Defending against Distributed Denial of Service (DDoS) in the Internet of Things (IoT) computing environment is a challenging task. DDoS attacks are type of collective attack in which attackers work together to compromise internet security and services. The resource-constrained devices used in IoT deployments have made it even easier for an attacker to break, because of the vast number of vulnerable IoT devices with significant compute power. This paper proposed an ensemble machine learning (ML) model using the bagging technique to detect and prevent DDoS attacks in the IoT computing environment. We carried out an Machine Learning experiment and evaluated our proposed model with the most recent DDoS attacks (CICDoS2019) dataset. We use seven validation metrics (classification accuracy, precision rate, recall rate, f1-score, Matthews Correlation Coefficient, false negative rate and false positive rate) to evaluate the performance of the proposed model. The results obtained in our experiment shows an improved performance with an overall maximum classification accuracy of 99.75%, precision rate of 99.99%, recall rate of 99.76%, f1-score of 99.87%, Matthews Correlation Coefficient of 0.000000214, false negative rate of 0.24% and 4.42% false positive rate.
A review on machine learning based intrusion detection system for internet of...IJECEIAES
Within an internet of things (IoT) environment, the fundamental purpose of various devices is to gather the abundant amount of data that is being generated and then transmit this data to the predetermined server over the internet. IoT connects billions of objects and the internet to communicate without human intervention. But network security and privacy issues are increasing very fast, in today's world. Because of the prevalence of technological advancement in regular activities, internet security has evolved into a necessary requirement. Because technology is integrated into every aspect of contemporary life, cyberattacks on the internet of things represent a bigger danger than attacks against traditional networks. Researchers have found that combining machine learning techniques into an intrusion detection system (IDS) is an efficient way to get beyond the limitations of conventional IDSs in an IoT context. This research presents a comprehensive literature assessment and develops an intrusion detection system that makes use of machine learning techniques to address security problems in an IoT environment. Along with a comprehensive look at the state of the art in terms of intrusion detection systems for IoT-enabled environments, this study also examines the attributes of approaches, common datasets, and existing methods utilized to construct such systems.
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations.
However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent
weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS
attack in IoT networks by classifying incoming network packets on the transport layer as either
“Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep
learning algorithms and two clustering algorithms were independently trained for mitigating DDoS
attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and
UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during
the experimentation phase. The accuracy score and normalized-mutual-information score are used to
quantify the classification performance of the four algorithms. Our results show that the autoencoder
performed overall best with the highest accuracy across all the datasets.
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
RTL-DL: A HYBRID DEEP LEARNING FRAMEWORK FOR DDOS ATTACK DETECTION IN A BIG D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of
Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to
prevent DDoS attacks. However, their performance is greatly affected by a large class imbalance nature of
the training datasets as well as the presence of redundant and irrelevant features in them. This study
proposes RTL-DL, a new framework for an effective intrusion detection model based on the random
oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data
imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3%
accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current
approaches, the suggested model has demonstrated promising results in identifying network threats in
imbalanced data sets.
RTL-DL: A Hybrid Deep Learning Framework for DDoS Attack Detection in a Big D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to prevent DDoS attacks. However, their performance is greatly affected by a large class mbalance nature of the training datasets as well as the presence of redundant and irrelevant features in them. This study proposes RTL-DL, a new framework for an effective intrusion detection model based on the random oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3% accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current approaches, the uggested model has demonstrated romising results in identifying network threats in imbalanced data sets.
IS THERE A TROJAN! : LITERATURE SURVEY AND CRITICAL EVALUATION OF THE LATEST ...IJCI JOURNAL
IoT as a domain has grown so much in the last few years that it rivals that of the mobile network
environments in terms of data volumes as well as cybersecurity threats. The confidentiality and privacy of
data within IoT environments have become very important areas of security research within the last few
years. More and more security experts are interested in designing robust IDS systems to protect IoT
environments as a supplement to the more traditional security methods. Given that IoT devices are
resource-constrained and have a heterogeneous protocol stack, most traditional intrusion detection
approaches don’t work well within these schematic boundaries. This has led security researchers to
innovate at the intersection of Machine Learning and IDS to solve the shortcomings of non-learning based
IDS systems in the IoT ecosystem.
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...ijccsa
The introduction of Internet of Things (IoT) applications into daily life has raised serious privacy concerns
among consumers, network service providers, device manufacturers, and other parties involved. This paper
gives a high-level overview of the three phases of data collecting, transmission, and storage in IoT systems
as well as current privacy-preserving technologies. The following elements were investigated during these
three phases:(1) Physical and data connection layer security mechanisms(2) Network remedies(3)
Techniques for distributing and storing data. Real-world systems frequently have multiple phases and
incorporate a variety of methods to guarantee privacy. Therefore, for IoT research, design, development,
and operation, having a thorough understanding of all phases and their technologies can be beneficial. In
this Study introduced two independent methodologies namely generic differential privacy (GenDP) and
Cluster-Based Differential privacy ( Cluster-based DP) algorithms for handling metadata as intents and
intent scope to maintain privacy and security of IoT data in cloud environments. With its help, we can
virtual and connect enormous numbers of devices, get a clearer understanding of the IoT architecture, and
store data eternally. However, due of the dynamic nature of the environment, the diversity of devices, the
ad hoc requirements of multiple stakeholders, and hardware or network failures, it is a very challenging
task to create security-, privacy-, safety-, and quality-aware Internet of Things apps. It is becoming more
and more important to improve data privacy and security through appropriate data acquisition. The
proposed approach resulted in reduced loss performance as compared to Support Vector Machine (SVM) ,
Random Forest (RF) .
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
A review on machine learning based intrusion detection system for internet of...IJECEIAES
Within an internet of things (IoT) environment, the fundamental purpose of various devices is to gather the abundant amount of data that is being generated and then transmit this data to the predetermined server over the internet. IoT connects billions of objects and the internet to communicate without human intervention. But network security and privacy issues are increasing very fast, in today's world. Because of the prevalence of technological advancement in regular activities, internet security has evolved into a necessary requirement. Because technology is integrated into every aspect of contemporary life, cyberattacks on the internet of things represent a bigger danger than attacks against traditional networks. Researchers have found that combining machine learning techniques into an intrusion detection system (IDS) is an efficient way to get beyond the limitations of conventional IDSs in an IoT context. This research presents a comprehensive literature assessment and develops an intrusion detection system that makes use of machine learning techniques to address security problems in an IoT environment. Along with a comprehensive look at the state of the art in terms of intrusion detection systems for IoT-enabled environments, this study also examines the attributes of approaches, common datasets, and existing methods utilized to construct such systems.
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations.
However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent
weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS
attack in IoT networks by classifying incoming network packets on the transport layer as either
“Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep
learning algorithms and two clustering algorithms were independently trained for mitigating DDoS
attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and
UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during
the experimentation phase. The accuracy score and normalized-mutual-information score are used to
quantify the classification performance of the four algorithms. Our results show that the autoencoder
performed overall best with the highest accuracy across all the datasets.
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
RTL-DL: A HYBRID DEEP LEARNING FRAMEWORK FOR DDOS ATTACK DETECTION IN A BIG D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of
Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to
prevent DDoS attacks. However, their performance is greatly affected by a large class imbalance nature of
the training datasets as well as the presence of redundant and irrelevant features in them. This study
proposes RTL-DL, a new framework for an effective intrusion detection model based on the random
oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data
imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3%
accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current
approaches, the suggested model has demonstrated promising results in identifying network threats in
imbalanced data sets.
RTL-DL: A Hybrid Deep Learning Framework for DDoS Attack Detection in a Big D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to prevent DDoS attacks. However, their performance is greatly affected by a large class mbalance nature of the training datasets as well as the presence of redundant and irrelevant features in them. This study proposes RTL-DL, a new framework for an effective intrusion detection model based on the random oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3% accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current approaches, the uggested model has demonstrated romising results in identifying network threats in imbalanced data sets.
