A cost-effective adaptive repair strategy to mitigate DDoS-capable IoT botnets

Distributed denial of service (DDoS) is a type of cyberattack in which multiple compromised systems flood the bandwidth or resources of a single system, making the flooded system inaccessible to legitimate users. Since large-scale botnets based on the Internet of Things (IoT) have been hotbeds for launching DDoS attacks, it is crucial to defend against DDoS-capable IoT botnets effectively. In consideration of resource constraints and frequent state changes for IoT devices, they should be equipped with repair measures that are cost-effective and adaptive to mitigate the impact of DDoS attacks. From the mitigation perspective, we refer to the collection of repair costs at all times as a repair strategy. This paper is then devoted to studying the problem of developing a cost-effective and adaptive repair strategy (ARS). First, we establish an IoT botware propagation model that fully captures the state evolution of an IoT network under attack and defense interventions. On this basis, we model the ARS problem as a data-driven optimal control problem, aiming to realize both learning and prediction of propagation parameters based on network traffic data observed at multiple discrete time slots and control of IoT botware propagation to a desired infection level. By leveraging optimal control theory, we propose an iterative algorithm to solve the problem, numerically obtaining the learned time-varying parameters and a repair strategy. Finally, the performance of the learned parameters and the resulting strategy are examined through computer experiments.