Mathematical model on distributed denial of service attack through Internet of things in a network

Bimal Kumar Mishra; Ajit Kumar Keshri; Dheeresh Kumar Mallick; Binay Kumar Mishra

doi:10.1515/nleng-2017-0094

Article Open Access

Mathematical model on distributed denial of service attack through Internet of things in a network

Bimal Kumar Mishra , Ajit Kumar Keshri , Dheeresh Kumar Mallick and Binay Kumar Mishra

Published/Copyright: December 14, 2018

Published by

Become an author with De Gruyter Brill

Submit Manuscript Author Information

From the journal Nonlinear Engineering Volume 8 Issue 1

Abstract

Internet of Things (IoT) opens up the possibility of agglomerations of different types of devices, Internet and human elements to provide extreme interconnectivity among them towards achieving a completely connected world of things. The mainstream adaptation of IoT technology and its widespread use has also opened up a whole new platform for cyber perpetrators mostly used for distributed denial of service (DDoS) attacks. In this paper, under the influence of internal and external nodes, a two - fold epidemic model is developed where attack on IoT devices is first achieved and then IoT based distributed attack of malicious objects on targeted resources in a network has been established. This model is mainly based on Mirai botnet made of IoT devices which came into the limelight with three major DDoS attacks in 2016. The model is analyzed at equilibrium points to find the conditions for their local and global stability. Impact of external nodes on the over-all model is critically analyzed. Numerical simulations are performed to validate the vitality of the model developed.

Keywords: Distributed Denial of Service attack; Internet of Things; Targeted attack; Wireless network; External node; Malicious object

1 Introduction

First in biology, the spreading of epidemic diseases like plague, smallpox, tuberculosis, measles, leprosy, poliomyelitis, malaria, AIDS/HIV to name a few [1] are successfully analyzed and achieved great success to eradicate them through various epidemic models [2]. Since, computer epidemics due to attacks of malicious objects are analogues to biological epidemics, the use of computer epidemic models came into existence. In the recent past, numbers of researchers have used epidemic modeling for the analysis of the attack and defense of malicious objects and its ramification on computer networks in order to provide a framework for better defense mechanism apart from ameliorate the attack problem [3, 4, 5]. Epidemic models are dynamic in nature where the entire population of nodes is divided into different compartments like susceptible, vaccinated, exposed, infected, quarantined, and recovered and so on. Movement of nodes from one compartment to another is then represented using ordinary differential equations. The system of ordinary differential equations for such derived epidemic model is then analyzed for equilibria and finally local and global stability is achieved. Evaluation of epidemic threshold (R₀) helps us to decide whether the epidemic will persist or the infection will die out. Recently two new malware epidemic models have been proposed by Yang and Yang where the first one [6] is based on bi-virus computing spreading model to evaluate the criteria for the extinction of both viruses and for the survival of only one virus and the other one [7] is based on patches (Susceptible-Infected-Patched-Susceptible model) that can be disseminated over a vulnerable network to assess its impact on the prevalence of computer virus. In 2018, a predator-prey model for wireless nanosensor network against attacks of malicious objects is envisioned by Keshri, Mishra and Mallick to determine whether WNSNs are able to survive against malicious attacks or not [8]. In this paper, for the first time ever, an epidemic model that shows a relationship among distributed attacking IoT nodes, targeted nodes in a network and external nodes, is developed and analyzed. In 2014, the new era of Internet of Things (IoT) was addressed by Brendan O’Brien, Chief Architect & Co-founder of Aria systems, as follows [9]:

“If you think the Internet has changed your life, think again. The IoT is about to change it all over again!”

IoT creates a new network paradigm of interconnected objects with an objective to improve human life with its pervasive presence [10]. It is an extension of the Internet into the physical world for interaction with physical systems. It can be a home appliance, healthcare device, CCTV camera, webcam, smart plug, traffic light, TV set-top box and almost anything fitted with sensors, actuators, power units and embedded systems and most importantly it must be a Internet Protocol (IP) enabled device [11, 12]. It is found that, most IoT devices are connected to the Internet via wireless networks using technologies such as Radio-Frequency IDentification (RFID) systems and Wi-Fi and have very poor security features mainly due to their low power and computing capabilities. Use of firewall, security update and anti-malware systems are generally unsuitable for such smaller and less capable IoT devices with no full-fledged operating systems, powerful processors or sufficient memory and their default credentials like protected by factory default user names and passwords make them soft targets to the perpetrators and more importantly IoT devices can become entry points into critical infrastructures.

