DDoS Reflection Attack Based on IoT: A Case Study
Along with the rise of Internet of Things devices the threat of adopting the IoT devices for cyber-attacks has increased. The number of IoT devices would be more than a billion in the world. Communication potential of such amount of devices is robust and has become more and more interesting for hackers. Mainly DDoS (Distributed Denial of Service) attacks carried from IoT devices seem to be a preferred method of attacker last years.
This paper illustrates a special type of DDoS attack using commonly available IoT devices called reflection attack which does not need to compromise the IoT devices. In reflection attacks, the attacker tries to use an innocent third party item to send the attack traffic to a victim to launch a distributed flooding attack, and to hide the attackers’ own identity.
To demonstrate this type of attack, we consider the case of three categories of IoT devices: smart light-bulb (primarily used just for control of the intensity and color of the lights in a room), IP camera (digital video camera commonly employed for surveillance directly accessible over a network connection) and Raspberry Pi device (representing a single board computer). The paper demonstrates the potential of the IoT devices to be involved into such attack as well as first insight into communication traffic.
KeywordsIoT devices DDoS attack Reflection attack
The work was partly supported by the grant VEGA 1/0145/18 Optimization of network security by computational intelligence and partly by the grant KEGA 011UMB-4/2017 Increasing competencies in work with high performance computing ecosystem.
- 1.Srivastava, S., Pal, N.: Smart cities: the support for Internet of Things (IoT). Int. J. Comput. Appl. Eng. Sci. 6(1), 5–7 (2016)Google Scholar
- 3.Horváthová, D., Siládi, V., Lacková, E.: Phobia treatment with the help of virtual reality. In: 13th International Scientific Conference on Informatics, pp. 114–119. IEEE (2015)Google Scholar
- 4.Hosťovecký, M., Novák, M., Horváthová, Z.: Problem-based learning: serious game in science education. In: Proceedings of the 12th International Conference on e-Learning, ICEL 2017, pp. 303–310. ACPI 2017 (2017)Google Scholar
- 5.Suo, H., Wan, J., Zou, C., Liu, J.: Security in the Internet of Things: a review. In: International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 3, pp. 648–651. IEEE (2012)Google Scholar
- 6.Hesselman, C., et al.: SPIN: a user-centric security extension for in-home networks. SIDN Labs Technical report SIDN-TR-2017-002 (2017)Google Scholar
- 7.Luptáková, I.D., Pospíchal, J.: Community cut-off attack on malicious networks. In: Conference on Creativity in Intelligent Technologies and Data Science, pp. 697–708. Springer, Cham (2017)Google Scholar
- 10.Ronen, E., et al.: IoT goes nuclear: creating a ZigBee chain reaction. In: IEEE Symposium on Security and Privacy (SP), USA, pp. 195–212 (2017)Google Scholar
- 11.Halenar, I., Juhasova, B., Juhas, M.: Proposal of communication standardization of industrial networks in Industry 4.0. In: IEEE 20th Jubilee International Conference on Intelligent Engineering Systems (INES), pp. 119–124 (2016)Google Scholar
- 13.Singh, S., Gyanchandani, M.: Analysis of Botnet behavior using Queuing theory. Int. J. Comput. Sci. Commun. 1(2), 239–241 (2010)Google Scholar
- 14.Nizami, Y., Garcia-Palacios, E.: Internet of Thing. A proposed secured network topology. ISSC 2014/CIICT 2014, Limerick, pp. 274–279, June 2014Google Scholar
- 15.Sonar, K., Upadhyay, H.: A survey: DDOS attack on Internet of Things. Int. J. Eng. Res. Dev. 10(11), 58–63 (2014)Google Scholar
- 16.Berti-Equille, L., Zhauniarovich, Y.: Profiling DRDoS attacks with data analytics pipeline. In: ACM on Conference on Information and Knowledge Management, 6–10 November 2017, Singapore, pp. 1983–1986 (2017)Google Scholar
- 18.Tekeoglu, A., Tosun, A.S.: Investigating security and privacy of a cloud-based wireless IP camera: NetCam. In: IEEE 24th International Conference on Computer Communication and Networks (ICCCN), USA, pp. 1–6 (2015)Google Scholar
- 19.Notra, S., Siddiqi, M., Gharakheili, H.H., Sivaraman, V., Boreli, R.: An experimental study of security and privacy risks with emerging household appliances. In: IEEE Conference on Communications and Network Security (CNS), USA, pp. 79–84 (2014)Google Scholar
- 21.Šimon, M., Huraj, L., Hosťovecký, M.: IPv6 network DDoS attack with P2P grid. In: Creativity in Intelligent, Technologies and Data Science, pp. 407–415. Springer (2015)Google Scholar