposium on Technologies for Homeland Security (HST).

[63]  Kwangjo Kim,et al.  Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection , 2016, IEEE Transactions on Cybernetics.

[64]  Nikita Borisov,et al.  Stegobot: A Covert Social Network Botnet , 2011, Information Hiding.

[65]  John Pescatore DDoS Attacks Advancing and Enduring : A SANS Survey , 2015 .

[66]  Sherali Zeadally,et al.  Network layer inter-operation of Device-to-Device communication technologies in Internet of Things (IoT) , 2017, Ad Hoc Networks.

[67]  Awadhesh Kumar Singh,et al.  Bitcoins and secure financial transaction processing, recent advances , 2016, 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT).

[68]  Jing Liu,et al.  FL-GUARD: A Detection and Defense System for DDoS Attack in SDN , 2017, ICCSP '17.

[69]  Karen E. Smith A European Union global strategy for a changing world? , 2017 .

[70]  Hui-Tang Lin,et al.  DBod: Clustering and detecting DGA-based botnets using DNS traffic analysis , 2017, Comput. Secur..

[71]  Ahmed Awad,et al.  Information Security Practices: Emerging Threats and Perspectives , 2017 .

[72]  Praveen Gauravaram,et al.  Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[73]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[74]  C YenDavid,et al.  A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means , 2015 .

[75]  Derek McAuley,et al.  Cybersecurity Implications of the Industrial Internet of Things , 2017 .

[76]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[77]  Jemal H. Abawajy,et al.  Scalable RFID security framework and protocol supporting Internet of Things , 2014, Comput. Networks.

[78]  C. Douligeris,et al.  DDoS attacks and defense mechanisms: a classification , 2003, Proceedings of the 3rd IEEE International Symposium on Signal Processing and Information Technology (IEEE Cat. No.03EX795).

[79]  Sarah Abdallah,et al.  Identity-based authentication scheme for the Internet of Things , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[80]  Sung-Gi Min,et al.  An Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE 802.11-based IoT Access Networks , 2017, Sensors.

[81]  Aiko Pras,et al.  How to Achieve Early Botnet Detection at the Provider Level? , 2016, AIMS.