摘要:In this paper, we propose a multi-phase detection algorithm for each location in order to improvedetection accuracy of IoT AP overload denial of service attacks and IoT domain service availability for IoTusers. First, we compare the traffic load of the transmission band as the starting point of the detectionalgorithm. Next, we eliminate the high false positive that determines the occurrence of overload caused bynormal service requests, not the intrusions of existing countermeasures, and the high false negative that cannot be detected by bypass attacks such as Slowloris. To do this, we proposed abnormal traffic removalfunction by traffic load comparison against session, traffic load comparison against application layerconnection, and comparison of dynamic contents request.Through the test, the proposed algorithm greatly increased the degree of domain availability that IoTnormal user actually felt.
关键词:IoT(Internet of Thing); AP(Access Point); DoS(Denial of Service); Availability; Slowloris
