A denial-of-service (DoS) attack aims to exhaust the resources of the victim by sending attack packets and ultimately stop the legitimate packets by various techniques. The paper discusses the consequences of distributed denial-of-service (DDoS) attacks in various application areas of Internet of Things (IoT). In this paper, we have analyzed the performance of machine learning(ML)-based classifiers including bagging and boosting techniques for the binary classification of attack traffic. For the analysis, we have used the benchmark CICDDoS2019 dataset which deals with DDoS attacks based on User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) in order to study new kinds of attacks. Since these protocols are widely used for communication in IoT networks, this data has been used for studying DDoS attacks in the IoT domain. Since the data is highly unbalanced, class balancing is done using an ensemble sampling approach comprising random under-sampler and ADAptive SYNthetic (ADASYN) oversampling technique. Feature selection is achieved using two methods, i.e., (a) Pearson correlation coefficient and (b) Extra Tree classifier. Further, performance is evaluated for ML classifiers viz. Random Forest (RF), Naïve Bayes (NB), support vector machine (SVM), AdaBoost, eXtreme Gradient Boosting (XGBoost) and Gradient Boosting (GB) algorithms. It is found that RF has given the best performance with the least training and prediction time. Further, it is found that feature selection using extra trees classifier is more efficient as compared to the Pearson correlation coefficient method in terms of total time required in training and prediction for most classifiers. It is found that RF has given best performance with least time along with feature selection using Pearson correlation coefficient in attack detection.
Citation: Nimisha Pandey, Pramod Kumar Mishra. Detection of DDoS attack in IoT traffic using ensemble machine learning techniques[J]. Networks and Heterogeneous Media, 2023, 18(4): 1393-1409. doi: 10.3934/nhm.2023061
A denial-of-service (DoS) attack aims to exhaust the resources of the victim by sending attack packets and ultimately stop the legitimate packets by various techniques. The paper discusses the consequences of distributed denial-of-service (DDoS) attacks in various application areas of Internet of Things (IoT). In this paper, we have analyzed the performance of machine learning(ML)-based classifiers including bagging and boosting techniques for the binary classification of attack traffic. For the analysis, we have used the benchmark CICDDoS2019 dataset which deals with DDoS attacks based on User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) in order to study new kinds of attacks. Since these protocols are widely used for communication in IoT networks, this data has been used for studying DDoS attacks in the IoT domain. Since the data is highly unbalanced, class balancing is done using an ensemble sampling approach comprising random under-sampler and ADAptive SYNthetic (ADASYN) oversampling technique. Feature selection is achieved using two methods, i.e., (a) Pearson correlation coefficient and (b) Extra Tree classifier. Further, performance is evaluated for ML classifiers viz. Random Forest (RF), Naïve Bayes (NB), support vector machine (SVM), AdaBoost, eXtreme Gradient Boosting (XGBoost) and Gradient Boosting (GB) algorithms. It is found that RF has given the best performance with the least training and prediction time. Further, it is found that feature selection using extra trees classifier is more efficient as compared to the Pearson correlation coefficient method in terms of total time required in training and prediction for most classifiers. It is found that RF has given best performance with least time along with feature selection using Pearson correlation coefficient in attack detection.
