**1. Introduction**

Disruptive technologies such as artificial intelligence (AI) have been rapidly being incorporated into different scientific fields and industry, becoming a support for technologies such as: big data, data science, the internet of things (IoT), computational linguistics, intelligent computing, assisted technologies, advanced robotics, among others. Also, AI has been incorporated in fields such as medicine, an example of this are systems for the early detection of COVID-19 through the use of techniques such as deep learning and machine Learning [1, 2] for the analysis of cellular and protein images, as well as the study of molecular and cellular dynamics among other aspects.

Other fields in which AI can be found are: manufacturing and logistics, industrial processes of various kinds, finance, adaptive education, diagnostic systems, micro and nanoelectronics, precision agriculture, transport, telecommunications, defense system, etc. even in the video game and toy industry.

A peculiarity of AI is that with the current computational potential it can be applied practically in whatever is desired. For example, in the development of advanced robotic systems, both software (chatbots) [3] and hardware, which allow emulating certain traits and interaction with the human being. Similarly, AI is

incorporated into information and communication technologies, in the control and monitoring devices of homes, buildings and cities (Smart Cities), which converge to the so-called Internet of Things (IoT), which involve sensory, cloud computing, data science and cybersecurity among other disciplines.

In terms of security, standard and AI-mediated IoT present a debatable level of security. This is due to the fact that the base code of the firmware or operating system of these devices [4], does not have an acceptable level of security and, as they are permanently connected to a communication network, their exposure to computer attacks is high. This type of failure is attributed in part to device design and manufacturing failures, where the safety factor was underestimated, without taking into account that the devices and sensors under the IoT scheme are supported under Internet protocols and standards, and although they do not use them in their entirety, it does not imply that they are exonerated from being exploited by some type of malware.

In this sense, hacking this type of system allows us to steal data not only from homes, but from hospitals and research centers, industries, vehicles, weapons and drones, even causing accidents or taking lives selectively. In the case of robots and cobots, cameras, toys (including sex toys), printers and household appliances, among other devices connected to the internet or through a mobile device, can be maliciously intervened if they are not configured correctly regarding their access. Cyberattacks on these devices are often attributed to botnets; since they allow attacks by distribution of denial of service (DDoS), oversaturating Internet access traffic in order to disable or take control of the network to which the devices are connected. When this is achieved, access to the privacy of the victim or target is taken for granted without their being aware of it until it is too late.

Under this type of attack, what is sought is to collect information from the victim that allows obtaining bank access codes, personal and/or corporate email codes in order to continue climbing to steal sensitive information, images or intimate videos that lead to extortion, among others. For example, in 2016 an attack on Europe and North America was used under the DDoS modality [5], using the IoT [6] to disable the DynDNS systems (Dynamic Network Services, Inc.), operated by domain name providers (DNS), this caused the denial of access to internet platforms and services. Also, this type of attack seeks to steal sensitive corporate information to be sold to the competition, destroy it if necessary when there is a contract involved, extort money from the target or destroy critical facilities for terrorist or military purposes.

The problem with botnets is that they will continue to grow as the number of vulnerabilities increases in devices connected to the Internet in the coming years, in addition to other types of vulnerabilities to which a communication network of any industry or public service is exposed or private. This statement is based on the fact that the number of IoT devices connected with other disruptive technologies are growing exponentially, where household appliances and all types of electronic devices are being permanently managed and administered via wired or wireless, making them much more vulnerable to various types of cyberattack.

#### **2. Internet of things (IoT)**

The internet of things is defined as the set of electronic devices connected to the internet, whose function is aimed at collecting various information that can be directed to the control of actuators that activate other systems (lights, blinds, thermostat, air conditioning, etc.). Also, it allows the collection of data based on the monitoring or census of physical–chemical or biological variables, communication

**253**

among others.

