Mitigating IoT Botnet DDoS Attacks through MUD and eBPF based Traffic Filtering

Angelo Feraudo, Diana Andreea Popescu, Poonam Yadav, Richard Mortier, Paolo Bellavista

Research output: Chapter in Book/Report/Conference proceedingConference contribution


As the prevalence of Internet-of-Things (IoT) devices becomes more and more dominant, so too do the associated management and security challenges. One such challenge is the exploitation of vulnerable devices for recruitment into botnets, which can be used to carry out Distributed Denial-of-Service (DDoS) attacks. The recent Manufacturer Usage Description (MUD) standard has been proposed as a way to mitigate this problem, by allowing manufacturers to define communication patterns that are permitted for their IoT devices, with enforcement at the gateway home router. In this paper, we present a novel integrated system implementation that uses a MUD manager (osMUD) to parse an extended set of MUD rules, which also allow for rate-limiting of traffic and for setting appropriate thresholds. Additionally, we present two new backends for MUD rule enforcement, one based on eBPF and the other based on the Linux standard iptables. The evaluation results reported show that these techniques are feasible and effective in protecting against attacks, with minimal impact on legitimate traffic and on the home gateway.
Original languageEnglish
Title of host publicationACM International Conference Proceeding Series
Number of pages10
ISBN (Electronic)979-8-4007-1673-7
Publication statusPublished - 22 Jan 2024

Cite this