M-RL: A mobility and impersonation-aware IDS for DDoS UDP flooding attacks in IoT-Fog networks

Saeed Javanmardi, Meysam Ghahramani, Mohammad Shojafar, Mamoun Alazab, Antonio M. Caruso

Research output: Contribution to journalArticlepeer-review

9 Downloads (Pure)


The Internet of Things (IoT) has recently received a lot of attention from the information and communication technology community. It has turned out to be a crucial development for harnessing the incredible power of wireless media in the real world. The nature of IoT-Fog networks requires the use of defense techniques who are light and mobile-aware. The edge resources in such a distributed environment are open to various safety hazards. DDoS UDP flooding attacks are the most frequent threats to edge resources in IoT-Fog networks. It is crucial for sabotaging fog gateways and can overcome traditional data filtering techniques. This paper introduces M-RL, a lightweight intrusion detection system with mobility awareness that can detect DDoS UDP flooding attacks while taking into account adversarial IoT devices that engage in IP spoofing. To this end, this paper analyzes the malicious behaviors that result in anonymity against Rate Limiting and Received Signal Strength (RSS)-based approaches, combines their advantages, and addresses their vulnerabilities. We test our method in different contexts to achieve that goal, and we find that it may decrease the accuracy of the RL, RSS, and RSS-RL methods to 70%, 48.9%, and 64.3%, respectively. The outcomes demonstrate the proposed approach's resistance to software-based source address forgery, impersonation, and signal modification. It offers more than 99% accuracy and supports node mobility. In this case, the best possible accuracy of the previous methods is 77%.

Original languageEnglish
Article number103778
Pages (from-to)1-13
Number of pages13
JournalComputers and Security
Publication statusPublished - May 2024

Bibliographical note

Funding Information:
Dr Mohammad secured around £1.2M as PI in various EU/UK projects, including 5G Mode (funded by DSIT/UK;2023), TRACE-V2X (funded by EU/MSCA-SE;2023), AUTOTRUST (funded by ESA/EU;2021), PRISENODE (funded by EU/MSCA-IF:2019), and SDN-Sec (funded by Italian Government:2018). He was also COI of various UK/EU projects like HiPER-RAN (funded by DSIT/UK;2023), APTd5G (funded by EPSRC/UKI-FNI:2022), ESKMARALD (funded by UK/NCSC;2022), GAUChO, S2C and SAMMClouds (funded by Italian Government;2016-2018). He received a Ph.D. from the Sapienza University of Rome, Rome, Italy, in 2016 with an “Excellent” degree. He received the honored BSc in CS at Iran University of Science and Technology, Tehran, Iran, in 2006. He was a programmer/software analyzer at the National Iranian Oil Company (NIOC) and Tidewater ltd in Iran from 2008 to 2013. He published over 200 refereed top-tier articles in prestigious venues such as IEEE TII, IEEE TCC, IEEE TNSM, IEEE T-ITS, IEEE Network, Computer Networks, and FGCS. He is an Associate Editor in IEEE Transactions on Network and Service Management, IEEE Transactions on Intelligent Transportation Systems, IEEE Consumer Electronics Magazine, and Computer Networks Journals. He published three books on Cybersecurity Applications and Network Security, which appeared in Springer recently.

Publisher Copyright:
© 2024 The Authors


Dive into the research topics of 'M-RL: A mobility and impersonation-aware IDS for DDoS UDP flooding attacks in IoT-Fog networks'. Together they form a unique fingerprint.

Cite this