*Internet of Things and Distributed Denial of Service as Risk Factors in Information Security*

between devices and human-devices, identification, location and monitoring, among others. The IoT is in various scenarios; from the home (Smart home), through industry and services, to the health sector (eHealth), transport systems (navigability and predictive maintenance) and infrastructures of a city (bridges, viaducts, buildings, etc.) that converge to the concept of Smart Cities (Smart energy and Smart retail). Likewise, the sensors can be controlled and/or monitored from a central or mobile device, there are even other more advanced approaches focused on the energy industry, in order to optimize communication processes and

A notable characteristic of the IoT is that it has diversified to such an order that there are billions of devices permanently connected to the web, and with the rise of 5G technology, even greater growth is expected in the coming years, which He envisions drastic changes in Industry 4.0, where AI is going to play a key role in this context. Under this dynamic, researchers, scientists and engineers face emerging challenges in designing IoT-based systems that can be efficiently integrated with 5G wireless communications [8]. This technology is immersed in society, which in many cases goes unnoticed. The truth is that the volume of information that is permanently recorded is colossal, where technologies such as data science, big data, advanced analytics and Artificial Intelligence, among other disciplines, contribute

It is worth mentioning that in technical terms the IoT works under the TCP/IP model, in which various protocols related to data transfer operate. For example, the Internet Protocol (IP) is the one that allows interoperability between devices, where the IPv4 version is definitively replaced by IPv6 in 2020, in which the organization of the IP addresses of computers and devices is expanded and improved in various

There are protocols dedicated to the IoT apart from HTTP (Hypertext Transfer Protocol) such as: OCF (Open Connectivity Foundation), MFi (Made For iPhone/ iPod/iPad), AllJoyn, DDS (Data Distribution Service), Thread, HomePlug and HomeGrid, AMQP (Advanced Message Queuing Protocol), CoAP (Constrained Application Protocol), MQTT (Message Queuing Telemetry Transport), XMPP (Extensible Messaging and Presence Protocol) and OPC UA (Unified Architecture), considered as a new generation standard. The operability of these protocols is based on the TCP or UDP protocols. In the case of the UDP protocol, it presents certain limitations in terms of connectivity and functionality, specific to its architecture. Regarding the TCP/IP model, it exhibits vulnerabilities in each of its layers (Application, Transport, Internet and Network) that can be exploited [9]. For example, at the network layer, common problems are confidentiality and access control, which can be compromised through network hardware, that is, through IoT devices. At the network layer, the attacks are carried out at the level of modifying or canceling a datagram associated with the IP of a device, using techniques such as sniffing and spoofing in the ARP protocol or disabling the MAC filter,

At the network infrastructure level, the transport layer fulfills the function of transmitting data via TCP or UDP protocols over IP datagrams. At this point, security problems are presented at the level of authentication, integrity and confidentiality of the information. Consequently, denial of service attacks can be performed by obstructing the flow of data by disabling communication between client and server. Other attacks that may occur are: pseudo-random subdomain attack (PRSD), IP Flooding, distributed attack, snork, ping of death, smurf, Spoofing for SYN flood DoS attacks TCP/SYN, flooding and teardrop, NTP amplification, attacks ICMP (ping), UDP Flood, HTTP Flood, SSL (Secure Sockets Layer)/TLS (Transport Layer Security) renegotiation, among others, where each one takes

broadband efficiency, known as Internet of Things-Grid (IoT-G) [7].

*DOI: http://dx.doi.org/10.5772/intechopen.94516*

their own for the treatment of this information.

types of communication networks.

#### *Internet of Things and Distributed Denial of Service as Risk Factors in Information Security DOI: http://dx.doi.org/10.5772/intechopen.94516*

between devices and human-devices, identification, location and monitoring, among others. The IoT is in various scenarios; from the home (Smart home), through industry and services, to the health sector (eHealth), transport systems (navigability and predictive maintenance) and infrastructures of a city (bridges, viaducts, buildings, etc.) that converge to the concept of Smart Cities (Smart energy and Smart retail). Likewise, the sensors can be controlled and/or monitored from a central or mobile device, there are even other more advanced approaches focused on the energy industry, in order to optimize communication processes and broadband efficiency, known as Internet of Things-Grid (IoT-G) [7].

A notable characteristic of the IoT is that it has diversified to such an order that there are billions of devices permanently connected to the web, and with the rise of 5G technology, even greater growth is expected in the coming years, which He envisions drastic changes in Industry 4.0, where AI is going to play a key role in this context. Under this dynamic, researchers, scientists and engineers face emerging challenges in designing IoT-based systems that can be efficiently integrated with 5G wireless communications [8]. This technology is immersed in society, which in many cases goes unnoticed. The truth is that the volume of information that is permanently recorded is colossal, where technologies such as data science, big data, advanced analytics and Artificial Intelligence, among other disciplines, contribute their own for the treatment of this information.