IS THERE A TROJAN! : LITERATURE SURVEY AND CRITICAL EVALUATION OF THE LATEST ...IJCI JOURNAL
IoT as a domain has grown so much in the last few years that it rivals that of the mobile network
environments in terms of data volumes as well as cybersecurity threats. The confidentiality and privacy of
data within IoT environments have become very important areas of security research within the last few
years. More and more security experts are interested in designing robust IDS systems to protect IoT
environments as a supplement to the more traditional security methods. Given that IoT devices are
resource-constrained and have a heterogeneous protocol stack, most traditional intrusion detection
approaches don’t work well within these schematic boundaries. This has led security researchers to
innovate at the intersection of Machine Learning and IDS to solve the shortcomings of non-learning based
IDS systems in the IoT ecosystem.
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...ijccsa
The introduction of Internet of Things (IoT) applications into daily life has raised serious privacy concerns
among consumers, network service providers, device manufacturers, and other parties involved. This paper
gives a high-level overview of the three phases of data collecting, transmission, and storage in IoT systems
as well as current privacy-preserving technologies. The following elements were investigated during these
three phases:(1) Physical and data connection layer security mechanisms(2) Network remedies(3)
Techniques for distributing and storing data. Real-world systems frequently have multiple phases and
incorporate a variety of methods to guarantee privacy. Therefore, for IoT research, design, development,
and operation, having a thorough understanding of all phases and their technologies can be beneficial. In
this Study introduced two independent methodologies namely generic differential privacy (GenDP) and
Cluster-Based Differential privacy ( Cluster-based DP) algorithms for handling metadata as intents and
intent scope to maintain privacy and security of IoT data in cloud environments. With its help, we can
virtual and connect enormous numbers of devices, get a clearer understanding of the IoT architecture, and
store data eternally. However, due of the dynamic nature of the environment, the diversity of devices, the
ad hoc requirements of multiple stakeholders, and hardware or network failures, it is a very challenging
task to create security-, privacy-, safety-, and quality-aware Internet of Things apps. It is becoming more
and more important to improve data privacy and security through appropriate data acquisition. The
proposed approach resulted in reduced loss performance as compared to Support Vector Machine (SVM) ,
Random Forest (RF) .
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
A new algorithm to enhance security against cyber threats for internet of thi...IJECEIAES
One major problem is detecting the unsuitability of traffic caused by a distributed denial of services (DDoS) attack produced by third party nodes, such as smart phones and other handheld Wi-Fi devices. During the transmission between the devices, there are rising in the number of cyber attacks on systems by using negligible packets, which lead to suspension of the services between source and destination, and can find the vulnerabilities on the network. These vulnerable issues have led to a reduction in the reliability of networks and a reduction in consumer confidence. In this paper, we will introduce a new algorithm called rout attack with detection algorithm (RAWD) to reduce the affect of any attack by checking the packet injection, and to avoid number of cyber attacks being received by the destination and transferred through a determined path or alternative path based on the problem. The proposed algorithm will forward the real time traffic to the required destination from a new alternative backup path which is computed by it before the attacked occurred. The results have showed an improvement when the attack occurred and the alternative path has used to make sure the continuity of receiving the data to the main destination without any affection.
Experimental analysis of intrusion detection systems using machine learning a...IJECEIAES
Since the invention of the internet for military and academic research purposes, it has evolved to meet the demands of the increasing number of users on the network, who have their scope beyond military and academics. As the scope of the network expanded maintaining its security became a matter of increasing importance. With various users and interconnections of more diversified networks, the internet needs to be maintained as securely as possible for the transmission of sensitive information to be one hundred per cent safe; several anomalies may intrude on private networks. Several research works have been released around network security and this research seeks to add to the already existing body of knowledge by expounding on these attacks, proffering efficient measures to detect network intrusions, and introducing an ensemble classifier: a combination of 3 different machine learning algorithms. An ensemble classifier is used for detecting remote to local (R2L) attacks, which showed the lowest level of accuracy when the network dataset is tested using single machine learning models but the ensemble classifier gives an overall efficiency of 99.8%.
Automated diagnosis of attacks in internet of things using machine learning a...journalBEEI
The Internet of Things (IoT) is the interconnection of things around us to make our daily process more efficient by providing more comfort and productivity. However, these connections also reveal a lot of sensitive data. Therefore, thinking about the methods of information security and coding are important as the security approaches that rely heavily on coding are not a strong match for these restricted devices. Consequently, this research aims to contribute to filling this gap, which adopts machine learning techniques to enhance network-level security in the low-power devices that use the lightweight MQTT protocol for their work. This study used a set of tools tools and, through various techniques, trained the proposed system ranging from Ensemble methods to deep learning models. The system has come to know what type of attack has occurred, which helps protect IoT devices. The log loss of the Ensemble methods is 0.44, and the accuracy of multi-class classification is 98.72% after converting the table data into an image set. The work also uses a Convolution Neural Network, which has a log loss of 0.019 and an accuracy of 99.3%. It also aims to implement these functions in IDS.
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
EFFECTIVE MALWARE DETECTION APPROACH BASED ON DEEP LEARNING IN CYBER-PHYSICAL...ijcsit
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyberphysical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyber-
physical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Network security is one of the foremost anxieties of the modern time. Over
the previous years, numerous studies have been accompanied on the
intrusion detection system. However, network security is one of the foremost
apprehensions of the modern era this is due to the speedy development and
substantial usage of altered technologies over the past period. The
vulnerabilities of these technologies security have become a main dispute
intrusion detection system is used to classify unapproved access and unusual
attacks over the secured networks. For the implementation of intrusion
detection system different approaches are used machine learning technique
is one of them. In order to comprehend the present station of application of
machine learning techniques for solving the intrusion discovery anomalies in
internet of thing (IoT) based big data this review paper conducted. Total 55
papers are summarized from 2010 and 2021 which were centering on the
manner of the single, hybrid and collaborative classifier design. This review
paper also includes some of the basic information like IoT, big data, and
machine learning approaches are discussed.
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
Internet of things (IoT) is a concept that has been widely used to improve business efficiency and customer’s experience. It involves resource constrained devices connecting to each other with a capability of sending data, and some with receiving data at the same time. The IoT environment enhances user experience by giving room to a large number of smart devices to connect and share information. However, with the sophistication of technology has resulted in IoT applications facing with malware threat. Therefore, it becomes highly imperative to give an understanding of existing state-of-the-art techniques developed to address malware threat in IoT applications. In this paper, we studied extensively the adoption of static, dynamic and hybrid malware analyses in proffering solution to the security problems plaguing different IoT applications. The success of the reviewed analysis techniques were observed through case studies from smart homes, smart factories, smart gadgets and IoT application protocols. This study gives a better understanding of the holistic approaches to malware threats in IoT applications and the way forward for strengthening the protection defense in IoT applications.
Three level intrusion detection system based on conditional generative advers...IJECEIAES
Security threat protection is important in the internet of things (IoT) applications since both the connected device and the captured data can be hacked or hijacked or both at the same time. To tackle the above-mentioned problem, we proposed three-level intrusion detection system conditional generative adversarial network (3LIDS-CGAN) model which includes four phases such as first-level intrusion detection system (IDS), second-level IDS, third-level IDS, and attack type classification. In first-level IDS, features of the incoming packets are extracted by the firewall. Based on the extracted features the packets are classified into three classes such as normal, malicious, and suspicious using support vector machine and golden eagle optimization. Suspicious packets are forwarded to the second-level IDS which classified the suspicious packets as normal or malicious. Here, signature-based intrusions are detected using attack history information, and anomaly-based intrusions are detected using event-based semantic mapping. In third-level IDS, adversary packets are detected using CGAN which automatically learns the adversarial environment and detects adversary packets accurately. Finally, proximal policy optimization is proposed to detect the attack type. Experiments are conducted using the NS-3.26 network simulator and performance is evaluated by various performance metrics which results that the proposed 3LIDS-CGAN model outperforming other existing works.
