DDoS Reflection Attack Based on IoT: A Case Study

  • Marek Šimon
  • Ladislav Huraj
  • Tibor Horák
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 765)


Along with the rise of Internet of Things devices the threat of adopting the IoT devices for cyber-attacks has increased. The number of IoT devices would be more than a billion in the world. Communication potential of such amount of devices is robust and has become more and more interesting for hackers. Mainly DDoS (Distributed Denial of Service) attacks carried from IoT devices seem to be a preferred method of attacker last years.

This paper illustrates a special type of DDoS attack using commonly available IoT devices called reflection attack which does not need to compromise the IoT devices. In reflection attacks, the attacker tries to use an innocent third party item to send the attack traffic to a victim to launch a distributed flooding attack, and to hide the attackers’ own identity.

To demonstrate this type of attack, we consider the case of three categories of IoT devices: smart light-bulb (primarily used just for control of the intensity and color of the lights in a room), IP camera (digital video camera commonly employed for surveillance directly accessible over a network connection) and Raspberry Pi device (representing a single board computer). The paper demonstrates the potential of the IoT devices to be involved into such attack as well as first insight into communication traffic.


IoT devices DDoS attack Reflection attack 



The work was partly supported by the grant VEGA 1/0145/18 Optimization of network security by computational intelligence and partly by the grant KEGA 011UMB-4/2017 Increasing competencies in work with high performance computing ecosystem.


  1. 1.
    Srivastava, S., Pal, N.: Smart cities: the support for Internet of Things (IoT). Int. J. Comput. Appl. Eng. Sci. 6(1), 5–7 (2016)Google Scholar
  2. 2.
    Ölvecký, M., Gabriška, D.: Motion capture as an extension of web-based simulation. In: Applied Mechanics and Materials, vol. 513, pp. 827–833 (2014)CrossRefGoogle Scholar
  3. 3.
    Horváthová, D., Siládi, V., Lacková, E.: Phobia treatment with the help of virtual reality. In: 13th International Scientific Conference on Informatics, pp. 114–119. IEEE (2015)Google Scholar
  4. 4.
    Hosťovecký, M., Novák, M., Horváthová, Z.: Problem-based learning: serious game in science education. In: Proceedings of the 12th International Conference on e-Learning, ICEL 2017, pp. 303–310. ACPI 2017 (2017)Google Scholar
  5. 5.
    Suo, H., Wan, J., Zou, C., Liu, J.: Security in the Internet of Things: a review. In: International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 3, pp. 648–651. IEEE (2012)Google Scholar
  6. 6.
    Hesselman, C., et al.: SPIN: a user-centric security extension for in-home networks. SIDN Labs Technical report SIDN-TR-2017-002 (2017)Google Scholar
  7. 7.
    Luptáková, I.D., Pospíchal, J.: Community cut-off attack on malicious networks. In: Conference on Creativity in Intelligent Technologies and Data Science, pp. 697–708. Springer, Cham (2017)Google Scholar
  8. 8.
    Pishva, D.: IoT: their conveniences, security challenges and possible solutions. Adv. Sci. Technol. Eng. Syst. J. 2(3), 1211–1217 (2017)CrossRefGoogle Scholar
  9. 9.
    Raza, S., Wallgren, L., Voigt, T.: SVELTE: real-time intrusion detection in the Internet of Things. Ad Hoc Netw. 11(8), 2661–2674 (2013)CrossRefGoogle Scholar
  10. 10.
    Ronen, E., et al.: IoT goes nuclear: creating a ZigBee chain reaction. In: IEEE Symposium on Security and Privacy (SP), USA, pp. 195–212 (2017)Google Scholar
  11. 11.
    Halenar, I., Juhasova, B., Juhas, M.: Proposal of communication standardization of industrial networks in Industry 4.0. In: IEEE 20th Jubilee International Conference on Intelligent Engineering Systems (INES), pp. 119–124 (2016)Google Scholar
  12. 12.
    Habibi, J., Midi, D., Mudgerikar, A., Bertino, E.: Heimdall: mitigating the Internet of Insecure Things. IEEE Internet Things J. 4(4), 968–978 (2017)CrossRefGoogle Scholar
  13. 13.
    Singh, S., Gyanchandani, M.: Analysis of Botnet behavior using Queuing theory. Int. J. Comput. Sci. Commun. 1(2), 239–241 (2010)Google Scholar
  14. 14.
    Nizami, Y., Garcia-Palacios, E.: Internet of Thing. A proposed secured network topology. ISSC 2014/CIICT 2014, Limerick, pp. 274–279, June 2014Google Scholar
  15. 15.
    Sonar, K., Upadhyay, H.: A survey: DDOS attack on Internet of Things. Int. J. Eng. Res. Dev. 10(11), 58–63 (2014)Google Scholar
  16. 16.
    Berti-Equille, L., Zhauniarovich, Y.: Profiling DRDoS attacks with data analytics pipeline. In: ACM on Conference on Information and Knowledge Management, 6–10 November 2017, Singapore, pp. 1983–1986 (2017)Google Scholar
  17. 17.
    Perera, C., Liu, C.H., Jayawardena, S., Chen, M.: A survey on Internet of Things from industrial market perspective. IEEE Access 2, 1660–1679 (2014)CrossRefGoogle Scholar
  18. 18.
    Tekeoglu, A., Tosun, A.S.: Investigating security and privacy of a cloud-based wireless IP camera: NetCam. In: IEEE 24th International Conference on Computer Communication and Networks (ICCCN), USA, pp. 1–6 (2015)Google Scholar
  19. 19.
    Notra, S., Siddiqi, M., Gharakheili, H.H., Sivaraman, V., Boreli, R.: An experimental study of security and privacy risks with emerging household appliances. In: IEEE Conference on Communications and Network Security (CNS), USA, pp. 79–84 (2014)Google Scholar
  20. 20.
    Šimon, M., Huraj, L., Čerňanský, M.: Performance evaluations of IPTables firewall solutions under DDoS attacks. J. Appl. Math. Stat. Inform. 11(2), 35–45 (2015)CrossRefGoogle Scholar
  21. 21.
    Šimon, M., Huraj, L., Hosťovecký, M.: IPv6 network DDoS attack with P2P grid. In: Creativity in Intelligent, Technologies and Data Science, pp. 407–415. Springer (2015)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Applied Informatics and MathematicsUniversity of SS. Cyril and MethodiusTrnavaSlovakia
  2. 2.Faculty of Materials Science and Technology in Trnava, Institute of Applied Informatics, Automation and MechatronicsSlovak University of Technology in BratislavaTrnavaSlovakia

Personalised recommendations