It is worth mentioning that in technical terms the IoT works under the TCP/IP model, in which various protocols related to data transfer operate. For example, the Internet Protocol (IP) is the one that allows interoperability between devices, where the IPv4 version is definitively replaced by IPv6 in 2020, in which the organization of the IP addresses of computers and devices is expanded and improved in various types of communication networks.

There are protocols dedicated to the IoT apart from HTTP (Hypertext Transfer Protocol) such as: OCF (Open Connectivity Foundation), MFi (Made For iPhone/ iPod/iPad), AllJoyn, DDS (Data Distribution Service), Thread, HomePlug and HomeGrid, AMQP (Advanced Message Queuing Protocol), CoAP (Constrained Application Protocol), MQTT (Message Queuing Telemetry Transport), XMPP (Extensible Messaging and Presence Protocol) and OPC UA (Unified Architecture), considered as a new generation standard. The operability of these protocols is based on the TCP or UDP protocols. In the case of the UDP protocol, it presents certain limitations in terms of connectivity and functionality, specific to its architecture.

Regarding the TCP/IP model, it exhibits vulnerabilities in each of its layers (Application, Transport, Internet and Network) that can be exploited [9]. For example, at the network layer, common problems are confidentiality and access control, which can be compromised through network hardware, that is, through IoT devices. At the network layer, the attacks are carried out at the level of modifying or canceling a datagram associated with the IP of a device, using techniques such as sniffing and spoofing in the ARP protocol or disabling the MAC filter, among others.

At the network infrastructure level, the transport layer fulfills the function of transmitting data via TCP or UDP protocols over IP datagrams. At this point, security problems are presented at the level of authentication, integrity and confidentiality of the information. Consequently, denial of service attacks can be performed by obstructing the flow of data by disabling communication between client and server. Other attacks that may occur are: pseudo-random subdomain attack (PRSD), IP Flooding, distributed attack, snork, ping of death, smurf, Spoofing for SYN flood DoS attacks TCP/SYN, flooding and teardrop, NTP amplification, attacks ICMP (ping), UDP Flood, HTTP Flood, SSL (Secure Sockets Layer)/TLS (Transport Layer Security) renegotiation, among others, where each one takes

*Bioethics in Medicine and Society*

some type of malware.

terrorist or military purposes.

**2. Internet of things (IoT)**

incorporated into information and communication technologies, in the control and monitoring devices of homes, buildings and cities (Smart Cities), which converge to the so-called Internet of Things (IoT), which involve sensory, cloud computing,

In terms of security, standard and AI-mediated IoT present a debatable level of security. This is due to the fact that the base code of the firmware or operating system of these devices [4], does not have an acceptable level of security and, as they are permanently connected to a communication network, their exposure to computer attacks is high. This type of failure is attributed in part to device design and manufacturing failures, where the safety factor was underestimated, without taking into account that the devices and sensors under the IoT scheme are supported under Internet protocols and standards, and although they do not use them in their entirety, it does not imply that they are exonerated from being exploited by

In this sense, hacking this type of system allows us to steal data not only from homes, but from hospitals and research centers, industries, vehicles, weapons and drones, even causing accidents or taking lives selectively. In the case of robots and cobots, cameras, toys (including sex toys), printers and household appliances, among other devices connected to the internet or through a mobile device, can be maliciously intervened if they are not configured correctly regarding their access. Cyberattacks on these devices are often attributed to botnets; since they allow attacks by distribution of denial of service (DDoS), oversaturating Internet access traffic in order to disable or take control of the network to which the devices are connected. When this is achieved, access to the privacy of the victim or target is

