eBPF-Based Real-Time DDoS Mitigation for IoT Edge Devices
- URL: http://arxiv.org/abs/2508.00851v1
- Date: Sun, 13 Jul 2025 03:35:58 GMT
- Title: eBPF-Based Real-Time DDoS Mitigation for IoT Edge Devices
- Authors: Abdurrahman Tolay,
- Abstract summary: Internet of Things (IoT) has intensified security challenges, notably from Distributed Denial of Service (DDoS) attacks launched by compromised devices.<n>Traditional defenses are often ill-suited for the IoT paradigm, creating a need for lightweight, high-performance, edge-based solutions.<n>This paper presents the design, implementation, and evaluation of an IoT security framework that leverages the extended Berkeley Packet Filter (eBPF) and the eXpress Data Path (XDP)<n>The framework is evaluated using both Docker-based simulations and real-world deployment on a Raspberry Pi 4, showing over 97% mitigation effectiveness under a 100 Mbps flood.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The rapid expansion of the Internet of Things (IoT) has intensified security challenges, notably from Distributed Denial of Service (DDoS) attacks launched by compromised, resource-constrained devices. Traditional defenses are often ill-suited for the IoT paradigm, creating a need for lightweight, high-performance, edge-based solutions. This paper presents the design, implementation, and evaluation of an IoT security framework that leverages the extended Berkeley Packet Filter (eBPF) and the eXpress Data Path (XDP) for in-kernel mitigation of DDoS attacks. The system uses a rate-based detection algorithm to identify and block malicious traffic at the earliest stage of the network stack. The framework is evaluated using both Docker-based simulations and real-world deployment on a Raspberry Pi 4, showing over 97% mitigation effectiveness under a 100 Mbps flood. Legitimate traffic remains unaffected, and system stability is preserved even under attack. These results confirm that eBPF/XDP provides a viable and highly efficient solution for hardening IoT edge devices against volumetric network attacks.
Related papers
- Multi Layer Protection Against Low Rate DDoS Attacks in Containerized Systems [0.0]
This work proposes a DDoS mitigation system that effectively defends against low rate DDoS attacks in containerized environments.<n>The solution integrates a Web Application Firewall WAF, rate limiting, dynamic blacklisting, TCP and UDP header analysis, and zero trust principles.
arXiv Detail & Related papers (2026-02-11T22:18:48Z) - Designing a Layered Framework to Secure Data via Improved Multi Stage Lightweight Cryptography in IoT Cloud Systems [1.5803208833562954]
This paper presents a novel multi-layered hybrid security approach aimed at enhancing lightweight encryption for IoT-Cloud systems.<n>The proposed framework consists of three core layers: (1) the H.E.EZ Layer which integrates improved versions of Hyperledger Fabric, Enc-Block and a hybrid ECDSA-ZSS scheme to improve encryption speed, scalability and reduce computational cost; (2) the Credential Management Layer independently verifying data authenticity and authenticity; and (3) the Time and Auditing Layer designed to reduce traffic overhead and optimize performance across dynamic workloads.
arXiv Detail & Related papers (2025-09-01T18:53:20Z) - A Transformer-Based Approach for DDoS Attack Detection in IoT Networks [0.0]
DDoS attacks have become a major threat to the security of IoT devices.<n>Traditional methods for detecting DDoS attacks are not efficient enough to cope with the dynamic nature of IoT networks.<n>We propose a novel approach, i.e., the use of Transformer models, which have shown remarkable performance in natural language processing tasks.
arXiv Detail & Related papers (2025-08-14T13:33:49Z) - How To Mitigate And Defend Against DDoS Attacks In IoT Devices [0.0]
This paper analyzes the nature and impact of DDoS attacks such as those launched by the Mirai botnet.<n>It proposes layered mitigation strategies tailored to IoT environments.<n>The paper aims to help engineers and researchers understand and implement practical countermeasures to protect IoT infrastructures.
arXiv Detail & Related papers (2025-07-15T22:21:19Z) - Real-Time Agile Software Management for Edge and Fog Computing Based Smart City Infrastructure [0.4772368796656325]
This paper leverages the ROOF framework with decentralized computing at intermediary fog and peripheral edge network layers to reduce latency by processing data near its point of origin.<n>ROOF features fog caching to avoid redundancy, ultra-low-power wireless transmission for energy savings, and AI-driven resource allocation for efficiency.<n>Case studies from Bhubaneswar, Barcelona and Copenhagen validate the use of ROOF in traffic systems and environmental monitoring.
arXiv Detail & Related papers (2025-06-14T20:00:53Z) - DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents [52.92354372596197]
Large Language Models (LLMs) are increasingly central to agentic systems due to their strong reasoning and planning capabilities.<n>This interaction also introduces the risk of prompt injection attacks, where malicious inputs from external sources can mislead the agent's behavior.<n>We propose a Dynamic Rule-based Isolation Framework for Trustworthy agentic systems, which enforces both control and data-level constraints.