Now-a-days, it is quite common to see attacks on a network or a server generated by thousands of nodes at a time. These types of attacks are known as distributed attacks. Distributed denial of service attack is a very popular distributed attack that first builds a zombie army by inserting a zombie code or Trojan horse on the infected nodes in a variety of ways, such as installed inside free games or media files or as attachment to e-mails. A Trojan horse then creates a way like open a connection to communicate back to its master. Finally, upon receiving a command from master, the entire zombie army lunches a massive attack on attacker’s victim [13, 14]. Distributed attacks can spread by both wired and wireless networks. Since wireless nodes are more vulnerable than wired nodes due to lack of proper protocols, distributed attacks through wireless nodes are more common. According to Verisign’s Q4 2015 DDoS trends report [15], approximately 75 percent of total DDoS attack during fourth quarter of 2015 were user datagram protocol (UDP) floods i.e. through wireless networks. Services provided by the important bodies like military and defense institutions, power grid, nuclear installation, banking sector and other critical infrastructure are normally treated as targeted resource by the perpetrators of malicious attacks.

According to Symantec reports [16], an attack on BBC website on first January 2016, is the biggest ever DDoS attack which reached 602 gigabits per second (Gbps). Also, 2010 attack by Stuxnet was a successful targeted attack against a critical infrastructure and probably it was organized to sabotage Iran’s nuclear program. 2016 was an exceptionally active year for targeted attack. In this year Mirai botnet made of IoT devices were responsible for three major DDoS attacks. The first one was a huge DDoS attack on Brain Kreb’s website which peaked at 620 Gbps. Then the second was attack on French hosting company OVH peaked at 1 Tbps. And finnaly the third one which make IoT attack in limelight was a DDoS attack on DNS provider Dyn that disrupted Netflix, Twitter, Pay Pal and other websites [17]. Mirai botnet consisting of approximately 120000 and 150000 IoT devices were used to conduct these above mentioned 620 Gbps and 1 Tbps DDoS attacks respectively [18]. According to Gartner, 8.4 billion IP enabled IoT devices were in use worldwide in 2017, up 31 percent from 2016, and will reach 20.4 billion by 2020 [19]. Despite growing popularity of IoT that has huge prospective for societal impact, it is one of the most disruptive technologies due to their poor security. Also, vulnerability to DDoS attacks increases with increase in Internet connection of critical infrastructures like banking networks, power grids, and air traffic or railway control system and so on.

Malicious attacks on IP enabled node or its network caused considerable damage to individuals, organizations and countries as well. Better understanding of transmission dynamics of malicious objects will surely help in designing fruitful defense strategies to prevent and control such malicious attacks. Therefore, one of the goals of this research paper is to acquire a precise understanding of malicious attacks first on IP enabled IoT devices and then DDoS attack on targeted resources in a network by applying epidemiological modeling. SIR (Susceptible-Infected-Recovered) and SIS (Susceptible-Infected-Susceptible) are the two classical epidemic models proposed by Kermack and Mckendrick for the analysis of outbreak of biological diseases in 1927 and 1932 respectively [20, 21]. SIR model is mostly applicable where required individuals gain immunity against the same attack, whereas SIS model is for those recovered individuals that have gained no immunity. In this paper, our proposed model has two folds. In first part, modeling for attack on IoT devices is achieved which is mainly based on above mentioned SIS model along with external node compartment. In this part we have studied how perpetrators compromised large number of IoT devices to form a zombie army. In the last part, modeling for a DDoS attack via this zombie army on a targeted resource is achieved which is based on above mentioned SIR model with only temporary immunity instead of permanent immunity. Vulnerable IoT devices not only have threats to themselves, they also create a significant threat to the security of any wired or wireless networked infrastructures made of other Internet enabled devices like computer, laptop, tablet, smartphone and so on. Our developed model is an example of it.

Mobility is a very basic feature of a major section of IoT nodes in any wireless network. Due to this mobility, very frequently wireless nodes get connected to the Internet as well as disconnected from it. In general, due to its mobility if IoT device goes out of the coverage area or intentionally disconnect the Wi-Fi or if get switched off, then we can term that IoT node as external node. Even for a wired network, the fully connected assumption of the Internet is inconsistent with its topology [22]. Therefore, at a particular instance, if a node is connected to the Internet, it is known as internal node and similarly, if it is disconnected from Internet, it is known as external node. In this paper, we have treated external nodes as only those IoT nodes which get disconnected from Internet due to switch off. Since, Mirai bot does not have persistence mechanism, infected IoT nodes can be easily recovered through switch off and then restart [18]. Therefore, here external nodes are recovered nodes and rebooting again makes those IoT nodes susceptible.

The subsequent materials of this paper are organized as follows: Section 2 formulates the epidemic model. Section 3 investigates the model. Section 4 analyses the simulation performed and finally Section 5 concludes the paper.