Under this type of attack, what is sought is to collect information from the victim that allows obtaining bank access codes, personal and/or corporate email codes in order to continue climbing to steal sensitive information, images or intimate videos that lead to extortion, among others. For example, in 2016 an attack on Europe and North America was used under the DDoS modality [5], using the IoT [6] to disable the DynDNS systems (Dynamic Network Services, Inc.), operated by domain name providers (DNS), this caused the denial of access to internet platforms and services. Also, this type of attack seeks to steal sensitive corporate information to be sold to the competition, destroy it if necessary when there is a contract involved, extort money from the target or destroy critical facilities for

The problem with botnets is that they will continue to grow as the number of vulnerabilities increases in devices connected to the Internet in the coming years, in addition to other types of vulnerabilities to which a communication network of any industry or public service is exposed or private. This statement is based on the fact that the number of IoT devices connected with other disruptive technologies are growing exponentially, where household appliances and all types of electronic devices are being permanently managed and administered via wired or wireless,

The internet of things is defined as the set of electronic devices connected to the internet, whose function is aimed at collecting various information that can be directed to the control of actuators that activate other systems (lights, blinds, thermostat, air conditioning, etc.). Also, it allows the collection of data based on the monitoring or census of physical–chemical or biological variables, communication

making them much more vulnerable to various types of cyberattack.

taken for granted without their being aware of it until it is too late.

data science and cybersecurity among other disciplines.

**252**

advantage of the design vulnerabilities of the layer itself. In the case of the internet layer, the attacks are conceived at the level of the fragmentation of IP datagrams, masking them by others that compromise the data that circulates through different points of a network.

As can be seen, the TCP/IP model since its creation has inherent weaknesses in its own design that can be exploited to carry out various types of attacks [10, 11]. In the particular case of IoT devices, they become perfect targets for cybercrime and industrial, military and government espionage, which, as can be seen, the attack vectors come from various sources, which are not necessarily organized crime.

There are other security factors to take into account about the IoT, which is related to the use of different technologies such as Wireless Sensor Networks (WSN), Near Field Communication (NFC) and Radio Frequency Identification (RFID) that are implemented in standard mobile devices, where each of them presents its own vulnerabilities [12]. Each technology requires specific protocols [13], to which is added 5G technology, whose emerging applications open up a myriad of applications, such as new attacks on advanced networks, for example, HealthTech and BioTech-type applications.

Regarding the standard communication protocols such as Ethernet, Wi-Fi and Bluetooth, others related to the application layer are presented specifically designed for a company's own products, so they are not considered as standardized, for example: Nest, MFI, Open Interconnect Consortium (OIC) and The AllSeen Alliance. Under this scenario, each industry that works with IoT develops its own protocols without universal unification, which guarantees connectivity compatible with devices from other manufacturers; This creates a security breach that can be exploited by cybercrime. An example in this regard was an attack that occurred in 2020 in the United States, using the Drovorub malware [14], the objective of which was to massively hack IoT devices in order to access wider communication networks.

## **3. Distributed denial of service and IoT**

The Internet of Things is found in various devices as indicated by [13], in household appliances, smartphones, smart clothes, wearables (bracelets, virtual reality glasses, etc.), smart TVs, game consoles, transportation systems, buildings (security cameras, air conditioning, access controls, etc.), public infrastructures (bridges, highways, parks, etc.), public services, industrial components (e.g. SCADA systems) [15], systems transportation, etc.

A particularity of the IoT as mentioned above, is the connection between devices and the exchange of information between them under the TCP/IP model and their own custom-designed protocols. This poses great challenges in terms of information security, which as [16] state, there are attacks on devices connected to the Internet, in which there is fear of surveillance and concern for privacy. The reason for this, underlies as [17] points out, is that the IoT is presented as a source of data collection that grows exponentially and, consequently, every object becomes a source of information.

A critical point of the IoT in terms of information security is distributed denial of service (DDoS) attacks, whose objective is focused on disabling the continuity of communication of devices connected to a network, affecting the switched flow tables, data on a network, bandwidth and latency, taking advantage of the weaknesses of the OSI (Open System Interconnection) model (see **Figure 1**), in which attacks can be carried out at the transport, network and application layers, as well as DNS, SMURF and ACK amplification type attacks, among others.

**255**

ruled out.

**Figure 1.**

security problem.

