With the proliferation of smart and connected mobile, wireless devices at the edge, Distributed Denial of Service (DDoS) attacks are increasing. Weak security, improper commissioning, and the fast, non-standardized growth of the IoT industry are the major contributors to the recent DDoS attacks, e.g., Mirai Botnet attack on Dyn and Memcached attack on GitHub. Similar to UDP/TCP flooding (common DDoS attack vector), request flooding attack is the primary DDoS vulnerability in the Named-Data Networking (NDN) architecture.In this paper, we propose PERSIA, a distributed request flooding prevention and mitigation framework for NDN-enabled ISPs, to ward-off attacks at the edge. PERSIA's edge-centric attack prevention mechanism eliminates the possibility of successful attacks from malicious end hosts. In the presence of compromised infrastructure (routers), PERSIA dynamically deploys an in-network mitigation strategy to minimize the attack's magnitude. Our experimentation demonstrates PERSIA's resiliency and effectiveness in preventing and mitigating DDoS attacks while maintaining legitimate users' quality of experience (> 99.92% successful packet delivery rate).
This content will become publicly available on December 1, 2023
A Survey of DDOS Attack Detection Techniques for IoT Systems Using BlockChain Technology
The Internet of Things (IoT) is a network of sensors that helps collect data 24/7 without human intervention. However, the network may suffer from problems such as the low battery, heterogeneity, and connectivity issues due to the lack of standards. Even though these problems can cause several performance hiccups, security issues need immediate attention because hackers access vital personal and financial information and then misuse it. These security issues can allow hackers to hijack IoT devices and then use them to establish a Botnet to launch a Distributed Denial of Service (DDoS) attack. Blockchain technology can provide security to IoT devices by providing secure authentication using public keys. Similarly, Smart Contracts (SCs) can improve the performance of the IoT–blockchain network through automation. However, surveyed work shows that the blockchain and SCs do not provide foolproof security; sometimes, attackers defeat these security mechanisms and initiate DDoS attacks. Thus, developers and security software engineers must be aware of different techniques to detect DDoS attacks. In this survey paper, we highlight different techniques to detect DDoS attacks. The novelty of our work is to classify the DDoS detection techniques according to blockchain technology. As a result, researchers can enhance their systems by using more »
- Award ID(s):
- Publication Date:
- NSF-PAR ID:
- Journal Name:
- Page Range or eLocation-ID:
- Sponsoring Org:
- National Science Foundation
More Like this
Researchers are looking into solutions to support the enormous demand for wireless communication, which has been exponentially increasing along with the growth of technology. The sixth generation (6G) Network emerged as the leading solution for satisfying the requirements placed on the telecommunications system. 6G technology mainly depends on various machine learning and artificial intelligence techniques. The performance of these machine learning algorithms is high. Still, their security has been neglected for some reason, which leaves the door open to various vulnerabilities that attackers can exploit to compromise systems. Therefore, it is essential to evaluate the security of machine learning algorithms to prevent them from being spoofed by malicious hackers. Prior research has shown that the decision tree is one of the most popular algorithms used by 80% of researchers for classification problems. In this work, we collect the dataset from a laboratory testbed of over 100 Internet of things (IoT) devices. The devices include smart cameras, smart light bulbs, Alexa, and others. We evaluate classifiers using the original dataset during the experiment and record a 98% accuracy. We then use the label-flipping attack approach to poison our dataset and record the output. As a result, flipping 10%, 20%, 30%, 40%,more »
The NTT (Nippon Telegraph and Telephone) Data Corporation report found that 80% of U.S. consumers are concerned about their smart home data security. The Internet of Things (IoT) technology brings many benefits to people's homes, and more people across the world are heavily dependent on the technology and its devices. However, many IoT devices are deployed without considering security, increasing the number of attack vectors available to attackers. Numerous Internet of Things devices lacking security features have been compromised by attackers, resulting in many security incidents. Attackers can infiltrate these smart home devices and control the home via turning off the lights, controlling the alarm systems, and unlocking the smart locks, to name a few. Attackers have also been able to access the smart home network, leading to data exfiltration. There are many threats that smart homes face, such as the Man-in-the-Middle (MIM) attacks, data and identity theft, and Denial of Service (DoS) attacks. The hardware vulnerabilities often targeted by attackers are SPI, UART, JTAG, USB, etc. Therefore, to enhance the security of the smart devices used in our daily lives, threat modeling should be implemented early on in developing any given system. This past Spring semester, Morgan State Universitymore »
Internet of Things (IoT) devices have been increasingly integrated into our daily life. However, such smart devices suffer a broad attack surface. Particularly, attacks targeting the device software at runtime are challenging to defend against if IoT devices use resource-constrained microcontrollers (MCUs). TrustZone-M, a TrustZone extension for MCUs, is an emerging security technique fortifying MCU based IoT devices. This paper presents the first security analysis of potential software security issues in TrustZone-M enabled MCUs. We explore the stack-based buffer overflow (BOF) attack for code injection, return-oriented programming (ROP) attack, heap-based BOF attack, format string attack, and attacks against Non-secure Callable (NSC) functions in the context of TrustZone-M. We validate these attacks using the Microchip SAM L11 MCU, which uses the ARM Cortex-M23 processor with the TrustZone-M technology. Strategies to mitigate these software attacks are also discussed.
The emerging Internet of Things (IoT) has increased the complexity and difficulty of network administration. Fortunately, Software-Defined Networking (SDN) provides an easy and centralized approach to administer a large number of IoT devices and can greatly reduce the workload of network administrators. SDN-based implementation of networks, however,has also introduced new security concerns, such as increasing number of DDoS attacks. This paper introduces an easy and lightweight defense strategy against DDoS attacks on IoT devices in a SDN environment using Markov Decision Process (MDP)in which optimal policies regarding handling network flows are determined with the intention of preventing DDoS attacks.