arXiv Detail & Related papers (2025-06-13T05:01:09Z) - Blockchain Meets Adaptive Honeypots: A Trust-Aware Approach to Next-Gen IoT Security [6.649910168731417]
Edge computing-based Next-Generation Wireless Networks (NGWN)-IoT offer enhanced bandwidth capacity for large-scale service provisioning.<n>Existing intrusion detection and prevention methods provide limited security as adversaries continually adapt their attack strategies.<n>We propose a dynamic attack detection and prevention approach to address this challenge.
arXiv Detail & Related papers (2025-04-22T19:36:19Z) - Intelligent Detection of Non-Essential IoT Traffic on the Home Gateway [45.70482328441101]
This work presents ML-IoTrim, a system for detecting and mitigating non-essential IoT traffic by analyzing network behavior at the edge.<n>We test our framework in a consumer smart home setup with IoT devices from five categories, demonstrating that the model can accurately identify and block non-essential traffic.<n>This research advances privacy-aware traffic control in smart homes, paving the way for future developments in IoT device privacy.
arXiv Detail & Related papers (2025-04-22T09:40:05Z) - MDHP-Net: Detecting an Emerging Time-exciting Threat in IVN [42.74889568823579]
We identify a new time-exciting threat model against in-vehicle network (IVN)<n>These attacks inject malicious messages that exhibit a time-exciting effect, gradually manipulating network traffic to disrupt vehicle operations and compromise safety-critical functions.<n>To detect time-exciting threat, we introduce MDHP-Net, leveraging Multi-Dimentional Hawkes Process (MDHP) and temporal and message-wise feature extracting structures.
arXiv Detail & Related papers (2025-04-16T08:41:24Z) - Intelligent IoT Attack Detection Design via ODLLM with Feature Ranking-based Knowledge Base [0.964942474860411]
Internet of Things (IoT) devices have introduced significant cybersecurity challenges.<n>Traditional machine learning (ML) techniques often fall short in detecting such attacks due to the complexity of blended and evolving patterns.<n>We propose a novel framework leveraging On-Device Large Language Models (ODLLMs) augmented with fine-tuning and knowledge base (KB) integration for intelligent IoT network attack detection.
arXiv Detail & Related papers (2025-03-27T16:41:57Z) - MDHP-Net: Detecting an Emerging Time-exciting Threat in IVN [42.74889568823579]
We identify a new time-exciting threat model against in-vehicle network (IVN)<n>These attacks inject malicious messages that exhibit a time-exciting effect, gradually manipulating network traffic to disrupt vehicle operations and compromise safety-critical functions.<n>To detect time-exciting threat, we introduce MDHP-Net, leveraging Multi-Dimentional Hawkes Process (MDHP) and temporal and message-wise feature extracting structures.
arXiv Detail & Related papers (2024-11-15T15:05:01Z) - A Flow is a Stream of Packets: A Stream-Structured Data Approach for DDoS Detection [32.22817720403158]
We propose a new tree-based DDoS detection approach that operates on a flow as a stream structure.
Our approach matches or exceeds existing machine learning techniques' accuracy, including state-of-the-art deep learning methods.
arXiv Detail & Related papers (2024-05-12T09:29:59Z) - DeviceRadar: Online IoT Device Fingerprinting in ISPs using Programmable Switches [37.41464693677561]
Device fingerprinting can be used by Internet Service Providers (ISPs) to identify vulnerable IoT devices for early prevention of threats.
This paper proposes DeviceRadar, an online IoT device fingerprinting framework that achieves accurate, real-time processing in ISPs using programmable switches.
arXiv Detail & Related papers (2024-04-19T09:31:11Z) - Toward a real-time TCP SYN Flood DDoS mitigation using Adaptive Neuro-Fuzzy classifier and SDN Assistance in Fog Computing [0.31318403497744784]
We propose mitigation of Fog computing-based SYN Flood DDoS attacks using an Adaptive Neuro-Fuzzy Inference System (ANFIS) and Software Defined Networking (SDN) Assistance (FASA)
The simulation results show that FASA system outperforms other algorithms in terms of accuracy, precision, recall, and F1-score.
arXiv Detail & Related papers (2023-11-27T08:54:00Z) - IoTFlowGenerator: Crafting Synthetic IoT Device Traffic Flows for Cyber
Deception [31.822346303953164]
Honeypots are an important security tool to understand attacker intent and deceive attackers to spend time and resources.
To build better honeypots and enhance cyber deception capabilities, IoT honeypots need to generate realistic network traffic flows.
We propose a novel deep learning based approach for generating traffic flows that mimic real network traffic due to user and IoT device interactions.
arXiv Detail & Related papers (2023-05-01T16:24:07Z) - Trustworthy Federated Learning via Blockchain [30.887469477336783]
federated learning (FL) has been regarded as a promising privacy preserving framework for training a global AI model over collaborative devices.
Security challenges still exist in the FL framework, e.g., Byzantine attacks from malicious devices, and model tampering attacks from malicious server.
We propose a decentralized FL (B-FL) architecture by using a secure global aggregation algorithm to resist malicious devices.
We show that B-FL can resist malicious attacks from edge devices and servers, and the training latency of B-FL can be significantly reduced by deep reinforcement learning based algorithm.
arXiv Detail & Related papers (2022-08-13T03:43:10Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.