Lightweight Edge-Based Security System Design for DDoS Attack Mitigation in Industrial IoT Infrastructure
Keywords:
Industrial IoT (IIoT), Edge Computing, DDoS Attack Mitigation, Lightweight Security, Anomaly Detection
Abstract
The rapid integration of the Industrial Internet of Things (IIoT) into industrial control systems (ICS) has greatly improved automation and operational efficiency, but it has also introduced new cybersecurity risks for critical infrastructure. Distributed Denial of Service (DDoS) attacks, in particular, pose a significant threat by potentially disrupting real-time operations, compromising safety, and causing physical damage. Traditional centralized methods for mitigating DDoS attacks often do not meet the low-latency, high-reliability, and resource-constrained requirements of IIoT environments. To address these challenges, this paper proposes a lightweight, edge-based security system specifically designed for real-time DDoS mitigation in IIoT infrastructures. The proposed architecture leverages the local processing capabilities of edge gateways, integrates efficient machine learning models for anomaly detection, and implements rapid response mechanisms. By focusing on resource efficiency and effective threat neutralization close to the source, the system aims to safeguard the integrity and availability of critical industrial processes. This paper outlines the system’s main components, highlights its lightweight design, and discusses ongoing challenges, providing a foundational framework for enhancing IIoT security against the growing landscape of cyber threats.
Downloads
Download data is not yet available.
References
[1] M. Javaid, Abid Haleem, R. Pratap Singh, S. Rab, and R. Suman, “Upgrading the manufacturing sector via applications of Industrial Internet of Things (IIoT),” Sensors Int., vol. 2, p. 100129, 2021, doi: https://doi.org/10.1016/j.sintl.2021.100129.
[2] J. Kim, J. Park, and J.-H. Lee, “Analysis of Recent IIoT Security Technology Trends in a Smart Factory Environment,” in 2023 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), 2023, pp. 840–845. doi: 10.1109/ICAIIC57133.2023.10067004.
[3] A. H. Eyeleko and T. Feng, “A Critical Overview of Industrial Internet of Things Security and Privacy Issues Using a Layer-Based Hacking Scenario,” IEEE Internet Things J., vol. 10, no. 24, pp. 21917–21941, 2023, doi: 10.1109/JIOT.2023.3308195.
[4] Y. Li, Y. Zhao, J. Li, X. Yu, Y. Zhao, and J. Zhang, “DDoS Attack Mitigation Based on Traffic Scheduling in Edge Computing- Enabled TWDM-PON,” IEEE Access, vol. 9, pp. 166566–166578, 2021, doi: 10.1109/ACCESS.2021.3134671.
[5] S. F. Ahmed et al., “Industrial Internet of Things enabled technologies, challenges, and future directions,” Comput. Electr. Eng., vol. 110, p. 108847, 2023, doi: https://doi.org/10.1016/j.compeleceng.2023.108847.
[6] M. Sverko, T. G. Grbac, and M. Mikuc, “SCADA Systems With Focus on Continuous Manufacturing and Steel Industry: A Survey on Architectures, Standards, Challenges and Industry 5.0,” IEEE Access, vol. 10, pp. 109395–109430, 2022, doi: 10.1109/ACCESS.2022.3211288.
[7] S. Chaudhary and P. K. Mishra, “DDoS attacks in Industrial IoT: A survey,” Comput. Networks, vol. 236, p. 110015, 2023, doi: https://doi.org/10.1016/j.comnet.2023.110015.
[8] A. Lohachab and B. Karambir, “Critical Analysis of DDoS—An Emerging Security Threat over IoT Networks,” J. Commun. Inf. Networks, vol. 3, no. 3, pp. 57–78, 2018, doi: 10.1007/s41650-018-0022-5.
[9] M. Arif, G. Wang, M. Zakirul Alam Bhuiyan, T. Wang, and J. Chen, “A survey on security attacks in VANETs: Communication, applications and challenges,” Veh. Commun., vol. 19, p. 100179, 2019, doi: https://doi.org/10.1016/j.vehcom.2019.100179.
[10] F. De Keersmaeker, Y. Cao, G. K. Ndonda, and R. Sadre, “A Survey of Public IoT Datasets for Network Security Research,” IEEE Commun. Surv. Tutorials, vol. 25, no. 3, pp. 1808–1840, 2023, doi: 10.1109/COMST.2023.3288942.
[11] A. Bhardwaj et al., “IIoT: Traffic Data Flow Analysis and Modeling Experiment for Smart IoT Devices,” 2022. doi: 10.3390/su142114645.
[12] A. Ashraf and W. M. Elmedany, “IoT DDoS attacks detection using machine learning techniques: A Review,” in 2021 International Conference on Data Analytics for Business and Industry (ICDABI), 2021, pp. 178–185. doi: 10.1109/ICDABI53623.2021.9655789.
[13] I. A. Mahar, W. Libing, G. A. Rahu, Z. A. Maher, and M. Y. Koondhar, “Feature Based Comparative Analysis of Traditional Intrusion Detection System and Software-Defined Networking Based Intrusion Detection System,” in 2023 IEEE 8th International Conference on Engineering Technologies and Applied Sciences (ICETAS), 2023, pp. 1–5. doi: 10.1109/ICETAS59148.2023.10346497.
[14] Z. Lin, J. Liu, J. Xiao, and S. Zi, “A Survey: Resource Allocation Technology Based on Edge Computing in IIoT,” in 2020 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI), 2020, pp. 1–5. doi: 10.1109/CCCI49893.2020.9256663.
[15] H. Bangui and B. Buhnova, “Lightweight intrusion detection for edge computing networks using deep forest and bio-inspired algorithms,” Comput. Electr. Eng., vol. 100, p. 107901, 2022, doi: https://doi.org/10.1016/j.compeleceng.2022.107901.
[16] W. Marfo, D. K. Tosh, and S. V Moore, “Network Anomaly Detection Using Federated Learning,” in MILCOM 2022 - 2022 IEEE Military Communications Conference (MILCOM), 2022, pp. 484–489. doi: 10.1109/MILCOM55135.2022.10017793.
[17] K. DeMedeiros, A. Hendawi, and M. Alvarez, “A Survey of AI-Based Anomaly Detection in IoT and Sensor Networks,” Sensors, vol. 23, no. 3, 2023, doi: 10.3390/s23031352.
[18] M. Fejrskov, J. M. Pedersen, and E. Vasilomanolakis, “Detecting DNS hijacking by using NetFlow data,” in 2022 IEEE Conference on Communications and Network Security (CNS), 2022, pp. 273–280. doi: 10.1109/CNS56114.2022.9947264.
[19] Z. Liu, Y. Wang, F. Feng, Y. Liu, Z. Li, and Y. Shan, “A DDoS Detection Method Based on Feature Engineering and Machine Learning in Software-Defined Networks,” Sensors, vol. 23, no. 13, 2023, doi: 10.3390/s23136176.
[20] S. Sadhwani, B. Manibalan, R. Muthalagu, and P. Pawar, “A Lightweight Model for DDoS Attack Detection Using Machine Learning Techniques,” Appl. Sci., vol. 13, no. 17, 2023, doi: 10.3390/app13179937.
[21] E. H. Budiarto, A. Erna Permanasari, and S. Fauziati, “Unsupervised Anomaly Detection Using K-Means, Local Outlier Factor and One Class SVM,” in 2019 5th International Conference on Science and Technology (ICST), 2019, pp. 1–5. doi: 10.1109/ICST47872.2019.9166366.
[22] S. Liu, L. Liu, and Y. Yi, “Quantized Reservoir Computing on Edge Devices for Communication Applications,” in 2020 IEEE/ACM Symposium on Edge Computing (SEC), 2020, pp. 445–449. doi: 10.1109/SEC50012.2020.00068.
[23] S. A. Bakhsh, M. A. Khan, F. Ahmed, M. S. Alshehri, H. Ali, and J. Ahmad, “Enhancing IoT network security through deep learning-powered Intrusion Detection System,” Internet of Things, vol. 24, p. 100936, 2023, doi: https://doi.org/10.1016/j.iot.2023.100936.
[24] W. Zahwa, A. Lahmadi, M. Rusinowitch, and M. Ayadi, “Automated Placement of In-Network ACL Rules,” in 2023 IEEE 9th International Conference on Network Softwarization (NetSoft), 2023, pp. 486–491. doi: 10.1109/NetSoft57336.2023.10175436.
