Abstract
Distributed Denial of Service (DDoS) attacks, plague the Internet of Things (IoT)-enabled distributed communication network. To mitigate DDoS attacks on IoT many protocols have been suggested in earlier literature, but most of them are successful in mitigating attacks on one layer at any given time. This research work proposes a mechanism to mitigate DDoS attacks on multiple layers of IoT networks. An IoT wireless network has been simulated in NS2 for developing a mechanism to detect and mitigate such attacks. Defending against multi-layer DDoS attacks is tough since DDoS threats are introduced on several tiers of IoT communication networks. This research work presents a unique security strategy to evaluate, detect, and neutralize the behavior of attack nodes. The protocol named “Edge and Internet Layer DDoS Threats Detection and Mitigation” (EIDDM), has been proposed in this work, as most DDoS attacks are introduced on edge and internet layers of the IoT framework. The functionality of EIDDM is driven by Network tree analysis. Edge and internet layer trust factors are routinely assessed for each IoT communication system sensor node. These trust factors are used to analyze node activity and reputation in network tree form. The trust-based network tree analysis of each node first detects attacker nodes and then determines the type of DDoS threat and its underlying cause. IoT connectivity technologies related to attacking nodes are discontinued till DDoS attacks have been mitigated. The proposed EIDDM protocol has been evaluated for its efficiency in terms of throughput, latency, energy consumption, Packet Delivery Ratio (PDR), and communication overhead in simulations. EIDDM protocol has been surpassed other protocols. Earlier protocols had throughput in the range of 53–56% and PDR in the range of 75–80%, whereas for EIDDM these are increased by 6.5% and 14%, respectively. Earlier protocols had overhead in the range of 10–12% and average energy utilization in the range of 1706–1756 J, whereas the EIDDM protocol reduced communication overhead by 25% and average energy utilization by 6.6%.
Similar content being viewed by others
Data Availability
The datasets analysed during the current study are available from the corresponding author on reasonable request.
References
Mahajan, H. B., & Badarla, A. (2020). Detecting HTTP Vulnerabilities in IoT-based precision farming connected with cloud environment using artificial intelligence. International Journal of Advanced Science and Technology, 29(3), 214–226.
Alhayani, B., Kwekha-Rashid, A. S., Mahajan, H. B., et al. (2022). 5G Standards for the Industry 4.0 enabled communication systems using artificial intelligence: Perspective of smart healthcare system. Applied Nanoscience. https://doi.org/10.1007/s13204-021-02152-4
Mahajan, H. B., Rashid, A. S., Junnarkar, A. A., et al. (2022). Integration of Healthcare 4.0 and blockchain into secure cloud-based electronic health records systems. Applied Nanoscience. https://doi.org/10.1007/s13204-021-02164-0
Mahajan, H. B., & Badarla, A. (2018). Application of internet of things for smart precision farming: Solutions and challenges. International Journal of Advanced Science and Technology, 2018, 37–45.
Harbi, Y., Aliouat, Z., Harous, S., et al. (2019). A review of security in internet of things. Wireless Personal Communications, 108, 325–344. https://doi.org/10.1007/s11277-019-06405-y
Jurcut, A., Niculcea, T., Ranaweera, P., et al. (2020). Security considerations for internet of things: A survey. SN COMPUT. SCI., 1, 193. https://doi.org/10.1007/s42979-020-00201-3
Abiodun, O. I., Abiodun, E. O., Alawida, M., et al. (2021). A review on the security of the internet of things: Challenges and solutions. Wireless Personal Communications, 119, 2603–2637. https://doi.org/10.1007/s11277-021-08348-9
Aldowah, H., Ul Rehman, S., & Umar, I. (2019). Security in internet of things: Issues, challenges and solutions. In F. Saeed, N. Gazem, F. Mohammed, & A. Busalim (Eds.), Recent trends in data science and soft computing IRICT 2018. Cham: Springer.
Singh, D., Pati, B., Panigrahi, C. R., & Swagatika, S. (2020). Security issues in IoT and their Countermeasures in smart city applications. In B. Pati, C. Panigrahi, R. Buyya, & K. C. Li (Eds.), Advanced computing and intelligent engineering. Singapore: Springer.
