Abstract
A distributed denial of service (DDoS) attack is an attempt to partially or completely shut down the targeted server with a flood of internet traffic. The primary aim of this attack is to disrupt regular traffic flow to the victim’s server or network. DDoS attacks are volumetric attacks, and non-legacy IoT devices with low security such as webcams, baby monitoring devices and printers are compromised to form a botnet. High traffic from compromised IoT devices is rerouted to servers to disrupt their regular services. DDoS attacks are to an extent covered in the research literature. However, existing research do not discuss all DDoS attacks on general servers and botnet attacks on IoT devices and suggest few detection and mitigation solutions which are limited to addressing attacks on the cloud environment. Existing survey focuses either on the cloud layer or the IoT layer. A complete survey of DDoS attacks for both IoT and the cloud environment is not present in the current literature. Our survey is a comprehensive approach which includes general DDoS attack motivations and specific reasons why attackers prefer IoT devices to launch DDoS attacks. Various attack methods to compromise IoT devices and tools used to deploy botnet-infected IoT devices for DDoS attacks on the cloud layer are presented. A detailed attack classification on IoT devices and the cloud environment is presented considering that IoT devices are first compromised and then used by attackers against their primary targets on the cloud layer. Various state-of-the-art defense measures in the current literature for defense against DDoS attacks are present. Suggestions to implement an essential first line of defense for IoT devices are suggested. Our paper, to the best of our knowledge, is first to provide a holistic study of DDoS attacks from IoT devices to the cloud environment.
Similar content being viewed by others
References
Douligeris C, Mitrokotsa A (2004) DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput Netw 44(5):643–666
Kolias C, Kambourakis G, Stavrou A, Voas J (2017) DDoS in the IoT: mirai and other botnets. Computer 50(7):80–84
Jerkins JA (2017) Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code. In: 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), pp 1–5
Waterman S (2017) DDoS attacks growing faster in size, complexity—Arbor report. https://edscoop.com/ddos-attacks-growing-faster-in-size-complexity-arbor-report/. Accessed Dec 2018
Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018. https://www.gartner.com/newsroom/id/3869181. Accessed Dec 2018
Industries most frequently targeted by denial of service (DDoS) attacks worldwide as of 4th quarter 2017 (https://www.statista.com/statistics/440600/ddos-attack-traffic-by-industry/). Accessed 9 Nov 2018
Kamboj P, Trivedi MC, Yadav VK, Singh VK (2017) Detection techniques of DDoS attacks: a survey. In: 2017 4th IEEE Uttar Pradesh Section International Conference on Electrical, Computer and Electronics (UPCON), Mathura, pp 675–679
Mallikarjunan KN, Muthupriya K, Shalinie SM (2016) A survey of distributed denial of service attack. In: 2016 10th International Conference on Intelligent Systems and Control (ISCO), Coimbatore, pp 1–6
Bhardwaj A, Subrahmanyam GVB, Avasthi V, Sastry H, Goundar S (2016) DDoS attacks, new DDoS taxonomy and mitigation solutions—a survey. In: 2016 International Conference on Signal Processing, Communication, Power and Embedded System (SCOPES), Paralakhemundi, pp 793–798
Rai A, Challa RK (2016) Survey on recent DDoS mitigation techniques and comparative analysis. In: 2016 Second International Conference on Computational Intelligence & Communication Technology (CICT), Ghaziabad, pp 96–101
Divyasree IR, Selvamani K (2017) Defeating the distributed denial of service attack in cloud environment: a survey. In: 2017 International Conference on Circuit, Power and Computing Technologies (ICCPCT), Kollam, pp 1–8
Vempati J, Dantu R, Thompson M (2018) Uninterrupted video surveillance in the face of an attack. In: 2018 17th IEEE International Conference On Trust, Security and Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), New York, NY, pp 843–848
