Quick Suppression of DDoS Attacks by Frame Priority Control in IoT Backhaul With Construction of Mirai-Based Attacks

Rintaro Harada; Naotaka Shibata; Shin Kaneko; Kazuaki Honda; Jun Terada; Yota Ishida; Kunio Akashi; Toshiyuki Miyachi

doi:10.1109/ACCESS.2022.3153067

IEEE Access (Jan 2022)

Quick Suppression of DDoS Attacks by Frame Priority Control in IoT Backhaul With Construction of Mirai-Based Attacks

Rintaro Harada,
Naotaka Shibata,
Shin Kaneko,
Kazuaki Honda,
Jun Terada,
Yota Ishida,
Kunio Akashi,
Toshiyuki Miyachi

Affiliations

Rintaro Harada: ORCiD; NTT Access Network Service Systems Laboratories, NTT Corporation, Yokosuka, Kanagawa, Japan
Naotaka Shibata: ORCiD; NTT Access Network Service Systems Laboratories, NTT Corporation, Yokosuka, Kanagawa, Japan
Shin Kaneko: NTT Access Network Service Systems Laboratories, NTT Corporation, Yokosuka, Kanagawa, Japan
Kazuaki Honda: ORCiD; NTT Access Network Service Systems Laboratories, NTT Corporation, Yokosuka, Kanagawa, Japan
Jun Terada: NTT Access Network Service Systems Laboratories, NTT Corporation, Yokosuka, Kanagawa, Japan
Yota Ishida: National Institute of Information and Communications Technology, Nomi, Ishikawa, Japan
Kunio Akashi: National Institute of Information and Communications Technology, Nomi, Ishikawa, Japan
Toshiyuki Miyachi: National Institute of Information and Communications Technology, Nomi, Ishikawa, Japan

DOI: https://doi.org/10.1109/ACCESS.2022.3153067
Journal volume & issue: Vol. 10
pp. 22392 – 22399

Abstract

Read online

We propose a novel distributed denial of service (DDoS) attack suppression system that significantly reduces discarding of normal traffic (i.e., the traffic from Internet of Things (IoT) devices that are not infected with a malware) with a small number of equipment by controlling the priority of frames in a network accommodating IoT devices. Experimental results showed that our proposed system prevented the discarding of the normal traffic in a few seconds when attack traffic was generated by a traffic generator. Moreover, we constructed Mirai-based DDoS attack traffic and experimentally demonstrated that the discarding of the normal traffic was prevented in 30 milliseconds in our proposed system. We also confirmed that the attack traffic detected by a DDoS protector that was installed in front of an IoT server was autonomously blocked at the switches that the traffic came through from the IoT devices (i.e., the entrances to a backbone network) by integrating various vendors’ products.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords