Preventing distributed-denial-of-service attacks is a crucial part of securing the Internet of Things.

© Pixabay

Leaving cyberattackers lost in the fog

12 Mar 2020

A*STAR researchers have found a way to arrest distributed-denial-of-service attacks close to their source, with implications for securing the Industrial Internet of Things.

As wireless communication becomes cheaper and faster, more and more devices are being hooked up to the Internet of Things (IoT), promising real-time communication and control across a variety of sensors and devices. Applied in an industrial context—in what is known as industrial IoT (IIoT)—these technologies pave the way for predictive maintenance of machinery and remote monitoring of processes, among other useful functions.

However, with increased connectivity comes greater exposure to cyberattacks. “IIoT systems involve many devices distributed across locations with weak security protection, making them vulnerable to compromise,” said Luying Zhou, a Research Scientist at the A*STAR's Institute for Infocomm Research (I2R).

“They are particularly prone to a distributed-denial-of-service, or DDoS, attack, in which compromised devices swamp the IIoT system in large volumes of communication traffic that consume the system or network resources, leaving the system unavailable for normal operation,” he explained.

A DDoS attack can be defeated by detecting the compromised device and filtering out its suspicious communication. However, peripheral devices may not be able to detect if their fellow devices have been compromised, while the centralized cloud server may only detect an attack too late, after the increased traffic has already knocked out parts of the network.

As such, Zhou and his team devised a ‘fog-computing’ approach with a three-level architecture—field, local and cloud levels—that allows IIoT system operators to carry out in-depth investigation and analysis of malicious network behaviors.

In their scheme, firewalls and station servers at the field and local levels are configured to monitor and control traffic on nearby devices. Meanwhile cloud computing services allow traffic data analyses and time-sensitive tasks to be executed close to the system’s end users. “Our method protects the whole IIoT system while reducing unnecessary data transfers,” Zhou said.

Simulating an IIoT system under DDoS attack, the researchers showed that the fog-computing approach achieves faster detection and mitigation of malicious network behaviors. In their experiments, normal connectivity was restored in milliseconds when fog-computing was applied.

“Since attack traffic could be blocked near the attacking sources, we were able to achieve a faster detection time via cloud server coordination, a higher detection rate, and savings in bandwidth resources,” Zhou said.

“We are confident that our approach will be a valuable resource for effectively detecting and stopping DDoS and other attacks,” he concluded.

The A*STAR-affiliated researchers contributing to this research are from the Institute for Infocomm Research (I2R).

Want to stay up to date with breakthroughs from A*STAR? Follow us on Twitter and LinkedIn!


Zhou, L., Guo, H., and Deng, G. A fog computing based approach to DDoS mitigation in IIoT systems. Computers & Security 85, 51-62 (2019) | article

About the Researcher

Luying Zhou

Senior Scientist

Institute for Infocomm Research
Luying Zhou obtained his PhD degree from Xi’an Jiaotong University, China, and completed his postdoctoral research in the US. He joined A*STAR’s Institute for Infocomm Research (I2R) in 1998, where he is now a Senior Scientist. From 2004 to 2012, Zhou was an Adjunct Faculty member at Nanyang Technological University, Singapore. He received the IEEE ICC Best Paper Award in 2012. Zhou’s research focuses on cybersecurity and computer/communication network reliability issues.

This article was made for A*STAR Research by Wildtype Media Group