Quantifying the Reflective DDoS Attack Capability of Household IoT Devices
| Title | Quantifying the Reflective DDoS Attack Capability of Household IoT Devices |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Lyu, Minzhao, Sherratt, Dainel, Sivanathan, Arunan, Gharakheili, Hassan Habibi, Radford, Adam, Sivaraman, Vijay |
| Conference Name | Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5084-6 |
| Keywords | Collaboration, composability, Human Behavior, Internet-scale Computing Security, Metrics, Policy-Governed Secure Collaboration, pubcrawl, resilience, Resiliency, Scalability |
| Abstract | Distributed Denial-of-Service (DDoS) attacks are increasing in frequency and volume on the Internet, and there is evidence that cyber-criminals are turning to Internet-of-Things (IoT) devices such as cameras and vending machines as easy launchpads for large-scale attacks. This paper quantifies the capability of consumer IoT devices to participate in reflective DDoS attacks. We first show that household devices can be exposed to Internet reflection even if they are secured behind home gateways. We then evaluate eight household devices available on the market today, including lightbulbs, webcams, and printers, and experimentally profile their reflective capability, amplification factor, duration, and intensity rate for TCP, SNMP, and SSDP based attacks. Lastly, we demonstrate reflection attacks in a real-world setting involving three IoT-equipped smart-homes, emphasising the imminent need to address this problem before it becomes widespread. |
| URL | https://dl.acm.org/citation.cfm?doid=3098243.3098264 |
| DOI | 10.1145/3098243.3098264 |
| Citation Key | lyu_quantifying_2017 |