Bhatt, S., & Ragiri, P. R. (2021). Security trends in internet of things: A survey. SN Applied Sciences, 3, 1–14. https://doi.org/10.1007/s42452-021-04156-9
Gautam, A. K., & Kumar, R. (2021). A comprehensive study on key management, authentication and trust management techniques in wireless sensor networks. SN Applied Science, 3, 50. https://doi.org/10.1007/s42452-020-04089-9
Sharma, M., Arora, B. (2021). Detection and Prevention of DoS and DDoS in IoT. In: Singh, P.K., Wierzchoń, S.T., Tanwar, S., Ganzha, M., Rodrigues, J.J.P.C. (eds) Proceedings of Second International Conference on Computing, Communications, and Cyber-Security, Springer, Singapore. https://doi.org/10.1007/978-981-16-0733-2_60.
Kumar, P., Bagga, H., Netam, B., & Uduthalapally, V. (2022). SAD-IoT: Security analysis of DDoS attacks in IoT networks. Wireless Personal Communications. https://doi.org/10.1007/s11277-021-08890-6
Malhotra, P., Singh, Y., Anand, P., Bangotra, D. K., Singh, P. K., & Hong, W.-C. (2021). Internet of things: Evolution concerns and security challenges. Sensors, 21(5), 1809. https://doi.org/10.3390/s21051809
Khraisat, A., & Alazab, A. (2021). A critical review of intrusion detection systems in the internet of things: Techniques, deployment strategy, validation strategy, attacks, public datasets and challenges. Cybersecur, 4, 18. https://doi.org/10.1186/s42400-021-00077-7
Yu, S. (2014). Distributed denial of service attack and defense. SpringerBriefs in Computer Science. https://doi.org/10.1007/978-1-4614-9491-1
Tabash, M., & Barhoom, T. (2014). An approach for detecting and preventing DoS attacks in LAN. International Journal of Computer Trends and Technology., 18, 265–271. https://doi.org/10.14445/22312803/IJCTT-V18P156
Francois, J., Aib, I., & Boutaba, R. (2012). FireCol: A collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Transactions on Networking, 20(6), 1828–1841. https://doi.org/10.1109/tnet.2012.2194508
Prasad, K. M., Reddy, A., & Jyothsna, V. (2012). IP traceback for flooding attacks on Internet threat monitors (ITM) using Honeypots. arXiv preprint arXiv:1202.4530.
Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069. https://doi.org/10.1109/surv.2013.031413.00127
Xiaofeng, Q., Jihong, H., & Ming, C. (2004). A mechanism to defend SYN flooding attack based on network measurement system. IEEE Explore, 33, 208–212. https://doi.org/10.1109/ITRE.2004.1393677
Wu, Y.-C., Tseng, H.-R., Yang, W., & Jan, R.-H. (2009). DDoS Detection and Traceback with Decision Tree and Grey Relational Analysis. In 2009 Third International Conference on Multimedia and Ubiquitous Engineering. https://doi.org/10.1109/mue.2009.60.
MacFarland, D. C., Shue, C. A., & Kalafut, A. J. (2015). Characterizing optimal DNS amplification attacks and effective mitigation. Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-319-15509-8_2
Dandare, P., & Chole, P. V. (2016). Detection of collision attacks and comparison of efficiency in wireless sensor network. International Journal of Engineering and Computer Science, 5(5), 16400–16406. https://doi.org/10.18535/ijecs/v5i5.13
Sufyan, N., Saqib, N. A., & Zia, M. (2013). Detection of jamming attacks in 802.11 b wireless networks. EURASIP Journal on Wireless Communications and Networking. https://doi.org/10.1186/1687-1499-2013-208
Rehman, E., Sher, M., Naqvi, S. H. A., Badar Khan, K., & Ullah, K. (2017). Energy efficient secure trust based clustering algorithm formobile wireless sensor network. Journal of Computer Networks and Communications, 2017, 1630673.
Mittal, N. (2019). Moth flame optimization based energy efficient stable clustered routing approach for wireless sensor networks. Wireless Personal Communications, 104(2), 677–694.
Sharma, R., Vashisht, V., & Singh, U. (2019). Nature Inspired Algorithms for Energy Efficient Clustering in Wireless Sensor Net-works. In 2019 9th International Conference on Cloud Computing, Data Science & Engineering (Confluence). https://doi.org/10.1109/confluence.2019.8776618.
