Micro IDS: On-Line Recognition of Denial-of-Service Attacks on IoT Networks

Abstract

The growth in the number of Internet of Things (IoT) devices and applications, as well as their heterogeneity and hardware limitations, make it difficult to apply traditional security mechanisms. Thus, the IoT layer has become a highly vulnerable part of the network. In this article, a low computational complexity intrusion detection system is proposed for online recognition of denial-of-service attacks. A common feature of denial-of-service attacks is the sudden surge of a certain type of packet or request. To track this sudden spike, network traffic is reduced to the number of packets per minute, segmented by protocol. On these data, we applied sliding window and moving average comparison techniques to identify anomalies. After identification, a selective search is performed only in the anomalous protocol, to isolate the target and neutralize the attack. Tests performed on data extracted from pcap file, containing attacks carried out on real devices, demonstrate the accuracy in recognizing attacks. In addition, the tools and techniques for implementing the proposed model in a realistic environment are described.