Final published version
Licence: CC BY-NC-ND: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - A broad learning-based comprehensive defence against SSDP reflection attacks in IoTs
AU - Liu, X.
AU - Zheng, L.
AU - Helal, S.
AU - Zhang, W.
AU - Jia, C.
AU - Zhou, J.
PY - 2023/10/31
Y1 - 2023/10/31
N2 - The proliferation of Internet of Things (IoT) rapidly increases the possiblities of Simple Service Discovery Protocol (SSDP) reflection attacks. Most DDoS attack defence strategies deploy only to a certain type of devices in the attack chain,and need to detect attacks in advance, and the detection of DDoS attacks often uses heavy algorithms consuming lots of computing resources. This paper proposes a comprehensive DDoS attack defence approach which combines broad learning and a set of defence strategies against SSDP attacks, called Broad Learning based Comprehensive Defence (BLCD). The defence strategies work along the attack chain, starting from attack sources to victims. It defends against attacks without detecting attacks or identifying the roles of IoT devices in SSDP reflection attacks. BLCD also detects suspicious traffic at bots, service providers and victims by using broad learning, and the detection results are used as the basis for automatically deploying defence strategies which can significantly reduce DDoS packets. For evaluations, we thoroughly analyze attack traffic when deploying BLCD to different defence locations. Experiments show that BLCD can reduce the number of packets received at the victim to 39 without affecting the standard SSDP service, and detect malicious packets with an accuracy of 99.99%.
AB - The proliferation of Internet of Things (IoT) rapidly increases the possiblities of Simple Service Discovery Protocol (SSDP) reflection attacks. Most DDoS attack defence strategies deploy only to a certain type of devices in the attack chain,and need to detect attacks in advance, and the detection of DDoS attacks often uses heavy algorithms consuming lots of computing resources. This paper proposes a comprehensive DDoS attack defence approach which combines broad learning and a set of defence strategies against SSDP attacks, called Broad Learning based Comprehensive Defence (BLCD). The defence strategies work along the attack chain, starting from attack sources to victims. It defends against attacks without detecting attacks or identifying the roles of IoT devices in SSDP reflection attacks. BLCD also detects suspicious traffic at bots, service providers and victims by using broad learning, and the detection results are used as the basis for automatically deploying defence strategies which can significantly reduce DDoS packets. For evaluations, we thoroughly analyze attack traffic when deploying BLCD to different defence locations. Experiments show that BLCD can reduce the number of packets received at the victim to 39 without affecting the standard SSDP service, and detect malicious packets with an accuracy of 99.99%.
KW - Denial-of-service DRDoS
KW - SSDP reflection Attack
KW - Broad learning
KW - Traffic detection
U2 - 10.1016/j.dcan.2022.02.008
DO - 10.1016/j.dcan.2022.02.008
M3 - Journal article
JO - Digital Communications and Networks
JF - Digital Communications and Networks
ER -