Skip to main content
Log in

Critical Analysis of DDoS—An Emerging Security Threat over IoT Networks

  • Research paper
  • Published:
Journal of Communications and Information Networks

Abstract

Ubiquitous computing facilitated by Internet of things (IoT) devices has made modern day life easier across many areas. It offers capabilities to measure parameters associated with the devices, to infer from their results, and to understand and control millions of such devices in various application domains. The enormous potential of IoT systems enables each and every device to communicate with each other, thereby providing more productivity. In this scenario, heterogeneity of technologies in use is expected to intensify the security threats. Policy enforcement for the assurance of privacy and security plays a key role in these systems. Fulfillment of privacy and security related requirements include confidentiality of data, user and device authentication, access control, and trust assurance among the things. However, recent reported events related to security attacks show colossal vulnerabilities among IoT devices capable of bringing security risks to the whole environment. One of the common uses of these devices by the attackers is to generate powerful distributed denial of service (DDoS) attacks. It is one of the most prominent attacking behaviors over a network by a group of geographically distributed zombie computers that interrupt and block legitimate users to use the network resources and hence, requires great attention. In this regard, the current work being novel in the field puts concentration on variants of DDoS attacks and their impact on IoT networks along with some of the existing countermeasures to defend against these attacks. The paper also discusses the detailed working mechanism of these attacks and highlights some of the commonly used tools that are deployed in such attack scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. H. B. Zhu, L. X. Yang, Q. Zhu, et al. Ubiquitous information service networks and technology based on the convergence of communication, computing and control [J]. Journal of Communications and Information Networks, 2016, 1(1): 98–110.

    Article  Google Scholar 

  2. Y. C. Wang, Y. F. Zhang, X. H. Hei, et al. Game strategies for distributed denial of service defense in the Cloud of Things [J]. Journal of Communications and Information Networks, 2016, 1(4): 143–155.

    Article  Google Scholar 

  3. I. Brass, L. Tanczer, M. Carr, et al. Regulating IoT: Enabling or disabling the capacity of the Internet of Things [M]. Risk & Regulation, 2017, 33: 12–15.

    Google Scholar 

  4. C. Zhang, R. Green. Communication security in Internet of Things: Preventive measure and avoid DDoS attack over IoT Network [C]//Proceedings of 18th Symposium on Communications and Networking, Bangkok, 2015: 8–15.

    Google Scholar 

  5. O. Bello, S. Zeadally, M. Badra. Network layer inter-operation of Device-to-Device communication technologies in Internet of Things (IoT) [J]. Ad Hoc Networks, 2017, 57(C): 52–62.

    Article  Google Scholar 

  6. A. Dorri, S. S. Kanhere, R. Jurdak, et al. Blockchain for IoT security and privacy: The case study of a smart home [C]//IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), Kona, 2017: 618–623.

    Google Scholar 

  7. C. Cao, L. Guan, P. Liu, et al. Hey, you, keep away from my device: remotely implanting a virus expeller to defeat Mirai on IoT devices [J]. arXiv:1706.05779, 2017.

    Google Scholar 

  8. V. Adat, B. B. Gupta. Security in Internet of Things: Issues, challenges, taxonomy, and architecture [J]. Telecommunication Systems, 2018, 3/2018: 1–19.

    Google Scholar 

  9. A. K. Simpson, F. Roesner, T. Kohno. Securing vulnerable home IoT devices with an in-hub security manager [C]//International Conference on Pervasive Computing and CommunicationWorkshops (Percom Workshops), Kona, 2017: 551–556.

    Google Scholar 

  10. A. Sardana, R. Joshi. An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks [J]. Computer Communications, 2009, 32(12): 1384–1399.

    Article  Google Scholar 

  11. C. Douligeris, A. Mitrokotsa. DDoS attacks and defense mechanisms. Classification and state-of-the-art [J]. Computer Networks, 2004, 44(5): 643–666.

    Article  Google Scholar 

  12. C. Zhang, R. Green. Communication security in Internet of Thing: Preventive measure and avoid DDoS attack over IoT network [C]//Proceedings of 18th Symposium on Communications & Networking, Society for Computer Simulation International, Alexandria, 2015: 8–15.

    Google Scholar 

  13. J. Pescatore. DDoS attacks advancing and enduring: A SANS survey [R]. 2014.

    Google Scholar 

  14. A. Zand, G. Modelo-Howard, A. Tongaonkar, et al. Demystifying DDoS as a service [J]. IEEE Communication Magazine, 2017, 55(7): 14–21.