[25] N. Anjum, Z. Latif, C. Lee, I. A. Shoukat, and U. Iqbal, “MIND: A Multi-Source Data Fusion Scheme for Intrusion Detection in Networks,” Sensors, vol. 21, no. 14, 2021, doi: 10.3390/s21144941.
[26] D. Atzeni, R. Ramjattan, R. Figliè, G. Baldi, and D. Mazzei, “Data-Driven Insights through Industrial Retrofitting: An Anonymized Dataset with Machine Learning Use Cases,” Sensors, vol. 23, no. 13, 2023, doi: 10.3390/s23136078.
[27] M. A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, and H. Janicke, “Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning,” IEEE Access, vol. 10, pp. 40281–40306, 2022, doi: 10.1109/ACCESS.2022.3165809.
[2] J. Kim, J. Park, and J.-H. Lee, “Analysis of Recent IIoT Security Technology Trends in a Smart Factory Environment,” in 2023 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), 2023, pp. 840–845. doi: 10.1109/ICAIIC57133.2023.10067004.
[3] A. H. Eyeleko and T. Feng, “A Critical Overview of Industrial Internet of Things Security and Privacy Issues Using a Layer-Based Hacking Scenario,” IEEE Internet Things J., vol. 10, no. 24, pp. 21917–21941, 2023, doi: 10.1109/JIOT.2023.3308195.
[4] Y. Li, Y. Zhao, J. Li, X. Yu, Y. Zhao, and J. Zhang, “DDoS Attack Mitigation Based on Traffic Scheduling in Edge Computing- Enabled TWDM-PON,” IEEE Access, vol. 9, pp. 166566–166578, 2021, doi: 10.1109/ACCESS.2021.3134671.
[5] S. F. Ahmed et al., “Industrial Internet of Things enabled technologies, challenges, and future directions,” Comput. Electr. Eng., vol. 110, p. 108847, 2023, doi: https://doi.org/10.1016/j.compeleceng.2023.108847.
[6] M. Sverko, T. G. Grbac, and M. Mikuc, “SCADA Systems With Focus on Continuous Manufacturing and Steel Industry: A Survey on Architectures, Standards, Challenges and Industry 5.0,” IEEE Access, vol. 10, pp. 109395–109430, 2022, doi: 10.1109/ACCESS.2022.3211288.
[7] S. Chaudhary and P. K. Mishra, “DDoS attacks in Industrial IoT: A survey,” Comput. Networks, vol. 236, p. 110015, 2023, doi: https://doi.org/10.1016/j.comnet.2023.110015.
[8] A. Lohachab and B. Karambir, “Critical Analysis of DDoS—An Emerging Security Threat over IoT Networks,” J. Commun. Inf. Networks, vol. 3, no. 3, pp. 57–78, 2018, doi: 10.1007/s41650-018-0022-5.
[9] M. Arif, G. Wang, M. Zakirul Alam Bhuiyan, T. Wang, and J. Chen, “A survey on security attacks in VANETs: Communication, applications and challenges,” Veh. Commun., vol. 19, p. 100179, 2019, doi: https://doi.org/10.1016/j.vehcom.2019.100179.
[10] F. De Keersmaeker, Y. Cao, G. K. Ndonda, and R. Sadre, “A Survey of Public IoT Datasets for Network Security Research,” IEEE Commun. Surv. Tutorials, vol. 25, no. 3, pp. 1808–1840, 2023, doi: 10.1109/COMST.2023.3288942.
[11] A. Bhardwaj et al., “IIoT: Traffic Data Flow Analysis and Modeling Experiment for Smart IoT Devices,” 2022. doi: 10.3390/su142114645.
[12] A. Ashraf and W. M. Elmedany, “IoT DDoS attacks detection using machine learning techniques: A Review,” in 2021 International Conference on Data Analytics for Business and Industry (ICDABI), 2021, pp. 178–185. doi: 10.1109/ICDABI53623.2021.9655789.
[13] I. A. Mahar, W. Libing, G. A. Rahu, Z. A. Maher, and M. Y. Koondhar, “Feature Based Comparative Analysis of Traditional Intrusion Detection System and Software-Defined Networking Based Intrusion Detection System,” in 2023 IEEE 8th International Conference on Engineering Technologies and Applied Sciences (ICETAS), 2023, pp. 1–5. doi: 10.1109/ICETAS59148.2023.10346497.
