Anomaly detection framework to prevent DDoS attack in fog empowered IoT networks

Abstract

Internet of things or in short IoT is a network of interconnected entities such as computing devices, mechanical machines, digital gadgets etc. Cloud based IoT infrastructures are susceptible to Distributed Denial of Service (DDoS) attacks. A DDoS attack may render the server useless for a long period of time causing the services to crash due to extensive load. In this project we will try to introduce the concept of fog computing and try to explain its importance in a 3-tier architecture. We have proposed an anomaly detection architecture for IoT networks where the detection actually happens on the fog layer. The algorithm is based on the CRPS metric which is a single variable algorithm which is the case in most statistical algorithms. Therefore, we have proposed a way to use multiple variables and shown why it is required in a heterogeneous network like IoT. For detection purposes(testing data) we have used Week 5 Day 1 data of DARPA 99 as it contains a TCP SYN attack initiated once for a duration of 6 min 51 s and for ICMP Week 4 Day 1 data of DARPA 99 is used it has 2 attacks for 1s each. The algorithm is able to identify these attacks correctly.