    Article  Google Scholar 

  15. C. Douligeris, A. Mitrokotsa. DDoS attacks and defense mechanisms: A classification [C]//Proceedings of 3rd IEEE International Symposium on Signal Processing and Information Technology, Darmstadt, 2003: 190–193.

    Google Scholar 

  16. M. T. Gardner, C. Beard, D. Medhi. Using SEIRS epidemic models for IoT botnets attacks [C]//Proceedings of 13th International Conference on Design of Reliable Communication Networks (DRCN), VDE, Münich, 2017: 1–8.

    Google Scholar 

  17. E. Bertino, N. Islam. Botnets and Internet of Things security [J]. Computer (Long Beach Calif), 2017, 50(2): 76–79.

    Google Scholar 

  18. E. Bertino, N. Islam. Botnets and Internet of Things security [J]. Computer, 2017, 50(2): 76–79.

    Article  Google Scholar 

  19. J. A. Jerkins. Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code [C]//IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, 2017: 1–5.

    Google Scholar 

  20. J. Gao, M. Liu. A study on social network based P2P botnet [J]. International Research Journal of Advanced Engineering and Science, 2017, 2(3): 204–208.

    Google Scholar 

  21. N. Pantic, M. Husain. Covert botnet command and control using twitter [C]//Proceedings of 31st Annual Computer Security Applications Conference, Los Angeles, 2015: 171–180.

    Google Scholar 

  22. S. Nagaraja, A. Houmansadr, P. Piyawongwisal, et al. Stegobot: a covert social network botnet [C]//Proceedings of 13th International Conference on Information Hiding, Prague, 2011: 299–313.

    Google Scholar 

  23. A. Wang, R. Liang, X. Liu, et al. An inside look at IoT malware [C]//International Conference on Industrial IoT Technologies and Applications, Wuhu, 2017: 176–186.

    Google Scholar 

  24. Taking charge of the IoT’s security vulnerabilities (White Paper) [M]. 2017.

  25. B. Krebs. DDoS-for-hire. Krebs on security [R]. 2017.

    Google Scholar 

  26. S. Quamara, A. K. Singh. Bitcoins and secure financial transaction processing, recent advances [C]//2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), Bengaluru, 2016: 216–219.

    Google Scholar 

  27. A. K. Sood, S. Zeadally, R. Bansal. Cybercrime at a scale: A practical study of deployments of http-based botnet command and control panels [J]. IEEE Communications Magazine, 2017, 55(7): 22–28.

    Article  Google Scholar 

  28. A. Darwish, M. M. El-Gendy, A. E. Hassanien. A new hybrid cryptosystem for Internet of Things applications [J]. Multimedia Forensics and Security, 2016, 115: 365–380.

    Google Scholar 

  29. A. C. Atluri, V. Tran. Botnets threat analysis and detection [M]. Information security practices: Emerging threats and perspectives, Springer, 2017: 7–28.

    Google Scholar 

  30. L. M. Ibrahim, K. H. Thanon. Detection of Zeus botnet in computers networks and Internet [J]. International Journal of Information Technology and Business Management, 2012, 6: 84–89.

    Google Scholar 

  31. C. Kolias, G. Kambourakis, A. Stavrou, et al. DDoS in th. IoT: Mirai and other botnets [J]. Computer (Long Beach Calif), 2017, 50(7): 80–84.

    Google Scholar 

  32. D. Moore, C. Shannon. Code-Red: A case study on the spread and victims of an Internet worm [C]//Proceedings of 2nd ACM SIGCOMM Workshop on Internet Measurement (IMW), Marseille, 2002: 273–284.

    Google Scholar 

  33. Q. Jing, A. V. Vasilakos, J. Wan, et al. Security of the Internet of Things: Perspectives and challenges [J]. Wireless Networks, 2014, 20(8): 2481–2501.

    Article  Google Scholar 

  34. R. Khan, S. U. Khan, R. Zaheer, et al. Future Internet: The Internet of Things architecture, possible applications and key challenges [C]//Proceedings of 10th International Conference on Frontiers of Information Technology (FIT), Islamabad, 2012: 257–260.

    Google Scholar 

  35. A. T. Nguyen, L. Mokdad, J. Ben Othman. Solution of detecting jamming attacks in vehicle ad hoc networks [C]//Proceedings of 16th ACM International Conference on Modeling, Analysis & Simulation of Wireless and Mobile Systems, Barcelona, 2013: 405–410.

    Google Scholar 

  36. N. Thakur, A. Sankaralingam. Introduction to jamming attacks and prevention techniques using honeypots in wireless networks [J]. International Journal of Computer Science and Information Technology and Security, 2013, 3(2): 202–207.

