Impact Evaluation of DDoS Attacks Using IoT Devices

Abstract

Distributed Denial-of-Service (DDoS) attacks can occur anytime, everywhere, and most normally occur with little or no warning. Most small and medium businesses (SMBs) usually are not prepared to deal with this type of attack. The companies must have at least a bandwidth higher than the attack, an infrastructure with redundant components, regular backups, and firewalls capable of monitoring the threats. Otherwise, the services provided by the companies’ support can be interrupted, increasing the chances of financial losses. Hierarchical modeling approaches are often used to evaluate the availability of such systems. It can represent different failures and repair events in distinct parts of the system. In this way, this paper proposes hierarchical models that describe the behavior of major IT systems and IoT device components and assess the DDoS effects on system availability. Therefore, we evaluate the impact of the DDoS attacks on computing systems using IoT devices in attack amplification. We assessed equations that estimate the attack feasibility, pain factor, attack propensity, attacker benefits, and technical ability. They enable a direct analytical solution for large systems. The attack tree indices show the impact of simultaneous attacks on a computer system and the several threats that will maximize the system downtime. The attack tree investigation results allow for planning and improving the system’s availability, maintainability, and reliability.