Ubiquitous devices are rising in popularity and sophistication. Internet of Things (IoT) avails opportunities for devices with powerful sensing, computing and interaction capabilities ranging from smartphones, wearable devices, home appliances, transport sensors and health products to share information through the internet. Due to vast data shared and increased interaction; they have attracted the interest of malware writers. Internet of Things environments poses unique challenges such as device latency, scalability, lack of antimalware tools and heterogeneity of device architectures that makes malware synthesis complex. In this paper we review literature on internet of things malware categories, support technologies, propagation and tools
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack.
Deep learning algorithms for intrusion detection systems in internet of thin...IJECEIAES
Due to technological advancements in recent years, the availability and usage of smart electronic gadgets have drastically increased. Adoption of these smart devices for a variety of applications in our day-to-day life has become a new normal. As these devices collect and store data, which is of prime importance, securing is a mandatory requirement by being vigilant against intruders. Many traditional techniques are prevailing for the same, but they may not be a good solution for the devices with resource constraints. The impact of artificial intelligence is not negligible in this concern. This study is an attempt to understand and analyze the performance of deep learning algorithms in intrusion detection. A comparative analysis of the performance of deep neural network, convolutional neural network, and long short-term memory using the CIC-IDS 2017 dataset.
Ensemble of Probabilistic Learning Networks for IoT Edge Intrusion DetectionIJCNCJournal
This paper proposes an intelligent and compact machine learning model for IoT intrusion detection using an ensemble of semi-parametric models with Ada boost. The proposed model provides an adequate realtime intrusion detection at an affordable computational complexity suitable for the IoT edge networks. The proposed model is evaluated against other comparable models using the benchmark data on IoT-IDS and shows comparable performance with reduced computations as required.
Among different online attacks obstructing IT security,
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
are the most devastating attack. It also put the security experts under
enormous pressure recently in finding efficient defiance methods.
DoS attack can be performed variously with diverse codes and tools
and can be launched form different OSI model layers. This paper
describes in details DoS and DDoS attack, and explains how different
types of attacks can be implemented and launched from different OSI
model layers. It provides a better understanding of these increasing
occurrences in order to improve
Low-rate distributed denial of service attacks detection in software defined ...IAESIJAI
One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.
Intrusion Detection System using Self Organizing Map: A SurveyIJERA Editor
Due to usage of computer every field, Network Security is the major concerned in today’s scenario. Every year the number of users and speed of network is increasing, along with it online fraud or security threats are also increasing. Every day a new attack is generated to harm the system or network. It is necessary to protect the system or networks from various threats by using Intrusion Detection System which can detect “known” as well as “unknown” attack and generate alerts if any unusual behavior in the traffic. There are various approaches for IDS, but in this paper, survey is focused on IDS using Self Organizing Map. SOM is unsupervised, fast conversion and automatic clustering algorithm which is able to handle novelty detection. The main objective of the survey is to find and address the current challenges of SOM. Our survey shows that the existing IDS based on SOM have poor detection rate for U2R and R2L attacks. To improve it, proper normalization technique should be used. During the survey we also found that HSOM and GHSOM are advance model of SOM which have their own unique feature for better performance of IDS. GHSOM is efficient due to its low computation time. This survey is beneficial to design and develop efficient SOM based IDS having less computation time and better detection rate.
AP LAB PPT.pdf ap lab ppt no title specificBrazilAccount1
Nothing
More Related Content
Similar to DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBASED COMPUTING ENVIRONMENT USING ENSEMBLE MACHINE LEARNING APPROACH
A new algorithm to enhance security against cyber threats for internet of thi...IJECEIAES
One major problem is detecting the unsuitability of traffic caused by a distributed denial of services (DDoS) attack produced by third party nodes, such as smart phones and other handheld Wi-Fi devices. During the transmission between the devices, there are rising in the number of cyber attacks on systems by using negligible packets, which lead to suspension of the services between source and destination, and can find the vulnerabilities on the network. These vulnerable issues have led to a reduction in the reliability of networks and a reduction in consumer confidence. In this paper, we will introduce a new algorithm called rout attack with detection algorithm (RAWD) to reduce the affect of any attack by checking the packet injection, and to avoid number of cyber attacks being received by the destination and transferred through a determined path or alternative path based on the problem. The proposed algorithm will forward the real time traffic to the required destination from a new alternative backup path which is computed by it before the attacked occurred. The results have showed an improvement when the attack occurred and the alternative path has used to make sure the continuity of receiving the data to the main destination without any affection.
Experimental analysis of intrusion detection systems using machine learning a...IJECEIAES
Since the invention of the internet for military and academic research purposes, it has evolved to meet the demands of the increasing number of users on the network, who have their scope beyond military and academics. As the scope of the network expanded maintaining its security became a matter of increasing importance. With various users and interconnections of more diversified networks, the internet needs to be maintained as securely as possible for the transmission of sensitive information to be one hundred per cent safe; several anomalies may intrude on private networks. Several research works have been released around network security and this research seeks to add to the already existing body of knowledge by expounding on these attacks, proffering efficient measures to detect network intrusions, and introducing an ensemble classifier: a combination of 3 different machine learning algorithms. An ensemble classifier is used for detecting remote to local (R2L) attacks, which showed the lowest level of accuracy when the network dataset is tested using single machine learning models but the ensemble classifier gives an overall efficiency of 99.8%.
Automated diagnosis of attacks in internet of things using machine learning a...journalBEEI
The Internet of Things (IoT) is the interconnection of things around us to make our daily process more efficient by providing more comfort and productivity. However, these connections also reveal a lot of sensitive data. Therefore, thinking about the methods of information security and coding are important as the security approaches that rely heavily on coding are not a strong match for these restricted devices. Consequently, this research aims to contribute to filling this gap, which adopts machine learning techniques to enhance network-level security in the low-power devices that use the lightweight MQTT protocol for their work. This study used a set of tools tools and, through various techniques, trained the proposed system ranging from Ensemble methods to deep learning models. The system has come to know what type of attack has occurred, which helps protect IoT devices. The log loss of the Ensemble methods is 0.44, and the accuracy of multi-class classification is 98.72% after converting the table data into an image set. The work also uses a Convolution Neural Network, which has a log loss of 0.019 and an accuracy of 99.3%. It also aims to implement these functions in IDS.
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
EFFECTIVE MALWARE DETECTION APPROACH BASED ON DEEP LEARNING IN CYBER-PHYSICAL...ijcsit
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyberphysical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyber-
physical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Network security is one of the foremost anxieties of the modern time. Over
the previous years, numerous studies have been accompanied on the
intrusion detection system. However, network security is one of the foremost
apprehensions of the modern era this is due to the speedy development and
substantial usage of altered technologies over the past period. The
vulnerabilities of these technologies security have become a main dispute
intrusion detection system is used to classify unapproved access and unusual
attacks over the secured networks. For the implementation of intrusion
detection system different approaches are used machine learning technique
is one of them. In order to comprehend the present station of application of
machine learning techniques for solving the intrusion discovery anomalies in
internet of thing (IoT) based big data this review paper conducted. Total 55
papers are summarized from 2010 and 2021 which were centering on the
manner of the single, hybrid and collaborative classifier design. This review
paper also includes some of the basic information like IoT, big data, and
machine learning approaches are discussed.