    Google Scholar 

  37. B. R. Ray, J. Abawajy, M. Chowdhury. Scalable RFID security framework and protocol supporting Internet of Things [J]. Computer Networks, 2014, 67: 89–103.

    Article  Google Scholar 

  38. Z. Ahmadian, M. Salmasizadeh, M. R. Aref. Desynchronization attack on RAPP ultralightweight authentication protocol [J]. Information Processing Letters, 2013, 113(7): 205–209.

    Article  MathSciNet  MATH  Google Scholar 

  39. K. Sonar, H. Upadhyay. A survey: DDOS attack o.Internet of Things [J]. International Journal of Engineering Research and Development, 2014, 10(11): 58–63.

    Google Scholar 

  40. V. Bhasin, S. Kumar, P. C. Saxena, et al. Security architectures in wireless sensor network [J]. International Journal of Information Technology, 2018: 1–12.

    Google Scholar 

  41. I. Vaccari, E. Cambiaso, M. Aiello. Remotely exploiting AT command attacks on ZigBee networks [J]. Security and Communication Networks, 2017: 1723658

    Google Scholar 

  42. S. Kumar. Smurf-based distributed denial of service (DDoS) attack amplification in Internet [C]//2nd International Conference on Internet Monitoring and Protection (ICIMP), San Jose, 2007: 25–25.

    Google Scholar 

  43. US CERT. DNS amplification attacks [R]. 2016.

  44. K. M. Haataja, K. Hypponen. Man-in-the-middle attacks on bluetooth: A comparative analysis, a novel attack, and countermeasures [C]//3rd International Symposium on Communication Control and Signal Process (ISCCSP), Berkeley, 2008: 1096–1102.

    Google Scholar 

  45. Radware DDoS handbook: The ultimate guide to everything you need to know about DDoS attacks [M]. 2015: 1–43.

  46. MalwareMustDie! Malware research group [R]. 2016.

  47. L. Urquhart, D. McAuley. Cybersecurity implications of the industrial Internet of Things [C]//TILTing Perspectives 2017: Regulating a connected world, Tilburg, 2017.

    Google Scholar 

  48. K. Angrishi. Turning Internet of things (IoT) into Internet of vulnerabilities (IoV): IoT botnets [J]. arXiv:1702.03681, 2017.

    Google Scholar 

  49. GReAT. New(ish) Mirai spreader poses new risks [R]. 2017.

  50. S. T. Zargar, J. Joshi, D. Tipper. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks [J]. IEEE communications surveys & tutorials, 2013, 15(4): 2046–2069.

    Article  Google Scholar 

  51. Kaspersky Lab. Statistics on botnet-assisted DDoS attacks in Q1 [R]. 2015.

    Google Scholar 

  52. Kaspersky Lab. Kaspersky DDoS intelligence report Q2 [R]. 2015.

    Google Scholar 

  53. Kaspersky Lab. Kaspersky DDoS intelligence report Q3 [R]. 2015.

    Google Scholar 

  54. Kaspersky Lab. Kaspersky DDoS intelligence report for Q4 [R]. 2015.

    Google Scholar 

  55. Kaspersky Lab. Kaspersky DDoS intelligence report for Q1 [R]. 2016.

    Google Scholar 

  56. Kaspersky Lab. Kaspersky DDoS intelligence report for Q2 [R]. 2016.

    Google Scholar 

  57. O. Kupreev, J. Strohschneider, A. Khalimonenko. Kaspersky DDOS intelligence report for Q3 [R]. 2016.

    Google Scholar 

  58. A. Khalimonenko, J. Strohschneider, O. Kupreev. DDoS attacks in Q4 2016 [R]. 2017.

    Google Scholar 

  59. A. Khalimonenko, O. Kupreev. DDOS attacks in Q1 2017 [R]. 2017.

    Google Scholar 

  60. A. Khalimonenko, O. Kupreev, T. Ibragimov. DDoS attacks in Q2 2017 [R]. 2017.

    Google Scholar 

  61. N. Kshetri, J. Voas. Banking on availability [J]. IEEE Computer (Long Beach Calif), 2017, 50(1): 76–80.

    Google Scholar 

  62. Y. J. Park, K. H. Lee. Constructing a secure hacking-resistant IoT Uhealthcare environment [J]. Journal of Computer Virology and Hacking Techniques, 2018, 14(1): 99–106.

    Google Scholar 

  63. D. Freet, R. Agrawal. A virtual machine platform and methodology for network data analysis with IDS and security visualization [C]//SoutheastCon, Charlotte, 2017: 1–8.

