Zhiyong Liu Kai Zheng Xin Huang
摘 要:Internet of Things (IoT) is widely used in various fields. It connects diverse devices and enables them to collect and exchange data. However, with the popularity of IoT, more and more attentions have been paid on the security of IoT. In this paper, experimenters use hping3 to launch a Denial of Service (DoS) attack to IoT. The DoS attack is launched by the method of ICMP Flood and the performance of attack is analysed.
關(guān)鍵詞:Internet of Things (IoT); Denial of Service (DoS) attack; ICMP Flood; Network Security;
I. INTRODUCTION
The Internet of Things (IoT) paradigm conceives the ubiquitous interconnection and cooperation of devices in the Internet, which is considered as an applied extension of Internet.
However, IoT system can be attacked. Among all possible attacks, Denial of Service (DoS) attack is an effective and common form [1, 2]. It is launched by a malignant intruder and aims to exhaust the resource of target [3, 4].
In this paper, A IoT environment is deployed. A DoS attack in IoT is designed and implemented. The DoS attack is launched by the method of ICMP Flood attack, while the results of experiment are beneficial to analyze the impact of DoS attack on victim.
II.THE EXPERIMENT PLATFORM
·Gateway: It is based on the Raspberry, which connects other devices. The raspberry is pre-installed with the Dstat, which is a monitoring tool in Linux.
·PC: The PC is client which connects to wireless LAN. It can exchange data with sensor node through gateway.
·Attacker: The attacker is Kali Linux which is a virtual machine on the PC. It can use built-in tools to launch the ICMP Flood ICMP attack.
·Sensor node: It is based on Arduino, which can monitor the information of environment.
III.TESTING
In this experiment, the size of ICMP packets launched by attacker is variable. We first chose three different sizes which are 250 bytes, 500 bytes and 750 bytes and use ping command to verify if the gateway can operate normally in terms of CPU utility, time of success of attack, packet lose rate.
We also choose 10 packets in each scenario and compare the respond time in Figure 2, which shows that larger size of packet causes longer response time.
We then use other extra size of ICMP packets to launch the attack in order to see the change of packet lose rate. The packet size is 1000 bytes, 1250 bytes, 1500 bytes. The results show that the performance of ICMP Flood attack becomes better when the size of packet increases.
IV.CONCLUSION
In this paper, experimenters deploy a IoT system as the victim of ICMP Flood attack. The results of experiment show that the increase of size of ICMP packet size can improve the performance of attack, which reflects in CPU utility, time of success of attack and packet lose rate in experiment.
Acknowledgment
This work has been supported by the XJTLU research development fund projects RDF140243 and RDF150246, as well as by the Suzhou Science and Technology Development Plan under grant SYG201516, and Jiangsu Province National Science Foundation under grant BK20150376.
References
[1]C. Ming et al, "Different Denail of Service Attack Methods for IoT System", 2017.
[2]K. Zheng et al, "A Denail of Service Attack Method for an IoT System"
[3]L. Liang et al, "A Denial of Service Attack Method for IoT System in photovoltaic Energy System"
[4]K. Wang et al, "A Denial of Service Attack Against IoT System", 2017.