[14] Z. Lin, J. Liu, J. Xiao, and S. Zi, “A Survey: Resource Allocation Technology Based on Edge Computing in IIoT,” in 2020 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI), 2020, pp. 1–5. doi: 10.1109/CCCI49893.2020.9256663.
[15] H. Bangui and B. Buhnova, “Lightweight intrusion detection for edge computing networks using deep forest and bio-inspired algorithms,” Comput. Electr. Eng., vol. 100, p. 107901, 2022, doi: https://doi.org/10.1016/j.compeleceng.2022.107901.
[16] W. Marfo, D. K. Tosh, and S. V Moore, “Network Anomaly Detection Using Federated Learning,” in MILCOM 2022 - 2022 IEEE Military Communications Conference (MILCOM), 2022, pp. 484–489. doi: 10.1109/MILCOM55135.2022.10017793.
[17] K. DeMedeiros, A. Hendawi, and M. Alvarez, “A Survey of AI-Based Anomaly Detection in IoT and Sensor Networks,” Sensors, vol. 23, no. 3, 2023, doi: 10.3390/s23031352.
[18] M. Fejrskov, J. M. Pedersen, and E. Vasilomanolakis, “Detecting DNS hijacking by using NetFlow data,” in 2022 IEEE Conference on Communications and Network Security (CNS), 2022, pp. 273–280. doi: 10.1109/CNS56114.2022.9947264.
[19] Z. Liu, Y. Wang, F. Feng, Y. Liu, Z. Li, and Y. Shan, “A DDoS Detection Method Based on Feature Engineering and Machine Learning in Software-Defined Networks,” Sensors, vol. 23, no. 13, 2023, doi: 10.3390/s23136176.
[20] S. Sadhwani, B. Manibalan, R. Muthalagu, and P. Pawar, “A Lightweight Model for DDoS Attack Detection Using Machine Learning Techniques,” Appl. Sci., vol. 13, no. 17, 2023, doi: 10.3390/app13179937.
[21] E. H. Budiarto, A. Erna Permanasari, and S. Fauziati, “Unsupervised Anomaly Detection Using K-Means, Local Outlier Factor and One Class SVM,” in 2019 5th International Conference on Science and Technology (ICST), 2019, pp. 1–5. doi: 10.1109/ICST47872.2019.9166366.
[22] S. Liu, L. Liu, and Y. Yi, “Quantized Reservoir Computing on Edge Devices for Communication Applications,” in 2020 IEEE/ACM Symposium on Edge Computing (SEC), 2020, pp. 445–449. doi: 10.1109/SEC50012.2020.00068.
[23] S. A. Bakhsh, M. A. Khan, F. Ahmed, M. S. Alshehri, H. Ali, and J. Ahmad, “Enhancing IoT network security through deep learning-powered Intrusion Detection System,” Internet of Things, vol. 24, p. 100936, 2023, doi: https://doi.org/10.1016/j.iot.2023.100936.
[24] W. Zahwa, A. Lahmadi, M. Rusinowitch, and M. Ayadi, “Automated Placement of In-Network ACL Rules,” in 2023 IEEE 9th International Conference on Network Softwarization (NetSoft), 2023, pp. 486–491. doi: 10.1109/NetSoft57336.2023.10175436.
[25] N. Anjum, Z. Latif, C. Lee, I. A. Shoukat, and U. Iqbal, “MIND: A Multi-Source Data Fusion Scheme for Intrusion Detection in Networks,” Sensors, vol. 21, no. 14, 2021, doi: 10.3390/s21144941.
[26] D. Atzeni, R. Ramjattan, R. Figliè, G. Baldi, and D. Mazzei, “Data-Driven Insights through Industrial Retrofitting: An Anonymized Dataset with Machine Learning Use Cases,” Sensors, vol. 23, no. 13, 2023, doi: 10.3390/s23136078.
[27] M. A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, and H. Janicke, “Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning,” IEEE Access, vol. 10, pp. 40281–40306, 2022, doi: 10.1109/ACCESS.2022.3165809.
Published
2024-02-29
How to Cite
[1]
A. Amrullah, “Lightweight Edge-Based Security System Design for DDoS Attack Mitigation in Industrial IoT Infrastructure”, Intellithings Journal, vol. 1, no. 1, pp. 17-24, Feb. 2024.
Section
Articles
