Publication: Ataques DDoS con IoT, Análisis y Prevención de Riesgos
Loading...
Identifiers
Publication date
2019
Defense date
2019-10
Authors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
Impact
Export
Abstract
La tecnología del Internet de las cosas (IoT) continúa creciendo a diario, lo que en el ámbito de la ciberseguridad aumenta las preocupaciones sobre la implicación de estos dispositivos en ataques informáticos a empresas e instituciones. Entre ellos los ataques de denegación del servicio distribuido (DDoS), que utilizan el envío de una gran cantidad de peticiones a un servidor para saturarlo. Este trabajo tiene tres objetivos: desarrollar un software capaz de leer el tráfico entrante en una red y permitir analizarlo, determinar la capacidad de los dispositivos IoT de participar en un ataque DDoS y valorar los daños que pueden causar estos ataques para precisar si a las empresas les es recomendable contratar servicios anti-DDoS.
En primer lugar se desarrolló un software para leer el tráfico de datos entrante en una red, tras lo cual se realizaron diversas pruebas con dos dispositivos IoT (Raspberry pi 3 y Node MCU) en un entorno controlado. Estas pruebas constituían diferentes ataques DoS contra un servidor en el que estaba instalado el software de lectura de datos. Los resultados de las pruebas mostraban un elevado potencial destructivo de ambos dispositivos en relación a su precio y tamaño, y que efectivamente estos dispositivos pueden suponer una amenaza si participan en ataques DDoS.
La valoración de los daños de los ataques DDoS a las empresas se realizó mediante el análisis de informes publicados por grandes empresas del sector de la ciberseguridad y otras instituciones relacionadas. Se concluyó que el coste de sufrir un ataque DDoS es muy elevado para todo tipo de empresas, superando el coste medio los 200.000$ por ataque, y que tanto el tamaño como la duración y la cantidad de los ataques aumenta año a año.
El crecimiento de los dispositivos IoT, junto con su capacidad para participar en ataques DDoS y el elevado daño causado por estos ataques presentan la necesidad de buscar soluciones contra estos ataques. Es necesario reducir la vulnerabilidad de los dispositivos IoT. Además, es recomendable que las empresas hagan frente a estas amenazas y contraten servicios anti-DDoS para protegerse de estos ataques cada vez más comunes y potentes.
The Internet of things (IoT) technology continues to grow daily, which raises concerns in the field of cybersecurity about the involvement of these devices in computer attacks on companies and institutions. Among these attacks are found the distributed denial of service attacks (DDoS), which send a huge amount of petitions to a server in order to saturate it. This investigation has three goals: to develop a software capable of reading incoming traffic on a network and allow analyzing it, to determine the capacity of IoT devices to participate in a DDoS attack, and to assess the damages that these attacks can cause to determine if it is advisable for companies to hire anti-DDoS services. Firstly, a software was developed to enable the reading and analysis of the incoming traffic on a network. Then, several tests were done with two IoT devices (Raspberry pi 3 and NodeMCU), in a controlled environment. These tests were different DoS attacks against a server in which the developed software was installed. The results of these tests show a big destructive potential of both devices in relation to their price and size, and that they can consitute a considerable threat if they take part in a DDoS attack. The damage assessment of DDoS attacks on companies was carried out by analyzing several reports published by large companies in the cybersecurity sector and other related institutions. The conclusion obtained is that the cost of suffering a DDoS attack is very high for all types of companies. In fact, the average cost reported exceeds $200.000 per attack. Furthermore, it is also inferred that both the size and duration and the number of DDoS attacks increase yearly. The growth of IoT devices, together with their ability to participate in DDoS attacks and the high damage caused by these attacks present the need to find a solution to reduce the vulnerability of IoT devices to hackers. Furthermore, it is advisable that companies address these threats and hire anti-DDoS services to protect themselves from DDoS attacks.
The Internet of things (IoT) technology continues to grow daily, which raises concerns in the field of cybersecurity about the involvement of these devices in computer attacks on companies and institutions. Among these attacks are found the distributed denial of service attacks (DDoS), which send a huge amount of petitions to a server in order to saturate it. This investigation has three goals: to develop a software capable of reading incoming traffic on a network and allow analyzing it, to determine the capacity of IoT devices to participate in a DDoS attack, and to assess the damages that these attacks can cause to determine if it is advisable for companies to hire anti-DDoS services. Firstly, a software was developed to enable the reading and analysis of the incoming traffic on a network. Then, several tests were done with two IoT devices (Raspberry pi 3 and NodeMCU), in a controlled environment. These tests were different DoS attacks against a server in which the developed software was installed. The results of these tests show a big destructive potential of both devices in relation to their price and size, and that they can consitute a considerable threat if they take part in a DDoS attack. The damage assessment of DDoS attacks on companies was carried out by analyzing several reports published by large companies in the cybersecurity sector and other related institutions. The conclusion obtained is that the cost of suffering a DDoS attack is very high for all types of companies. In fact, the average cost reported exceeds $200.000 per attack. Furthermore, it is also inferred that both the size and duration and the number of DDoS attacks increase yearly. The growth of IoT devices, together with their ability to participate in DDoS attacks and the high damage caused by these attacks present the need to find a solution to reduce the vulnerability of IoT devices to hackers. Furthermore, it is advisable that companies address these threats and hire anti-DDoS services to protect themselves from DDoS attacks.
Description
Keywords
Internet de las cosas, DDoS (Distributed Denial of Service o Denegación de Servicio Distribuido), Prevención de riesgos