A broad learning-based comprehensive defence against SSDP reflection attacks in IoTs  

作　　者：Xin Liu Liang Zheng Sumi Helal Weishan Zhang Chunfu Jia Jiehan Zhou 

机构地区：[1]College of Computer Science and Technology,China University of Petroleum(East China),Qingdao,China [2]School of Computing Lancaster University,UK [3]Nankai University,Tianjin,China [4]Information Technology and Electrical Engineering,University of Oulu,Finland

出　　处：《Digital Communications and Networks》2023年第5期1180-1189,共10页数字通信与网络（英文版）

基　　金：The work presented in this paper is supported by the Shandong Provincial Natural Science Foundation(No.ZR2020MF04);National Natural Science Foundation of China(No.62072469);the Fundamental Research Funds for the Central Universities(19CX05027B,19CX05003A-11);West Coast Artificial Intelligence Technology Innovation Center(2019-1-5,2019-1-6);the Opening Project of Shanghai Trusted Industrial Control Platform(TICPSH202003015-ZC).

摘　　要：The proliferation of Internet of Things(IoT)rapidly increases the possiblities of Simple Service Discovery Protocol(SSDP)reflection attacks.Most DDoS attack defence strategies deploy only to a certain type of devices in the attack chain,and need to detect attacks in advance,and the detection of DDoS attacks often uses heavy algorithms consuming lots of computing resources.This paper proposes a comprehensive DDoS attack defence approach which combines broad learning and a set of defence strategies against SSDP attacks,called Broad Learning based Comprehensive Defence(BLCD).The defence strategies work along the attack chain,starting from attack sources to victims.It defends against attacks without detecting attacks or identifying the roles of IoT devices in SSDP reflection attacks.BLCD also detects suspicious traffic at bots,service providers and victims by using broad learning,and the detection results are used as the basis for automatically deploying defence strategies which can significantly reduce DDoS packets.For evaluations,we thoroughly analyze attack traffic when deploying BLCD to different defence locations.Experiments show that BLCD can reduce the number of packets received at the victim to 39 without affecting the standard SSDP service,and detect malicious packets with an accuracy of 99.99%.

关 键 词：Denial-of-service DRDoS SSDP reflection Attack Broad learning Traffic detection 

分 类 号：TP181[自动化与计算机技术—控制理论与控制工程]