Packet Filtering and Sampling for Efficient Slow Denial of Service Detection in Resource Scarce IoT Networks

Reed, Andy; Dooley, Laurence and Koudri, Soraya (2023). Packet Filtering and Sampling for Efficient Slow Denial of Service Detection in Resource Scarce IoT Networks. In: 2023 International Symposium on Networks, Computers and Communications (ISNCC): Trust, Security and Privacy (ISNCC-2023 TSP), IEEE pp. 1–6.

DOI: https://doi.org/10.1109/ISNCC58260.2023.10323987

Abstract

There has recently been considerable interest in automatic detection strategies for recognising application layer security threats such as Hypertext Transfer Protocol (HTTP) Slow Denial of-Service (Slow DoS) attacks in Internet of Things (IoT) networks. Most existing approaches however, fail to take cognisance of the substantial resource constraints imposed upon IoT environments, which limits the applicability and deployment of many Slow DoS detection mechanisms. This paper addresses this significant security threat for resource scarce IoT nodes and networks in proposing an accurate and computationally efficient approach to packet-based intrusion detection of HTTP Slow DoS activity. The paper both critically analyses and measures the impact of applying network attribute filtering and packet sampling to reduce the computational overheads on the resource constrained IoT Slow DoS detection node. The unique solution proposed uses a dataset synthesised from a live IoT environment comprising both legitimate and malicious network events in the form of legitimate HTTP traffic and Slow DoS attacks. Experimental results corroborate that combining filtering at the Border Router of only in-bound packets containing no TCP payload with a systematic packet sampling scheme at a sampling ratio of up to 1:64, the processing overheads on the detection node are significantly reduced. The novel contribution presented is a resource efficient solution, garnered by employing systematic sampling to seamlessly and accurately support selective attribute based intrusion detection of HTTP Slow DoS attacks in IoT networks.

Viewing alternatives

Download history

Metrics

Public Attention

Altmetrics from Altmetric

Number of Citations

Citations from Dimensions

Item Actions

Export

About