IFACNN: efficient DDoS attack detection based on improved firefly algorithm to optimize convolutional neural networks

Jiushuang Wang; Ying Liu; Huifen Feng; Jiushuang Wang; Ying Liu; Huifen Feng

doi:10.3934/mbe.2022059

Mathematical Biosciences and Engineering

2022, Volume 19, Issue 2: 1280-1303. doi: 10.3934/mbe.2022059

Previous Article Next Article

Research article Special Issues

IFACNN: efficient DDoS attack detection based on improved firefly algorithm to optimize convolutional neural networks

National Engineering Laboratory on Interconnection Technology for Next Generation Internet, Beijing Jiaotong University, Beijing, China

Academic Editor:Thippa Reddy Gadekallu

Received: 20 September 2021 Accepted: 24 November 2021 Published: 02 December 2021

Network security has become considerably essential because of the expansion of internet of things (IoT) devices. One of the greatest hazards of today's networks is distributed denial of service (DDoS) attacks, which could destroy critical network services. Recent numerous IoT devices are unsuspectingly attacked by DDoS. To securely manage IoT equipment, researchers have introduced software-defined networks (SDN). Therefore, we propose a DDoS attack detection scheme to secure the real-time in the software-defined the internet of things (SD-IoT) environment. In this article, we utilize improved firefly algorithm to optimize the convolutional neural network (CNN), to provide detection for DDoS attacks in our proposed SD-IoT framework. Our results demonstrate that our scheme can achieve higher than 99% DDoS behavior and benign traffic detection accuracy.
- software-defined internet of things,
- distributed denial of service,
- firefly algorithm,
- convolutional neural network,
- detect attacks
Citation: Jiushuang Wang, Ying Liu, Huifen Feng. IFACNN: efficient DDoS attack detection based on improved firefly algorithm to optimize convolutional neural networks[J]. Mathematical Biosciences and Engineering, 2022, 19(2): 1280-1303. doi: 10.3934/mbe.2022059

Related Papers:

Abstract

Network security has become considerably essential because of the expansion of internet of things (IoT) devices. One of the greatest hazards of today's networks is distributed denial of service (DDoS) attacks, which could destroy critical network services. Recent numerous IoT devices are unsuspectingly attacked by DDoS. To securely manage IoT equipment, researchers have introduced software-defined networks (SDN). Therefore, we propose a DDoS attack detection scheme to secure the real-time in the software-defined the internet of things (SD-IoT) environment. In this article, we utilize improved firefly algorithm to optimize the convolutional neural network (CNN), to provide detection for DDoS attacks in our proposed SD-IoT framework. Our results demonstrate that our scheme can achieve higher than 99% DDoS behavior and benign traffic detection accuracy.