Sharma, R., Vashisht, V., & Singh, U. (2019). EEFCM-DE: Energy efficient clustering based on fuzzy C Means and differential evolution algorithm in WSNs. IET Communications. https://doi.org/10.1049/iet-com.2018.5546
Pavani, M., & Trinatha Rao, P. (2019). Adaptive PSO with Opti-mized firefly algorithms for secure cluster based routing in wireless sensor networks. IET Wireless Sensor Systems. https://doi.org/10.1049/iet-wss.2018.5227
Gilbert, E. P. K., Baskaran, K., Rajsingh, E. B., Lydia, M., & Selvakumar, A. I. (2019). Trust aware nature inspired optimised rout-ing in clustered wireless sensor networks. International Journal of Bio-Inspired Computation, 14(2), 103. https://doi.org/10.1504/ijbic.2019.101637
Ramesh, S., & Yaashuwanth, C. (2019). Enhanced approach using trust based decision making for secured wireless streaming video sensor networks. Multimedia Tools and Applications. https://doi.org/10.1007/s11042-019-7585-5
Sharma, R., Vashisht, V., & Singh, U. (2020). eeTMFO/GA: A secure and energy efficient cluster head selection in wireless sensor networks. Telecommunication Systems. https://doi.org/10.1007/s11235-020-00654-0
Mahajan, H. B., Badarla, A., & Junnarkar, A. A. (2021). CL-IoT: Cross-layer Internet of Things protocol for intelligent manufacturing of smart farming. Journal of Ambient Intelligence and Humanized Computing, 12(7), 7777–7791. https://doi.org/10.1007/s12652-020-02502-0
Qureshi, S. G. & Shandilya, S. K. (2021). Advances in Cyber Security Paradigm: A Review. A. Abraham et al. (Eds.): HIS 2019, AISC 1179, pp. 268–276. https://doi.org/10.1007/978-3-030-49336-3_27.
Mahajan, H. B., & Badarla, A. (2021). Cross-layer protocol for WSN-Assisted IoT smart farming applications using nature inspired algorithm. Wireless Personal Communications. https://doi.org/10.1007/s11277-021-08866-6
Wang, J., Jiang, S., & Fapojuwo, A. (2017). A protocol layer trust-based intrusion detection scheme for wireless sensor networks. Sensors, 17(6), 1227. https://doi.org/10.3390/s17061227
Abidoye, A. P., & Ochola, E. O. (2018). Denial of service attacks in wireless sensor networks with proposed countermeasures. In S. Latifi (Ed.), Information Technology—New Generations. Cham: Springer.
Chen, H., Meng, C., Shan, Z., Fu, Z., & Bhargava, B. K. (2019). A novel Low-rate Denial of Service attack detection approach in ZigBee wireless sensor network by combining Hilbert-Huang Transformation and Trust Evaluation. IEEE Access. https://doi.org/10.1109/access.2019.2903816
Mohammadani, K. H., Memon, K. A., Memon, I., Hussaini, N. N., & Fazal, H. (2020). Preamble time-division multiple access fixed slot assignment protocol for secure mobile ad hoc networks. International Journal of Distributed Sensor Networks, 16(5), 155014772092162. https://doi.org/10.1177/1550147720921624
Segura, G. A. N., Skaperas, S., Chorti, A., Mamatas, L., & Margi, C. B. (2020). Denial of service attacks detection in software-defined wireless sensor networks. In 2020 IEEE International Conference on Communications Workshops (ICC Workshops). https://doi.org/10.1109/iccworkshops49005.2020.9145136.
Cheng, G., Zhao, L., Hu, X., Zheng, S., & wu, Hua & Li, Ruidong & Fan, Chengyu. (2019). Detecting and mitigating a sophisticated interest flooding attack in NDN from the network-wide view. IEEE First International Workshop on Network Meets Intelligent Computations (NMIC), 2019, 7–12. https://doi.org/10.1109/NMIC.2019.00007
Borgiani, V., Moratori, P., Kazienko, J. F., Tubino, E. R., & Quincozes, S. E. (2020). Towards a distributed approach for detection and mitigation of denial of service attacks within industrial internet of things. IEEE Internet of Things Journal. https://doi.org/10.1109/jiot.2020.3028652
Abidoye, A. P., & Kabaso, B. (2021). Lightweight models for detection of denial-of-service attack in wireless sensor networks. IET Networks, 10(4), 185–199. https://doi.org/10.1049/ntw2.12011
Akhbari, A., & Ghaffari, A. (2021). Selfish node detection based on fuzzy logic and Harris hawks optimization algorithm in IoT networks. Security and Communication Networks. https://doi.org/10.1155/2021/2658272
Farahani, G. (2021). Black hole attack detection using K-nearest neighbor algorithm and reputation calculation in mobile Ad Hoc networks. Security and Communication Networks, 2021, 1–15. https://doi.org/10.1155/2021/8814141