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
Internet of things (IoT) is a concept that has been widely used to improve business efficiency and customer’s experience. It involves resource constrained devices connecting to each other with a capability of sending data, and some with receiving data at the same time. The IoT environment enhances user experience by giving room to a large number of smart devices to connect and share information. However, with the sophistication of technology has resulted in IoT applications facing with malware threat. Therefore, it becomes highly imperative to give an understanding of existing state-of-the-art techniques developed to address malware threat in IoT applications. In this paper, we studied extensively the adoption of static, dynamic and hybrid malware analyses in proffering solution to the security problems plaguing different IoT applications. The success of the reviewed analysis techniques were observed through case studies from smart homes, smart factories, smart gadgets and IoT application protocols. This study gives a better understanding of the holistic approaches to malware threats in IoT applications and the way forward for strengthening the protection defense in IoT applications.
Three level intrusion detection system based on conditional generative advers...IJECEIAES
Security threat protection is important in the internet of things (IoT) applications since both the connected device and the captured data can be hacked or hijacked or both at the same time. To tackle the above-mentioned problem, we proposed three-level intrusion detection system conditional generative adversarial network (3LIDS-CGAN) model which includes four phases such as first-level intrusion detection system (IDS), second-level IDS, third-level IDS, and attack type classification. In first-level IDS, features of the incoming packets are extracted by the firewall. Based on the extracted features the packets are classified into three classes such as normal, malicious, and suspicious using support vector machine and golden eagle optimization. Suspicious packets are forwarded to the second-level IDS which classified the suspicious packets as normal or malicious. Here, signature-based intrusions are detected using attack history information, and anomaly-based intrusions are detected using event-based semantic mapping. In third-level IDS, adversary packets are detected using CGAN which automatically learns the adversarial environment and detects adversary packets accurately. Finally, proximal policy optimization is proposed to detect the attack type. Experiments are conducted using the NS-3.26 network simulator and performance is evaluated by various performance metrics which results that the proposed 3LIDS-CGAN model outperforming other existing works.
Ubiquitous devices are rising in popularity and sophistication. Internet of Things (IoT) avails opportunities for devices with powerful sensing, computing and interaction capabilities ranging from smartphones, wearable devices, home appliances, transport sensors and health products to share information through the internet. Due to vast data shared and increased interaction; they have attracted the interest of malware writers. Internet of Things environments poses unique challenges such as device latency, scalability, lack of antimalware tools and heterogeneity of device architectures that makes malware synthesis complex. In this paper we review literature on internet of things malware categories, support technologies, propagation and tools
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack.
Deep learning algorithms for intrusion detection systems in internet of thin...IJECEIAES
Due to technological advancements in recent years, the availability and usage of smart electronic gadgets have drastically increased. Adoption of these smart devices for a variety of applications in our day-to-day life has become a new normal. As these devices collect and store data, which is of prime importance, securing is a mandatory requirement by being vigilant against intruders. Many traditional techniques are prevailing for the same, but they may not be a good solution for the devices with resource constraints. The impact of artificial intelligence is not negligible in this concern. This study is an attempt to understand and analyze the performance of deep learning algorithms in intrusion detection. A comparative analysis of the performance of deep neural network, convolutional neural network, and long short-term memory using the CIC-IDS 2017 dataset.
Ensemble of Probabilistic Learning Networks for IoT Edge Intrusion DetectionIJCNCJournal
This paper proposes an intelligent and compact machine learning model for IoT intrusion detection using an ensemble of semi-parametric models with Ada boost. The proposed model provides an adequate realtime intrusion detection at an affordable computational complexity suitable for the IoT edge networks. The proposed model is evaluated against other comparable models using the benchmark data on IoT-IDS and shows comparable performance with reduced computations as required.
Among different online attacks obstructing IT security,
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
are the most devastating attack. It also put the security experts under
enormous pressure recently in finding efficient defiance methods.
DoS attack can be performed variously with diverse codes and tools
and can be launched form different OSI model layers. This paper
describes in details DoS and DDoS attack, and explains how different
types of attacks can be implemented and launched from different OSI
model layers. It provides a better understanding of these increasing
occurrences in order to improve
Low-rate distributed denial of service attacks detection in software defined ...IAESIJAI
One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.
Intrusion Detection System using Self Organizing Map: A SurveyIJERA Editor
Due to usage of computer every field, Network Security is the major concerned in today’s scenario. Every year the number of users and speed of network is increasing, along with it online fraud or security threats are also increasing. Every day a new attack is generated to harm the system or network. It is necessary to protect the system or networks from various threats by using Intrusion Detection System which can detect “known” as well as “unknown” attack and generate alerts if any unusual behavior in the traffic. There are various approaches for IDS, but in this paper, survey is focused on IDS using Self Organizing Map. SOM is unsupervised, fast conversion and automatic clustering algorithm which is able to handle novelty detection. The main objective of the survey is to find and address the current challenges of SOM. Our survey shows that the existing IDS based on SOM have poor detection rate for U2R and R2L attacks. To improve it, proper normalization technique should be used. During the survey we also found that HSOM and GHSOM are advance model of SOM which have their own unique feature for better performance of IDS. GHSOM is efficient due to its low computation time. This survey is beneficial to design and develop efficient SOM based IDS having less computation time and better detection rate.
Similar to DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBASED COMPUTING ENVIRONMENT USING ENSEMBLE MACHINE LEARNING APPROACH (20)
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Gen AI Study Jams _ For the GDSC Leads in India.pdf
DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBASED COMPUTING ENVIRONMENT USING ENSEMBLE MACHINE LEARNING APPROACH
1. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
DOI: 10.5121/ijnsa.2022.14403 39
DISTRIBUTED DENIAL OF SERVICE ATTACK
DETECTION AND PREVENTION MODEL FOR IOT-
BASED COMPUTING ENVIRONMENT USING
ENSEMBLE MACHINE LEARNING APPROACH
Nicholas Oluwole Ogini1
, Wilfred Adigwe2
and Noah Oghenefego Ogwara3
1
Department of Computer Science, Delta State University, Abraka, Nigeria
2
Department of Computer Science,
Delta State University of Science and Technology, Ozoro, Nigeria
3
Department of Computer Science and Software Engineering, Auckland University of
Technology, Auckland, New Zealand
ABSTRACT
Defending against Distributed Denial of Service (DDoS) in the Internet of Things (IoT) computing
environment is a challenging task. DDoS attacks are type of collective attack in which attackers work
together to compromise internet security and services. The resource-constrained devices used in IoT
deployments have made it even easier for an attacker to break, because of the vast number of vulnerable
IoT devices with significant compute power. This paper proposed an ensemble machine learning (ML)
model using the bagging technique to detect and prevent DDoS attacks in the IoT computing environment.
We carried out an Machine Learning experiment and evaluated our proposed model with the most recent
DDoS attacks (CICDoS2019) dataset. We use seven validation metrics (classification accuracy, precision
rate, recall rate, f1-score, Matthews Correlation Coefficient, false negative rate and false positive rate) to
evaluate the performance of the proposed model. The results obtained in our experiment shows an
improved performance with an overall maximum classification accuracy of 99.75%, precision rate of
99.99%, recall rate of 99.76%, f1-score of 99.87%, Matthews Correlation Coefficient of 0.000000214,
false negative rate of 0.24% and 4.42% false positive rate.
KEYWORDS
Internet of Things, DDoS Attacks, Ensemble Machine Learning, Security, & Detection Models.
1. INTRODUCTION
One of the most visible breakthroughs in computing technology over the last decade has been the
Internet of Things (IoT). This technology enabled the integration of computer power and network
communication capabilities into a wide range of devices, allowing end-users to access new types
of services. The utilisation of IoT devices has changed multiple fields such as healthcare,
industry, physical security, farming, and even home automation [1].
