Context-Aware Systems and Applications. 4th International Conference, ICCASA 2015, Vung Tau, Vietnam, November 26-27, 2015, Revised Selected Papers

Research Article

Using the Cumulative Sum Algorithm Against Distributed Denial of Service Attacks in Internet of Things

Download
969 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-29236-6_7,
        author={Pheeha Machaka and Andre McDonald and Fulufhelo Nelwamondo and Antoine Bagula},
        title={Using the Cumulative Sum Algorithm Against Distributed Denial of Service Attacks in Internet of Things},
        proceedings={Context-Aware Systems and Applications. 4th International Conference, ICCASA 2015, Vung Tau, Vietnam, November 26-27, 2015, Revised Selected Papers},
        proceedings_a={ICCASA},
        year={2016},
        month={4},
        keywords={Anomaly detection Internet of things Change detection Distributed denial of service TCP SYN flooding Cumulative sum Intrusion detection},
        doi={10.1007/978-3-319-29236-6_7}
    }
    
  • Pheeha Machaka
    Andre McDonald
    Fulufhelo Nelwamondo
    Antoine Bagula
    Year: 2016
    Using the Cumulative Sum Algorithm Against Distributed Denial of Service Attacks in Internet of Things
    ICCASA
    Springer
    DOI: 10.1007/978-3-319-29236-6_7
Pheeha Machaka1,*, Andre McDonald1,*, Fulufhelo Nelwamondo1,*, Antoine Bagula2,*
  • 1: Council for Scientific and Industrial Research, Modelling and Digital Science
  • 2: University of the Western Cape
*Contact email: PMachaka@csir.co.za, AMcdonald@csir.co.za, FNelwamondo@csir.co.za, BBagula@uwc.ac.za

Abstract

The paper presents the threats that are present in Internet of Things (IoT) systems and how they can be used to perpetuate a large scale DDoS attack. The paper investigates how the Cumulative Sum (CUSUM) algorithm can be used to detect a DDoS attack originating from an IoT system, and how the performance of the algorithm is affected by its tuning parameters and various network attack intensities. The performance of the algorithm is measured against the trade-off between the algorithm’s detection rate, false alarm and detection delay. The performance results are analysed and discussed and avenues for future work are provided.