SA-IDS: A single attribute intrusion detection system for Slow DoS attacks in IoT networks

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-02-07 DOI:10.1016/j.iot.2025.101512

Andy Reed, Laurence Dooley, Soraya Kouadri Mostefaoui

{"title":"SA-IDS: A single attribute intrusion detection system for Slow DoS attacks in IoT networks","authors":"Andy Reed, Laurence Dooley, Soraya Kouadri Mostefaoui","doi":"10.1016/j.iot.2025.101512","DOIUrl":null,"url":null,"abstract":"<div><div>Internet of Things (IoT) technologies are expanding and pervade evermore application domains bringing a raft of positive user benefits. However, the matter of application layer security and the omnipresent danger of Denial of Service (DoS) attacks remains a significant risk to effective IoT performance. DoS is especially serious in IoT networks given the propensity for malicious nodes to mimic legitimate nodes encountering slow connectivity, a problem intensified in very stochastic traffic environments where higher node latencies create even stealthier Slow DoS conditions.</div><div>The contribution this paper presents is a flexible <em>single attribute intrusion detection system</em> (SA-IDS) for IoT networks, which employs a novel variable threshold range for just the delta time network attribute, to accurately detect Slow DoS attacks in highly stochastic traffic, while crucially still being able to reliably discriminate malicious from legitimate slow node activity. Experimental results in a live IoT network compellingly demonstrate the superior detection performance of SA-IDS under the stealthiest Slow DoS attack conditions, where genuine nodes with high latency are almost indistinguishable from malicious nodes, thus rendering existing Slow DoS detection methods ineffective that rely solely on static thresholds based on network traffic attribute analysis.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"30 ","pages":"Article 101512"},"PeriodicalIF":6.0000,"publicationDate":"2025-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525000253","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Internet of Things (IoT) technologies are expanding and pervade evermore application domains bringing a raft of positive user benefits. However, the matter of application layer security and the omnipresent danger of Denial of Service (DoS) attacks remains a significant risk to effective IoT performance. DoS is especially serious in IoT networks given the propensity for malicious nodes to mimic legitimate nodes encountering slow connectivity, a problem intensified in very stochastic traffic environments where higher node latencies create even stealthier Slow DoS conditions.

The contribution this paper presents is a flexible single attribute intrusion detection system (SA-IDS) for IoT networks, which employs a novel variable threshold range for just the delta time network attribute, to accurately detect Slow DoS attacks in highly stochastic traffic, while crucially still being able to reliably discriminate malicious from legitimate slow node activity. Experimental results in a live IoT network compellingly demonstrate the superior detection performance of SA-IDS under the stealthiest Slow DoS attack conditions, where genuine nodes with high latency are almost indistinguishable from malicious nodes, thus rendering existing Slow DoS detection methods ineffective that rely solely on static thresholds based on network traffic attribute analysis.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.