fa ارزیابی حملات DDoS با استفاده از پروتکل‌های ارتباطی IoT رمز و امنیت اطلاعات Cryptology and Information Security پژوهشی Research Article <div style="text-align: justify;">با گسترش روزافزون اینترنت اشیاء و وابستگی فزاینده به دستگاه‌های متصل، امنیت سایبری به یکی از چالش‌های اصلی این حوزه بدل شده است. حملات انکار سرویس توزیع‌شده، با سوءاستفاده از آسیب‌پذیری‌های پروتکل‌های ارتباطی، می‌توانند دسترسی کاربران مجاز را مختل کرده و عملکرد سامانه‌ها را تحت تأثیر قرار دهند. این پژوهش عملکرد سه پروتکل رایج HTTP، MQTT و CoAP را در بستر اینترنت اشیاء، تحت سناریوهای مختلف حملات انکار سرویس توزیع‌شده بررسی و مقایسه می‌کند. شاخص‌های ارزیابی شامل زمان اشباع سیستم، مصرف پردازنده و حافظه است. نتایج نشان می‌دهند که MQTT در سطح خدمات یک، بیشترین مصرف پردازنده و کمترین مقاومت در برابر اشباع دارد. &nbsp;نتایج نشان می‌دهند که MQTT در سطح QoS 1 بیشترین مصرف پردازنده و کمترین مقاومت در برابر اشباع دارد. HTTP نیز اگرچه در برخی سناریوها پایداری نسبی در مصرف منابع از خود نشان می‌دهد، اما به دلیل سربار بالای حافظه و پردازش، در مقایسه با پروتکل‌های سبک‌وزن مانند CoAP و MQTT (QoS 0) آسیب‌پذیرتر ارزیابی می‌شود.</div> <div style="text-align: justify;"><span style="font-size:11pt"><span style="line-height:107%"><span calibri="" style="font-family:">In this study, the performance of three widely used communication protocols in the Internet of Things (IoT), namely HTTP, MQTT, and CoAP, is investigated and compared under Distributed Denial-of-Service (DDoS) attacks. The primary focus of the research is to evaluate system resource consumption and performance stability of these protocols under attack conditions. Key evaluation metrics include CPU usage, RAM usage, and the time required for the system to reach a saturation state. The objective of this study is to provide an empirical analysis of protocol behavior in attack scenarios and to establish a basis for selecting appropriate communication protocols for IoT applications.</span></span></span><br> <span style="font-size:11pt"><span style="line-height:107%"><span calibri="" style="font-family:">The experiments were conducted in a controlled environment over a local area network. The network topology consisted of a central router, three attacker nodes, and one target system. DDoS attacks were simulated by generating a high volume of packets or requests directed at the target system. Malicious traffic was produced using Python-based scripts, with packet transmission rates adjusted across different ranges to evaluate varying attack intensities. Wireshark was employed for network monitoring and traffic analysis, while operating system monitoring tools were used to measure system resource consumption.</span></span></span><br> <span style="font-size:11pt"><span style="line-height:107%"><span calibri="" style="font-family:">In this research, the MQTT protocol was evaluated under different Quality of Service (QoS) levels, including QoS 0, QoS 1, and QoS 2. In UDP-based scenarios, the performance of CoAP was compared with MQTT (QoS 0), whereas in TCP-based scenarios, <strong><span calibri="" style="font-family:">HTTP was analyzed alongside MQTT (QoS 1 and QoS 2).</span></strong> System saturation was defined as an abnormal and sudden increase or decrease in CPU or memory usage relative to the initial steady-state condition, and the time at which this condition occurred was used as an indicator of protocol resilience.</span></span></span><br> <span style="font-size:11pt"><span style="line-height:107%"><span calibri="" style="font-family:">The CPU usage results indicate that in UDP-based scenarios, CoAP exhibits relatively higher CPU consumption compared to MQTT (QoS 0), while generally maintaining stable performance. In contrast, MQTT (QoS 0) experiences severe performance degradation after a short period in many scenarios, leading to the cessation of request processing. In TCP-based scenarios, HTTP demonstrates more uniform CPU usage compared to MQTT (QoS 1 and QoS 2), whereas MQTT, particularly at QoS 1, shows the highest CPU consumption and the lowest resistance to system saturation.