2 Hypotheses and model formulation

In this paper, we develop a mathematical model which is based on the following hypotheses:

(H1) Each attacking node (susceptible or infectious) is disconnected from the Internet due to switch off at constant rate α > 0 to join external attacking nodes.
(H2) As it was found in Mirai attack that infected IoT devices can cleaned by restarting them [17], we assumed that each external attacking node is connected to the Internet and only becomes susceptible attacking node at constant rate σ > 0.
(H3) Since our model includes vital dynamics, each attacking node (susceptible, infectious or external) dies out with probability μ > 0.
(H4) μ is also the rate of addition of new nodes in the external node compartment.
(H5) Each susceptible node (attacking or targeted) is infected by an infectious attacking node at constant rate β > 0.
(H6) Disinfected attacking node becomes again susceptible attacking node at constant rate ε_a > 0.
(H7) Due to the effect of proper treatment, each infectious targeted node becomes a recovered targeted node at constant rate y > 0.
(H8) Due to temporary immunity, recovered targeted node becomes again susceptible targeted node at constant rate ε_t > 0.

Based on these hypotheses, we develop an epidemic model which integrated five different aspects as IoT device, internal or external node, wireless network, distributed attack and targeted resource, as shown in Figure 1. The nomenclature of our model is shown in Table 1. The structure of the proposed model has two-fold. First, perpetrators achieve a zombie army commonly known as botnet by targeting vulnerable wireless nodes of attacking population. Second, the entire zombie army lunches a massive attack on a specific target population collectively and simultaneously.

Fig. 1

Schematic representation of a model of distributed attack on targeted resource through the internal and external IoT nodes in a wireless network

Table 1

Nomenclature

Symbol	Description
S_t	The susceptible targetednod.es
I_t	The infectious targetednod.es
R_t	The recovered targeted nodes
S_a	The susceptible attacking nodes
I_a	The infectious attacking nodes
E_a	The external attackingnod.es
β	The per infectivity contact rate
γ	The rate of recovery of Infectious targeted nodes
ε_t	The rate at which recovered targeted nodes become susceptible
ε_a	The rate at which disinfected attacking nodes become susceptible
α	The rate at which attacking nodes (susceptible or infectious) get detached from the Internet by switching off to join external attacking nodes
σ	The rate at which external attacking nodes get connected to the Internet to j oin susceptible attackingnod.es
μ	The natural death rate and birth rate of attacking nodes
R₀	The basic reproduction number
R_0a	The basic reproduction number for the attacking population
R_0t	The basic reproduction number for the target population

For the targeted population, the system of ordinary differential equations that describes the rate of change of different compartments and as per our above assumptions, which is depicted in Figure 1, is formulated as:

(1)dStdt=−βStIa+εtRtdItdt=βStIa−yItdRtdt=yIt−εtRt

where, S_t(t) + I_t(t) + R_t(t) = 1.

Similarly, for the attacking population, the system of ordinary differential equations that describes the rate of

change of different compartments is formulated as:

(2)dSadt=−βSaIa−μSa+εaIa+σEa−αSadIadt=βSaIa−μIa−εaIa−αIadEadt=αSa+αIa−σEa+μ−μEa

where, S_a(t) + I_a(t) + E_a(t) = 1.

System (1) and (2) can be reduced to an equivalent system of ordinary differential equations as follows:

(3)dStdt=−βStIa+εt1−St−ItdItdt=βStIa−yIt

dIadt=β1−Ia−EaIa−μIa−εaIa−αIa

dEadt=α(1−Ia−Ea)+αIa−σEa+μ−μEa

The feasible region for system (3) can be given as

Ψ={(St,It,Ia,Ea)∈R4:St>0,It≥0,Ia≥0,Ea≥0,St+It≤1,Ia+Ea≤1}

This feasible region is positively invariant with respect to system (3).

3 Mathematical analysis of the model

3.1 Basic reproduction number

The success or failure of any attack of malicious signals depends on basic reproduction number (R₀). It can be defined as the average number of secondary infections caused in a totally susceptible population by a single infectious node during its entire infectious lifetime. R₀ is an important threshold that can determine whether the infection persists in the wireless network asymptotically or it eventually dies out with time i.e., if R₀ > 1, each infected node infects, on average, more than one susceptible node and hence the infection persists, whereas if R₀ ≤ 1, each infected node infects, on average, less than one susceptible node and hence the infection dies out [23].

Since, dIadt>0and dItdt>0are the essential conditions for an epidemic to occur, the basic reproduction number for the target population (R_0t) and for the attacking population (R_0a) is as follows:

R0t=βyandR0a=β(μ+εa+α).

Combining both, we get

(4)R0=β2μ+εa+αy

3.2 Existence and local stability of equilibrium

Theorem 1

System (3) admits an infection free equilibrium point E₀ (1, I_t = 0, I_a = 0, 0) and also a unique endemic equilibrium point E∗St∗,It∗,Ia∗,Ea∗ which exists only when β > (μ + ε_a + α).