[1] | K. O. Adefemi Alimi, K. Ouahada, A. M. Abu-Mahfouz, S. Rimer, O. A. Alimi, Refined lstm based intrusion detection for denial-of-service attack in internet of things, J. Sens. Actuator Networks, 11 (2022), 32. https://doi.org/10.3390/jsan11030032 doi: 10.3390/jsan11030032 |
[2] | K. Alieyan, A. Almomani, M. Anbar, M. Alauthman, R. Abdullah, B. B. Gupta, Dns rule-based schema to botnet detection, Enterp. Inf. Syst., 15 (2021), 545–564. https://doi.org/10.1080/17517575.2019.1644673 doi: 10.1080/17517575.2019.1644673 |
[3] | A. Dahiya, B. B. Gupta, A reputation score policy and bayesian game theory based incentivized mechanism for ddos attacks mitigation and cyber defense, Future Gener. Comput. Syst., 117 (2021), 193–204. https://doi.org/10.1016/j.future.2020.11.027 doi: 10.1016/j.future.2020.11.027 |
[4] | M. V. de Assis, L. F. Carvalho, J. J. Rodrigues, J. Lloret, M. L. Proença Jr, Near real-time security system applied to sdn environments in IoT networks using convolutional neural network, Comput. Electr. Eng., 86 (2020), 106738. https://doi.org/10.1016/j.compeleceng.2020.106738 doi: 10.1016/j.compeleceng.2020.106738 |
[5] | R. K. Deka, D. K. Bhattacharyya, J. K. Kalita, Active learning to detect ddos attack using ranked features, Comput. Commun., 145 (2019), 203–222. https://doi.org/10.1016/j.comcom.2019.06.010 doi: 10.1016/j.comcom.2019.06.010 |
[6] | R. Doshi, N. Apthorpe, N. Feamster, Machine learning ddos detection for consumer internet of things devices, in 2018 IEEE Security and Privacy Workshops (SPW), IEEE, (2018), 29–35. https://doi.org/10.1109/SPW.2018.00013 |
[7] | V. Hassija, V. Chamola, V. Saxena and D. Jain, A survey on IoT security: application areas, security threats, and solution architectures, IEEE Access, 7 (2019), 82721–82743. https://doi.org/10.1109/ACCESS.2019.2924045 doi: 10.1109/ACCESS.2019.2924045 |
[8] | T. Horak, P. Strelec, L. Huraj, P. Tanuska, A. Vaclavova, M. Kebisek, The vulnerability of the production line using industrial Iot systems under DDoS attack, Electronics, 10 (2021), 381. https://doi.org/10.3390/electronics10040381 doi: 10.3390/electronics10040381 |
[9] | S. Hosseini, M. Azizi, The hybrid technique for DDoS detection with supervised learning algorithms, Comput. Net., 158 (2019), 35–45. https://doi.org/10.1016/j.comnet.2019.04.027 doi: 10.1016/j.comnet.2019.04.027 |
[10] | L. Huraj, M. Šimon, T. Horák, Resistance of IoT sensors against DDoS attack in smart home environment, Sensors, 20 (2020), 1–23. https://doi.org/10.3390/s20185298 doi: 10.3390/s20185298 |
[11] | F. Hussain, S. G. Abbas, M. Husnain, U. U. Fayyaz, F. Shahzad, G. A. Shah, IoT DoS and DDoS attack detection using ResNet, in 2020 IEEE 23rd International Multitopic Conference (INMIC), IEEE, 2020. https://doi.org/10.1109/INMIC50486.2020.9318216 |
[12] | M. Idhammad, K. Afdel, M. Belouch, Detection system of HTTP DDoS attacks in a Cloud environment based on Information Theoretic Entropy and Random Forest, Secur. Commun. Net., 2018 (2018), 1–13. https://doi.org/10.1155/2018/1263123 doi: 10.1155/2018/1263123 |
[13] | Y. Jung, Hybrid-aware model for senior wellness service in smart home, Sensors, 17 (2017). https://doi.org/10.3390/s17051182 doi: 10.3390/s17051182 |
[14] | A. Koay, A. Chen, I. Welch, W. K. Seah, A new multi classifier system using entropy-based features in DDoS attack detection, in 2018 International Conference on Information Networking (ICOIN), (2018), 162–167. https://doi.org/10.1109/ICOIN.2018.8343104 |