    Google Scholar 

  64. A. Gaurav, A. K. Singh. Super-Router: A collaborative filtering technique against DDoS attacks [C]//Advanced Informatics for Computing Research: First International Conference, Jalandhar, 2017: 294–305.

    Google Scholar 

  65. Y. Zhou, Y. Wang, J. Yu, et al. Load balancing for multiple controllers in SDN based on switches group [C]//19th Asia-Pacific Network Operations and Management Symposium (APNOMS), Seoul, 2017: 227–230.

    Google Scholar 

  66. L. Falk, A. Prakash, K. Borders. Analyzing websites for user-visible security design flaws [C]//Proceedings of 4th symposium on Usable privacy and security, Seoul, 2008: 117–126.

    Google Scholar 

  67. K. E. Smith. A Europea. Union global strategy for a changing world [J]. International Politics, 2017, 54(4): 503–518.

    Article  Google Scholar 

  68. J. Kwon, J. Lee, H. Lee, et al. PsyBoG: A scalable botnet detection method for large-scale DNS traffic [J]. Computer Networks, 2016, 97: 48–73.

    Article  Google Scholar 

  69. O. Y. Al-Jarrah, O. Alhussein, P. D. Yoo, et al. Data randomization and cluster-based partitioning for botnet intrusion detection [J]. IEEE Transactions on Cybernetics, 2016, 46(8): 1796–1806.

    Article  Google Scholar 

  70. V. Natarajan, S. Sheen, R. Anitha. Detection of Stegobot: A covert social network botnet [C]//Proceedings of 1st International Conference on Security of Internet of Things, Kollam, 2012: 36–41.

    Google Scholar 

  71. N. Venkatachalam, R. Anitha. A multi-feature approach to detect stegobot: A covert multimedia social network botnet [J]. Multimedia Tools and Applications, 2017, 76(4): 6079–6096.

    Article  Google Scholar 

  72. C. Dietz, A. Sperotto, G. Dreo, et al. How to achieve early botnet detection at the provider level [C]//Proceedings of 10th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security (AIMS), Munich, 2016: 142–146.

    Google Scholar 

  73. D. Zhao, I. Traore, B. Sayed, et al. Botnet detection based on traffic behavior analysis and flow intervals [J]. Computers & Security, 2013, 39(A): 2–16.

    Article  Google Scholar 

  74. T. S. Wang, H. T. Lin, W. T. Cheng, et al. DBod. Clustering and detecting DGA-based botnets using DNS traffic analysis [J]. Computers & Security, 2017, 64(C): 1–15.

    Article  Google Scholar 

  75. G. Kirubavathi, R. Anitha. Structural analysis and detection of android botnets using machine learning techniques [J]. International Journal of Information Security, 2018, 17(2): 153–167.

    Article  Google Scholar 

  76. A. J. Alzahrani, A. A. Ghorbani. SMS mobile botnet detection using a multi-agent system: research in progress [C]//Proceedings of 1st International Workshop on Agents and CyberSecurity (ACySE), Paris, 2014: 2.

    Book  Google Scholar 

  77. S. H. Li, Y. C. Kao, Z. C. Zhang, et al. A network behavior-based botnet detection mechanism using PSO and K-means [J]. ACM Transactions on Management Information Systems, 2015, 6(1): 3.

    Article  Google Scholar 

  78. Y. Lu, M. Wang. An easy defense mechanism against botnet-based DDoS flooding attack originated in SDN environment using sFlow [C]//Proceedings of 11th International Conference on Future Internet Technology (CFI), Nanjing, 2016: 14–20.

    Google Scholar 

  79. J. Liu, Y. Lai, S. Zhang. FL-GUARD: A detection and defense system for DDoS attack in SDN [C]//Proceedings of the 2017 International Conference on Cryptography, Security and Privacy (ICCSP), Wuhan, 2017: 107–111.

    Google Scholar 

  80. S. Misra, P. V. Krishna, H. Agarwal, et al. A learning automata based solution for preventing distributed denial of service in Internet of Things [C]//4th International Conference on Cyber, Physical and Social Computing (CPSCom), Dalian, 2011: 114–122.

    Google Scholar 

  81. P. K. Sharma, S. Y. Moon, D. Moon, et al. DFA-AD: A distributed framework architecture for the detection of advanced persistent threats [J]. Cluster Computing, 2017, 20(1): 597–609.

    Article  Google Scholar 

  82. F. Han, L. Xu, X. Yu, et al. Sliding-mode observers for real-time DDoS detection [C]//Proceedings of 11th IEEE Conference on Industrial Electronics and Applications (ICIEA), Hefei, 2016: 825–830.

