Copy the page URI to the clipboard
Reed, Andy; Dooley, Laurence and Kouadri Mostéfaoui, Soraya
(2025).
DOI: https://doi.org/10.1016/j.iot.2025.101512
Abstract
Internet of Things (IoT) technologies are expanding and pervade evermore application domains bringing a raft of positive user benefits. However, the matter of application layer security and the omnipresent danger of Denial of Service (DoS) attacks remains a significant risk to effective IoT performance. DoS is especially serious in IoT networks given the propensity for malicious nodes to mimic legitimate nodes encountering slow connectivity, a problem intensified in very stochastic traffic environments where higher node latencies create even stealthier Slow DoS conditions.
The contribution this paper presents is a flexible single attribute intrusion detection system (SA-IDS) for IoT networks, which employs a novel variable threshold range for just the delta time network attribute, to accurately detect Slow DoS attacks in highly stochastic traffic, while crucially still being able to reliably discriminate malicious from legitimate slow node activity. Experimental results in a live IoT network compellingly demonstrate the superior detection performance of SA-IDS under the stealthiest Slow DoS attack conditions, where genuine nodes with high latency are almost indistinguishable from malicious nodes, thus rendering existing Slow DoS detection methods ineffective that rely solely on static thresholds based on network traffic attribute analysis.
CORE (COnnecting REpositories)
CORE (COnnecting REpositories)