Proof. For equilibrium points, we have

dStdt=0;dItdt=0;dIadt=0;anddEadt=0.

i.e., −βS_t I_a + ε_t (1 − S_t − I_t) = 0;

βStIa−yIt=0;

(5)β1−Ia−EaIa−μIa−εaIa−αIa=0;α1−Ia−Ea+αIa−σEa+μ−μEa=0.

Upon solving the above equations, we have, equilibrium points as:

E(1, I_t = 0, I_a = 0, 0) for infection-free state and ₀E∗St∗,It∗,Ia∗,Ea∗ for endemic state, where, Ea∗=α+μα+σ+μ. Substituting it into the third equation of (5), we have

(6)aIa∗2+bIa∗+c=0

where,

a=β,b=−β−μ−εa−αα+σ+μ−βα+μα+σ+μandc=0.

Let, the discriminant of (6) be Δ = b² − 4ac.

If b ≥ 0, then (6) has no positive solution. Also if Δ < 0, then (6) has no real solution. But, if b < 0 and Δ > 0, then (6) has two positive solutions. Note that b < 0 is true if β > (μ + ε_a + α) or equivalently R_0a > 1.

Therefore,

St∗=εtβ−μ−εa−αα+σ+μ−βα+μ±Δ2α+σ+μ+1+βyεt

(7)It∗=εtγ1+2εt1+β/γα+σ+μβ−μ−εa−αα+σ+μ−βα+μ±ΔIa∗=β−μ−εa−αα+σ+μ−βα+μ±Δ2βα+σ+μ

Ea∗=α+μα+σ+μ

□

3.3 Local stability of the infection-free equilibrium

Theorem 2

If R_0a ≤ 1, the infection free equilibrium point E₀ (1, 0, 0, 0) of system (3) is locally asymptotically stable in and is unstable if R_0a > 1.

Proof. At infection free equilibrium point E₀ (1, 0, 0, 0) of system (5), the Jacobian matrix is

(8)JIFE=−εt−εt−β00−yβ000β−μ+εa+α0000−α+σ+μ

The characteristic equation of the above Jacobian matrix is calculated as

(9)λ+εtλ+yλ−β+μ+εa+αλ+α+σ+μ

and hence the eigen values of (8) are λ₁ = −ε_t < 0, λ₂ = −< 0,λ₃ = β − (μ + ε_a + α) , and λ₄ = − (α₁ + σ + μ) < 0. Out of this four eigen values, λ₁, λ₂ and λ₄ are negative and the other one i.e. λ₃ also becomes negative when the condition β < (μ + ε_a + α) is satisfied, which is equivalent to the condition R_0a ≤ 1. Thus, the infection free equilibrium point E₀ is locally asymptotically stable in Ψ. This equilibrium point can go unstable i.e. R_0a > 1 if λ₃ is positive. In other words, if β > (μ + ε_a + α) is satisfied, the equilibrium point E₀ becomes unstable and a unique endemic equilibrium point E^* emerges in the interior of and is locally asymptotically stable. Hence it is proved that E₀ is locally asymptotically stable if R_0a ≤ 1 and is unstable if R_0a > 1.

3.4 Local stability of the endemic equilibrium

Theorem 3

If R_0a > 1, then there exists a unique endemic equilibrium cE∗St∗,It∗,Ia∗,Ea∗ that is locally asymptotially stable in the interior of Ψ.

Proof. At endemic equilibrium point E∗St∗,It∗,Ia∗,Ea∗ of system (3), the Jacobian matrix is

(10)JEE=−βIa∗+εt−εt−βSt∗0βIa∗−yβSt∗000−β2Ia∗+Ea∗+β−μ+εa+α0000−α+σ+μ

Out of the four eigen values of (10), λ₄ = − (α + σ + μ) < 0 i.e. negative, which is equivalent to the condition R_0a > 1. Another eigen ^*value is λ3=−β2Ia∗+Ea∗+β − (μ + ε_a + α) which after calculation have λ₃ < 0 if β > (μ + ε_a + α) or equivalently R_0a > 1.

The other two eigen values are the roots of the characteristic equation

(11)λ2+y−βIa∗+εtλ+βIa∗y+εt+εty=0

The sum and product of two roots of equation (11) are calculated as negative and positive respectively. So, both the roots are negative i.e. λ₁ < 0 and λ₂ < 0. As all the four eigen values are found negative, it is proved that the endemic equilibrium E∗St∗,It∗,Ia∗,Ea∗is locally asymptotically stable if R_0a > 1.

