Mitigating IoT-Based DDoS

Current Status

This project has entered the build phase. We have selected several technology collaborators who have signed a Cooperative Research and Development Agreement (CRADA: see an example) with the National Institute of Standards and Technology (NIST).

Download the Mitigating IoT-Based DDoS project description for more information on the project or read the two-page fact sheet.



The Internet of Things (IoT) is experiencing what some might describe as “hyper growth.” According to IoT Analytics, there will be 18 to 50 billion connected devices by 2020, compared with 6 to 14 billion connected devices in 2014. Those numbers are in line with Gartner’s research that suggest there will be 20.5 billion connected devices by 2020, up from 8.4 billion in 2017.

As connected devices become more commonplace in homes and businesses, security and privacy concerns are increasing. In the past, security has not been a priority for IoT providers; most device components are insecure, and many current IoT components are prohibitively difficult to secure due to processing, timing, memory, and power constraints. Despite these potential barriers to security, the consequences of not addressing security and privacy concerns of connected devices can be catastrophic. As seen with recent distributed denial-of-service (DDoS) attacks that leveraged IoT devices, entities that depend on internet services can be crippled. For businesses, this can mean a substantial loss in revenue and impact a company’s brand and customer trust. For consumers, whose connected devices are used in such attacks, there may be impacts to privacy and other consumer information.

To address these security and privacy concerns, the NCCoE is initiating a project to demonstrate reducing the vulnerability of systems to automated distributed threats based on exploitation of IoT components. The project will focus on consumer and small business environments. Components being sought for inclusion in the project include but are not limited to:

  • network gateways/routers supporting wired and wireless network access
  • Manufacturer Usage Description (MUD) Specification controllers and file servers
  • Dynamic Host Configuration Protocol (DHCP) and update servers
  • threat signaling servers
  • personal computing devices
  • business computing devices

The NCCoE aims to improve the resiliency of IoT devices against distributed attacks and improve the service availability characteristics of the internet by mitigating the propagation of attacks across the network. This project also supports the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (EO 13800). NCCoE cybersecurity experts will collaborate with stakeholders and vendors of cybersecurity technologies to develop a reference design addressing this challenge. This project will produce a NIST Cybersecurity Practice Guide—a freely available description of the solution and practical steps needed to help consumers and small businesses mitigate IoT-based automated distributed threats that take advantage of consumers’ and businesses’ devices and networks.

MUD Related Resources

Find resources to MUD-related information, including standards, tools, implementations, research papers, and articles here.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

arm logo
CableLabs logo
ctia logo
ForeScout logo
Global Cyber Alliance logo
MasterPeace Solutions logo
Patton Electronics logo
Symantec logo