Detection and Mitigation of IoT Based DDoS Attack Using Extended MUD Enabled Device Profiling Techniques

Abstract

In today’s landscape, the burgeoning Internet of Things (IoT) infrastructure underscores the imperative for implementing top-tier security measures to safeguard the IoT realm. This domain has permeated various sectors, including automotive, smart cities, healthcare, industries, and the power sector. The rising ubiquity of IoT devices has drawn the attention of malicious actors, presenting a significant risk of exploitation in insecure, constrained environments. Among the foremost threats in the IoT domain is the Distributed Denial of Service (DDoS) attack, capable of swiftly devastating entire IoT infrastructures. To address this issue, this work proposes a detection and mitigation model aimed at thwarting DDoS attacks in IoT environments. A hybrid feature selection technique is proposed to identify the most effective features for detecting attacks, and Convolutional Neural Network (CNN) is used to identify the suspicious IoT nodes. Further utilized the extended Manufacturer Usage Description (MUD) enabled device profiling techniques to compare the malicious node profiles with existing benign MUD profiles to find the malicious nodes. Linux IPtables is enabled to efficiently filter DDoS attacks. The proposed work is for detecting IoT DDoS attacks, alongside a self-reliant mitigation strategy to effectively filter these attacks. This strategy aims to minimize the impact of blocking legitimate network traffic from IoT devices. The effectiveness of the proposed hybrid feature selection was evaluated by using the CICIoT2023 dataset. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.