Praseed A, Thilagam PS, In: IEEE Communications Surveys & Tutorials on DDoS Attacks at the Application Layer: Challenges and Research Perspectives for Safeguarding Web Applications
Mansfield-Devine S (2016) DDoS goes mainstream: how headline-grabbing attacks could make this threat an organisation’s biggest nightmare. Netw Secur 2016(11):7–13
Nazario Jose (2008) DDoS attack evolution. Netw Secur 2008(7):7–10
Dramatic Increase of DDoS Attack Sizes Attributed to IoT Devices (https://www.bleepingcomputer.com/news/security/dramatic-increase-of-ddos-attack-sizes-attributed-to-iot-devices/). Accessed 3 Dec 2018
Behal S, Saluja K (2017) Characterization and comparison of DDoS attack tools and traffic generators -a review. Int J Netw Secur 19(3):383–393
Yadav S, Selvakumar S (2015) Detection of application layer DDoS attack by modeling user behavior using logistic regression. In: 2015 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Noida, pp 1–6
Sauter M (2013) “LOIC Will Tear Us Apart”: the impact of tool design and media portrayals in the success of activist DDOS attacks. Am Behav Sci 57(7):983–1007
Mansfield-Devine S (2011) Anonymous: serious threat or mere annoyance? Netw Secur 2011(1):4–10
Dantas YG, Nigam V, Fonseca IE (2014) A selective defense for application layer DDoS attacks. In: 2014 IEEE Joint Intelligence and Security Informatics Conference, The Hague, pp 75–82
Osanaiye O, Choo K-KR, Dlodlo M (2016) Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework. J Netw Comput Appl 67:147–165
Badve OP, Gupta BB (2016) Taxonomy of recent DDoS attack prevention, detection, and response schemes in cloud environment. In: Proceedings of the International Conference on Recent Cognizance in Wireless Communication & Image Processing. Springer, pp 683–693
Apiecionek L, Makowski W (2015) Firewall rule with token bucket as a DDoS protection tool. In: 2015 IEEE 13th International Scientific Conference on Informatics, Poprad, pp 32–35
Iyengar NChSN, Banerjee A, Ganapath G (2014) A fuzzy logic based defense mechanism against distributed denial of services attack in cloud environment. Int J Commun Netw Inf Secur 6(3):233
Kumar G (2016) Denial of service attacks—an updated perspective. Syst Sci Control Eng 4(1):285–294
Ye K, Liu Y, Xu G, Xu CZ (2018) Fault injection and detection for artificial intelligence applications in container-based clouds. In: Luo M, Zhang LJ (eds) Cloud computing—CLOUD 2018: CLOUD 2018, vol 10967. Lecture notes in computer science. Springer, Cham
Specht SM, Lee RB (2004) Distributed denial of service: taxonomies of attacks, tools, and countermeasures. In: Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems, 2004 International Workshop on Security in Parallel and Distributed Systems, pp 543–550
Kiruthika Devi BS, Saglani VJ, Gupta AV, Subbulakshmi T (2018) Classifying and predicting DoS and DDoS attacks on cloud services. In: 2018 2nd International Conference on Trends in Electronics and Informatics (ICOEI), Tirunelveli, India, pp 1–5
Bhuyan MH, Bhattacharyya DK, Kalita JK (2015) An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recogn Lett 51:1–7
Acharya AA, Arpitha KM, Santhosh Kumar BJ (2016) An intrusion detection system against UDP flood attack and ping of death attack (DDOS) in MANET. Int J Eng Technol (IJET) 8(2):1112–1115
Saied A, Overill RE, Radzik T (2016) Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172:385–393
Gupta N, Jain A, Saini P, Gupta V (2016) DDoS attack algorithm using ICMP flood. In: 2016 3rd International Conference on Computing for Sustainable Global Development, pp 4082–4084
Hoque N, Bhattacharyya DK, Kalita JK (2015) Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tutor 17(4):2242–2270
Phan TV, Van Toan T, Van Tuyen D, Huong TT, Thanh NH (2016) OpenFlowSIA: an optimized protection scheme for software-defined networks from flooding attacks. In: 2016 IEEE Sixth International Conference on Communications and Electronics (ICCE), Ha Long, pp 13–18
Phan TV, Bao NK, Park M (2016) A novel hybrid flow-based handler with DDoS attacks in software-defined networking. In: 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress, pp 350–357
