Timely Detection and Mitigation of Stealthy DDoS Attacks via IoT Networks

TL;DR

This paper presents a novel anomaly-based intrusion detection system designed to detect and mitigate stealthy IoT-based DDoS attacks, specifically Mongolian DDoS, even with very low attack sizes per source.

Contribution

It introduces a new IDS tailored for IoT networks that effectively detects and mitigates low-intensity, distributed DDoS attacks, addressing a critical security gap.

Findings

Effective detection of stealthy DDoS attacks demonstrated

Mitigation capabilities confirmed through experiments

Detects attacks with minimal source attack size

Abstract

Internet of Things (IoT) networks consist of sensors, actuators, mobile and wearable devices that can connect to the Internet. With billions of such devices already in the market which have significant vulnerabilities, there is a dangerous threat to the Internet services and also some cyber-physical systems that are also connected to the Internet. Specifically, due to their existing vulnerabilities IoT devices are susceptible to being compromised and being part of a new type of stealthy Distributed Denial of Service (DDoS) attack, called Mongolian DDoS, which is characterized by its widely distributed nature and small attack size from each source. This study proposes a novel anomaly-based Intrusion Detection System (IDS) that is capable of timely detecting and mitigating this emerging type of DDoS attacks. The proposed IDS's capability of detecting and mitigating stealthy DDoS attacks with even very low attack size per source is demonstrated through numerical and testbed experiments.