Distributed denial of service attacks and its defenses in IoT: a survey

A distributed denial of service (DDoS) attack is an attempt to partially or completely shut down the targeted server with a flood of internet traffic. The primary aim of this attack is to disrupt regular traffic flow to the victim’s server or network. DDoS attacks are volumetric attacks, and non-legacy IoT devices with low security such as webcams, baby monitoring devices and printers are compromised to form a botnet. High traffic from compromised IoT devices is rerouted to servers to disrupt their regular services. DDoS attacks are to an extent covered in the research literature. However, existing research do not discuss all DDoS attacks on general servers and botnet attacks on IoT devices and suggest few detection and mitigation solutions which are limited to addressing attacks on the cloud environment. Existing survey focuses either on the cloud layer or the IoT layer. A complete survey of DDoS attacks for both IoT and the cloud environment is not present in the current literature. Our survey is a comprehensive approach which includes general DDoS attack motivations and specific reasons why attackers prefer IoT devices to launch DDoS attacks. Various attack methods to compromise IoT devices and tools used to deploy botnet-infected IoT devices for DDoS attacks on the cloud layer are presented. A detailed attack classification on IoT devices and the cloud environment is presented considering that IoT devices are first compromised and then used by attackers against their primary targets on the cloud layer. Various state-of-the-art defense measures in the current literature for defense against DDoS attacks are present. Suggestions to implement an essential first line of defense for IoT devices are suggested. Our paper, to the best of our knowledge, is first to provide a holistic study of DDoS attacks from IoT devices to the cloud environment.