Significant cyber security implications have resulted from this transition in computing. The issue
of protecting the internet from cyber-attacks is growing increasingly difficult. One of the main
reasons for this is that the number of connected devices has increased, making it impossible to
secure them all due to their variety of types. IoT devices are characterised by a wide range of
hardware and software, as well as insecure design, a lack of upgrades, and user engagement [2].
2. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
40
However, when the network grows, the obstacles grow as well. The security difficulties
surrounding IoT have a significant impact on the domain's future, raising concerns about the
security of devices in use. Meanwhile, A distributed denial of service (DDoS) attack is one of the
most prevalent security issues affecting Internet of Things (IoT)-based applications and devices
[3].
The infrastructure that interconnects devices operating in an IoT-based environment requires
maximum cooperation to tackle security issues because of the rapid growth of connected devices
[3]. DDoS attacks are type of collective attack in which attackers work together to compromise
internet security and services. In this type of attack, the attacker takes advantage of compromised
systems to deny legitimate users access to server resources and then uses those resources to
launch a series of attacks against the victim [4]. DDoS attacks have become increasingly common
in the cyber security world. DDoS attacks have expanded dramatically since everything became
connected through the Internet, because there are now more devices to compromise and launch
attacks [4].
The resource-constrained devices used in IoT deployments have made it even easier for an
attacker to break, because of the vast number of vulnerable IoT devices with significant compute
power, attackers seeking to compromise these devices and exploiting them to establish large-
scale botnets against their victims. A botnet is a collection of infected devices or bots, sometimes
known as zombies, that share a command-and-control infrastructure and are used for nefarious
purposes such as DDoS attacks. These DDoS attacks were expected for various reasons such as
the heterogeneous nature of IoT devices in terms of communication medium and protocols,
platforms, and devices, IoT systems are extremely diverse., and therefore pose a bigger security
risk than traditional computing systems. [5].
All these factors have heightened research interest in the field of IoT security in recent years. The
Internet of Things (IoT) environment is made up of several devices with varying levels of traits
and capabilities. It includes anything from high-end computers to low-cost microprocessors with
limited memory and processing power. Security solutions must be proposed at many levels in this
diverse environment. Because the capacities of devices at different levels of the IoT vary,
security measures used at each level will have varied dimensions and features [6]. To solve some
of these problems associated with DDoS attacks on IoT devices, this paper proposed DDoS
detection framework using the ensemble machine learning (ML) techniques to detect attacks in
application layer of the IoT-based computing environment. The contribution of the paper is as
follows:
We proposed an ensemble machine learning model using the bagging technique to
effectively detect different types of DDoS attacks in IoT computing environment in a
timely manner.
Our proposed model can identify the type of DDoS attacks and initiate a mitigation
approach in preventing the attacks.
The result obtained from our experiment shows an improved performance when
compared with similar methods in extant literature
The remaining section of the paper is organized as follows: section 2 discussed some of the
related works and the proposed model is presented in section 3. Section 4 discuss the
methodology use in the study which includes the data collection, data pre-processing and
machine learning experimental work carried out in this study. The results of the experiments and
comparison with related works in extant literature are presented in section 5 and finally section 6
concludes the paper and highlight direction for further research.
3. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
41
2. RELATED WORKS
This section reviews the state of the arts research work that proposed a model or framework to
detect DDoS attacks in various network environment. The selected papers used in this review on
recent works that applies either machine learning (ML) or deep learning (DL) approach in their
experimental work with the most up to date state of the art dataset for the effective detection of
attacks in a network environment. This enable the study to identify some of the current issues
that needs to be addressed. In addition several studies has been conducted to solve security issues
concerns with malicious network traffics that causes DDoS attacks in a network environment for
example Smys et al. [7] proposed a hybrid IDS that detects DDoS attacks in IoT environments.
The model proposed by the authors applies a convolutional neural network algorithm that uses a
bidirectional long-term memory architecture for the training its model. However, the sample size
of normal (240) and attack (3,890) types in the dataset used for their experiment is very small.
The authors reported 98.60% classification accuracy from the experiment conducted in their
work. One of the advantage of work reported in [7] is the performance of the detection model in
detecting intrusion in IoT environments but the proposed model suffers from its inability to
identity each type of attacks and applies appropriate counter measures to a detected attacks in the
IoT environment.
Singh-Samom and Taggu [8] proposed a model to detect four types of DDoS attacks using a
machine learning (ML) approach. The authors conducted experiments in their study with
different ML algorithms using the CICDDoS2019 and UNSW-NB15 DDoS attack datasets. The
results of their experiment shows that the RandomForest ML classifier outperforms other ML
algorithms. The RandomForest classifier was adopted as the classifier for the model proposed in
their work. In addition, the authors evaluated their model using four performance metrics and
reported a classification accuracy of 99.92% using CICDDoS2019 dataset and 96.20% using
UNSW-NB15 dataset. One of the advantages reported by the authors in [8] is the ability of their
detection model to distinguish between multiple types of DDoS attacks. Although the work in [8]
has no counter security measures for detected attacks and no clear description the proposed
model.
Elsayed et al [9] proposed an IDS to detect DDoS attacks in software defined networking (SDN)
environment using deep learning approach. The authors use Recurrent Neural Network (RNN)
with autoencoder in the training of their model using the CICDDoS2019 DDoS attacks dataset.
The authors also reported 99% classification accuracy from the results obtained from the
evaluation of their model. The advantage of the work reported in [9] eliminates the complexity of
model training but suffers from high computational requirements during the encoding process
and only apply binary classification approaches in its detection engine.
Wei et al [10] proposed a model to detect DDoS attacks using a deep learning approach. The
authors combine two deep learning techniques for effective detection and classification of DDoS
attacks. First, the authors proposed a feature extraction model that uses autoencoder to extract
relevant features that is require for the detection process, and secondly a model that uses Multi-
layer Perceptron Network (MLP) to classify DDOS attack types. In addition, the authors reported
a classification accuracy of 98.34% based on the results obtained from the evaluation carried out
in their work. One of the advantages of the work proposed in [10] its ability to detect different
types of attacks, the authors apply a multi-classification approach rather than a binary approach
proposed by majority of the related works. However, their model requires high computational
resources during training.
Kousar et al [11] proposed a decision tree-based model to detect DDoS attacks in SDN
environment. The proposed model focus on attacks that is used to flood the SDN controller. The
4. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
42
authors perform an experiment to detect different types of DDoS attacks using the CIC-DDoS
2019 dataset and also compares the results of the experiment conducted by collecting simulated
data from SDN environment using Mininet emulator and RYU controller using different DDoS
tools. The authors reported a classification accuracy of 99.99% using the decision tree approach
compared to the other ML approach used in their experiment. One of the advantages of the model
reported in [11] its ability to detects attacks in a software defined environment which is much
complex compares to the IoT environment. Although the work in [11] only apply the binary
classification in its detection engine. In addition, the resource computational requirements in
software defined environments are higher compared to IoT environments.
Malliga et al[12] proposed a model to detect DDoS attacks in the application, network, and
transport layers of the OSI model. The model proposed by the authors uses the Deep Neural
Network (DNN) and Long Short-Term Memory (LSTM) approaches. In addition, the authors
evaluated their proposed model with CICIDS2017 and CICDDoS2019 DDoS datasets with a
maximum classification accuracy of 99.40%. One of the draws back of the works in [12] is the
amount of time requires for its training and no preventive measures to tackle detected attacks
however, the proposed model is effective in detecting intrusions across the several layers of the
open system interconnection layers.
Vuong et al [13] propose a novel multi-tier architecture IDS for detection of DDoS attacks and
evaluate their proposed model with the CICDDoS2019 dataset. The authors reported a precision
rate and a recall rate of 99.50% and 99.10%, respectively. One of the major advantages of the
proposed model reported in [13] is the feature selection approach. Identifying key features
relevant to the detection process helps improve the performance and reliability of the model.
