Efficient DDoS attacks mitigation for stateful forwarding in Internet of Things

Abstract

Stateful forwarding plane is fully considered as a novel forwarding paradigm, which is proven to be beneficial to delivery efficiency and resilient to certain types of attacks. However, this fresh attempt also introduces “varietal” Denial-of-Service attack due to complicated forwarding state operations, which may cause long-term memory exhaustion of forwarding nodes, especially for resource-limited IoT nodes. This new distributed exhaustion attack is extremely hidden and there is currently no effective defense against it. In this paper, we first establish a game model to analyze the attack benefit between attacker and defender. To further make the defender obtain more utility, it is significative to make the defender manage expired state-entries during stateful forwarding. To this end, we propose an enhanced distributed low-rate attack mitigating (eDLAM) mechanism. Particularly, eDLAM maintains a lightweight malicious request table (MRT), which is very small, to offload burden of practical forwarding state table. When a packet request is matched in MRT, it will be marked and dropped directly without any impact on forwarding state table. Based on this, eDLAM adopts an optimal threshold update method for MRT to achieve a maximum defender utility. We evaluate the eDLAM performance in terms of false negatives rate (FNR) and false positives rate (FPR). Extensive experimental results show that eDLAM can reduce FNR by 10.5% and FPR by 44% on average compared with state-of-the-art mechanisms.