Survey and classification of Dos and DDos attack detection and validation approaches for IoT environments

Document Type


Source of Publication

Internet of Things (Netherlands)

Publication Date



The Internet of Things (IoT) has emerged over the past ten years as the newest technology trend that is luring researchers and developers from every sector of industry and academia. However, IoT is experiencing a number of security issues that are impeding its rapid development, especially those related to service availability, which has grown into a significant obstacle to be overcome. Denial of service (DoS) and Distributed Denial of Service (DDoS) attacks are among the threats that can disturb even inactivate the functionalities of the IoT networks, like their ability to collect, process, and transfer data. To date, many methods have been proposed to identify, detect, and mitigate such attacks in the IoT domain, while many surveys have been conducted to review and classify these solutions. However, to the best of our knowledge, none of them has conducted a holistic study to review, classify, and correlate both theoretical and practical aspects used in the design and validation of those approaches. To address this need, we have examined recent and noteworthy research on DoS and DDoS attacks, resulting in the selection of 80 papers to be considered in our study. As a starting point, after identifying in-depth the theoretical aspects commonly used in the detection of such attacks, we provide a comprehensive taxonomy that classifies them. In the second step, we inventoried and produced a complete classification of all the practical aspects used in the validation and evaluation of detection and mitigation approaches, including methods, testbeds, hardware, software, datasets, libraries, and metrics. In the third step, we conducted a technical analysis of the surveyed literature by considering different aspects. As a final step, we perform a statistical analysis in order to discuss various research questions that strive to provide a better insight of the prevalent tendencies in this domain by exploring, for each attack, the most appropriate approach and validation process to consider in dealing with it. The main findings of this analysis show that the research is leaning towards using machine learning, mainly by considering supervised algorithms to detect different variants of flooding attacks. Moreover, simulation appears to be the most operated method to validate the surveyed literature while analytical and empiric validations have been seldom adopted mainly to evaluate classical approaches to detect perception layer attacks.




Elsevier BV




Computer Sciences


Analytical, Datasets, DDoS attack, Detection, DoS attack, Empiric, IoT, Machine learning, Metrics, Mitigation, Simulation, Taxonomy, Tools, Validation

Scopus ID


Indexed in Scopus


Open Access