The DDoS attack is one of the most common types of attack that can be launched in all the layers of IoT architecture. A DDoS attack is launched on the widely used RPL network layer protocol, transport layer protocol such as TCP, and application layer protocols, such as CoAP and MQTT. Recently, the DDoS attack has been growing in size and sophistication due to the implementation of unprotected IoT resource-restricted tiny devices. Moreover, DDoS attacks tend to launch other unprecedented and sophisticated attacks on IoT. The feasibility of IoT protocols motivates the design of an efficient security design against DDoS attacks in the aspect of specific layer protocol operations.
The DDoS attackers launch the attack into the IoT networks by exploiting the constrained network resources link, battery power, storage, and network bandwidth. Based on the attacking type, the DDoS attack on IoT is classified into three types that are volume-based, protocol attacks, application-layer attacks. The volume-based DDoS utilize high traffic to abrupt the normal network operations. The UDP floods, spoofed packet floods, and ICMP floods are some of the examples of volume-based DDoS attacks. The protocol DDoS attacks intend to exploit the resources of the server. The fragmented packet attacks, smurf DDoS, ping of death, and SYN floods are some of the protocol attacks. The application layer DDoS attacks mainly target the web applications of an IoT system which are referred to as a highly serious and most sophisticated type of DDoS. Most of the DDoS detection methods of IoT are firewalls and intrusion detection systems.