<span lang="AR-SA" dir="RTL" style="font-family:"Arial",sans-serif"></span></span></span></span><br> <span style="font-size:11pt"><span style="line-height:107%"><span calibri="" style="font-family:">Memory consumption analysis also reveals significant differences among the protocols. In UDP-based scenarios, CoAP maintains stable RAM usage over time, with no significant fluctuations observed even under attack conditions. Conversely, MQTT (QoS 0) experiences a sharp decline in memory usage after a certain period, indicating system instability during saturation. In TCP-based scenarios, HTTP maintains relatively stable memory usage in most experiments, with occasional drops, <strong><span calibri="" style="font-family:">while MQTT (QoS 1 and QoS 2) encounters sudden drops in RAM usage in the majority of scenarios.</span></strong></span></span></span><br> <span style="font-size:11pt"><span style="line-height:107%"><span calibri="" style="font-family:">The analysis of saturation time shows that in UDP-based scenarios with low message sizes, both CoAP and MQTT (QoS 0) exhibit similar stability durations. However, as message size increases, differences in behavior become evident. In some scenarios, MQTT (QoS 0) reaches saturation later than CoAP, while CoAP experiences performance degradation more rapidly. In TCP-based scenarios, HTTP demonstrates longer stability for small message sizes, but its saturation time decreases as message size increases.</span></span></span><br> <span style="font-size:11.0pt"><span style="line-height:107%"><span calibri="" style="font-family:">Overall, the results of this study indicate that the selection of communication protocols in Internet of Things (IoT) systems has a direct impact on resource consumption and system resilience against DDoS attacks. Lightweight protocols such as CoAP and MQTT (QoS 0) demonstrate better performance in terms of resource usage and the time required to reach saturation. The HTTP protocol also exhibits relatively uniform resource consumption in certain scenarios; however, due to its higher processing and memory overhead compared to lightweight protocols, it shows limitations in overall resilience against DDoS attacks. In contrast, the use of higher QoS levels in MQTT leads to increased resource consumption and reduced system stability. These findings can serve as a practical reference for informed protocol selection in the design of IoT systems.</span></span></span></div> اینترنت اشیاء, حملات انکار سرویس توزیع‌شده, امنیت سایبری, پروتکل‌های ارتباطی, پروتکل‌های HTTP, MQTT و CoAP Internet of Things, Distributed Denial of Service attacks, Cybersecurity, Communication protocols, HTTP, CoAP, MQTT Protocols 68 81 http://monadi.isc.org.ir/browse.php?a_code=A-10-407-15&slc_lang=fa&sid=1 Zahra Bastani زهرا باستانی zhr.bst@iasbs.ac.ir 10031947532846002160 10031947532846002160 Yes Faculty of Computer Science and Information Technology, Institute for Advanced Studies in Basic Sciences (IASBS), Zanjan, Iran دانشکده علوم رایانه و فناوری اطلاعات، دانشگاه تحصیلات تکمیلی علوم پایه، زنجان، ایران Peyman Pahlevani پیمان پهلوانی pahlevani@iasbs.ac.ir 10031947532846002161 10031947532846002161 No Faculty of Computer Science and Information Technology, Institute for Advanced Studies in Basic Sciences (IASBS), Zanjan, Iran دانشکده علوم رایانه و فناوری اطلاعات، دانشگاه تحصیلات تکمیلی علوم پایه، زنجان، ایران Abolfazl Mortezapour ابوالفضل مرتضی‌پور Amtzpr@iasbs.ac.ir 10031947532846002162 10031947532846002162 No Faculty of Computer Science and Information Technology, Institute for Advanced Studies in Basic Sciences (IASBS), Zanjan, Iran دانشکده علوم رایانه و فناوری اطلاعات، دانشگاه تحصیلات تکمیلی علوم پایه، زنجان، ایران