Although the complexity of the N-tier architecture is resource demanding. Rajagopal et al.
Similarly, the authors in [14] proposed a model that uses decision jungle algorithms with a meta-
classification approach to detect DDoS attacks in a cloud computing environment. The
experiments reported by the authors was conducted in a production ready Azure virtual machine.
The authors also evaluated their proposed model with UNSW NB-15, CICID 2017, and
CICDDOS2019 dataset and obtains a maximum classification accuracy of 98% and 97% using
the CICDDOS2019 dataset. The feature selection approach reported in [14] was very effective to
select relevant features require to build a reliable model however, the training set were less than
70% of the entire set. The performance of such model is more reliable when trained with over
70% of the dataset to reduce the issue of imbalanced data in the learning process. Also, the issue
of preventive measures to counter detected attacks was not reported.
Gohil and Kumar, [15] carried out experiments with major supervised ML classification
algorithms to identify the best ML models to effectively detect DDoS attacks in a network
environment. The results of their experiment show that tree-based classifiers are much better than
distance-based classifiers. The authors reported an overall maximum classification accuracy of
96.25% using the tree-based ML classifiers. The model reported in [15] uses a smaller number of
dataset even though the proposed model has the ability to detect multiple attacks. Similarly,
Shieh et al [16] proposed a DDoS attack detection model that uses a bi-directional LSTM model
along with a Gaussian Mixture. The authors conducted an experiment, and they reported a
maximum classification accuracy of 98.18%. One of the major advantages of the proposed model
in [16] centred on the ability of the model to cope with incremental learning but the model suffers
in performance from the detection of zero day attacks in this environment.
In summary, different approaches has been reported in extant literature offering solutions to the
detection of DDoS attacks. However, some of the recent works proposed in literature suffers
from performance issues with accurate detection and mitigation of DDoS attacks in a timely
5. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
43
manner. In addition, majority of the works reported in literature did not provide mitigation
component in their model to manage detected attacks. Similarly, some of the works has failed to
evaluated the false positive rate of attacks in various network environment to effectively measure
the performance of their model. Using the classification accuracy to measure the effectiveness of
a detection model gives rooms for the possibility of false alarms in the detection of attacks. There
is need to build a better detection model by considering all relevant evaluation metrics to measure
the performance of the future models. In addition, the use of ensemble ML approach has not been
explored widely in the detection of DDoS attacks in IoT environment in extant literature and also
explored other evaluation metrics to measure the performance of DDoS attacks models is
necessary hence the focus of this study to explore other evaluation metrics and ensemble ML
technique to build a more reliable detection model that can effectively handle large volume of
network traffics in a timely manner.
3. THE PROPOSED MODEL
In this paper, we proposed a conceptualized model to detect and prevent DDoS attacks in the IoT
computing environment. The complex nature of the IoT environment and its resource constrained
nature make it difficult to combat security issues in this environment.
The proposed model is designed for an IoT network that connects the Internet to a personal or
private network. The router at the border will be more computationally powerful and capable than
end-of-line devices. Even in such a scenario, we must think about the power and execution time
constraints. The internal network will communicate with the cloud-based server via the router
that is connected to the internet. The proposed model applies exhaustion of resources mitigation
techniques to tackle DDoS attacks in an IoT environment.
This study proposed a DDoS attack identification and prevention machine learning (ML) model
using ensemble techniques as shown in Figure 1. The ML model proposed in this paper uses
CICDDoS2019 dataset [17] for its training. The proposed ML model in this paper uses the
ensemble bagging method. This ML technique creates several instances of a black-box estimator
on random subsets of the original training set, then aggregates their unique forecasts to make a
final classification. These methods are used to lower the variance of a base estimator (for
example, a decision tree) by introducing randomization into the construction mechanism and then
constructing an ensemble from it.
In many circumstances, bagging approaches provide a simple way to enhance with respect to a
single model without having to change the underlying base algorithm. The ensemble ML model
proposed in this paper uses the decision tree algorithms as its base estimator. Bagging approaches
perform best with strong and complex models because they reduce overfitting.
The proposed model has a two-level DDoS attack identification module. The first level DDoS
attack identification module receives each network packet along with the device ID and forwards
the network packets to the ensemble ML model for inspection. In the event of the detection of
abnormalities in the suspected network traffic in the first level, the ensemble ML model forward
the network packets to the DDoS attack classification module.
The second level is the DDoS attack classification module is responsible for identifying the type
of DDoS attack detected by the ensemble ML Model. Once the attack type is identified, the
prevention module is notified and initiates the mitigation procedure of the devices that are
associated with the attacks by blocking traffic from the devices. The process of blocking the
suspected traffic from the device protects the device from further attacks at the same time notify
the administrator of the devices for further investigation.
6. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
44
Figure 1. Proposed DDoS Attacks Detection and Prevention Ensemble ML Models
4. METHODOLOGY
This section discusses the data collection and the experimental work carried out in this study.
This includes a description of the dataset used, pre-processing of collected data, the ensemble ML
algorithms used, the workflow of the proposed model and a discussion of the results obtained in
the experimental work.
4.1. Data Collection and Description
This study uses a benchmark DDoS attack dataset named CICDoS2019 [17] collected from a
public repository at the University of New Brunswick, Canada. This dataset has been widely used
for conducting research on the detection of DDoS attacks in various environments. This study
used this dataset to conduct an ML experiment using the ensemble techniques and proposed a
model that uses the bagging techniques for attack detection and prevention.
Overall, the dataset contains 50,063,112 records (56,863 benign traffic records and 50,006,249
malicious traffic records) in its training set and 20,364,525 records (56,965 benign traffic records
and 20,307,560 malicious traffic records) in its testing set. The entire dataset contains 88 unique
features such as source IP, destination IP, source port, destination port, and so on. The
experimental work carried out in this study uses all DDoS attack types in its training set, which
includes NTP, DNS, LDAP, MSSQL, NetBIOS, SNMP, SSDP, UDP, UDP-Lag, WebDDoS,
SYN, and TFTP, However, only seven DDoS attacks are included in the testing dataset (i.e.,
PortScan, NetBIOS, LDAP, MSSQL, UDP, UDP-Lag, and SYN).
There are two categories of DDoS attacks in the dataset used in this study, namely the reflection-
based and exploitation-based attacks, as shown in Figure 2.
7. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
45
Figure 2. DDoS Attacks Categorization and Hierarchy
A. Reflection-based DDoS Attacks: In this attack category, the identity of the attacker is
kept secret by leveraging a legitimate third-party component. The application layer
protocol are often used in this attack type by transmitting malicious network packets to
reflector servers with the source IP address set to the victim's IP address, causing the
victim to be overwhelmed and send a large number of response packets. As shown in
Figure 2, TCP-based attacks include MSSQL and SSDP, whereas UDP-based attacks
include CharGen, NTP, and TFTP. DNS, LDAP, NETBIOS, and SNMP are examples of
attacks that can be carried out using either TCP or UDP.
B. Exploitation-Based DDoS Attacks: This category of attacks also hides the identity of
the attacker using third-party tools like the reflection attack. However, this category of
attacks focuses on the exploitation of a specific protocol such as the network, transport,
and application layers of the Open Systems Interconnection (OSI) model. The Attackers
send packets to reflector servers with the source IP address configured to the victim's IP
address to overwhelm the victim with response packets.
4.2. Data Pre-processing
The pre-processing of the collected data as used in this study involves the cleaning of the dataset.
