Open AccessSIEM-based detection and mitigation of IoT-botnet DDoS attacks
Author(s) -
Basheer Al-Duwairi,
Wafaa Al-Kahla,
Mhd Ammar AlRefai,
Yazid Abedalqader,
Abdullah Rawash,
Rana Fahmawi
Publication year - 2020
Publication title -
international journal of electrical and computer engineering
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.277
H-Index - 22
ISSN - 2088-8708
DOI - 10.11591/ijece.v10i2.pp2182-2191
Subject(s) - botnet , denial of service attack , computer science , computer security , internet of things , network packet , computer network , hacker , context (archaeology) , the internet , world wide web , paleontology , biology
The Internet of Things (IoT) is becoming an integral part of our daily life including health, environment, homes, military, etc. The enormous growth of IoT in recent years has attracted hackers to take advantage of their computation and communication capabilities to perform different types of attacks. The major concern is that IoT devices have several vulnerabilities that can be easily exploited to form IoT botnets consisting of millions of IoT devices and posing significant threats to Internet security. In this context, DDoS attacks originating from IoT botnets is a major problem in today’s Internet that requires immediate attention. In this paper, we propose a Security Information and Event Management-based IoT botnet DDoS attack detection and mitigation system. This system detects and blocks DDoS attack traffic from compromised IoT devices by monitoring specific packet types including TCP SYN, ICMP and DNS packets originating from these devices. We discuss a prototype implementation of the proposed system and we demonstrate that SIEM based solutions can be configured to accurately identify and block malicious traffic originating from compromised IoT devices.