Czyz J, Kallitsis M, Gharaibeh M, Papadopoulos C, Bailey M, Karir M (2014) Taming the 800 pound gorilla: the rise and decline of NTP DDoS attacks. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp 435–448
Kawamura T, Fukushi M, Hirano Y, Fujita Y, Hamamoto Y (2017) An NTP-based detection module for DDoS attacks on IoT. In: IEEE International Conference on Consumer Electronics, Taiwan, pp 15–16
Zand A, Modelo-Howard G, Tongaonkar A, Lee SJ, Kruegel C, Vigna G (2017) Demystifying DDoS as a service. IEEE Commun Mag 55(7):14–21
Bawany NZ, Shamsi JA, Salah K (2017) DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab J Sci Eng 42(2):425–441
Afek Y, Bremler-Barr A, Cohen E, Feibish SL, Shagam M (2016) Efficient distinct heavy hitters for DNS DDoS attack detection. Cryptography and Security
Choi S, Kwak J (2017) A study on reduction of DDoS amplification attacks in the UDP-based CLDAP protocol. In: 2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT), Kuta Bali, pp 1–4
Ko I, Chambers D, Barrett E (2018) A lightweight DDoS attack mitigation system within the ISP domain utilising self-organizing map. Proc Future Technol Conf (FTC) 881:173–188
Nagy B, Orosz P, Varga P (2017) Low-reaction time FPGA-based DDoS detector. In: NOMS 2018—2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, pp 1–2
Shah D, Kumar V (2018) TCP SYN cookie vulnerability. Networking and Internet Architecture
Mohammadi R, Javidan R, Conti M (2017) SLICOTS: an SDN-based lightweight countermeasure for TCP SYN flooding attacks. IEEE Trans Netw Serv Manage 14(2):487–497
Yan Q, Huang W, Luo X, Gong Q, Yu FR (2018) A multi-level DDoS mitigation framework for the industrial internet of things. IEEE Commun Mag 56(2):30–36
Choi J, Choi C, Ko B, Kim P (2014) A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment. Soft Comput 18(9):1697–1703
Singh K, Singh P, Kumar K (2017) Application layer HTTP-GET flood DDoS attacks: research landscape and challenges. Comput Secur 65:344–372
Ehlert S, Geneiatakis D, Magedanz T (2010) Survey of network security systems to counter SIP-based denial-of-service attacks. Comput Secur 29(2):225–243
Geneiatakis D, Vrakas N, Lambrinoudakis C (2009) Utilizing bloom filters for detecting flooding attacks against SIP based services. Comput Secur 28(7):578–591
Rafique MZ, Akbar MA, Farooq M (2009) Evaluating DoS attacks against sip-based VoIP systems. In: IEEE Global Telecommunications Conference, Honolulu, HI, pp 1–6
Tripathi N, Hubballi N, Singh Y (2016) How secure are web servers? An empirical study of slow HTTP DoS attacks and detection. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), Salzburg, pp 454–463
Cambiaso E, Papaleo G, Aiello M (2012) Taxonomy of slow DoS attacks to web applications. In: Recent Trends in Computer Networks and Distributed Systems Security, (CCIS), pp 195–204
Damon E, Dale J, Laron E, Mache J, Land N, Weiss R (2012) Hands-on denial of service lab exercises using SlowLoris and RUDY. In: Proceedings of the 2012 Information Security Curriculum Development Conference, ACM, pp 21–29
Yaar A, Perrig A, Song D (2004) SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks. IEEE Symposium on Security and Privacy, 2004. Proceedings. pp 130–143
Chapade SS, Pandey KU, Bhade DS (2013) Securing cloud servers against flooding based DDOS attacks. In: 2013 International Conference on Communication Systems and Network Technologies, Gwalior, pp 524–528
Srivastava A, Gupta BB, Tyagi A, Sharma A, Mishra A (2011) A recent survey on DDoS attacks and defense mechanisms. In: International Conference on Parallel Distributed Computing Technologies and Applications, Berlin, pp 570–580
Mahjabin T, Xiao Y, Sun G, Jiang W (2017) A survey of distributed denial-of-service attack, prevention, and mitigation techniques. Int J Distrib Sens Netw 13:1550147717741463
Stone R (2000) CENTERTRACK: An IP overlay network for tracking DoS floods. In: USENIX Security Symposium
Elleithy KM, Blagovic D, Cheng WK, Sideleau P (2005) Denial of service attack techniques: analysis, implementation and comparison. J Syst Cybern Inform 3(1):66–71
