DOS ATTACK TYPES:

DoS attack on the Physical layer:

-

Jamming: occupies the communication channel between the Wireless Sensor

Network (WSN) nodes, thus preventing them from communicating with each
other.

Tempering: Attackers can take advantage of the limited memory and

processing power of IoT device to attack them with brute force and extract
sensitive information or damage the device.

DoS attack at Link layer

-

Exhaustion: attacker may disrupt the channel by continuously requesting and

transmitting over it.

Collision: two nodes simultaneously transmit data packets on the same

channel. That causes mismatch identification at the receiving end.

Unfairness: attacker repeatedly cause collisions to degrade the service.

DoS attack on Network layer

-

Spoofing, replaying and misdirection of traffic.

Hello flood attack: congesting channel with an unusually high number of

useless message.

Homing attack: attacking to vital nodes such as cluster heads or key

managers to shut down the entire network.

Selective forwarding: attacker forwards a few selected traffic and drops the
rest. Black hole attack is when the attacker drops all traffic coming to it.

Sybil: attackers replicates a single node and presents it with multiple

identities to the other nodes.

Wormhole: attacker receives packets at one location in the network, then

moves to other location and replays the packet there.

DoS attack on the Transport layer

-

Flooding: attacker repeatedly establishes new connection requests until the

resources are exhausted.

De-Synchronization: attacker disrupted the connection between two

endpoints by forges messages to either or both endpoints.

DoS attack on the Application layer:

-

Reprogramming attack: attacker modifies the source code such that

application goes into infinite loop or keep sending bogus messages, so that
the application becomes inaccessible.

Path based DoS: flooding a multi-hop end-to-end communication path with

either replayed packets or injected spurious packets.

IoT DOS DETECTION

1. 2015 ICSTM - Distributed Detection of Flooding and Gray Hole
Attacks in Wireless Sensor Network
The method will detect the abnormal energy consumption of a sensor node. First, it
divides nodes into clusters. A cluster head will be elected for each cluster. Initial
energy of each cluster member is known. The cluster head periodically checks
energy consumption of each member nodes. The node consuming significantly high
energy is identifies as the attacker and will be isolated from the network.

2. 2013 Detection and Prevention Mechanism for blackhole attack in

WSN
The method builds clusters from sensor nodes. Cluster contains nodes which are in
the communication range of each other. Then cluster coordinator is elected and it
becomes the responsibility of the cluster. The cluster coordination manages each
nodes in cluster with ID, and periodically send authentication packet to each node
and wait for a fixed period. If a node does not respond in time, it means the node
has failed or has been compromised.

3. 2012 IEEE - Detection of Jamming Style DoS attack in Wireless

Sensor Network
For each node, collect Received Signal Strength Indicator (RSSI), Packet Deliver
Ratio (PDR) and Residual Energy (RE). Nodes that have high RE value are selected
as monitor nodes. The monitor node collects RSSI and PDR from its neighbors
periodically, and computes weight value for each node. If the computed weight is
greater than a threshold, the corresponding node is marked as jammer.