References

[1]	I. Cvitić, D. Peraković, B. Gupta, K. K. R. Choo, Boosting-based DDoS detection in internet of things systems, IEEE Int. Things J., 2021 (2021). doi: 10.1109/JIOT.2021.3090909.
[2]	F. Song, Z. Ai, H. Zhang, I. You, S. Li, Smart collaborative balancing for dependable network components in cyber-physical systems, IEEE Trans. Ind. Inf., 17 (2021), 6916–6924. doi: 10.1109/TII.2020.3029766. doi: 10.1109/TII.2020.3029766
[3]	F. O. Catak, Two-layer malicious network flow detection system with sparse linear model based feature selection, J. Nat. Sci. Found. Sri Lanka, 46 (2018), 601–612. doi: 10.4038/jnsfsr.v46i4.8560. doi: 10.4038/jnsfsr.v46i4.8560
[4]	CAICT, White Paper on the Internet of Things, 2020.
[5]	K. K. Karmakar, V. Varadharajan, S. Nepal, U. Tupakula, SDN-enabled secure IoT architecture, IEEE Int. Things J., 8 (2021), 6549–6564. doi: 10.1109/JIOT.2020.3043740. doi: 10.1109/JIOT.2020.3043740
[6]	P. Mishra, A. Biswal, S. Garg, R. Lu, M. Tiwary, D. Puthal, et al., Software defined internet of things security: properties, state of the art, and future research, IEEE Wireless Commun., 27 (2020), 10–16. doi: 10.1109/MWC.001.1900318. doi: 10.1109/MWC.001.1900318
[7]	F. O. Catak, A. F. Mustacoglu, Distributed denial of service attack detection using autoencoder and deep neural networks, J. Intelli. Fuzzy Syst., 37 (2019), 3969–3979. doi: 10.3233/JIFS-190159. doi: 10.3233/JIFS-190159
[8]	F. Song, Y. Zhou, Y. Wang, T. Zhao, I. You, H. Zhang, Smart collaborative distribution for privacy enhancement in moving target defense, Inf. Sci., 479 (2019), 593–606. doi: 10.1016/j.ins.2018.06.002. doi: 10.1016/j.ins.2018.06.002
[9]	S. M. Mousavi, M. St-Hilaire, Early detection of DDoS attacks against SDN controllers, in 2015 International Conference on Computing, Networking and Communications (ICNC), (2015), 77–81. doi: 10.1109/ICCNC.2015.7069319.
[10]	R. Wang, Z. Jia, L. Ju, An entropy-based distributed DDoS detection mechanism in software-defined networking, in 2015 IEEE Trustcom/BigDataSE/ISPA, (2015), 310–317. doi: 10.1109/Trustcom.2015.389.
[11]	K. Kalkan, G. Gür, F. Alagöz, SDNScore: A statistical defense mechanism against DDoS attacks in SDN environment, in 2017 IEEE Symposium on Computers and Communications (ISCC), (2017), 669–675. doi: 10.1109/ISCC.2017.8024605.
[12]	N. Dayal, P. Maity, S. Srivastava, Z. Khondoker, Research trends in security and DDoS in SDN, Secur. Commun. Networks, 9 (2016), 6386–6411. doi: 10.1002/sec.1759. doi: 10.1002/sec.1759
[13]	S. Shin, V. Yegneswaran, P. Porras, G. Gu, AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks, in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, (2013), 413–424. doi: 10.1145/2508859.2516684.
[14]	L. Wei, C. Fung, FlowRanger: a request prioritizing algorithm for controller DoS attacks in software defined networks, in 2015 IEEE International Conference on Communications (ICC), (2015), 5254–5259. doi: 10.1109/ICC.2015.7249158.
[15]	N. Ravi, S. Mercy. Shalinie, Learning-driven detection and mitigation of DDoS Attack in IoT via SDN-cloud architecture, IEEE Int. Things J., 7 (2020), 3559–3570. doi: 10.1109/JIOT.2020.2973176. doi: 10.1109/JIOT.2020.2973176
[16]	J. Ye, X. Cheng, Z. Jian, L. Feng, S. Ling, A DDoS attack detection method based on SVM in software defined network, Secur. Commun. Networks, 2018 (2018), 1–8. doi: 10.1155/2018/9804061. doi: 10.1155/2018/9804061
[17]	P. Xiao, W. Y. Qu, H. Qi, Z. Y. Li, Detecting DDoS attacks against data center with correlation analysis, Comput. Commun., 67 (2015). doi: 10.1016/j.comcom.2015.06.012.
[18]	V. Phan, N. Bao, M. Park, A novel hybrid flow-based handler with DDoS attacks in software-defined networking, in 2016 Intl IEEE Conferences on Ubiquitous Intelligence Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), (2016), 350–357. doi: 10.1109/UIC-ATC-ScalCom-CBDCom-IoP-SmartWorld.2016.0069.
