Securing Heterogeneous IoT with Intelligent DDoS Attack Behavior Learning

TL;DR

This paper introduces MECshield, a localized DDoS prevention framework for heterogeneous IoT networks that uses edge computing and machine learning to detect and mitigate attacks effectively.

Contribution

The paper presents MECshield, a novel edge-based DDoS mitigation system utilizing self-organizing maps for adaptive attack detection in heterogeneous IoT environments.

Findings

MECshield outperforms existing DDoS mitigation solutions.

The framework effectively localizes and prevents attacks in various IoT traffic scenarios.

Smart filters collaboratively detect attack behaviors with high accuracy.

Abstract

The rapid increase of diverse Internet of things (IoT) services and devices has raised numerous challenges in terms of connectivity, computation, and security, which networks must face in order to provide satisfactory support. This has led to networks evolving into heterogeneous IoT networking infrastructures characterized by multiple access technologies and mobile edge computing (MEC) capabilities. The heterogeneity of the networks, devices, and services introduces serious vulnerabilities to security attacks, especially distributed denial-of-service (DDoS) attacks, which exploit massive IoT devices to exhaust both network and victim resources. As such, this study proposes MECshield, a localized DDoS prevention framework leveraging MEC power to deploy multiple smart filters at the edge of relevant attack-source/destination networks. The cooperation among the smart filters is supervised by a central controller. The central controller localizes each smart filter by feeding appropriate training parameters into its self-organizing map (SOM) component, based on the attacking behavior. The performance of the MECshield framework is verified using three typical IoT traffic scenarios. The numerical results reveal that MECshield outperforms existing solutions.