First, we removed some of the non-numeric features that have no contribution to the detection of
attacks. In this study, we removed five features from the dataset, including Flow ID, Source IP,
Destination IP, Timestamp, and Similar HTTP. These features contain values that are not
numeric. On the other hand, we convert all the values to numeric in the label column, which
contains the attack type. We represented each DDoS attack with the value of 1 and the value of 0
was assigned to benign labels. We also replaced all values in the dataset that contain infinity with
the value of 1.79769313e+308 and all nan values were also replaced with zero.
Second, after the transformation process on our dataset, we apply the min-max normalization
technique to transform the values of each attribute into a uniform distribution with the smallest
value is 0 and the highest value as 1 using equation 1.
where k is the value of each feature in the dataset (1).
8. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
46
4.3. Ensemble Machine Learning Algorithms
This section briefly discussed the five ensemble ML algorithms used in the experimental work
conducted in this study.
A. The Bagging Classifier: The Bagging ML classifier is an ensemble ML technique that is
used for solving both classification and regression problems. This classifier is designed in
such a way that it combines the output of randomly generated training set to form its final
prediction. The Bagging ML classifier can use different supervised ML algorithms as its base
estimators. The basic principle of this ML technique uses a group of weaker learners to form
a strong learner. This technique grows as many decision trees as possible, which are
combined to get the final prediction of the model.
B. The Random Forest (RF): The RF classifier is a supervised ensemble ML algorithm that can
be used to solve classification and regression problems. Multiple decision trees make up the
RF, which is an ensemble classifier. The trees in the RF classifier learn independently on a
randomly selected part of the training data. By merging the outcomes of several learning
models, the RF classifier uses bagging techniques to improve overall results. The most often
recurring categories predicted by each learning model of each tree in the classifier define the
RF ML classifier's output. Due to the nature of the tree, it is ideal for multi-classification
problems, and it is also very effective for binary classification problems.
C. C. The AdaBoost Classifier: The AdaBoost Classifier is a supervised ML classification
technique that uses an ensemble of machine learning algorithms. This algorithm is used to
turn a weak classifier into a strong one. The algorithms work on the idea that each learner is
developed consecutively, with the exception of the first learner, who is grown from the prior
learner.
D. D. The Gradient Tree Boosting Classifier: Gradient Tree Boosting, also known as Gradient
Boosted Decision Trees (GBDT), is a generalisation of boosting to arbitrary differentiable
loss functions. GBDT is an off-the-shelf approach that may be used to solve regression and
classification problems in a wide range of fields, including Web search ranking and ecology.
E. E. The Ensemble Voting Classifier: The Voting Classifier's concept is to combine
conceptually diverse machine learning classifiers and predict class labels using a majority
vote or the average predicted probability (soft vote). A classifier like this can be useful for
balancing out the flaws of a group of models that are all doing well. The projected class label
for a given sample is the class label that represents the majority (mode) of the class labels
predicted by each classifier in majority voting. Soft voting, as opposed to majority voting
(hard voting), returns the class label as the maximum of the sum of predicted probabilities.
The weights option can be used to assign specific weights to each classifier. The predicted
class probabilities for each classifier are gathered, multiplied by the classifier weight, and
averaged where weights are available. The class label with the highest average probability is
then used to create the final class label.
4.4. Experimental Setup
We carried out our ML experiment on a computer with the following hardware configuration:
Intel (R) Core (TM) i7-8700 CPU @3.20GHz, 32GB RAM, and 1TB HD. The experiment
carried out in this study was implemented using Python 3.7.1 and the scikit-learn ML library. We
used the 6 DDoS attack types (PortScan, NetBIOS, LDAP, MSSQL, UDP, and SYN) in the
testing dataset to evaluate our proposed model and repeat the same experiment with other
9. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
47
ensemble ML models. Below is a brief description of the DDoS attack types used in our
experiment:
A. LDAP DDoS Attack: In this DDoS attack, the attacker uses an application layer protocol
called Lightweight Directory Access Protocol (LDAP) to send requests to a publicly
available but insecure LDAP server to produce huge responses in such a way that the attacker
can obtain human readable URLs.
B. NetBIOS DDoS Attacks: In this DDoS attack, an attacker exploits the Network Basic
Input/Output System (NetBIOS) by sending spoofed "Name Release" or "Name Conflict"
signals to a victim system to block all NetBIOS network communication.
C. UDP DDoS Attack: A UDP flood attack sends a large number of UDP packets to random
ports on the target machine. As a result, the network's available bandwidth is depleted, the
system crashes, and performance suffers. As a result, the target server's firewall may become
overburdened.
D. SYN DDoS Attack: The SYN DDoS attack takes advantage of the TCP three-way handshake
by sending a large number of SYN packets to the target system until it crashes or
malfunctions.
E. MSSQL DDoS Attack: In this attack, an attacker exploits vulnerabilities in Microsoft
Structured Query Language (MSSQL) by impersonating a valid MSSQL client and sending
scripted requests to the MSSQL server using a faked IP address that appears to be originating
from the target server.
F. PortMap DDoS Attack: In this attack type , victims are bombarded with responses from
Portmapper servers, overwhelming bandwidth and rendering websites and web-based
services inaccessible.
4.5. Evaluation Metrics
This study uses the confusion matrix to validate the performance of the proposed ensemble ML
model for DDoS attack classification in IoT computing environment and other different ensemble
ML classifiers in the experiment carried out in this study. The confusion matrix is defined as
follows:
True Positive (TP): The total number of DDoS attacks that were classified correctly.
True Negative (TN): The total number of benign traffics that were classified correctly.
False Negative (FN): The total number of DDoS attacks that were incorrectly classified as
benign traffics.
False Positive (FP): The total numbers of benign traffics that were incorrectly classified as
DDoS attacks.
To evaluate the performance of the proposed model and other ensemble ML classifiers used in
the experiment, the following metrics were adopted for this study.
A. Classification Accuracy (CA): This is the total percentage of the correctly classified DDoS
attacks and benign traffics in the dataset.
(2)
10. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
48
B. Precision Rate (PR): This is the total percentage of correctly classified results of all DDoS
attacks that belongs to the benign labelled in the dataset.
(3)
C. Recall Rate (RC): This is the total percentage of DDoS attacks that are correctly predicted
as DDoS attacks in the dataset.
(4)
D. False Positive Rate (FPR): This is the total percentage ratio of DDoS attacks classified
wrongly to the actual numbers of the DDoS attacks samples in the dataset.
(5)
E. False Negative Rate (FNR): This is the total percentage ratio of benign traffics classified
wrongly to the actual numbers of the benign traffic samples in the dataset.
(6)
F. F1-Score (F1): This is the harmonic mean of the proposed classifier which is obtainable
from the value of both PR and RC.
(7)
G. Matthews Correlation Coefficient (MCC). This metrics is unaffected by the unbalanced
datasets issue and can be used to evaluate the performance of the proposed model.
(8)
5. PERFORMANCE EVALUATION
The performance evaluation of this study is discussed in the following subsections as follows:
5.1. Results Obtained from Our Experiment
The experiment conducted in this study uses six datasets of different DDoS attack types. The
distribution records of the number of samples of each benign and DDoS traffic used in the
experiment is shown in Table 1. The experimental results obtained in this study are shown in
Table 2.
12. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
50
Overall, the results of the proposed ML model using the ensemble bagging technique were better
than other ensemble ML techniques. For example, in Figure 3, the classification accuracy of the
proposed ML model was over 99% across all the six datasets used in our experiment. The highest
classification accuracy obtained in our experiment was 99.75% in the UDP dataset using the
ensemble bagging technique with decision tree ML algorithm as the base estimator.