Nagy B, Orosz P, Tóthfalusi T, Kovács L, Varga P (2018) Detecting DDoS attacks within milliseconds by using FPGA-based hardware acceleration. In: NOMS 2018—2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, pp 1–4
Zakaria N, Shamsi BA, Salah K (2017) DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab J Sci Eng 42(2):425–441
Wankhede SB, Study of network-based DoS attacks. In: Nanoelectronics, Circuits and Communication Systems. Lecture Notes in Electrical Engineering, vol 511. Springer
Patel J, Katkar, A multi-classifiers based novel DoS/DDoS attack detection using fuzzy logic. In: Proceedings of International Conference on ICT for Sustainable Development. Advances in Intelligent Systems and Computing, vol 409. Springer
Mathew A, Terence JS (2017) A survey on various detection techniques of sinkhole attacks in WSN. In: 2017 International Conference on Communication and Signal Processing (ICCSP), Chennai, pp 1115–1119
Sejaphala LC, Velempini M (2017) Detection algorithm of sinkhole attack in software-defined wireless sensor cognitive radio networks. 2017 Global Wireless Summit (GWS), Cape Town, pp 151–154
Kaur M, Singh A (2016) Detection and mitigation of sinkhole attack in wireless sensor network. In: 2016 International Conference on Micro-Electronics and Telecommunication Engineering (ICMETE), Ghaziabad, pp 217–221
Mosenia A, Jha NK (2017) A comprehensive study of security of internet-of-things. IEEE Trans Emerg Top Comput 5(4):586–602
Hussain R, Abdullah I (2018) Review of different encryptionand decryption techniques used for security and privacy of IoT in different applications. In: 2018 IEEE International Conference on Smart Energy Grid Engineering (SEGE), Oshawa, ON, pp 293–297
Jain A, Jain S (2018) A survey on miscellaneous attacks and countermeasures for RPL routing protocol in IoT. Emerg Technol Data Min Inf Secur 814:611–620
Mehta R, Parmar MM (2018) Trust based mechanism for Securing IoT Routing Protocol RPL against Wormhole &Grayhole Attacks. In: 2018 3rd International Conference for Convergence in Technology (I2CT), Pune, pp 1–6
Shukla P (2017) ML-IDS: a machine learning approach to detect wormhole attacks in Internet of Things. In: 2017 Intelligent Systems Conference (IntelliSys), London, pp 234–240
Ahsan MS, Bhutta MNM, Maqsood M (2017) Wormhole attack detection in routing protocol for low power lossy networks. In: 2017 International Conference on Information and Communication Technologies (ICICT), Karachi, pp 58–67
Rajan A, Jithish J, Sankaran S (2017) Sybil attack in IOT: Modelling and defenses. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Udupi, pp 2323–2327
Valarmathi ML, Meenakowshalya A, Bharathi A (2016) Robust Sybil attack detection mechanism for Social Networks—a survey. In: 2016 3rd International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore, pp 1–5
Evangelista D, Mezghani F, Nogueira M, Santos A (2016) Evaluation of Sybil attack detection approaches in the Internet of Things content dissemination. 2016 Wireless Days (WD), Toulouse, pp 1–6
Kang WM, Moon SY, Park JH (2017) An enhanced security framework for home appliances in smart home. Hum-Cent Comput Inf Sci 1(6):6
Rajagopalan M, Jagga M, Kumari A, Ali ST (2017) A DDoS prevention scheme for session resumption SEA architecture in healthcare IoT. In: 2017 3rd International Conference on Computational Intelligence & Communication Technology (CICT), Ghaziabad, pp 1–5
Dao N-N, Phan TV, Ad USa, Kim J, Bauschert T, Cho S (2017) Securing heterogeneous IoT with intelligent DDoS attack behavior learning. Networking and Internet Architecture
Mehmood A, Mukherjee M, Ahmed SH, Song H, Malik KM (2018) NBC-MAIDS: naïve Bayesian classification technique in multi-agent system-enriched IDS for securing IoT against DDoS attacks. J Super Comput 74(10):5156–5170
Dao N, Vu D, Lee Y, Park M, Cho S (2018) MAEC-X: DDoS prevention leveraging multi-access edge computing. In: 2018 International Conference on Information Networking (ICOIN), Chiang Mai, pp 245–248
Bhardwaj K, Miranda JC, Gavrilovska A (2018) Towards IoT-DDoS prevention using edge computing. In: Workshop on Hot Topics in Edge Computing
