Abstract
The paper presents the threats that are present in Internet of Things (IoT) systems and how they can be used to perpetuate a large scale DDoS attack. The paper investigates how the Cumulative Sum (CUSUM) algorithm can be used to detect a DDoS attack originating from an IoT system, and how the performance of the algorithm is affected by its tuning parameters and various network attack intensities. The performance of the algorithm is measured against the trade-off between the algorithm’s detection rate, false alarm and detection delay. The performance results are analysed and discussed and avenues for future work are provided.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Uckelmann, D., Harrison, M., Michahelles, F.: An architectural approach towards the future internet of things. In: Architecting the Internet of Things (2011)
Weber, R.H.: Internet of things-new security and privacy challenges. Comput. Law Secur. Rev. 26(1), 23–30 (2010)
Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutorials 15(4), 2046–2069 (2013)
Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion detection: a survey. In: Managing Cyber Threats (2005)
Bhattacharyya, D.K., Kalita, J.K.: Network Anomaly Detection A Machine Learning Perspective. CRC Press, Boca Raton (2013)
Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29(1), 124–140 (2010)
Siris, V.A., Papagalou, F.: Application of anomaly detection algorithms for detecting SYN flooding attacks. Comput. Commun. 29(9), 1433–1442 (2006)
Tartakovsky, A.G., Rozovskii, B.L., Blazek, R.B., Kim, H.: A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE Trans. Signal Process. 54(9), 3372–3382 (2006)
Tartakovsky, A.G., Polunchenko, A.S., Sokolov, G.: Efficient computer network anomaly detection by change point detection methods. IEEE J. Sel. Top. Sign. Process. 7(1), 4–11 (2013)
Basseville, M., Nikiforov, I.V.: Detection of Abrupt Changes: Theory and Application, vol. 104. Prentice Hall, Englewood Cliffs (1993)
Poor, H.V., Hadjiliadis, O.: Quickest Detection, vol. 40. Cambridge University Press, New York (2009)
Carl, G., Kesidis, G., Brooks, R.R., Rai, S.: Denial-of-service attack-detection techniques. IEEE Internet Comput. 10(1), 82–89 (2006)
Page, E.: Continuous inspection schemes. Biometrika 41, 100–115 (1954)
Bo, C., Fang, B., Yun, X.: A new approach for early detection of internet worms based on connection degree. In: Proceedings of 2005 International Conference on Machine Learning and Cybernetics (2005)
Dainotti, A., Pescapé, A., Ventre, G.: Wavelet-based detection of DoS attacks. In: Global Telecommunications Conference, GLOBECOM 2006. IEEE (2006)
Wang, H., Zhang, D., Shin, K.G.: Detecting SYN flooding attacks. In: Proceedings of Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies INFOCOM 2002, IEEE (2002). doi:10.1109/INFCOM.2002.1019404
Machaka, P., Bagula, A., De Wet, N.: A highly scalable monitoring tool for wi-fi networks. In: 2012 IEEE 1st International Symposium on Wireless Systems (IDAACS-SWS) (2012)
Machaka, P., Bagula, A.: An investigation of scalable anomaly detection techniques for a large network of wi-fi hotspots. In: Jung, J.J., Badica, C., Kiss, A. (eds.) INFOSCALE 2014. LNICST, vol. 139. Springer, Heidelberg (2014). doi:10.1007/978-3-319-16868-5
Tran, D.Q., Nguyen, M.H.: Drought monitoring: a performance investigation of three machine learning techniques. In: Vinh, P.C., Alagar, V., Vassev, E., Khare, A. (eds.) ICCASA 2013. LNICST, vol. 128, pp. 47–56. Springer, Heidelberg (2014)
Bagula, A., Machaka, P., Mabande, T.: Monitoring of a large Wi-Fi hotspots network: performance investigation of soft computing techniques. In: Hart, E., Timmis, J., Mitchell, P., Nakamo, T., Dabiri, F. (eds.) BIONETICS 2011. LNICST, vol. 103, pp. 155–162. Springer, Heidelberg (2012)
Bagula, A., Machaka, P.: Preemptive performance monitoring of a large network of Wi-Fi Hotspots: an artificial immune system. In: Masip-Bruin, X., Verchere, D., Tsaoussidis, V., Yannuzzi, M. (eds.) WWIC 2011. LNCS, vol. 6649, pp. 494–504. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Machaka, P., McDonald, A., Nelwamondo, F., Bagula, A. (2016). Using the Cumulative Sum Algorithm Against Distributed Denial of Service Attacks in Internet of Things. In: Vinh, P., Alagar, V. (eds) Context-Aware Systems and Applications. ICCASA 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 165. Springer, Cham. https://doi.org/10.1007/978-3-319-29236-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-29236-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29235-9
Online ISBN: 978-3-319-29236-6
eBook Packages: Computer ScienceComputer Science (R0)