Quick Suppression of DDoS Attacks by Frame Priority Control in IoT Backhaul With Construction of Mirai-Based Attacks

We propose a novel distributed denial of service (DDoS) attack suppression system that significantly reduces discarding of normal traffic (i.e., the traffic from Internet of Things (IoT) devices that are not infected with a malware) with a small number of equipment by controlling the priority of frames in a network accommodating IoT devices. Experimental results showed that our proposed system prevented the discarding of the normal traffic in a few seconds when attack traffic was generated by a traffic generator. Moreover, we constructed Mirai-based DDoS attack traffic and experimentally demonstrated that the discarding of the normal traffic was prevented in 30 milliseconds in our proposed system. We also confirmed that the attack traffic detected by a DDoS protector that was installed in front of an IoT server was autonomously blocked at the switches that the traffic came through from the IoT devices (i.e., the entrances to a backbone network) by integrating various vendors' products.