Generating Synthetic Data for Real World Detection of DoS Attacks in the IoT

  • Luca ArnaboldiEmail author
  • Charles Morisset
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11176)


Denial of service attacks are especially pertinent to the internet of things as devices have less computing power, memory and security mechanisms to defend against them. The task of mitigating these attacks must therefore be redirected from the device onto a network monitor. Network intrusion detection systems can be used as an effective and efficient technique in internet of things systems to offload computation from the devices and detect denial of service attacks before they can cause harm. However the solution of implementing a network intrusion detection system for internet of things networks is not without challenges due to the variability of these systems and specifically the difficulty in collecting data. We propose a model-hybrid approach to model the scale of the internet of things system and effectively train network intrusion detection systems. Through bespoke datasets generated by the model, the IDS is able to predict a wide spectrum of real-world attacks, and as demonstrated by an experiment construct more predictive datasets at a fraction of the time of other more standard techniques.


  1. 1.
    Farnell element14, calculating battery life in IoT applications (2017).
  2. 2.
    Hulk, web: server dos tool - confessions of a dangerous mind, February 2013.
  3. 3.
    Andova, S.: Probabilistic process algebra. Technische Universiteit Eindhoven (2002)Google Scholar
  4. 4.
    Arnaboldi, L., Morisset, C.: Quantitative analysis of dos attacks and client puzzles in IoT systems. In: Security and Trust Management STM (2017)Google Scholar
  5. 5.
    Baier, C., Katoen, J.P., Larsen, K.G.: Principles of Model Checking. MIT Press, Cambridge (2008)zbMATHGoogle Scholar
  6. 6.
    Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutor. 16, 303–336 (2014)CrossRefGoogle Scholar
  7. 7.
    Böhme, R., Félegyházi, M.: Optimal information security investment with penetration testing. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds.) GameSec 2010. LNCS, vol. 6442, pp. 21–37. Springer, Heidelberg (2010). Scholar
  8. 8.
    Buennemeyer, T.K., Gora, M., Marchany, R.C., Tront, J.G.: Battery exhaustion attack detection with small handheld mobile computers. In: Portable Information Devices (2007)Google Scholar
  9. 9.
    Fruth, M.: Formal methods for the analysis of wireless network protocols. Oxford University (2011)Google Scholar
  10. 10.
    Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of Things (IoT): a vision, architectural elements, and future directions. Futur. Gener. Comput. Syst. 29, 1645–1660 (2013)CrossRefGoogle Scholar
  11. 11.
    Guillen, E., Sánchez, J., Paez, R.: Inefficiency of IDS static anomaly detectors in real-world networks. Future Internet 7(2), 94–109 (2015)CrossRefGoogle Scholar
  12. 12.
    Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978)CrossRefGoogle Scholar
  13. 13.
    Kwiatkowska, M., Norman, G., Parker, D.: PRISM: probabilistic symbolic model checker. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 200–204. Springer, Heidelberg (2002). Scholar
  14. 14.
    Liang, L., Zheng, K., Sheng, Q., Huang, X.: A denial of service attack method for an IoT system. In: Information Technology in Medicine and Education, pp. 360–364. IEEE (2016)Google Scholar
  15. 15.
    Mell, P., Hu, V., Lippmann, R., Haines, J., Zissman, M.: An overview of issues in testing intrusion detection systems (2003)Google Scholar
  16. 16.
    Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security). Prentice Hall PTR, Upper Saddle River (2004)Google Scholar
  17. 17.
    Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN 2002, vol. 2, pp. 1702–1707. IEEE (2002)Google Scholar
  18. 18.
    Roesch, M., et al.: Snort: lightweight intrusion detection for networks. LISA 99, 229–238 (1999)Google Scholar
  19. 19.
    Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57, 2266–2279 (2013)CrossRefGoogle Scholar
  20. 20.
    Safavian, S.R., Landgrebe, D.: A survey of decision tree classifier methodology. IEEE Trans. Syst. Man Cybern. 21(3), 660–674 (1991)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Security, O.: Exploitdb: offensive security’s exploit database. Archive (2009).
  22. 22.
    Suo, H., Wan, J., Zou, C., Liu, J.: Security in the internet of things: a review, vol. 3, pp. 648–651. IEEE (2012)Google Scholar
  23. 23.
    Talpade, R., Madhani, S., Mouchtaris, P., Wong, L.: Mitigating denial of service attacks, 29 January 2003. US Patent App. 10/353,527Google Scholar
  24. 24.
    Zhang, G.P.: Neural networks for classification: a survey. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 30(4), 451–462 (2000)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of ComputingNewcastle UniversityNewcastle upon TyneUK

Personalised recommendations