Yantian Luo,Xu Chen,Ning Ge,Wei Feng,Jianhua Lu

DOI: https://doi.org/10.1109/ICC45855.2022.9838882

2022-01-01

Abstract:Due to the heterogeneity of Internet of Things (IoT) devices and the diversity of IoT communication protocols, it is challenging to defend against malicious traffic from IoT devices. In this paper, a novel malicious traffic detection method is proposed based on the deep learning method. Specifically, a Transformer-based encoder is designed to automatically select key features of IoT traffic for the detection task, which avoids the cumbersome feature screening process that has been widely used in traditional machine learning methods. To address the complexity of the feature space and improve the efficiency of model training, we exploit the correlation between the characteristics of malicious traffic and the device type of IoT bots to further improve the detection accuracy by introducing a device classification auxiliary loss in the training phase. Experimental results show that our method outperforms the state-of-the-art machine learning-based methods in terms of accuracy, precision, recall and f1-score on real IoT traffic traces. In addition, the benefit of device type information on detection efficiency is verified.

Maoli Wang,Bowen Zhang,Xiaodong Zang,Kang Wang,Xu Ma

DOI: https://doi.org/10.3390/math11183951

IF: 2.4

2023-09-18

Mathematics

Abstract:The proliferation of smart devices in the 5G era of industrial IoT (IIoT) produces significant traffic data, some of which is encrypted malicious traffic, creating a significant problem for malicious traffic detection. Malicious traffic classification is one of the most efficient techniques for detecting malicious traffic. Although it is a labor-intensive and time-consuming process to gather large labeled datasets, the majority of prior studies on the classification of malicious traffic use supervised learning approaches and provide decent classification results when a substantial quantity of labeled data is available. This paper proposes a semi-supervised learning approach for classifying malicious IIoT traffic. The approach utilizes the encoder–decoder model framework to classify the traffic, even with a limited amount of labeled data available. We sample and normalize the data during the data-processing stage. In the semi-supervised model-building stage, we first pre-train a model on a large unlabeled dataset. Subsequently, we transfer the learned weights to a new model, which is then retrained using a small labeled dataset. We also offer an edge intelligence model that considers aspects such as computation latency, transmission latency, and privacy protection to improve the model's performance. To achieve the lowest total latency and to reduce the risk of privacy leakage, we first create latency and privacy-protection models for each local, edge, and cloud. Then, we optimize the total latency and overall privacy level. In the study of IIoT malicious traffic classification, experimental results demonstrate that our method reduces the model training and classification time with 97.55% accuracy; moreover, our approach boosts the privacy-protection factor.

mathematics

Congqi Shen,Geyang Xiao,Shaofeng Yao,Boyang Zhou,Zhongxia Pan,Hong Zhang

DOI: https://doi.org/10.1109/spac53836.2021.9539933

2021-01-01

Abstract:Current Industrial Internet faces serious threats where attackers propagate malicious flows, resulting in communication failures in the Industrial Internet. In this work, we propose a practical and novel method to detect malicious traffic attack in real time with high accuracy. Our primary idea is to capture network flow, extract adequate network flow features, construct a long short-term memory (LSTM) based deep learning model, and identify the property of the corresponding network flow. Whether the network suffers attack or not is then determined according to the detection results. The corresponding prototype is also implemented in the Industrial Internet which is equipped with Software Defined Networking (SDN). Experimental results validate that the proposed method is effective in defending against malicious traffic attack in real-world network.

Yantian Luo,Xu Chen,Ning Ge,Jianhua Lu

DOI: https://doi.org/10.1109/globecom46510.2021.9685728

2021-01-01

Abstract:With the rapid development of 5G networks, a great amount of Internet of Things (IoT) devices are connected to the Internet. Most of these devices are cost limited and thus are easily compromised by attackers to launch distributed denial of service (DDoS) attacks. The traditional DDoS defense methods at server side can not adapt to this new challenge, thus access-side DDoS detection architecture is urgently needed. In this paper, we propose a deep learning (DL) based IoT device classification method to support fine-grained behavior modeling of malicious traffic and thus enable access-side DDoS detection. Different from traditional studies based on machine learning (ML) which need expertise feature engineering, we propose a time characteristics extraction method based on 1-D convolutional neural network to capture high level time series features automatically for better classification performance. To avoid the feature loss problem, we propose a feature enhancement method based on residual connection module. Experimental results verify the effectiveness of our method, which offers a meaningful gain in terms of both accuracy and macro F1 score over existing approaches.

Yuming Feng,Weizhe Zhang,Shujun Yin,Hao Tang,Yang Xiang,Yu Zhang

DOI: https://doi.org/10.1109/jiot.2023.3279615

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The weaknesses of IoT devices leads to vulnerabilities easily, which can be exploited by criminals to launch distributed denial of service (DDoS) attacks, becoming a major security hazard. Nowadays, the rapid development of the Internet of Things (IoT) makes the IoT-based DDoS attacks have the characteristics of wide distribution, large scale and more stealthy that brings greater challenges for the DDoS detection. In this paper, we conduct our research based on the edge-side of IoT for providing earlier detection capability and more efficient resource utilization. We propose a novel reinforcement learning-based collaborative DDoS detection method and design a lightweight unsupervised classifier based on statistics. We deploy the classifiers in IoT edge gateways to detect anomalies by analyzing network traffic features in time. In order to deal with the dynamic changes of the IoT environment, we use the Soft Actor-Critic (SAC) reinforcement learning model deployed on the edge server to adjust the parameter configuration of the underlying unsupervised classifier dynamically, which can ensure excellent detection effect for different types of IoT devices. In addition, a collaborative aggregation module is designed in the edge server to share the observation state and historical experience, which has a unique collaborative reward mechanism for the reinforcement learning model to fully mobilize the collaborative work capability. The experiments on public dataset and constructed real-world testbed demonstrate that our proposed method has excellent detection performance and especially it can also discover stealthy IoT-based DDoS attacks accurately.