*Internet of Things and Distributed Denial of Service as Risk Factors in Information Security*

Some effects of these attacks consist of making multiple requests to one or more servers (web, proxy, email, database, etc.), with the aim of saturating the network until it collapses. Also, brute force attacks can be carried out through specialized malware that is in charge of scanning the target network in search of IoT devices in order to obtain passwords, hijack them and link them to a botnet [18], which is basically a malware that takes advantage of browser vulnerabilities by installing itself

*Layers or levels of the OSI model, elements that it manages and functions.*

The main characteristic of a botnet is that it infects the greatest number of systems forming the so-called "zombie" networks; which are controlled by Command & control type servers, which increase the capacity for DDoS and Spam attacks, among others, to specific objectives, which are normally companies and/or corporations, critical infrastructures such as transport, essential public services, health sector, food, etc., although attacks directed at a particular individual are not

Regarding the defense mechanisms available to counter a DDoS attack, these present certain limitations such as the lack of resources at the software or hardware level in a network, or due to the technical and technological flexibility that a network has to deal with this. Type of attack. In this sense, the manifestation of potential risks attributed to technologies such as IoT with respect to DDoS, are expressed through security flaws that grow day by day, not only due to the number of devices, but also due to their diversification of these in multiple fields of industry, transportation, health and entertainment among others, becoming a global

The motivations for carrying out this type of attack are diverse and varied, ranging from personal or corporate resentments, through espionage, blackmail and extortion, to unfair competition or political and military ideologies. The growing reason for these attacks lies in the various vulnerabilities that can be exploited in IoT devices, whose manufacture questionable puts their security among them, as well as the poor configuration of the devices or portals by the personnel in charge.

*DOI: http://dx.doi.org/10.5772/intechopen.94516*

on computers and/or servers.

*Internet of Things and Distributed Denial of Service as Risk Factors in Information Security DOI: http://dx.doi.org/10.5772/intechopen.94516*

**Figure 1.**

*Bioethics in Medicine and Society*

HealthTech and BioTech-type applications.

**3. Distributed denial of service and IoT**

tems) [15], systems transportation, etc.

points of a network.

networks.

advantage of the design vulnerabilities of the layer itself. In the case of the internet layer, the attacks are conceived at the level of the fragmentation of IP datagrams, masking them by others that compromise the data that circulates through different

As can be seen, the TCP/IP model since its creation has inherent weaknesses in its own design that can be exploited to carry out various types of attacks [10, 11]. In the particular case of IoT devices, they become perfect targets for cybercrime and industrial, military and government espionage, which, as can be seen, the attack vectors come from various sources, which are not necessarily organized crime. There are other security factors to take into account about the IoT, which is related to the use of different technologies such as Wireless Sensor Networks (WSN), Near Field Communication (NFC) and Radio Frequency Identification (RFID) that are implemented in standard mobile devices, where each of them presents its own vulnerabilities [12]. Each technology requires specific protocols [13], to which is added 5G technology, whose emerging applications open up a myriad of applications, such as new attacks on advanced networks, for example,

Regarding the standard communication protocols such as Ethernet, Wi-Fi and Bluetooth, others related to the application layer are presented specifically designed for a company's own products, so they are not considered as standardized, for example: Nest, MFI, Open Interconnect Consortium (OIC) and The AllSeen Alliance. Under this scenario, each industry that works with IoT develops its own protocols without universal unification, which guarantees connectivity compatible with devices from other manufacturers; This creates a security breach that can be exploited by cybercrime. An example in this regard was an attack that occurred in 2020 in the United States, using the Drovorub malware [14], the objective of which was to massively hack IoT devices in order to access wider communication

The Internet of Things is found in various devices as indicated by [13], in household appliances, smartphones, smart clothes, wearables (bracelets, virtual reality glasses, etc.), smart TVs, game consoles, transportation systems, buildings (security cameras, air conditioning, access controls, etc.), public infrastructures (bridges, highways, parks, etc.), public services, industrial components (e.g. SCADA sys-

A particularity of the IoT as mentioned above, is the connection between devices and the exchange of information between them under the TCP/IP model and their own custom-designed protocols. This poses great challenges in terms of information security, which as [16] state, there are attacks on devices connected to the Internet, in which there is fear of surveillance and concern for privacy. The reason for this, underlies as [17] points out, is that the IoT is presented as a source of data collection that grows exponentially and, consequently, every object becomes a source of

A critical point of the IoT in terms of information security is distributed denial of service (DDoS) attacks, whose objective is focused on disabling the continuity of communication of devices connected to a network, affecting the switched flow tables, data on a network, bandwidth and latency, taking advantage of the weaknesses of the OSI (Open System Interconnection) model (see **Figure 1**), in which attacks can be carried out at the transport, network and application layers, as well

as DNS, SMURF and ACK amplification type attacks, among others.