Anand, C., & Vasuki, N. (2021). Trust based DoS attack detection in wireless sensor networks for reliable data transmission. Wireless Personal Communications. https://doi.org/10.1007/s11277-021-08855-9
Nayak, R. P., Sethi, S., Bhoi, S. K., Sahoo, K. S., Jhanjhi, N., Tabbakh, T. A., & Almusaylim, Z. A. (2021). TBDDoSA-MD: Trust-based DDoS misbehave detection approach in software-defined vehicular network (SDVN). CMC-Computers, Materials & Continua, 69(3), 3513–3529. https://doi.org/10.32604/cmc.2021.018930
Awan, S., Javaid, N., Ullah, S., Khan, A. U., Qamar, A. M., & Choi, J.-G. (2022). Blockchain based secure routing and trust management in wireless sensor networks. Sensors, 22(2), 411. https://doi.org/10.3390/s22020411
Al-Zubaidie, M., Zhang, Z., & Zhang, J. (2020). REISCH: Incorporating lightweight and reliable algorithms into healthcare applications of WSNs. Applied Sciences, 10(6), 2007. https://doi.org/10.3390/app10062007
Rao, V., & KV, P. (2021). DEC-LADE: Dual elliptic curve-based lightweight authentication and data encryption scheme for resource constrained smart devices. IET Wireless Sensor Systems, 11(2), 91–109. https://doi.org/10.1049/wss2.12014
Gopala Krishnan, C., Gomathi, S., Aravind Swaminathan, G., Robinson, Y. H., & AnushaBamini, A. M. (2022). Trust management framework and high energy efficient lifetime management system for MANET using self-configurable cluster mechanism. Wireless Personal Communications. https://doi.org/10.1007/s11277-022-10048-x
Qureshi, S. G., Shandilya, S. K., Satapathy, S. C., et al. (2023). Nature-inspired decision support system for securing clusters of wireless sensor networks in advanced IoT environments. Wireless Personal Communications, 128, 67–88. https://doi.org/10.1007/s11277-022-09601-5
Mahajan, H. B., Junnarkar, A. A., Tiwari, M., Tiwari, T., & Upadhyaya, M. (2022). LCIPA: Lightweight clustering protocol for industry 4.0 enabled precision agriculture. Microprocessors and Microsystems, 94, 104633. https://doi.org/10.1016/j.micpro.2022.104633
Maranur, J. R., & Mathapati, B. (2023). ARPVP: Attack resilient position-based VANET protocol using ant colony optimization. Wireless Personal Communications, 128, 1235–1258. https://doi.org/10.1007/s11277-022-09997-0
Mahajan, H. B. (2022). Emergence of healthcare 4.0 and blockchain into secure cloud-based electronic health records systems: Solutions, challenges, and future roadmap. Wireless Personal Communications, 126(3), 2425–2446. https://doi.org/10.1007/s11277-022-09535-y
Beslin Pajila, P. J., Golden Julie, E., & Harold Robinson, Y. (2023). ABAP: Anchor node based DDoS attack detection using adaptive neuro-fuzzy inference system. Wireless Personal Communications, 128(2), 875–899. https://doi.org/10.1007/s11277-022-09980-9
Mahajan, H. B., Uke, N., Pise, P., et al. (2022). Automatic robot Manoeuvres detection using computer vision and deep learning techniques: A perspective of internet of robotics things (IoRT). Multimedia Tools Applied. https://doi.org/10.1007/s11042-022-14253-5
Wang, J. (2012). Advanced attack tree based intrusion detection. Loughborough: Loughborough University.
Wang, J., Phan, R. C.-W., Whitley, J. N., & Parish, D. J. (2010). Augmented Attack Tree Modeling of Distributed Denial of Services and Tree Based Attack Detection Method. In 2010 10th IEEE International Conference on Computer and Information Technology. https://doi.org/10.1109/cit.2010.185.
Jayashree, P., & Easwarakumar, D. K. (2008). An effective defence cum prevention of DDOS attacks in active networks using attribute trees. Journal of Ubiquitous Computing and Communication, Spl. issue on New Technologies, Mobility and Security, NTMS, pp 16–24.
Chen, Y., Hwang, K., & Ku, W. (2007). Distributed Change-Point Detection of DDoS Attacks: Experimental Results on DETER Testbed. In DETER: Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007, pages 7.
Funding
No Funding.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
All authors declares that they has no conflict of interest.
Ethical Approval
This article does not contain any studies with human participants performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Kumavat, K., Gomes, J. EIDDM: Edge and Internet Layer Distributed DoS Threats Detection and Mitigation for Internet of Things Wireless Communications. Wireless Pers Commun 131, 709–735 (2023). https://doi.org/10.1007/s11277-023-10453-w
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-023-10453-w