Detecting Denial of Service Attacks on Simulated IoT Devices Using Python-based Packet Rate Monitoring
Keywords:
Denial of service, IoT security, Kali Linux, Network attack detection, Packet rate monitoring, Python, Threshold-based detection, WiresharkAbstract
Internet of Things (IoT) security is one that typically remains unnoticed until something occurs. This project examines the inadequate security in small interconnected devices, specifically in connection to one type of attack, constant request flooding to a device target until the device ceases to respond. The objective was to choose to find out whether the attack under consideration can be found with the help of the simplest set of tools, including a Python script and a network analysis tool. To do it, three elements were created, i.e. (1) a simulated server which simulates an IoT device, (2) a program simulating the attack itself, and (3) a monitor tool that analyses traffic and informs about suspicious activity. The mechanism of notification employed a very simple criterion: the number of packages received within a period of five seconds, and then an alert and a record of the log are issued in case the number received is more than a hundred. An experiment was carried out on Kali Linux OS, and Wireshark was also used in parallel to observe network traffic. Before the commencement of the experiment, traffic was negligible and relatively small, with few packages being dispatched at a time. As the flood started, the number of packages was already over two hundred, thus initiating the process of notification. Every activity was recorded, and timestamps were used, which was also evidence even in cases where there were no individuals to observe the process in action at the time. It appears that the experiment was a success, and all effects can be seen in the terminal output and also in the Wireshark data. The main lesson of this study is the thought that one can apply an easy, zero-dependency detection approach that operates in real-time. It appears that the idea that machine learning and other sophisticated solutions to secure the IoT networks no longer applies.
References
A. S. Tanenbaum and D. J. Wetherall, Computer Networks, 5th ed., Pearson, 2011.
W. Stallings, Cryptography and Network Security: Principles and Practice, 7th ed., Pearson, 2017.
B. A. Forouzan, Data Communications and Networking, 5th ed., McGraw-Hill, 2013.
D. E. Comer, Internetworking with TCP/IP, Vol. 1, 6th ed., Pearson, 2014.
K. Scarfone and P. Mell, “Guide to Intrusion Detection and Prevention Systems (IDPS),” NIST Special Publication 800-94, 2007.
S. Axelsson, “Intrusion detection systems: A survey and taxonomy,” Technical Report, Chalmers University, 2000.
J. Mirkovic and P. Reiher, “A taxonomy of DDoS attacks and DDoS defense mechanisms,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39–53, 2004.
R. Sommer and V. Paxson, “Outside the Closed World: On Using Machine Learning for Network Intrusion Detection,” 2010 IEEE Symposium on Security and Privacy, pp. 305–316, 2010.
S. Yu, “Distributed denial-of-service attack and defence,” SpringerBriefs in Computer Science, 2014.
H. Beitollahi and G. Deconinck, “Analyzing well-known countermeasures against distributed denial of service attacks,” Computer Communications, vol. 35, no. 11, pp. 1312–1332, Jun. 2012.
