Abstract
The growth in the number of Internet of Things (IoT) devices and applications, as well as their heterogeneity and hardware limitations, make it difficult to apply traditional security mechanisms. Thus, the IoT layer has become a highly vulnerable part of the network. In this article, a low computational complexity intrusion detection system is proposed for online recognition of denial-of-service attacks. A common feature of denial-of-service attacks is the sudden surge of a certain type of packet or request. To track this sudden spike, network traffic is reduced to the number of packets per minute, segmented by protocol. On these data, we applied sliding window and moving average comparison techniques to identify anomalies. After identification, a selective search is performed only in the anomalous protocol, to isolate the target and neutralize the attack. Tests performed on data extracted from pcap file, containing attacks carried out on real devices, demonstrate the accuracy in recognizing attacks. In addition, the tools and techniques for implementing the proposed model in a realistic environment are described.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Hasan, M.: State of IoT 2022: Number of connected IoT devices growing 18% to 14.4 billion globally (2022). https://iot-analytics.com/number-connected-iot-devices/. (Accessed 13 Sep 2022)
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutorials 17(4), 2347–2376 (2015)
Cook, A.A., Mısırlı, G., Fan, Z.: Anomaly detection for IoT time-series data: A survey. IEEE Internet Things J. 7(7), 6481–6494 (2019)
Perlroth, N.: Hackers Used New Weapons to Disrupt Major Websites Across U.S (2016). https://www.nytimes.com/2016/10/22/business/internet-problems-attack.html. (Accessed 13 Sep 2022)
Porter, J.: Amazon says it mitigated the largest DDoS attack ever recorded. https://www.theverge.com/2020/6/18/21295337/amazon-aws-biggest-ddos-attack-ever-2-3-tbps-shield-github-netscout-arbor. (Accessed 13 Sep 2022)
Balaban, I.: Denial-of-service attack. Int’l J. Info. Sec. Cybercrime 10, 59 (2021)
Mergendahl, S., Li, J.: Rapid: Robust and adaptive detection of distributed denial-of-service traffic from the internet of things. In 2020 IEEE Conference on Communications and Network Security (CNS), pp. 1–9. IEEE (June 2020)
Saghezchi, F.B., Mantas, G., Violas, M.A., de Oliveira Duarte, A.M., Rodriguez, J.: Machine learning for DDoS attack detection in industry 4.0 CPPSs. Electronics 11(4), 602 (2022)
Sharma, D.K., et al.: Anomaly detection framework to prevent DDoS attack in fog empowered IoT networks. Ad Hoc Netw. 121, 102603 (2021)
Li, F., Shinde, A., Shi, Y., Ye, J., Li, X.Y., Song, W.: System statistics learning-based IoT security: Feasibility and suitability. IEEE Internet of Things J. 6(4), 6396–6403 (2019)
Sahoo, K.S., Puthal, D.: SDN-assisted DDoS defense framework for the internet of multimedia things. ACM Trans. Multimedia Comput. Commun. Appli. (TOMM) 16(3s), 1–18 (2020)
Wan, Y., Xu, K., Wang, F., Xue, G.: Characterizing and mining traffic patterns of IoT devices in edge networks. IEEE Trans. Netw. Sci. Eng. 8(1), 89–101 (2020)
Cisa. Understanding Denial-of-Service Attacks (2022). https://www.cisa.gov/uscert/ncas/tips/ST04-015. (Accessed 13 Sep 2022)
Sousa, B.F.L.M., Abdelouahab, Z., Lopes, D.C.P., Soeiro, N.C., Ribeiro, W.F.: An intrusion detection system for denial of service attack detection in internet of things. In: Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing, pp. 1–8 (March 2017)
Doshi, R., Apthorpe, N., Feamster, N.: Machine learning ddos detection for consumer internet of things devices. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 29–35. IEEE (May 2018)
Salahuddin, M.A., Pourahmadi, V., Alameddine, H.A., Bari, M.F., Boutaba, R.: Chronos: Ddos attack detection using time-based autoencoder. IEEE Trans. Netw. Serv. Manage. 19(1), 627–641 (2021)
Tann, W.J.W., Tan, J.J.W., Purba, J., Chang, E.C.: Filtering DDoS attacks from unlabeled network traffic data using online deep learning. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp. 432–446 (May 2021)
Sudharsan, B., Patel, P., Breslin, J.G., Ali, M.I.: Enabling machine learning on the edge using sram conserving efficient neural networks execution approach. In: Dong, Y., Kourtellis, N., Hammer, B., Lozano, J.A. (eds.) ECML PKDD 2021. LNCS (LNAI), vol. 12979, pp. 20–35. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-86517-7_2
Alzahrani, M.A., Alzahrani, A.M., Siddiqui, M.S.: Detecting DDoS attacks in iot-based networks using matrix profile. Appl. Sci. 12(16), 8294 (2022)
Santoyo-González, A., Cervelló-Pastor, C., Pezaros, D.P.: High-performance, platform-independent DDoS detection for IoT ecosystems. In: 2019 IEEE 44th Conference on Local Computer Networks (LCN), pp. 69–75. IEEE (October 2019)
Jouet, S., Pezaros, D.P.: Bpfabric: Data plane programmability for software defined networks. In: 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 38–48. IEEE (May 2017)
Vaccari, I., Chiola, G., Aiello, M., Mongelli, M., Cambiaso, E.: MQTTset, a new dataset for machine learning techniques on MQTT. Sensors 20(22), 6578 (2020)
Hamza, A., Gharakheili, H.H., Benson, T.A., Sivaraman, V.: Detecting volumetric attacks on lot devices via sdn-based monitoring of mud activity. In: Proceedings of the 2019 ACM Symposium on SDN Research, pp. 36–48 (April 2019)
WireShark (2022). https://www.wireshark.org/index.html#download. (Accessed 29 Oct 2022)
Daemonlogger (2022). https://talosintelligence.com/daemon. (Accessed 29 Oct 2022)
Lee, C.H., Lin, C.R., Chen, M.S.: Sliding-window filtering: an efficient algorithm for incremental mining. In Proceedings of The Tenth International Conference On Information And Knowledge Management, pp. 263–270 (October 2001)
Lautert, H.: Multiple Moving Avarages to Anomaly Detection in IoT networks (2022). https://github.com/hflautert/AnomalyDetection. (Accessed 29 Oct 2022)
Dean, W.: Computational Complexity Theory, The Stanford Encyclopedia of Philosophy (Fall 2021 Edition), Edward N. Zalta (ed.). https://plato.stanford.edu/archives/fall2021/entries/computational-complexity/. (Accessed 29 Oct 2022)
Pioli, L., Dorneles, C.F., de Macedo, D.D., Dantas, M.A.: An overview of data reduction solutions at the edge of IoT systems: a systematic mapping of the literature. Computing, 1–23 (2022)
Di Vita, L.: Protocols Counter (2019). https://github.com/lucadivit/Protocols_Counter. (Accessed 31 Oct 2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Lautert, H.F., Macedo, D.D.J.d., Pioli, L. (2023). Micro IDS: On-Line Recognition of Denial-of-Service Attacks on IoT Networks. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2023. Lecture Notes in Networks and Systems, vol 661. Springer, Cham. https://doi.org/10.1007/978-3-031-29056-5_39
Download citation
DOI: https://doi.org/10.1007/978-3-031-29056-5_39
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-29055-8
Online ISBN: 978-3-031-29056-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)