[19]	F. Song, M. Zhu, Y. Zhou, I. You, H. Zhang, Smart collaborative tracking for ubiquitous power IoT in edge-cloud interplay domain, IEEE Int. Things J., 7 (2020), 6046–6055. doi: 10.1109/JIOT.2019.2958097. doi: 10.1109/JIOT.2019.2958097
[20]	F. I. Khan, S. Hameed, Software defined security service provisioning framework for internet of things, Int. J. Adv. Comput. Sci. Appl., 7 (2017), 411–425. doi: 10.14569/IJACSA.2016.071254. doi: 10.14569/IJACSA.2016.071254
[21]	S. Tomovic, K. Yoshigoe, I. Maljevic, I. Radusinovic, Software-defined fog network architecture for IoT, Wireless Pers. Commun., 92 (2017), 181–196. doi: 10.1007/s11277-016-3845-0. doi: 10.1007/s11277-016-3845-0
[22]	Z. J. Qin, G. Denker, C. Giannelli, P. Bellavista, N. Venkatasubramanian, A software defined networking architecture for the internet-of-things, in 2014 IEEE Network Operations and Management Symposium (NOMS), (2014), 1–9. doi: 10.1109/NOMS.2014.6838365.
[23]	C. Gonzalez, O. Flauzac, F. Nolot, A. Jara, A novel distributed SDN-secured architecture for the IoT, in 2016 International Conference on Distributed Computing in Sensor Systems (DCOSS), (2016), 244–249. doi: 10.1109/DCOSS.2016.22.
[24]	M. Nobakht, V. Sivaraman, R. Boreli, A host-based intrusion detection and mitigation framework for smart home IoT using OpenFlow, in 2016 11th International Conference on Availability, Reliability and Security (ARES), (2016), 147–156. doi: 10.1109/ARES.2016.64.
[25]	O. Salman, S. Abdallah, H. I. Elhajj, A. Chehab, A. Kayssi, Identity-based authentication scheme for the internet of things, in 2016 IEEE Symposium on Computers and Communication (ISCC), (2016), 1109–1111. doi: 10.1109/ISCC.2016.7543884.
[26]	T. H. Nguyen, M. Yoo, A hybrid prevention method for eavesdropping attack by link spoofing in software-defined Internet of Things controllers, Int. J. Distrib. Sensor Networks, 13 (2017), 1550147717739157. doi: 10.1177/1550147717739157. doi: 10.1177/1550147717739157
[27]	P. Bull, R. Austin, E. Popov, M. Sharma, R. Watson, Flow based security for IoT devices using an SDN gateway, in 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), (2016), 157–163. doi: 10.1109/FiCloud.2016.30.
[28]	M. E. Ahmed, H. Kim, DDoS attack mitigation in Internet of Things using software defined networking, in 2017 IEEE Third International Conference on Big Data Computing Service and Applications (BigDataService), 2017 (2017), 271–276. doi: 10.1109/BigDataService.2017.41.
[29]	F. De Rango, G. Potrino, M. Tropea, P. Fazio, Energy-aware dynamic internet of things security system based on elliptic curve cryptography and message queue telemetry transport protocol for mitigating replay attacks, Pervasive Mobile Comput., 67 (2020), 101105. doi: 10.1016/j.pmcj.2019.101105 doi: 10.1016/j.pmcj.2019.101105
[30]	F. De Rango, M. Tropea, P. Fazio, Mitigating DoS attacks in IoT EDGE Layer to preserve QoS topics and nodes' energy, in IEEE INFOCOM 2020–-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), (2020), 842–847. doi: 10.1109/INFOCOMWKSHPS50562.2020.9162902.
[31]	F. Song, L. Li, I. You, H. Zhang, Enabling geterogeneous deterministic networks with smart collaborative theory, IEEE Network, 35 (2021), 64–71. doi: 10.1109/MNET.011.2000613. doi: 10.1109/MNET.011.2000613
[32]	F. Song, Z. Ai, Y. Zhou, I. You, R. Choo, H. Zhang, Smart collaborative automation for receive buffer control in multipath industrial networks, IEEE Trans. Ind. Inf., 16 (2020), 1385–1394. doi: 10.1109/TII.2019.2950109. doi: 10.1109/TII.2019.2950109
[33]	A. Hakiri, P. Berthou, A. Gokhale, S. Ellatif, Publish/subscribe-enabled software defined networking for efficient and scalable IoT communications, Commun. Mag. IEEE, 53 (2015), 48–54. doi: 10.1109/MCOM.2015.7263372. doi: 10.1109/MCOM.2015.7263372

Reader Comments

Your name:*

Email:*
© 2022 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)