Minimal Overhead Modelling of Slow DoS Attack Detection for Resource-Constrained IoT Networks

Andy Reed (), Laurence S. Dooley and Soraya Kouadri Mostefaoui
Additional contact information
Andy Reed: School of Computing and Communications, The Open University, Milton Keynes MK7 6AA, UK
Laurence S. Dooley: School of Computing and Communications, The Open University, Milton Keynes MK7 6AA, UK
Soraya Kouadri Mostefaoui: School of Computing and Communications, The Open University, Milton Keynes MK7 6AA, UK

Future Internet, 2025, vol. 17, issue 10, 1-21

Abstract: The increasing deployment of internet of things(IoT) systems across critical domains has broadened the threat landscape, and being the catalyst for a variety of security concerns, including very stealthy slow denial of service (slow DoS) attacks. These exploit the hypertext transfer protocol’s (HTTP) application-layer protocol to either close down service requests or degrade responsiveness while closely mimicking legitimate traffic. Current available datasets fail to capture the more stealthy operational profiles of slow DoS attacks or account for the presence of genuine slow nodes (SN), which are devices experiencing high latency. These can significantly degrade detection accuracy since slow DoS attacks closely emulate SN. This paper addresses these problems by synthesising a realistic HTTP slow DoS dataset derived from a live IoT network, that incorporates both stealth-tuned slow DoS traffic and legitimate SN traffic, with the three main slow DoS variants of slow GET, slow Read, and slow POST being critically evaluated under these network conditions. A limited packet capture (LPC) strategy is adopted which focuses on just two metadata attributes, namely packet length ( l p ) and packet inter-arrival time ( Δ t ). Using a resource lightweight decision tree classifier, the proposed model achieves over 96% accuracy while incurring minimal computational overheads. Experimental results in a live IoT network reveal the negative classification impact of including SN traffic, thereby underscoring the importance of modelling stealthy attacks and SN latency in any slow DoS detection framework. Finally, a MPerf (Modelling Performance) is presented which quantifies and balances detection accuracy against processing costs to facilitate scalable deployment of low-cost detection models in resource-constrained IoT networks. This represents a practical solution to improving IoT resilience against stealthy slow DoS attacks whilst pragmatically balancing the resource-constraints of IoT nodes. By analysing the impact of SN on detection performance, a robust reliable model has been developed which can both measure and fine tune the accuracy-efficiency nexus.

Keywords: internet of things; intrusion detection systems; slow denial of service; network attributes; IoT; IDS (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/17/10/432/pdf (application/pdf)
https://www.mdpi.com/1999-5903/17/10/432/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:17:y:2025:i:10:p:432-:d:1756096

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().