Information Diversity based Detection for ON-OFF Low Strength DDoS Attacks in Smart Home IoT
Pages 292 - 297
Abstract
In this paper, we propose a lightweight explainable machine learning approach that is device and attack-type agnostic and can detect IoT devices that are victims of low-intensity direct and reflective volumetric DDoS attacks launched in an ON-OFF manner. Specifically, our approach is based on a parameterized bio-inspired information-theoretic model that can capture small and subtle volumetric differences between attack versus benign byte volumes exchanged between IoT devices and the rest of the internet. Our approach has four main phases: (1) Feature Engineering involving a simple compression to achieve a universally reduced feature space for volumetric attacks; (2) Model Parameterization: identify appropriate parameters of a bio-inspired information-theoretic model and their appropriate pruned search spaces. (3) Parameter Learning: take a supervised approach for learning the optimal parameters of the explainable model using a local search. (4) Testing: We apply the learned parameters in the test set. For validation, we use real datasets from 4 different types of IoT devices containing seven different kinds of attacks and varying DDoS attack volumes. Furthermore, we employ strategies to counter the inherent biases in attacked datasets to ensure unbiased evaluation.
References
[1]
[1] M. Antonakakis et. al. “Understanding the Mirai Botnet", USENIX Security Symposium, 2017.
[2]
[2] M. Lyu, D. Sherratt, A. Sivanathan, H. Gharakheili, A. Radford, V. Sivaraman. “Quantifying the reflective DDoS attack capability of household IoT devices" ACM WiSec, pp. 46–51, 2017.
[3]
[3] M. Nobakht, C. Russell, W. Hu, A. Seneviratne, “IoT-NetSec: Policy-Based IoT Network Security Using OpenFlow" IEEE PerCom Workshops, pp. 955-960, 2019.
[4]
[4] A. Hamza, H. Gharakheili, T. Benson, V. Sivaraman, “Detecting Volumetric Attacks on IoT Devices via SDN-Based Monitoring of MUD Activity", ACM SOSR, 2019.
[5]
[5] O. Alrawi, C. Lever, M. Antonakakis, F. Monrose, “SoK: Security Evaluation of Home-Based IoT Deployments," IEEE Symposium on Security and Privacy (SP), pp. 1362-1380, 2019.
[6]
[6] A. Sivanathan, D. Sherratt, H. H. Gharakheili, A. Radford, C. Wijenayake, A. Vishwanath, V. Sivaraman, “Characterizing and classifying IoT traffic in smart cities and campuses," IEEE INFOCOM Workshops, pp. 559-564, 2017.
[7]
[7] [Online] Available at: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/ [Accessed 24 February 2020].
[8]
[8] A. Parmisano, S. Garcia, M. Erquiaga, ’IoT-23 Dataset: A labeled dataset of Malware and Benign IoT Traffic.’, Avast-AIC laboratory, Stratosphere IPS, Czech Technical University (CTU), Prague, Czech Republic, 2019.
[9]
[9] D. Scott, “Multivariate Density Estimation: Theory, Practice, and Visualization" Wiley, 1992.
[10]
[10] Y. Amar, H. Haddadi, R. Mortier, A. Brown, J. Colley, A. Crabtree, “An Analysis of Home IoT Network Traffic and Behaviour" arXiv:1803.05368, 2018.
[11]
[11] Y. Mirsky, T. Doitshman, Y. Elovici, A. Shabtai, “Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection", Network and Distributed System Security Symposium, 2018.
[12]
[12] H. AlSheakh, S. Bhattacharjee, “ Towards a Unified Trust Framework for Detecting Smart IoT Devices Under Attacks", IEEE MASS, 2020.
[13]
[13] L. Jost, “Entropy and diversity", Wiley Oikos, Vol. 112, pp. 363-375, 2006.
Index Terms
- Information Diversity based Detection for ON-OFF Low Strength DDoS Attacks in Smart Home IoT
Recommendations
DDoS attacks and defense mechanisms: classification and state-of-the-art
Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today's Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With ...
SENSS Against Volumetric DDoS Attacks
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications ConferenceVolumetric distributed denial-of-service (DDoS) attacks can bring any network to a halt. Because of their distributed nature and high volume, the victim often cannot handle these attacks alone and needs help from upstream ISPs. Today's Internet has no ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
January 2024
423 pages
ISBN:9798400716737
DOI:10.1145/3631461
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 January 2024
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
ICDCN '24
ICDCN '24: International Conference on Distributed Computing and Networking
January 4 - 7, 2024
Chennai, India
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 175Total Downloads
- Downloads (Last 12 months)173
- Downloads (Last 6 weeks)16
Reflects downloads up to 22 Feb 2025
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in