A DDoS Detection and Prevention System for IoT Devices and Its Application to Smart Home Environment

The Internet of Things (IoT) has become an integral part of our daily life as it is growing in many fields, such as engineering, e-health, smart homes, smart buildings, agriculture, weather forecasting, etc. However, the growing number of IoT devices and their weak configuration raise many security challenges such as designing protocols to protect these devices from various types of attacks such as using them as bots for DDoS attacks on target servers. In order to protect IoT devices from enslavement as bots in a home environment, we develop a lightweight security model consisting of various security countermeasures. The working mechanism of the proposed security model is presented in a two-part experimental scenario. Firstly, we describe the working mechanism of how an attacker infects an IoT device and then spreads the infection to the entire network. Secondly, we propose a set of mechanisms consisting of filtration, detection of abnormal traffic generated from IoT devices, screening, and publishing the abnormal traffic patterns to the rest of the home routers on the network. We tested the proposed scheme by infecting an IoT device with malicious code. The infected device then infects the rest of the IoT devices in its network and launches a DDoS attack by receiving attack-triggering commands from the botmaster. Finally, the proposed detection mechanism is used to detect the abnormal traffic and block the connection of infected devices in the network. The results reveal that the proposed system blocks abnormal traffic if the packets from an IoT device exceeded a threshold of 50 packets. Similarly, the network packet statistics show that, in the event of an unwanted situation, the detection mechanism runs smoothly and avoids any possible delays in the network.