Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Adaptive Attack Mitigation for IoV Flood Attacks

Erol Gelenbe, Mohammed Nasereddin

TL;DR

The paper addresses securing IoV gateways against flood attacks that degrade real-time data exchange by overwhelming the Attack Detector (AD). It proposes a two-pronged defense: a Smart Quasi-Deterministic Forwarder (SQF) with a Quasi-Deterministic Transmission Policy (QDTP) for traffic shaping, and an Adaptive Attack Mitigation (AAM) framework that dynamically segments and drops attacker packets while preserving benign traffic. The Attack Detector (AADRNN) operates on a sliding window to detect attacks, and the AAM uses an optimization-based rule to choose the mitigation window $m^*$, with a key result that a delay parameter $D$ satisfying $D > T_n$ ensures zero extra server waiting time, and $m^*$ is approximated by $m^* \approx \sqrt{2(\beta/\alpha)W[E[X]-W]}-W$. Experimental validation on a Raspberry Pi–based test-bed demonstrates that SQF plus AAM drastically reduces gateway backlog and maintains AD responsiveness during floods, providing a practical, scalable defense for real-time IoV networks and guiding edge deployment strategies.

Abstract

Gateway Servers for the Internet of Vehicles (IoV) must meet stringent Security and Quality of Service (QoS) requirements, including cyberattack protection, low delays and minimal packet loss, to offer secure real-time data exchange for human and vehicle safety and efficient road traffic management. Therefore, it is vital to protect these systems from cyberattacks with adequate Attack Detection (AD) and Mitigation mechanisms. Such attacks often include packet Floods that impair the QoS of the networks and Gateways and even impede the Gateways capability to carry out AD. Thus, this paper first evaluates these effects using system measurements during Flood attacks. It then demonstrates how a Smart Quasi-Deterministic Policy Forwarder (SQF) at the entrance of the Gateway can regulate the incoming traffic to ensure that the Gateway supports the AD to operate promptly during an attack. Since Flood attacks create substantial packet backlogs, we propose a novel Adaptive Attack Mitigation (AAM) system that is activated after an attack is detected to dynamically sample the incoming packet stream, determine whether the attack is continuing, and also drop batches of packets at the input to reduce the effects of the attack. The AAM is designed to minimize a cost function that includes the sampling overhead and the cost of lost benign packets. We show experimentally that the Optimum AAM approach is effective in mitigating attacks and present theoretical and experimental results that validate the proposed approach.

Adaptive Attack Mitigation for IoV Flood Attacks

TL;DR

The paper addresses securing IoV gateways against flood attacks that degrade real-time data exchange by overwhelming the Attack Detector (AD). It proposes a two-pronged defense: a Smart Quasi-Deterministic Forwarder (SQF) with a Quasi-Deterministic Transmission Policy (QDTP) for traffic shaping, and an Adaptive Attack Mitigation (AAM) framework that dynamically segments and drops attacker packets while preserving benign traffic. The Attack Detector (AADRNN) operates on a sliding window to detect attacks, and the AAM uses an optimization-based rule to choose the mitigation window , with a key result that a delay parameter satisfying ensures zero extra server waiting time, and is approximated by . Experimental validation on a Raspberry Pi–based test-bed demonstrates that SQF plus AAM drastically reduces gateway backlog and maintains AD responsiveness during floods, providing a practical, scalable defense for real-time IoV networks and guiding edge deployment strategies.

Abstract

Gateway Servers for the Internet of Vehicles (IoV) must meet stringent Security and Quality of Service (QoS) requirements, including cyberattack protection, low delays and minimal packet loss, to offer secure real-time data exchange for human and vehicle safety and efficient road traffic management. Therefore, it is vital to protect these systems from cyberattacks with adequate Attack Detection (AD) and Mitigation mechanisms. Such attacks often include packet Floods that impair the QoS of the networks and Gateways and even impede the Gateways capability to carry out AD. Thus, this paper first evaluates these effects using system measurements during Flood attacks. It then demonstrates how a Smart Quasi-Deterministic Policy Forwarder (SQF) at the entrance of the Gateway can regulate the incoming traffic to ensure that the Gateway supports the AD to operate promptly during an attack. Since Flood attacks create substantial packet backlogs, we propose a novel Adaptive Attack Mitigation (AAM) system that is activated after an attack is detected to dynamically sample the incoming packet stream, determine whether the attack is continuing, and also drop batches of packets at the input to reduce the effects of the attack. The AAM is designed to minimize a cost function that includes the sampling overhead and the cost of lost benign packets. We show experimentally that the Optimum AAM approach is effective in mitigating attacks and present theoretical and experimental results that validate the proposed approach.
Paper Structure (16 sections, 13 equations, 16 figures, 2 tables, 2 algorithms)

This paper contains 16 sections, 13 equations, 16 figures, 2 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work on the Security of the IoV and IoT
  3. Organization of this Paper
  4. The Experimental Test-Bed and its Behaviour Under a Flood Attack
  5. The Server's Behaviour during Attack Detection
  6. Lindley's Equation when the SQF is not Used
  7. Effect of the Smart QDTP Forwarder (SQF)
  8. Experiments that Illustrate the Value of Result 1
  9. SQF Queue Buildup and Attack Mitigation
  10. Adaptive Attack Mitigation (AAM)
  11. Attack Detection AD
  12. Analysis and Optimization of AAM
  13. Scalability
  14. Optimization Measurements of the AAM Scheme
  15. The Effect of the AAM on the Gateway's Time-Line Behaviour during Attacks
  16. ...and 1 more sections

Figures (16)

  • Figure 1: This figure shows the experimental test bed with several Raspberry Pi machines that emulate various devices, and are connected via Ethernet to the Server. The Raspberry Pis can send both normal and attack traffic to the Server that acts as a Gateway for the IoV
  • Figure 2: The software at the Gateway Server includes the manager for the SNMP network, the attack detection system (AD) CDIS, as well as the software for processing the contents of incoming packets.
  • Figure 3: The queue length shown along the $y$-axis (number of packets) at the Server input prior to the AD, shown as it varies over time ($x$-axis in seconds) at the Server input, prior to processing by the AD module, for a $60-seconds$ UDP Flood Attack that was launched by a Raspberry Pi in Figure \ref{['Zero-0']}. The queue length rises rapidly to $400,000$, and the Server congestion then lasts far longer than the attack itself, i.e. up to several hours, because of Server paralysis which delays AD processing, as seen in the AD processing times of Figure \ref{['fig:ProcessingTime2']}.
  • Figure 4: In the figure that is above, one can observe the histogram of AD processing time per packet, as measured without an attack. It shows the average processing time of $2.98$ ms (milliseconds), with a variance of $0.0055~ms^2$. In the figure given below, an attack occurs and the AD packet processing time increases to the average value of $4.82$ ms with $0.51~ms^2$.
  • Figure 5: During a UDP Flood Attack, we show successive measurements for the AD packet processing time per packet when the QDTP Forwarder SQF is not used. The large outliers in processing time that are observed in Figure \ref{['TimePerPacket']} (below) also confirm the measurements that are shown in this figure.
  • ...and 11 more figures