Online citations, reference lists, and bibliographies.
← Back to Search

Quantifying The Reflective DDoS Attack Capability Of Household IoT Devices

Minzhao Lyu, Daniel Sherratt, Arunan Sivanathan, H. Gharakheili, A. Radford, V. Sivaraman
Published 2017 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Share
Distributed Denial-of-Service (DDoS) attacks are increasing in frequency and volume on the Internet, and there is evidence that cyber-criminals are turning to Internet-of-Things (IoT) devices such as cameras and vending machines as easy launchpads for large-scale attacks. This paper quantifies the capability of consumer IoT devices to participate in reflective DDoS attacks. We first show that household devices can be exposed to Internet reflection even if they are secured behind home gateways. We then evaluate eight household devices available on the market today, including lightbulbs, webcams, and printers, and experimentally profile their reflective capability, amplification factor, duration, and intensity rate for TCP, SNMP, and SSDP based attacks. Lastly, we demonstrate reflection attacks in a real-world setting involving three IoT-equipped smart-homes, emphasising the imminent need to address this problem before it becomes widespread.
This paper references
Insight into the Global reat Landscape. h ps://www. arbornetworks.com/insight-into-the-global-threat-landscape
(2017)
Smart-Phones A acking Smart-Homes
V Sivaraman (2016)
Manufacturer Usage Description Framework
Eliot Lear (2016)
10.1177/0184767816663138
2016
F. March (2016)
How the Internet of ings took down the internet
J Condli (2016)
10.14722/NDSS.2014.23233
Amplification Hell: Revisiting Network Protocols for DDoS Abuse
C. Rossow (2014)
The Ghost in the Browser: Analysis of Web-based Malware
Niels Provos (2007)
Hell of a Handshake: Abusing TCP for Re ective Ampli cation DDoS A acks
M Kuhrer (2014)
Proofpoint uncovers Internet of Œ ings ( IoT ) cybera Š ack
D. McNamee N. Provos (2016)
Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks
Marc Kührer (2014)
10.1515/9783111548050-024
M
M. Sankar (1824)
DDoS A acks Using SSDP Spike in Q1: Arbor Networks
B Prince (2015)
The Most Dangerous Code in the Browser
S. Heule (2015)
2007
N. Provos (2007)
Proofpoint uncovers Internet of ings (IoT) cybera ack
Market Watch (2016)
Wemo Switch + Motion
Belkin International (2017)
No end in sight for DDoS a ack size growth
(2017)
NetCam HD Wi-Fi Camera with Night Vision
Belkin International (2017)
Philips Hue bridge
B V Philips Lighting (2017)
2017
T. Seals (2017)
2015
B. Prince (2015)
A ackers use NTP re ection in huge DDoS a ack
L Constantin (2014)
Samsung Smart ings Hub
Smart Ings (2017)
How the Internet of Πings took down the internet
M. Kührer (2016)
10.1515/9783111576855-009
D
Saskia Bonjour (1824)
Friday ’ s massive DDoS a Š ack came from just 100 , 000 hacked IoT devices
V. Sivaraman (2016)
10.1145/2046614.2046618
A survey of mobile malware in the wild
Adrienne Porter Felt (2011)
2017. HP ENVY 5540 Wireless All-in-One Printer
L. P. HP Development Company (2017)
Friday's massive DDoS a ack came from just 100,000 hacked IoT devices
(2016)
HP ENVY 5540 Wireless All-in-One Printer
L P Hp Development Company (2017)
DDoS: e Stakes Have Changed
(2017)
10.2307/j.ctvx1hts0.23
/ 2014--------------------------------------------------------------------------------------------------------------------------
Sonia M. García (2014)
United States Computer Readiness Team
(2014)
10.1145/2939918.2939925
Smart-Phones Attacking Smart-Homes
V. Sivaraman (2016)
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks
Marc Kührer (2014)



