TCP SYN‐based DDoS attack on EKG signals monitored via a wireless sensor network

Abstract Internet distributed denial of service (DDoS) attacks are known to exhaust computing resources of a computer. In many cases, even if the attack is not sufficiently strong to completely crash a computing system, its adverse effects can be devastating for the information being processed on the system. When such information is too critical as an electrocardiogram (EKG) signal, the signal itself becomes vulnerable to such attacks also. In this experimental paper, we evaluate the adverse effects of TCP SYN‐based DDoS attacks on EKG signals remotely collected by using wireless sensor networks (WSNs). In lab, we deployed two applications (Serial Forwarder and Oscilloscope GUI) to display the EKG signal on remote monitoring station. Such EKG signal was delivered by a WSN (motes running a modified version of OscilloscopeRF with an analog channel enabled and TOSBase) to collect and send the EKG data. It was found that even though the computing resource of the remote computer running the applications to display the EKG signals was almost exhausted under a DDoS attack, the system was still responding (alive) and displaying the collected EKG signal. However, the normal EKG signal pattern was distorted due to the resource exhaustion caused by the DDoS attack, which in turn made the EKG signal unreliable for medical diagnosis and remote monitoring. In order to understand effect of TCP SYN attack on the EKG signal pattern, the attack was launched at different loads in a controlled lab environment. Finally, an Intrusion Prevention System was deployed in the network to mitigate the adverse effects of attack in the network in an attempt to recover a good EKG signal. Copyright © 2011 John Wiley & Sons, Ltd.