Improving Detection Accuracy in Group Testing-Based Identification of Misbehaving Data Sources

Internet of Things (IoT) is an emerging field of research, in which heterogeneous objects effectively communicate with each other over the Internet and each object has a unique address. The fact that objects can access each other makes security a major issue. One of the serious security threats is Denial-of-Service (DoS) attack. DoS attacks overwhelm their victims with fake requests to consume their resources so that they become incapable of serving their legitimate clients. One category of proposed DoS defense techniques uses the Group Testing theory for detecting the identities of DoS attackers among the client group quickly and with low state overhead. In this paper, a group-testing-based DoS defense algorithm, namely Live Baiting, is tested in action. A concrete implementation is used to verify the algorithm's feasibility, effectiveness and weaknesses. The algorithm is modified by introducing dynamic threshold and tolerance degree to enhance its accuracy. Under a high volume of HTTP traffic, the modified algorithm exhibited a detection accuracy (in terms of F-measure) that is improved by up to 300% as compared to the original algorithm.