3.5 Global stability of the endemic equilibrium

Though methods like Lyapunov function, Poincare-Bendixson trichotomy gives a procedure for determining global stability; they become more complicated when dimensions of matrix are large in nature [24]. In our paper,

Li and Muldowney’s geometric approach [25] is used to analyze global stability of the endemic equilibrium.

Theorem 4

If R_0a > 1, then the unique endemic equilibrium E^* is globally asymptotically stable in the interior of Ψ.

Proof. If R_0a > 1, then the endemic equilibrium is stable by Theorem 3. Theorem 2 shows that infection free equilibrium is unstable if R_0a > 1, which implies that system (3) is uniformly persistent in Ψ. It means that there exists a constant d > 0, such that for any initial point S_t(0), I_t(0), I_a(0), E_a(0)) ϵ Ψ , every solution S_t(t), I_t(t), I_a(t), E_a(t)) of system (3) in the interior of Ψ satisfies

min limt→∞⁡infSt(t),limt→∞⁡infIt(t),limt→∞⁡infIa(t),limt→∞⁡infEa(t)≥ d.

Li and Muldowney [26] stated that if x ⟼ f(x) ϵ Rⁿ be a C¹ function in an open sebset D of Rⁿ and x^' = f(x), then

(h1): D is simply connected;
(h2): There exists a compact absorbing set K in D;
(h3): x^' = f(x) has x̄ is the only equilibrium point in D.

Since our endemic equilibrium point E^* is locally stable, and then it is also globally stable provided that (h1), (h2) and (h2) hold and if it satisfies the following Bendixson criteria:

q2−=limsupt→∞supx0∈Kq<0.

Here, q=∫0tμ[B{x(s,x0)}]ds. In this equation B is a matrix such that B = M_fM⁻¹ + MJ^[2]M⁻¹and μ (B) ≤ −δ < 0 on K. The symbol μ and J^[2] denote the Lozinskii measure ^{a 0}and second additive compound matrix of J, respectively.

Therefore, if

μMfM−1+MJ[2]M−1<0,

then it proves the global stability of the endemic equilibrium.

To find the global stability at the unique endemic equilibrium point E∗St∗,It∗,Ia∗,Ea∗ of system (3), the Jacobian matrix is

J=−βIa+εt−εt−βSt0βIa−yβSt000−β2Ia+Ea+β−μ+εa+α0000−α+σ+μ

Since J ϵ R⁴_X⁴, its second additive compound matrix J^[2] is

J[2]=J11βSt0βSt000J220−εt0000J330−εt−βSt0βIa0J440000βIa0J55βSt00000J66

Here, J₁₁ = −(βI_a + ε_t + y),

J₂₂ = −β(3I_a + E_a + 1) − (μ + ε_a + ε_t + α),

J₃₃ = −(βI_a + ε_t + α + σ + μ),

J₄₄ = −β(2I_a + E_a) + β − (μ + ε_a + α + y),

J₅₅ = −(y+ α + σ + μ) and

J₆₆ = −β(2I_a + E_a + 1) − (2μ + 2α + ε_a + σ). Now, to obtain

matrix B, the function M = M(S_t , I_t , I_a, E_a) is defined as

M=MSt,It,Ia,Ea=10000ItIa0000ItIa0000ItIa=diag1,ItIa,ItIa,ItIa.

In system (3), if f denotes the vector field then

MfM−1=diag0,ItIafIaIt,ItIafIaIt,ItIafIaIt,ItIafIaIt,ItIafIaIt.

Since, ItIafIaIt=It′It−Ia′Ia then

MfM−1=0000000It′It−Ia′Ia000000It′It−Ia′Ia000000It′It−Ia′Ia000000It′It−Ia′Ia000000It′It−Ia′Ia

So, matrix B can be calculated as

B=MfM−1+MJ[2]M−1=J11βStIaIt0βStIaIt000J22+It′It−Ia′Ia0−εt0000J33+It′It−Ia′Ia0−εt−βSt0βIa0J44+It′It−Ia′Ia0000βIa0J55+It′It−Ia′Ia000000J66+It′It−Ia′Ia

and it can be re-written as:

B=B11B12B21B22

Where, B11=J11=−(βIa∗+εt+y),

B12=βStIaIt0βStIaIt00,

B21=00000

and

B22=J22+It′It−Ia′Ia0−εt000J33+It′It−Ia′Ia0−εt−βStβIa0J44+It′It−Ia′Ia000βIa0J55+It′It−sIa′Ia00000J66+It′It−Ia′Ia

The μ of matrix B can be estimated as μ (B) ≤ sup {g₁, g₂} where

(12)g1=μB11+B12=−βIa−εt−y+βStIaIt

(13)g2=B21+μB22=−2βIa−βEa−βSt−β−2μ−2α−εa−σ+It′It−Ia′Ia

From system (3), its second and third equation can be rewritten as

(14)It′It=βStIaIt−y

(15)Ia′Ia=β(1−Ia−Ea)−μ+εt+α+σEaIa

Substituting (14) to (15) in (12) and (13) respectively, we get

g2=−βIa−βSt−2β−μ−α−σ−σEaIa+It′It≤It′It−εt

g1=−βIa−εt+It′It≤It′It−εt

Thus, μB≤supg1,g2≤It′It−εtwhere ε_t > 0.