**254**

information.

*Layers or levels of the OSI model, elements that it manages and functions.*

Some effects of these attacks consist of making multiple requests to one or more servers (web, proxy, email, database, etc.), with the aim of saturating the network until it collapses. Also, brute force attacks can be carried out through specialized malware that is in charge of scanning the target network in search of IoT devices in order to obtain passwords, hijack them and link them to a botnet [18], which is basically a malware that takes advantage of browser vulnerabilities by installing itself on computers and/or servers.

The main characteristic of a botnet is that it infects the greatest number of systems forming the so-called "zombie" networks; which are controlled by Command & control type servers, which increase the capacity for DDoS and Spam attacks, among others, to specific objectives, which are normally companies and/or corporations, critical infrastructures such as transport, essential public services, health sector, food, etc., although attacks directed at a particular individual are not ruled out.

Regarding the defense mechanisms available to counter a DDoS attack, these present certain limitations such as the lack of resources at the software or hardware level in a network, or due to the technical and technological flexibility that a network has to deal with this. Type of attack. In this sense, the manifestation of potential risks attributed to technologies such as IoT with respect to DDoS, are expressed through security flaws that grow day by day, not only due to the number of devices, but also due to their diversification of these in multiple fields of industry, transportation, health and entertainment among others, becoming a global security problem.

The motivations for carrying out this type of attack are diverse and varied, ranging from personal or corporate resentments, through espionage, blackmail and extortion, to unfair competition or political and military ideologies. The growing reason for these attacks lies in the various vulnerabilities that can be exploited in IoT devices, whose manufacture questionable puts their security among them, as well as the poor configuration of the devices or portals by the personnel in charge.

Another aspect to be mentioned as a reference to the vulnerability of the IoT is related to the pandemic caused by COVID-19, whose attacks in the first half of 2020 increased alarmingly worldwide [19], in particular on websites of medical organizations, educational and administrative platforms, online gaming platforms and delivery services of various kinds. With this type of attack, it was shown that cybercriminals were not very interested in the social and humanitarian factor.

It is worth mentioning that DDoS attacks require poorly configured computer networks and servers, which once hijacked are connected to a Zombie network (**Figure 2**). This strategy applied to IoT devices acts as a connection bridge to be used as digital weapons of attack and espionage, expanding the coverage of the zombie network, boosting thousands or millions of times the level of request to the servers targeted by the attack. The problem with an attack on this scale is that the IoT is in continuous growth, that as [20] affirms only by 2020 there will be more than 50 billion connected devices (omnipresent) in cities, that is more than the estimated world population for this date (7.5 billion). Now, with the problem of the pandemic, there are hundreds of projects that promote the IoT for the permanent monitoring of cities, homes, hospitals and transportation systems among other critical systems of cities in the coming years, all aimed at minimizing future pandemics, for causing the number of devices to skyrocket to significantly larger numbers.

Another issue to take into account is related to metropolitan security, in which technologies such as cameras, sensors and drones are increasingly being incorporated, connected via IoT devices and mobile telephony. In the worst case scenario, when hacking this type of infrastructure, a city would be at the mercy of an attacker having access to infinite data. Now, this type of attack would not only be orchestrated by organized crime and terrorists, but by the governments themselves and the military, as noted above, with the exclusive purpose of monitoring each

#### **Figure 2.**

*Graphical representation of a distributed denial of service (DDoS) attack on an IoT system. As can be seen, a set of botnet is used to attack the victim, which in this case is a server that manages information from devices related to the IoT. The result of this attack is to have access to the database hosted on the server, to the control of the network connected to it and to the IoT devices.*

**257**

*Internet of Things and Distributed Denial of Service as Risk Factors in Information Security*

individual and society permanently and with impunity, violating human rights. For example, China under his regime [21], is one of the countries that has the most information on its population using various technologies such as biometric registration and facial recognition systems, integrated with databases (includes DNA databases) managed and administered through artificial intelligence. Another example is the National Security Agency (NSA) and the CIA of the United States, which repeatedly violate human rights spying not only on their own community but

on the entire world [22], as well as other agencies from other countries [23].

or access of information in a network under certain rules and protocols.

you must be careful with whom you contract x and y services.

machine learning [30], among others [31, 32].

