Detection of Denial of Service Attacks Using SNMP-MIB in Internet of Things Environment

Abstract:
The Internet is a vast system of interconnected networks that provide a variety of services. More than a million people join the World Wide Webs every day, making it a powerful force. Approximately 70% of businesses are considering making the switch to cloud services due to the many benefits and pay-as-you-go structure of cloud computing. DoS attacks, which interrupt internet services, are a common kind of cybercrime. Distributed DoS assaults (or DDoS for short) happen when the same DoS comes in from several different places at once. DoS severely destroys the availability limitation of online services, hence early detection is crucial. The DoS attack type known as TCPSYN causes the TCP protocol’s connection setup procedure to fail, leading to partially open connections. TCP-SYN is used to force a web server to crash by using up all of its resources. Despite ongoing efforts at repair, attacks against TCP-SYN continue to increase in frequency and sophistication. Therefore, in today’s digital environment, it is envisaged that the solution would completely mitigate such threats. A multi-level detection strategy that integrates SNMP and incoming request analysis is offered as a means to early detection and cost-effectiveness. The basic goal of SNMP is to achieve maximum effectiveness in distinguishing TCP-SYN from valid traffic in a shorter time span. Using the SNMP Management Information Base (MIB) variables, a TCP-SYN attack may be spotted in two stages. Theoretical validation is used to determine which MIBs should be used, and feature selection approaches have been verified using the prediction and accuracy metrics of linear regression