So,

1t∫0tμ(B)ds≤1tlogIt(t)−εtt

Hence, we finally obtain q̄ q₂ < 0 which satisfy Bendixson criteria, which in turn proves the global stability of the endemic equilibrium.

4 Numerical simulations and discussion

An interesting outcome of our model is that the success or failure of distributed attack on targeted resource is only depending on R_0a. Therefore, in all the four examples mentioned below, our model is simulated either for R_0a < 1 or for R_0a > 1, as applicable.

Example 1. The local stability of the infection free equilibrium point has been numerically simulated to depict the scenario graphically which is shown in Figure 2 and corresponding simulated data for this unsuccessful attack is listed in Table 2. Here, the initial point is considered as S_t = 0.97, I_t = 0.02, R_t = 0.01, S_a = 0.55, I_a = 0.2, E_a = 0.25 with the following parameter values β = 0.35, ε_t = 0.2, = 0.07, μ = 0.12, ε_a = 0.02, σ = 0.8, α = 0.22. The value of R_0a is obtained as 0.97 i.e. R_0a < 1. It is clearly observed that the equilibrium point E₀ turns out to be stable. Example 2. The local stability of the endemic equilibrium point has been numerically simulated to depict the scenario graphically which is shown in Figure 3 and corresponding simulated data for this successful attack is listed in Table 3. Here, the initial point is considered as S_t = 0.97, I_t = 0.02, R_t = 0.01, S_a = 0.55, I_a = 0.2, E_a = 0.25 with the following parameter values β = 0.65, ε_t = 0.2, = 0.07, μ = 0.12, ε_a = 0.005, σ = 0.5, α = 0.1. The value of R_0a is obtained as 2.89 i.e. R_0a > 1. In Figure 3, the compartment I_t and I_a are seen to have stabilized at nonzero values, thereby showing the stability of the endemic equilibrium.

Fig. 2

Local stability of infection free equilibrium when R_0a < 1.

Fig. 3

Local stability of endemic equilibrium when R_0a > 1.

Example 3. The behavior of system (3) is studied by considering infectious targeted nodes (I_t) - recovered targeted nodes (R_t) plane. Figure 4(a) shows that all the infected nodes get completely recovered when R_0a < 1. Whereas, Figure 4(b) shows that finally 60.27 percent nodes are infected when R_0a > 1.

Fig. 4

Infectious targeted nodes verses recovered targeted nodes when (a) R_0a < 1 and (b) R_0a > 1.

Example 4. The global stability of the endemic equilibrium point for R_0a > 1 (R_0a = 1.182) is shown in Figure 5 that having the following parameter values β = 0.45, ε_t = 0.1, = 0.07, μ = 0.12, ε_a = 0.005, σ = 0.5, α = 0.1. It shows the plane formed by the variables susceptible targeted nodes and infectious targeted nodes. It can be clearly seen that the trajectories are seen to asymptotically approach the stable endemic equilibrium point which is unique and globally stable.

Fig. 5

Global stability of endemic equilibrium point when R_0a > 1 depicted in S_t − I_t plane.

Table 2

Population distribution of different classes of nodes against time for an unsuccessful attack scenario (Roa<1)

Time(t)	Susceptible attacking nodes(Sa)	Infectious attacking nodes (Ia)	External attacking nodes (Ea)	Susceptible targeted nodes (St)	Infectious targeted nodes (It)	Recovered targeted nodes (Rt)
0	0.55	0.2	0.25	0.97	0.02	0.01
5.38	0.62	0.085	0.29	0.77	0.19	0.04
10.47	0.66	0.04	0.3	0.74	0.2	0.058
15.52	0.58	0.02	0.3	0.76	0.17	0.06
20.18	0.69	0.01	0.3	0.8	0.14	0.06
25.12	0.69	0.01	0.3	0.84	0.11	0.05
30.35	0.7	0.00	0.3	0.87	0.08	0.04
35.45	0.7	0.00	0.3	0.9	0.06	0.03
40.27	0.7	0.00	0.3	0.93	0.05	0.02
45.03	0.7	0.00	0.3	0.95	0.03	0.02
50.08	0.7	0.00	0.3	0.96	0.02	0.01
55.4	0.7	0.00	0.3	0.97	0.02	0.01
60.36	0.7	0.00	0.3	0.98	0.01	0.01
65.41	0.7	0.00	0.3	0.99	0.01	0.00
70.58	0.7	0.00	0.3	0.99	0.01	0.00
75.7	0.7	0.00	0.3	0.99	0.00	0.00
80.21	0.7	0.00	0.3	0.99	0.00	0.00
85.74	0.7	0.00	0.3	1.00	0.00	0.00
90.09	0.7	0.00	0.3	1.00	0.00	0.00
95.02	0.7	0.00	0.3	1.00	0.00	0.00
100	0.7	0.00	0.3	1.00	0.00	0.00