Figure 3. Classification accuracy results
Figure 4. Precision rate results
Figure 5. Recall rate results
Figure 6. False positive rate results
Figure 7. ML training and testing time results
13. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
51
In Figure 4, the precision rate was very high, for example in the NETBIOS dataset sample used in
our experiment all the ensemble ML technique recorded 100% precision rate while in LDAP
dataset, all ML techniques recorded over 99.98% precision rate. These results are attributed to the
smaller number of benign samples and high number of DDoS attack types in the testing dataset
used in the experiment., Similarly all ensemble ML techniques used in our experiment achieves
over 99% precision rate. On the other hand, the recall rate was quite close to the precision rate as
shown in Figure 5, as some of the ensemble ML techniques recorded 98%. However, the
proposed ensemble ML model for the detection of DDoS attacks presented in this study recorded
over 99% precision rate in all the six-dataset used in the experiment.
The false-positive rate for the proposed ML model from the experiment conducted was below 5%
in all datasets as shown in Figure 6. Similarly, we obtained an overall of less than 3% false
negative rates in all the dataset used in our experiment. The value of our F1-score was relatively
good over 98% in all the dataset used in our experiment. The value of the MCC shows the
reliability of the model as shown in Table 2. This helps to improve the performance of the
detection of attacks in a real time IoT computing environment. The best FPR was recorded in
SYN dataset with 1.06% and the worst FPR was 4.42% in the UDP dataset using the proposed
ML model. However, overall, we recorded the worst FPR of 14.29% in the NETBIOS dataset
using the AdaBoosting techniques in the experiment conducted in this study.
In addition, the evaluation of the proposed model for each dataset shows that the training time
and testing time were outperformed by the RF classifier, AdaBoosting, and gradient boosting
classifiers as shown in Figure 7, However, the proposed ensemble ML model using the bagging
technique outperforms the ensemble voting classifier in both the training and testing time
recorded during the experiment conducted in this study.
Finally, the results obtained in each dataset shown a similar trend with each evaluation metrics
used in the experiment as shown in figure 3, 4,5 and 6. It was observed that the classification
accuracy, precision rate and recall rate were over 97% in all datasets using the various ensemble
ML techniques.
5.2. Results Comparison with Related Works
The results obtained in our experiment was also compares with related work in extant literature as
shown in Table 3. The results shows that our proposed model compete favourably with similar
research works.
Table 3. Comparison with Related Works
Source CA PR RC FPR FNR F1 MCC
Smys et al (2020) 98.60% 100% 100%
Singh et al(2021) 99.92% 97.79% 93.07%
Elsayed et al(2020) 99% 99% 99%
Wei et al (2021) 98.34% 97.91% 98.48%
Kousar et al (2021) 99.99% 99.40% 99.20%
Malliga et al (2022) 99.40%
Vuong et al(2021) 99.50% 99.10%
Rajagopal et al(2021) 97% 99% 96%
Gohil and Kumar(2020) 96.25% 96% 96%
Shieh et al (2021) 98.18% 97.93% 99.84%
Our Proposed Model 99.75% 99.99% 99.76% 4.42% 0.24% 99.87% 0.000000214
14. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
52
6. CONCLUSION AND FUTURE WORKS
This paper proposed a DDoS detection and prevention model to tackle malicious network traffic
in IoT computing environment. The proposed model uses the ensemble Bagging ML techniques
for the training of its detection engine. We also carried out an ML experiment using five ML
ensemble classifiers with the most recent DDoS attack (CICDoS2019) dataset. The result of our
experiment shows that the ensemble ML bagging classifier using a decision tree ML algorithm as
the base estimator outperforms other ensemble ML classifiers as we recorded an overall
classification accuracy of 99.75% and 1.06% to 5.95% false-positive rate. The results obtain in
our study follows similar trends with related study and also outperforms some of the proposed
work in extant literature. In the future, we intend to apply an efficient feature selection technique
to select relevant features to improve the performance of our detection model and implements the
models in a real-time IoT environment.
REFERENCES
[1] Spathoulas, G., Giachoudis, N., Damiris, G. P., & Theodoridis, G. (2019). “Collaborative blockchain-
based detection of distributed denial of service attacks based on internet of things botnets”, Future
Internet, 11(11), 226.
[2] Adat, V., & Gupta, B. B. (2017). “A DDoS attack mitigation framework for internet of things”, In
2017 international conference on communication and signal processing (ICCSP) (pp. 2036-2041).
IEEE.
[3] Radhika, R., & Kulothungan, K. (2019). “Mitigation of Distributed Denial of Service Attacks on the
Internet of Things”, Appl. Math, 13(5), 831-837.
[4] Manavi, M. T. (2018). “Defense mechanisms against distributed denial of service attacks: A survey”,
Computers & Electrical Engineering, 72, 26-38.
[5] Sicari, S., Rizzardi, A., Miorandi, D., & Coen-Porisini, A. (2018). REATO: REActing TO Denial of
Service attacks in the Internet of Things. Computer Networks, 137, 37-48.
[6] Bertino, E., & Islam, N. (2017). “Botnets and internet of things security”, Computer, 50(2), 76-79.
[7] Smys, S., Basar, A., & Wang, H. (2020). "Hybrid intrusion detection system for internet of things
(IoT)", Journal of ISMAC, 2(04), 190-199.
[8] Singh-Samom, P., & Taggu, A. (2021). "Distributed denial of service (DDoS) attacks detection: A
machine learning approach", In Applied Soft Computing and Communication Networks (pp. 75-87).
Springer, Singapore.
[9] Elsayed, M. S., Le-Khac, N. A., Dev, S., & Jurcut, A. D. (2020). "Ddosnet: A deep-learning model
for detecting network attacks", In 2020 IEEE 21st International Symposium on" A World of
Wireless, Mobile and Multimedia Networks"(WoWMoM) (pp. 391-396). IEEE.
[10] Wei, Y., Jang-Jaccard, J., Sabrina, F., Singh, A., Xu, W., & Camtepe, S. (2021). "Ae-mlp: A hybrid
deep learning approach for ddos detection and classification", IEEE Access, 9, 146810-146821.
[11] Kousar, H., Mulla, M. M., Shettar, P., & Narayan, D. G. (2021). "Detection of DDoS Attacks in
Software Defined Network using Decision Tree", In 2021 10th IEEE International Conference on
Communication Systems and Network Technologies (CSNT) (pp. 783-788). IEEE.
[12] Malliga, S., Kogilavani, S. V., & Sowmya, R. (2022). "Deep discover: Deep learning models for
detecting distributed denial of service (DDOS) attacks", In AIP Conference Proceedings (Vol. 2393,
No. 1, p. 020191). AIP Publishing LLC.
[13] Vuong, T. H., Thi, C. V. N., & Ha, Q. T. (2021). "N-tier machine learning-based architecture for
DDoS attack detection", In Asian Conference on Intelligent Information and Database Systems (pp.
375-385). Springer, Cham.
[14] Rajagopal, S., Kundapur, P. P., & Hareesha, K. S. (2021). "Towards effective network intrusion
detection: from concept to creation on Azure cloud", IEEE Access, 9, 19723-19742.
[15] Gohil, M., & Kumar, S. (2020). "Evaluation of classification algorithms for distributed denial of
service attack detection", In 2020 IEEE Third International Conference on Artificial Intelligence and
Knowledge Engineering (AIKE) (pp. 138-141). IEEE.
15. International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.4, July 2022
53
[16] Shieh, C. S., Lin, W. W., Nguyen, T. T., Chen, C. H., Horng, M. F., & Miu, D. (2021). "Detection of
unknown ddos attacks with deep learning and gaussian mixture model", Applied Sciences, 11(11),
5213.
[17] Sharafaldin, I., Lashkari, A. H., Hakak, S., & Ghorbani, A. A. (2019). "Developing realistic
distributed denial of service (DDoS) attack dataset and taxonomy", In 2019 International Carnahan
Conference on Security Technology (ICCST) (pp. 1-8). IEEE.