This paper is referenced by
10.1145/3148055.3148077
An Unsupervised Approach for Online Detection and Mitigation of High-Rate DDoS Attacks Based on an In-Memory Distributed Graph Using Streaming Data and Analytics
J. J. Villalobos (2017)
10.1109/INCIT.2017.8257877
Review of Ethereum: Smart home case study
Yu Nandar Aung (2017)
10.1007/978-3-030-42048-2_24
Denial-of-Service Attacks and Countermeasures in the RPL-Based Internet of Things
Philokypros P. Ioulianou (2019)
10.3390/fi11110226
Collaborative Blockchain-Based Detection of Distributed Denial of Service Attacks Based on Internet of Things Botnets
G. Spathoulas (2019)
10.3390/s20185298
Resistance of IoT Sensors against DDoS Attack in Smart Home Environment
L. Huraj (2020)
10.1145/3229565.3229571
Combining MUD Policies with SDN for IoT Intrusion Detection
A. Hamza (2018)
10.1109/DCOSS.2019.00055
Collaborative Agent-based Detection of DDoS IoT Botnets
Nikolaos Giachoudis (2019)
IoT Behavioral Monitoring via Network Traffic Analysis
Arunan Sivanathan (2020)
10.1109/AINA.2018.00131
Towards Secure Smart Home IoT: Manufacturer and User Network Access Control Framework
M. Al-Shaboti (2018)
10.1109/ETSecIoT50046.2020.00005
Progressive Monitoring of IoT Networks Using SDN and Cost-Effective Traffic Signatures
Arman Pashamokhtari (2020)
10.4018/ijisp.2020040101
A Novel Approach to Develop and Deploy Preventive Measures for Different Types of DDoS Attacks
K. Singh (2020)
10.1109/COMST.2020.2997475
Complementing IoT Services Through Software Defined Networking and Edge Computing: A Comprehensive Survey
Wajid Rafique (2020)
10.1007/978-3-030-30146-0_6
A Security Framework to Protect Edge Supported Software Defined Internet of Things Infrastructure
Wajid Rafique (2019)
10.1145/3139937.3139938
Systematically Evaluating Security and Privacy for Consumer IoT Devices
F. Loi (2017)
10.1093/cybsec/tyz005
What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages?
John M. Blythe (2019)
Anomaly Detection in Smart Home Network by Inspecting Exceptional Operations on IoT Devices using User ’ s Daily-Life Behavior Learning
Masaaki Yamauchi (2019)
Framework to Utilize Others' Behavior without Sharing Privacy Information
Yamauchi Masaaki (2020)
IoT Network Security: Requirements, Threats, and Countermeasures
A. Hamza (2020)
10.1145/3155921.3158432
Cloud assisted home networks
H. Gharakheili (2017)
10.1016/j.smhl.2019.100103
IoT Botnet Detection via Power Consumption Modeling
W. Jung (2020)
10.1016/J.FUTURE.2019.06.020
Two-factor authentication in industrial Internet-of-Things: Attacks, evaluation and new construction
W. Li (2019)
10.1145/3301551.3301606
IoT Lotto: Utilizing IoT Devices in Brute-Force Attacks
Mohammed M. Alani (2018)
10.1109/tdsc.2020.2997898
Verifying and Monitoring IoTs Network Behavior using MUD Profiles
A. Hamza (2019)
10.1109/TIFS.2018.2790382
A Game Theory Based Collaborative Security Detection Method for Internet of Things Systems
H. Wu (2018)
10.1109/ICCCN.2018.8487342
FR-WARD: Fast Retransmit as a Wary but Ample Response to Distributed Denial-of-Service Attacks from the Internet of Things
Samuel Mergendahl (2018)
10.1109/ANTS.2017.8384143
Experimental evaluation of cybersecurity threats to the smart-home
Arunan Sivanathan (2017)
10.1007/978-981-15-8086-4_64
A DDoS Attack Defense Method Based on Blockchain for IoTs Devices
Meizhu Chen (2020)
10.1109/CNS48642.2020.9162278
Rapid: Robust and Adaptive Detection of Distributed Denial-of-Service Traffic from the Internet of Things
Samuel Mergendahl (2020)
10.1109/SISY.2018.8524703
IoT Measuring of UDP-Based Distributed Reflective DoS Attack
L. Huraj (2018)
10.1109/BigData47090.2019.9006156
Detecting DoS Attack in Smart Home IoT Devices Using a Graph-Based Approach
R. Paudel (2019)
10.1109/ICCE.2019.8661976
Anomaly Detection for Smart Home Based on User Behavior
Masaaki Yamauchi (2019)
10.1057/s41284-019-00211-8
A systematic review of crime facilitated by the consumer Internet of Things
John M. Blythe (2019)
See more
Semantic Scholar Logo Some data provided by SemanticScholar