5 Conclusion

In this paper, an epidemic model for DDoS attack through IoT devices on targeted resources is developed and its overall dynamics are analyzed. The first part of this two-fold IoT based epidemic model is developed to understand the propagation of malicious attacks in IoT based wireless network that builds a zombie army, whereas the other part of the model is developed to understand a DDoS attack on targeted network with the help of previously developed IoT botnet. Our model is mainly based on Mirai botnet made of

Table 3

Population distribution of different classes of nodes against time for a successful attack scenario (Roa>1)

Time(t)	Susceptible attacking nodes(Sa)	Infectious attacking nodes (Ia)	External attacking nodes (Ea)	Susceptible targeted nodes (St)	Infectious targeted nodes (It)	Recovered targeted nodes (Rt)
0	0.55	0.2	0.25	0.97	0.02	0.01
10.84	0.36	0.33	0.3	0.23	O.61	0.16
20.78	0.35	0.35	0.3	0.18	O.61	0.21
31.06	0.35	0.35	0.3	0.19	0.6	0.21
40.49	0.35	0.35	0.3	0.19	0.6	0.21
50.43	0.35	0.35	0.3	0.19	0.6	0.21
60.47	0.35	0.35	0.3	0.19	0.6	0.21
70.72	0.35	0.35	0.3	0.19	0.6	0.21
80.87	0.35	0.35	0.3	0.19	0.6	0.21
91.23	0.35	0.35	0.3	0.19	0.6	0.21
100	0.35	0.35	0.3	0.19	0.6	0.21

IoT devices which came into the limelight with three major DDoS attacks in 2016. The following results are obtained: (1) the infection free equilibrium point E₀ is locally stable when R_0a < 1 and (2) the endemic equilibrium point E^* is locally stable when R_0a > 1. In addition, we make our model more realistic by including internal and external nodes. Simulation based experiments allowed us to corroborate the analytical findings. An important finding of this paper is that the success or failure of DDoS attack on targeted network is only dependent on basic reproduction number of attacking population. Finally, successful as well as unsuccessful attack scenario with the help of simulation is presented. Our model can play a key role in risk assessment and in policy making against distributed attacks through IoT devices on targeted resources.

References

[1] Z. Ma and J. Li, Dynamical modelling and analysis of epidemics, World Scientific, 2009.10.1142/6799Search in Google Scholar

[2] H. W. Hethcote, A thousand and one epidemic models, in: S. A. Levin (Ed.), Frontiers in Theoretical Biology, Lecture Notes in Biomathematics 100, Springer, Berlin, p. 504, 1994.10.1007/978-3-642-50124-1_29Search in Google Scholar

[3] B. K. Mishra and K. Halder, e-Epidemic Models on the Attack and Defense of Malicious Objects in Networks, book chapter 9, V. Dabbaghian and V. K. Mago(eds.), Theories and Simulations of Complex Social Systems, Intelligent Systems Reference Library 52,Springer-Verlag Berlin Heidelberg, 2014.10.1007/978-3-642-39149-1_9Search in Google Scholar

[4] B. K. Mishra, K. Haldar and D. N. Sinha, Impact of Information based Classification on Network Epidemics, Nature, Scientific Reports 6, Article number 28289, 2016. DOI:10.1038/srep28289.10.1038/srep28289Search in Google Scholar PubMed PubMed Central

[5] R. Pastor-Satorras, C. Castellano, P. Van Mieghem, and A. Vespignani, Epidemic processes in complex networks. Reviews of modern physics vol. 87,no. 3, pp. 925, 2015.10.1103/RevModPhys.87.925Search in Google Scholar

[6] L. X. Yang, X. Yang, and Y. Y. Tang, A bi-virus competing spreading model with generic infection rates, IEEE Transactions on Network Science and Engineering 2017.10.1109/TNSE.2017.2734075Search in Google Scholar

[7] L. X. Yang, X. Yang, and Y. Wu, The impact of patch forwarding on the prevalence of computer virus: a theoretical assessment approach, Applied Mathematical Modelling vol. 43 pp. 110-125, 2017.10.1016/j.apm.2016.10.028Search in Google Scholar

