Leveraging Frame Aggregation in Wi-Fi IoT Networks for Low-Rate DDoS Attack Detection

Abstract

AbstractThe proliferation of smart home Internet of Things (IoT) devices is demonstrated by their prominence in people’s lives. However, the resource-constraint essence of these devices introduces various security flaws. One significant attack is the Low-rate Distributed Denial of Service (LR-DDoS) attack, which aims to disrupt the functionalities of the smart home IoT devices in a stealthy way by sending limited malicious traffic to the victim device. This paper proposes a novel set of features based on the 802.11 frame aggregation scheme to detect LR-DDoS attacks. We demonstrate that by conveying the characteristics of subframes during frame aggregation, we can uniquely embody the IoT device’s benign traffic and malicious traffic in smart home networks. Compared to existing works which primarily focus on LR-DDoS attacks launched against data centers, to the best of our knowledge, this paper is the first work focusing on detecting such attacks against smart home IoT devices. We validate the effectiveness of the proposed features using the commercial off-the-shelf smart home IoT devices and by adopting various machine learning algorithms. Empirical results show that adopting the proposed features with the Random Forest achieves a 0.98 accuracy in distinguishing between benign and LR-DDoS attack traffic. KeywordsInternet of Things (IoT) securityDDoSLow-rate attacksSmart homeMachine learning