    Google Scholar 

  83. A. S. Desai, D. P. Gaikwad. Real time hybrid intrusion detection system using signature matching algorithm and fuzzy-GA [C]//IEEE International Conference Advances in Electronics, Communication and Computer Technology (ICAECCT), Pune, 2016: 291–294.

    Google Scholar 

  84. K. Wang, M. Du, S. Maharjan, et al. Strategic honeypot game model for distributed denial of service attacks in the smart grid [J]. IEEE Transactions on Smart Grid, 2017, 8(5): 2474–2482.

    Article  Google Scholar 

  85. H. Luo, Z. Chen, J. Li, et al. Preventing distributed denial-of-service flooding attacks with dynamic path identifiers [J]. IEEE Transactions on Information Forensics and Security, 2017, 12(8): 1801–1815.

    Article  Google Scholar 

  86. A. Rajagopalan, M. Jagga, A. Kumari, et al. A DDoS prevention scheme for session resumption SEA architecture in healthcare IoT [C]//3rd International Conference on Computational Intelligence & Communication Technology (CICT), Ghaziabad, 2017: 1–5.

    Google Scholar 

  87. A. Sahi, D. Lai, Y. Li, et al. An efficient DDoS TCP flood attack detection and prevention system in a cloud environment [J]. IEEE Access, 2017, 5: 6036–6048.

    Google Scholar 

  88. P. Pal, N. Soule, N. Lageman, et al. Adaptive resource management enabling deception (ARMED) [C]//Proceedings of 12th International Conference on Availability, Reliability and Security (ARES), Reggio Calabria, 2017: 52.

    Book  Google Scholar 

  89. X. Yuan, C. Li, X. Li. DeepDefense: Identifying DDoS attack via deep learning [C]//IEEE International Conference on Smart Computing (SMARTCOMP), Selangor, 2017: 1–8.

    Google Scholar 

  90. M. Nijim, H. Albataineh, D. Rao, et al. FastDetict: A data mining engine for predicting and preventing DDoS attacks [C]//IEEE International Symposium on Technology for Homeland Security (HST), Waltham, 2017: 1–5.

    Google Scholar 

  91. A. Joshi, K. Agrawal, D. Arora, et al. Efficient content authentication in ad hoc networks-mitigating DDoS attacks [J]. International Journal of Computer Applications, 2011, 23(4): 35–39.

    Article  Google Scholar 

  92. O. Salman, S. Abdallah, I. H. Elhajj, et al. Identity-based authentication scheme for the Internet of things [C]//IEEE Symposium on Computers and Communication (ISCC), Natal, 2016: 1109–1111.

    Google Scholar 

  93. W. Feng, Y. Qin, S. Zhao, et al. AAoT. Lightweight attestation and authentication of low-resource things in IoT and CPS [J]. Computer Networks, 2018, 134: 167–182.

    Article  Google Scholar 

  94. H. Yu, J. He. Authentication and en-route data filtering for wireless sensor networks in the Internet of things scenario [J]. International Journal of Grid and Distributed Computing, 2013, 6(1): 1–12.

    Google Scholar 

  95. W. K. Kim, H. Y. Han, S. G. Min. An authentication and key management mechanism for resource constrained devices in IEEE 802.11 based IoT access Networks [J]. Sensors, 2017, 17(10): 2170.

    Article  Google Scholar 

  96. A. Lohachab, Karambir. Using quantum key distribution and ECC for secure inter-device authentication and communication in IoT infrastructure [C]//Proceedings of the International Conference on Internet of Things and Connected Technologies (ICIoTCT), Jaipur, 2018: 190–197.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ankur Lohachab.

Additional information

The associate editor coordinating the review of this paper and approving it for publication was C. Z. Lai.

Ankur Lohachab [corresponding author] received his B.Tech. degree in Computer Science and Engineering from Kurukshetra University, India, in 2015 and is currently pursuing his M.Tech. degree in Computer Science and Engineering from University Institute of Engineering and Technology, Kurukshetra University.

Bidhan Karambir is currently working as an Assistant Professor in the Department of Computer Science and Engineering, University Institute of Engineering and Technology, Kurukshetra University. He has over 20 publications in National and International journals. His major research domain is Software Engineering.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lohachab, A., Karambir, B. Critical Analysis of DDoS—An Emerging Security Threat over IoT Networks. J. Commun. Inf. Netw. 3, 57–78 (2018). https://doi.org/10.1007/s41650-018-0022-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41650-018-0022-5

Keywords

Navigation