[8] A. K. Keshri, B. K. Mishra and D. K. Mallick, A Predator-Prey Model on the Attacking Behavior of Malicious Objects in Wireless Nanosensor Networks, Nano Communication Networks, Elsevier, vol. 15, pp. 1-16, 2018. http://DOI:https://doi.org/10.1016/j.nancom.2018.01.00210.1016/j.nancom.2018.01.002Search in Google Scholar

[9] B. O’Brien, (2014, September 27). Aria Systems: Twitter, 2014, Retrieved from Twitter: https://twitter.com/ariasystemsinc/status/516022100872929280Search in Google Scholar

[10] A. Botta, W. De Donato, V. Persico, and A. Pescapé, Integration of cloud computing and internet of things: a survey, Future Generation Computer Systems vol. 56 pp. 684-700, 2016.10.1016/j.future.2015.09.021Search in Google Scholar

[11] M. Abomhara and G. M. Koien, Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks, Journal of Cyber Security, vol. 4, pp. 65-88, 2015.10.13052/jcsm2245-1439.414Search in Google Scholar

[12] L. Atzori, A. Iera and G. Morabito, The internet of things: a survey, Computer Networks, vol. 54, issue. 15, pp. 2787-2805, 2010.10.1016/j.comnet.2010.05.010Search in Google Scholar

[13] S. Farraposo, L. Gallon and P. Owezarski, Network security and DoS Attacks, Technical Report, LAAS-CNRS, France, 2005.Search in Google Scholar

[14] A. K. Keshri, B. K. Mishra and D. K. Mallick, Library formation of known malicious attacks and their future variants, International Journal of Advanced Science and Technology, vol. 94, pp. 1-12, 2016.10.14257/ijast.2016.94.01Search in Google Scholar

[15] Verisign Distributed Denial of Service Trends Report, vol. 2, Issue 4, 4^th Quarter 2015.Search in Google Scholar

[16] Symantec Corporation, Internet Security Thread Report, vol. 21, 2016.Search in Google Scholar

[17] Symantec, Internet Security Threat Report (ISTR), vol. 22, 2017.Search in Google Scholar

[18] N. B. Said, F. Biondi, V. Bontchev, O. Decourbe, T. Given-Wilson, A. Legay, and J. Quilbeuf, Detection of Mirai by Syntactic and Semantic Analysis, 2017.10.1109/ISSRE.2018.00032Search in Google Scholar

[19] Gartner, Inc, Gartner Says 8.4 Billion Connected Things Will Be in Use in 2017, Up 31 Percent From 2016, https://www.gartner.com/newsroom/id/3598917 2017.Search in Google Scholar

[20] W. O. Kermack and A. G. McKendrick, A contribution to the mathematical theory of epidemics, In Proceedings of the Royal Society, London A, vol. 115, pp. 700–721, 1927.10.1098/rspa.1927.0118Search in Google Scholar

[21] W. O. Kermack and A. G. McKendrick, Contributions of mathematical theory to epidemics. II.—The problem of endemicity. In Proceedings of the Royal Society, London A, vol. 138, pp. 55–83, 1932.10.1098/rspa.1932.0171Search in Google Scholar

[22] C. Gan, X. Yang, W. Liu, Q. Zhu, J. Jin and L. He, Propagation of computer virus both across the Internet and external computers: a complex-network approach, Communications in Nonlinear Science and Numerical Simulation, vol. 19, pp. 2785-2792, 2014.10.1016/j.cnsns.2013.12.026Search in Google Scholar

[23] J. H. Jones, Notes on R₀ Technical Report, Stanford University, Stanford, 2007.Search in Google Scholar

[24] K. Halder and B. K. Mishra, A mathematical model for a distributed attack on targeted resources in a computer network, Communications in Nonlinear Science and Numerical Simulation, vol. 19, pp. 3149-3160, 2014.10.1016/j.cnsns.2014.01.028Search in Google Scholar

[25] Y. Li and J. S. Muldowney, A geometric approach to global-stability problems, SIAM Journal, vol. 27, no. 4, pp. 1070-1083, 1996.10.1137/S0036141094266449Search in Google Scholar

[26] Y. Li and J. S. Muldowney, On Bendixson’s criterion, Journal of Differential Equations, vol. 106, pp. 27-39, 1994.10.1006/jdeq.1993.1097Search in Google Scholar

Received: 2017-07-28

Revised: 2018-06-06

Accepted: 2018-06-07

Published Online: 2018-12-14

Published in Print: 2019-01-28

This work is licensed under the Creative Commons Attribution 4.0 Public License.

Articles in the same Issue

https://doi.org/10.1515/nleng-2017-0094

Keywords for this article

Distributed Denial of Service attack; Internet of Things; Targeted attack; Wireless network; External node; Malicious object

Creative Commons

BY 4.0