TY - JOUR
T1 - A time-efficient approach toward DDoS attack detection in IoT network using SDN
AU - Bhayo, Jalal
AU - Jafaq, Riaz
AU - Ahmed, Awais
AU - Hameed, Sufian
AU - Shah, Syed Attique
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2021/7/19
Y1 - 2021/7/19
N2 - As the usability of Internet of Things (IoT) devices increases, the security threats and vulnerabilities associated with these resource-constrained IoT devices also rise. One of the major threats to IoT devices is Distributed Denial of Service (DDoS). To make the security of IoT devices effective and resilient, continuous monitoring and early detection, along with adaptive decision making, are required. These challenges can be addressed with software-defined networking (SDN), which provides an opportunity for effectively managing the DDoS threats faced by IoT devices. This research proposes a novel SDN-based secure IoT framework that can detect the vulnerabilities in IoT devices or malicious traffic generated by IoT devices using the session IP counter and IP Payload analysis. The framework’s DDoS attack detection module consisting of the proposed algorithms can easily detect the DDoS attack in the SD-IoT network by analyzing different parameters even with a large traffic volume. These techniques are implemented on an SDN controller and tested by generating a large volume of traffic from a compromised node, which is then detected and notified. According to the results and comparative analysis, the proposed framework detects DDoS attacks in the early stage with high accuracy and detection rate from 98% to 100%, having a low false-positive rate.
AB - As the usability of Internet of Things (IoT) devices increases, the security threats and vulnerabilities associated with these resource-constrained IoT devices also rise. One of the major threats to IoT devices is Distributed Denial of Service (DDoS). To make the security of IoT devices effective and resilient, continuous monitoring and early detection, along with adaptive decision making, are required. These challenges can be addressed with software-defined networking (SDN), which provides an opportunity for effectively managing the DDoS threats faced by IoT devices. This research proposes a novel SDN-based secure IoT framework that can detect the vulnerabilities in IoT devices or malicious traffic generated by IoT devices using the session IP counter and IP Payload analysis. The framework’s DDoS attack detection module consisting of the proposed algorithms can easily detect the DDoS attack in the SD-IoT network by analyzing different parameters even with a large traffic volume. These techniques are implemented on an SDN controller and tested by generating a large volume of traffic from a compromised node, which is then detected and notified. According to the results and comparative analysis, the proposed framework detects DDoS attacks in the early stage with high accuracy and detection rate from 98% to 100%, having a low false-positive rate.
KW - Distributed Denial-of-Service (DDoS) attacks
KW - Internet of Things (IoT)
KW - SDNWISE
KW - software-defined networking (SDN)
UR - http://www.scopus.com/inward/record.url?scp=85111022098&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85111022098&partnerID=8YFLogxK
U2 - 10.1109/JIOT.2021.3098029
DO - 10.1109/JIOT.2021.3098029
M3 - Article
SN - 2327-4662
VL - 9
SP - 3612
EP - 3630
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
IS - 5
ER -