Jamming: occupies the communication channel between the Wireless Sensor
Network (WSN) nodes, thus preventing them from communicating with each other.
Tempering: Attackers can take advantage of the limited memory and
processing power of IoT device to attack them with brute force and extract sensitive information or damage the device.
DoS attack at Link layer
-
Exhaustion: attacker may disrupt the channel by continuously requesting and
transmitting over it.
Collision: two nodes simultaneously transmit data packets on the same
channel. That causes mismatch identification at the receiving end.
Unfairness: attacker repeatedly cause collisions to degrade the service.
DoS attack on Network layer
-
Spoofing, replaying and misdirection of traffic.
Hello flood attack: congesting channel with an unusually high number of
useless message.
Homing attack: attacking to vital nodes such as cluster heads or key
managers to shut down the entire network.
Selective forwarding: attacker forwards a few selected traffic and drops the rest. Black hole attack is when the attacker drops all traffic coming to it.
Sybil: attackers replicates a single node and presents it with multiple
identities to the other nodes.
Wormhole: attacker receives packets at one location in the network, then
moves to other location and replays the packet there.
DoS attack on the Transport layer
-
Flooding: attacker repeatedly establishes new connection requests until the
resources are exhausted.
De-Synchronization: attacker disrupted the connection between two
endpoints by forges messages to either or both endpoints.
DoS attack on the Application layer:
-
Reprogramming attack: attacker modifies the source code such that
application goes into infinite loop or keep sending bogus messages, so that the application becomes inaccessible.
Path based DoS: flooding a multi-hop end-to-end communication path with
either replayed packets or injected spurious packets.
IoT DOS DETECTION
1. 2015 ICSTM - Distributed Detection of Flooding and Gray Hole Attacks in Wireless Sensor Network The method will detect the abnormal energy consumption of a sensor node. First, it divides nodes into clusters. A cluster head will be elected for each cluster. Initial energy of each cluster member is known. The cluster head periodically checks energy consumption of each member nodes. The node consuming significantly high energy is identifies as the attacker and will be isolated from the network.
2. 2013 Detection and Prevention Mechanism for blackhole attack in
WSN The method builds clusters from sensor nodes. Cluster contains nodes which are in the communication range of each other. Then cluster coordinator is elected and it becomes the responsibility of the cluster. The cluster coordination manages each nodes in cluster with ID, and periodically send authentication packet to each node and wait for a fixed period. If a node does not respond in time, it means the node has failed or has been compromised.
3. 2012 IEEE - Detection of Jamming Style DoS attack in Wireless
Sensor Network For each node, collect Received Signal Strength Indicator (RSSI), Packet Deliver Ratio (PDR) and Residual Energy (RE). Nodes that have high RE value are selected as monitor nodes. The monitor node collects RSSI and PDR from its neighbors periodically, and computes weight value for each node. If the computed weight is greater than a threshold, the corresponding node is marked as jammer.