[15] | M. A. Lawal, R. A. Shaikh, S. R. Hassan, A DDoS attack mitigation framework for IoT networks using fog computing, Procedia Comput. Sci., 182 (2021), 13–20. https://doi.org/10.1016/j.procs.2021.02.003 doi: 10.1016/j.procs.2021.02.003 |
[16] | F. S. d. Lima Filho, F. A. Silveira, A. de Medeiros Brito Junior, G. Vargas-Solar, L. F. Silveira, Smart detection: an online approach for dos/ddos attack detection using machine learning, Secur. Commun. Net., 2019. |
[17] | L. Liu, E. Stroulia, I. Nikolaidis, A. Miguel-Cruz, A. Rios Rincon, Smart homes and home health monitoring technologies for older adults: A systematic review, Int. J. Med. Inf., 91 (2016), 44–59. https://doi.org/10.1016/j.ijmedinf.2016.04.007 doi: 10.1016/j.ijmedinf.2016.04.007 |
[18] | C. D. McDermott, F. Majdani, A. V. Petrovski, Botnet detection in the Internet of Things using deep learning approaches, in 2018 International Joint Conference on Neural Networks (IJCNN), (2018), 1–8. http://dx.doi.org/10.1109/IJCNN.2018.8489489 |
[19] | Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, A. Shabtai, D. Breitenbacher, et al., N-baiot—network-based detection of Iot botnet attacks using deep autoencoders, IEEE Pervas. Comput., 17 (2018), 12–22. http://dx.doi.org/10.1109/MPRV.2018.03367731 doi: 10.1109/MPRV.2018.03367731 |
[20] | A. Mishra, N. Gupta, B. B. Gupta, Defensive mechanism against DDoS attack based on feature selection and multi-classifier algorithms, Telecommun. Sys., 82 (2023), 229–244. https://doi.org/10.1007/s11235-022-00981-4 doi: 10.1007/s11235-022-00981-4 |
[21] | L. Nauha, N. S. Keränen, M. Kangas, T. Jämsä, J. Reponen, Assistive technologies at home for people with a memory disorder, Dementia, 17 (2018), 909–923. https://doi.org/10.1177/1471301216674816 doi: 10.1177/1471301216674816 |
[22] | N. Pandey, P. K. Mishra, Taxonomy of DDoS attacks and their defense mechanisms in IoT, J. Sci. Res., 65 (2021), 197–207. |
[23] | R. Paudel, T. Muncy, W. Eberle, Detecting DoS attack in Smart Home IoT devices using a graph-based approach, in 2019 IEEE International Conference on Big Data (Big Data), (2019), 5249–5258. https://doi.org/10.1109/BigData47090.2019.9006156 |
[24] | M. S. E. Shahabadi, H. Tabrizchi, M. K. Rafsanjani, B. Gupta, F. Palmieri, A combination of clustering-based under-sampling with ensemble methods for solving imbalanced class problem in intelligent systems, Technol. Forecast. Soc. Change, 169 (2021), 120796. https://doi.org/10.1016/j.techfore.2021.120796 doi: 10.1016/j.techfore.2021.120796 |
[25] | I. Sharafaldin, A. H. Lashkari, S. Hakak, A. A. Ghorbani, Developing realistic Distributed Denial of Service (DDoS) attack dataset and taxonomy, in 2019 International Carnahan Conference on Security Technology (ICCST), IEEE, (2019), 1–8. https://doi.org/10.1109/CCST.2019.8888419 |
[26] | D. H. Summerville, K. M. Zach, Y. Chen, Ultra-lightweight deep packet anomaly detection for Internet of things devices, in 2015 IEEE 34th international performance computing and communications conference (IPCCC), IEEE, (2015), 1–8. https://doi.org/10.1109/PCCC.2015.7410342 |
[27] | R. Turjamaa, A. Pehkonen, M. Kangasniemi, How smart homes are used to support older people: an integrative review, Int. J. Older People Nurs., 14 (2019), 1–15. https://doi.org/10.1111/opn.12260 doi: 10.1111/opn.12260 |
[28] | D. Uckelmann, A definition approach to smart logistics, in International Conference on Next Generation Wired/Wireless Networking, Springer, (2008), 273–284. |
[29] | A. Uprety, D. B. Rawat, Reinforcement learning for IoT security: a comprehensive survey, IEEE Int. Thing. J., 4662 (2020), 1–14. https://doi.org/10.1109/JIOT.2020.3040957 doi: 10.1109/JIOT.2020.3040957 |