Sahi A, Lai D, Li Y, Diykh M (2017) An efficient DDoS TCP flood attack detection and prevention system in a cloud environment. IEEE Access 5:6036–6048
Manoja I, Sk NS, Rani DR (2017) Prevention of DDoS attacks in cloud environment. In: 2017 International Conference on Big Data Analytics and Computational Intelligence (ICBDAC), Chirala, pp 235–239
Doshi R, Apthorpe N, Feamster N (2018) Machine learning DDoS detection for consumer internet of things devices. Cryptography and Security
McDermott CD, Majdani F, Petrovski AV (2018) Botnet detection in the internet of things using deep learning approaches. In: 2018 International Joint Conference on Neural Networks (IJCNN), IEEE, Rio de Janeiro, pp 1–8
Nguyen S, Choi J, Kim K (2017) Suspicious traffic detection based on edge gateway sampling method. In: 2017 19th Asia-Pacific Network Operations and Management Symposium (APNOMS), Seoul, pp 243–246
Marques da Silva Cardoso A, Fernandes Lopes R, Soares Teles A, Benedito Veras Magalhães F (2018) Poster abstract: real-time DDoS detection based on complex event processing for IoT. In: 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI), Orlando, FL, pp 273–274
Mondal HS, Hasan MT, Hossain MB, Rahaman ME, Hasan R (2017) Enhancing secure cloud computing environment by Detecting DDoS attack using fuzzy logic. In: 2017 3rd International Conference on Electrical Information and Communication Technology (EICT), Khulna, pp 1–4
Yuan X, Li C, Li X (2017) DeepDefense: identifying DDoS attack via deep learning. In: 2017 In: Proceedings of IEEE International Conference on Smart Computing (SMARTCOMP), Hong Kong, pp 1–8
Anirudh M, Thileeban SA, Nallathambi DJ (2017) Use of honeypots for mitigating DoS attacks targeted on IoT networks. In: 2017 International Conference on Computer, Communication and Signal Processing (ICCCSP), Chennai, pp 1–4
Yin D, Zhang L, Yang K (2018) A DDoS attack detection and mitigation with software-defined internet of things framework. IEEE Access 6:24694–24705
Bhunia SS, Gurusamy M (2017) Dynamic attack detection and mitigation in IoT using SDN. In: 2017 27th International Telecommunication Networks and Applications Conference (ITNAC), Melbourne, VIC, pp 1–6
Özçelik M, Chalabianloo N, Gür G (2017) Software-defined edge defense against IoT-based DDoS. In: 2017 IEEE International Conference on Computer and Information Technology (CIT), IEEE
Alharbi T, Aljuhani A, Liu H (2017) Holistic DDoS mitigation using NFV. In: 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, pp 1–4
Liu Y, Dong M, Ota K, Li J, Wu J (2018) Deep reinforcement learning based smart mitigation of DDoS flooding in software-defined networks. In: 2018 IEEE 23rd International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), Barcelona, Spain, pp 1–6
Ahmed ME, Kim H (2017) DDoS attack mitigation in internet of things using software defined networking. In: 2017 IEEE Third International Conference on Big Data Computing Service and Applications, pp 271–276
Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types. https://blog.verisign.com/security/q1-2018-ddos-trends-report-58-percent-of-attacks-employed-multiple-attack-types/. Accessed Jan 2019
Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types. https://blog.verisign.com/security/ddos-protection/q2-2018-ddos-trends-report-52-percent-of-attacks-employed-multiple-attack-types/. Acessed Jan 2019
Suryani V, Sulistyo S, Widyawan W (2017) Internet of Things (IoT) framework for granting trust among objects. J Inf Process Syst 13(6):1613–1627
De Donno M, Dragoni N, Giaretta A, Spognardi A (2018) DDoS-capable IoT malwares: comparative analysis and mirai investigation. Security and Communication Networks
Vlajic N, Zhou D (2018) IoT as a land of opportunity for DDoS hackers. Computer 51:26–34
Acknowledgements
This study was supported by the Research Program, which was funded by the Seoul National University of Science and Technology.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Salim, M.M., Rathore, S. & Park, J.H. Distributed denial of service attacks and its defenses in IoT: a survey. J Supercomput 76, 5320–5363 (2020). https://doi.org/10.1007/s11227-019-02945-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-019-02945-z