Returning to the topic of DDoS, there are various mitigation techniques for an attack of this type, whose large-scale feasibility is debatable. This is due in part to the efficiency and complexity of being able to implement these techniques. For example, a recent proposal is based on the use of blockchain technologies and Smart Contracts [24, 25] that have the necessary infrastructure to preserve the design and stability in terms of the development of a protocol that supports DDoS-type attacks. The proposal takes as support cloud computing, whose degree of security is high, due to the way data packets are filtered, where the system consists of a set of devices or programs (Firewalls and Proxy) configured in such a way that limits the passage

In terms of security, the IoT presents various weaknesses depending on the type of technology and application it is given, where DDoS takes advantage of, as do other variants such as low-speed DDoS (LDDoS) [26], which hides its traffic equivalent to normal traffic. Its origin is based on LDoS attack methods, which include variants such as reduction of quality (RoQ ) and application servers (LoRDAS attacks). Another type of weakness attributed to the protection of information is focused on the service provider (DPS), which apart from implying additional costs, can lead to a decrease in the performance of the service and security problems, so

There are security proposals for the IoT, such as: collaborative defense using VNF (Virtual Network Functions), the use of DOTS protocols (DDoS Open Threat Signaling) [27], the exchange of events based on FLow (FLEX) and obfuscation techniques [28], among others. Although they are very good proposals, the problem is still open in establishing ideal protocols that allow confronting large-scale DDoS attacks, in which a greater degree of sophistication, duration and frequency is increasingly observed. In this sense, the use of Artificial Intelligence (AI) initially allows detection using techniques such as advanced neural networks [29] and

One aspect that relates the IoT to AI and cybersecurity, are the failures at the hardware level. For example, design errors in Intel, AMD and ARM processors detected in the kernels, which were exploited by the Meltdown and Specter malware [33]. These errors allowed these malwares to access key parts of the processors by stealing security keys [34]. These failures have opened controversy, whether they were really design problems or were left on purpose for industrial or government espionage, hence policies have been implemented where countries such as the United States, China and Russia, among others, develop their own processor technology to minimize the risk of spying or hijacking in the event of a cyberattack. The implications of this type of attack show the fragility that exists in technology, where the common user has no idea what may be happening with their personal information stored on any electronic device. Seen in this way, society's ever-increasing dependence on technology poses new challenges in terms of security, which must

*DOI: http://dx.doi.org/10.5772/intechopen.94516*

**4. Security factors in IoT**

#### *Internet of Things and Distributed Denial of Service as Risk Factors in Information Security DOI: http://dx.doi.org/10.5772/intechopen.94516*

individual and society permanently and with impunity, violating human rights. For example, China under his regime [21], is one of the countries that has the most information on its population using various technologies such as biometric registration and facial recognition systems, integrated with databases (includes DNA databases) managed and administered through artificial intelligence. Another example is the National Security Agency (NSA) and the CIA of the United States, which repeatedly violate human rights spying not only on their own community but on the entire world [22], as well as other agencies from other countries [23].

Returning to the topic of DDoS, there are various mitigation techniques for an attack of this type, whose large-scale feasibility is debatable. This is due in part to the efficiency and complexity of being able to implement these techniques. For example, a recent proposal is based on the use of blockchain technologies and Smart Contracts [24, 25] that have the necessary infrastructure to preserve the design and stability in terms of the development of a protocol that supports DDoS-type attacks. The proposal takes as support cloud computing, whose degree of security is high, due to the way data packets are filtered, where the system consists of a set of devices or programs (Firewalls and Proxy) configured in such a way that limits the passage or access of information in a network under certain rules and protocols.
