Mitigating IoT-Based DDoS

The demand for internet-connected “smart” home and small business devices is growing rapidly, but so too are concerns regarding the potential compromise of these devices. The term IoT is often applied to the aggregate of single-purpose, internet-connected devices, such as thermostats, security monitors, and lighting control systems. Gartner predicts there will be 25 billion internet-connected IoT devices by 2021.

Classes of IoT products are constrained devices designed to perform a single function and often lack the security capabilities that are built into computers and mobile phones. When these devices are connected directly to the internet, malicious actors can detect and attack an IoT device within minutes of it being connected. If it has a known vulnerability, this weakness can be exploited at scale, enabling an adversary to commandeer groups of compromised devices, called botnets, to launch large-scale distributed denial-of-service (DDoS) and other network-based attacks.

The National Cybersecurity Center of Excellence's Mitigating IoT-Based DDoS team, in collaboration with industry, is committed to providing actionable cybersecurity solutions to help strengthen security of IoT devices. If you have questions or would like to join our Community of Interest, please email the project team at

Special Publication 1800-15: Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)

Demonstrates the practicality and effectiveness of using the Internet Engineering Task Force’s Manufacturer Usage Description (MUD) RFC 8520 and other complementary mechanisms to protect IoT devices on home and small-business networks, and to prevent them from being either victims and perpetrators of network-based attacks. Learn more about this project and download NIST Cybersecurity Practice Guide SP 1800-15.

Cybersecurity Paper: Methodology for Characterizing Network Behavior of Internet of Things (IoT) Devices

Demonstrates how to use device characterization techniques to describe the communication requirements of IoT devices in support of the MUD Specification.  The cybersecurity paper delves into capturing network communications from IoT devices for analysis and generation of MUD files. Learn more about this cybersecurity paper.

MUD-Related Resources

Find resources to MUD-related information, including standards, tools, implementations, research papers, articles, and conferences here.