Challenges and solutions to identify and prevent SYN attacks in the Internet of Things
Subject Areas : New technologies in distributed systems and algorithmic computing
Vesal ّFiroozi
1
,
Hassan Shakeri
2
*
,
Hassan Raei Sani
3
1 - Department of Computer Engineering, Mashhad Branch, Islamic Azad University, Mashhad, Iran
2 - Department of Computer Engineering, Mashhad Branch, Islamic Azad University, Mashhad, Iran
3 - Department of Computer Engineering, Mashhad Branch, Islamic Azad University, Mashhad, Iran
Keywords: Internet of Things, Intrusion Detection, Distributed Denial of Service attacks, SYN attack,
Abstract :
The number and applications of IoT devices have increased dramatically in recent years. This issue has caused a continuous increase in security risks and vulnerabilities associated with these devices. One of the main challenges in the Internet of things environment is the threat of distributed denial of service (DDoS) attacks. The SYN attack is one of the most important attacks of this type that has spread in recent years. Despite a lot of research in the field of detection and prevention of SYN attacks, attackers can easily evade detection mechanisms using advanced tools and techniques. This issue causes several problems in real-time detection of such deadly attacks. In this article, after the description of the SYN attack, the detection and prevention methods of this attack have been investigated in two groups of end host strategies and network based strategies. Finally, open issues and challenges that need the attention of researchers in this field are introduced. This research sheds light on the significant potential of various SYN attack methods in IoT and thus provides valuable insights to IoT security researchers.
[1] Almazrouei, Essa, Shubair, Raed M., Saffre, Fabrice,, "Internet of nanothings: Concepts and applications," arXiv preprint arXiv:1809.08914., 2018.
[2] Brun, O., Yin, Y., Augusto-Gonzalez, J., Ramos, M., & Gelenbe, E. , "Iot attack detection with deep learning. ," In ISCIS Security Workshop., 2018.
[3] Houbakht Attaran, Nahid Kheibari, Davoud Bahrepour, "Toward integrated smart city: A new model for implementation and design challenges," GeoJournal, pp. 511-526, 2022.
[4] Sarker, I. H., Khan, A. I., Abushark, Y. B., & Alsolami, F., "Internet of things (iot) security intelligence: a comprehensive overview, machine learning solutions and research directions. ," Mobile Networks and Applications, vol. 28, no. 1, pp. 296-312, 2023.
[5] Cil, A.E.; Yildiz, K.; Buldu, A. , "Detection of DDoS attacks with feed forward based deep neural network model.," Expert Syst. Appl., vol. 169, 2021.
[6] Patil, N.V.; Krishna, C.R.; Kumar, K., " SSK-DDoS: Distributed stream processing framework based classification system for DDoS attacks.," Clust. Comput. , vol. 25, p. 355–1372, 2022.
[7] Oncioiu, R., & Simion, E., " Approach to prevent SYN flood DoS Attacks in Cloud. ," In 2018 International Conference on Communications (COMM). IEEE., pp. 447-452), 2018.
[8] M. Sanlı, "Detection and Mitigation of Denial of Service Attacks in Internet of Things Networks. ," Arabian Journal for Science and Engineering, pp. 1-11, 2024.
[9] A. Spognardi, M.D. Donno, N. Dragoni, A. Giaretta,, " Analysis of DDoS-capable IoT malwares,," in: Proceedings of the 2017 Federated Conference on Computer Science and Information Systems, IEEE, pp. 807-816, 2017.
[10] Bala, B., & Behal, S. , "AI techniques for IoT-based DDoS attack detection: Taxonomies, comprehensive review and research challenges.," Computer science review,, vol. 52, 2024.
[11] Wong, F., & Tan, C. X., "A survey of trends in massive DDoS attacks and cloud-based mitigations.," International Journal of Network Security & Its Applications, vol. 6, no. 3, p. 57, 2014.
[12] Ozcelik, M.; Chalabianloo, N.; Gur, G., " Software-Defined Edge Defense Against IoT-Based DDoS.," In Proceedings of the 2017 IEEE International Conference on Computer and Information Technology (CIT), Helsinki, Finland, p. 308–313., 2017.
[13] Kepçeoğlu, B., Murzaeva, A., & Demirci, S. , " Performing energy consuming attacks on IoT devices.," In 2019 27th Telecommunications Forum (TELFOR) (pp. 1-4). IEEE., 2019.
[14] Galeano-Brajones, J., Carmona-Murillo, J., Valenzuela-Valdés, J. F., & Luna-Valero, F. , "Detection and mitigation of DoS and DDoS attacks in IoT-based stateful SDN: An experimental approach.," Sensors, vol. 20, no. 3, pp. 816-823, 2020.
[15] Kumari, P., & Jain, A. K., "Timely detection of DDoS attacks in IoT with dimensionality reduction. ," Cluster Computing, , pp. 1-19, 2024.
[16] Ramadhan, G.; Kurniawan, Y.; Kim, C. S., "Design of TCP SYN flood DDoS attack detection using artificial immune systems.," In IEEE 6th International Conference on System Engineering and Technology (ICSET), pp. 72-76, 2016.
[17] L. DaYin, "A DDoS Attack Detection and Mitigation with Software Defined Internet of Things Framework Security and Trusted Computing For Industrial Internet of Things," IEEE, pp. 24694 -24705, 2018.
[18] Diro, A. A., Chilamkurti, N., & Nam, Y. , "Analysis of lightweight encryption scheme for fog-to-things communication.," IEEE Access, vol. 6, pp. 26820-26830, 2018.
[19] Dang, V. T., Huong, T. T., Thanh, N. H., Nam, P. N., Thanh, N. N., & Marshall, A., " Sdn-based syn proxy—a solution to enhance performance of attack mitigation under tcp syn flood. ," The Computer Journal, vol. 62, no. 4, pp. 518-534, 2019.
[20] Patil, N.V.; Krishna, C.R.; Kumar, K. , "SSK-DDoS: Distributed stream processing framework based classification system for DDoS attacks," Clust. Comput. , vol. 25, p. 1355–1372, 2022.
[21] Berguiga, A., & Harchay, A., "An IoT-Based Intrusion Detection System Approach for TCP SYN Attacks," Computers, Materials & Continua, vol. 71, no. 2, 2022.
[22] Kshirsagar, D., Kumar, S., "A feature reduction based reflected and exploited DDoS attacks detection system.," J. Ambient Intell. Humaniz. Comput. , vol. 13, no. 1, pp. 393-405, 2022.