computer science, information systems,telecommunications,engineering, electrical & electronic

Josue Genaro Almaraz-Rivera,Jose Antonio Cantoral-Ceballos,Juan Felipe Botero

DOI: https://doi.org/10.3390/s23218701

2023-10-25

Abstract:The Internet of Things (IoT), projected to exceed 30 billion active device connections globally by 2025, presents an expansive attack surface. The frequent collection and dissemination of confidential data on these devices exposes them to significant security risks, including user information theft and denial-of-service attacks. This paper introduces a smart, network-based Intrusion Detection System (IDS) designed to protect IoT networks from distributed denial-of-service attacks. Our methodology involves generating synthetic images from flow-level traffic data of the Bot-IoT and the LATAM-DDoS-IoT datasets and conducting experiments within both supervised and self-supervised learning paradigms. Self-supervised learning is identified in the state of the art as a promising solution to replace the need for massive amounts of manually labeled data, as well as providing robust generalization. Our results showcase that self-supervised learning surpassed supervised learning in terms of classification performance for certain tests. Specifically, it exceeded the F1 score of supervised learning for attack detection by 4.83% and by 14.61% in accuracy for the multiclass task of protocol classification. Drawing from extensive ablation studies presented in our research, we recommend an optimal training framework for upcoming contrastive learning experiments that emphasize visual representations in the cybersecurity realm. This training approach has enabled us to highlight the broader applicability of self-supervised learning, which, in some instances, outperformed supervised learning transferability by over 5% in precision and nearly 1% in F1 score.

Yantian Luo,Xu Chen,Hancun Sun,Xiangling Li,Ning Ge,Wei Feng,Jianhua Lu

DOI: https://doi.org/10.1109/ojcoms.2024.3365976

2024-01-01

IEEE Open Journal of the Communications Society

Abstract:Malicious traffic has posed a significant threat to current 5G networks. In the upcoming 6G era, with the rapid development of the Internet of Things (IoT), defending against malicious traffic has become even more challenging due to the diverse nature and widespread distribution of IoT devices. This paper presents a new distributed framework for detecting malicious traffic on the access side of the IoT. This framework shifts the line of defense forward, and could alleviate the resource-bottleneck problem of traditional detectors that are usually deployed at the victim side. In particular, we devise a transformer-based neural network, which is tailored for distributed malicious traffic detection at multiple detection points. Additionally, we develop a personalized federated learning-based collaborative algorithm to enable horizontal collaboration among multiple detection points by sharing neural network parameters. Different from the traditional federated learning framework which trains a high-precision global model, our proposed framework fully considers the differences in the distribution of IoT traffic at the entrance, and uses local traffic data to train personalized models with better local detection performance on the basis of the global model. The experimental results demonstrate that our approach achieves an average detection accuracy of 99.2% and an F1-score of 99.2% for all detection points using the N-BaIoT dataset. In comparison to methods lacking collaboration, our approach exhibits significant improvements in terms of accuracy, precision, recall, and F1-score. Moreover, our detection performance is comparable to that of centralized learning frameworks, despite sharing only the model parameters.

Yining Pang,Chenghan Li

2024-12-11

Abstract:With the proliferation of the Internet and smart devices, IoT technology has seen significant advancements and has become an integral component of smart homes, urban security, smart logistics, and other sectors. IoT facilitates real-time monitoring of critical production indicators, enabling businesses to detect potential quality issues, anticipate equipment malfunctions, and refine processes, thereby minimizing losses and reducing costs. Furthermore, IoT enhances real-time asset tracking, optimizing asset utilization and management. However, the expansion of IoT has also led to a rise in cybercrimes, with devices increasingly serving as vectors for malicious attacks. As the number of IoT devices grows, there is an urgent need for robust network security measures to counter these escalating threats. This paper introduces a deep learning model incorporating LSTM and attention mechanisms, a pivotal strategy in combating cybercrime in IoT networks. Our experiments, conducted on datasets including IoT-23, BoT-IoT, IoT network intrusion, MQTT, and MQTTset, demonstrate that our proposed method outperforms existing baselines.

Cryptography and Security,Machine Learning

Hao Xu,Zihan Sun,Yuan Cao,Hazrat Bilal

DOI: https://doi.org/10.1007/s00500-023-09037-4

IF: 3.732

2023-07-29

Soft Computing

Abstract:Cyber-attacks and network intrusion have surfaced as major concerns for modern days applications of the Internet of Things (IoT). The existing intrusion detection and prevention techniques have a wide range of limitations and thus are unable to precisely detect any type of attack or anomaly within the network traffic. Many machine learning-based algorithms have also been presented by the researchers, which lack performance in terms of classification accuracy, or in terms of multi-class classification. This research presents a data-driven approach for intrusion and anomaly detection, where the data is processed and filtered using different algorithms. The quality of the training dataset is improved by using Synthetic Minority Oversampling Technique (SMOTE) algorithm and mutual information. Automated machine learning is also used to detect the algorithm with auto-tuned hyper-parameters that best suit to classify the data. This technique not only saves the computational cost to test the data at run-time but also provides an optimal algorithm without the need to run calculations to tune hyper-parameters, manually. The resultant algorithm solves a multi-class classification problem with an accuracy of 99.7%, outperforming the existing algorithms by a decent margin.

computer science, artificial intelligence, interdisciplinary applications

Chenxin Duan,Sainan Li,Hai Lin,Wenqi Chen,Guanglei Song,Chenglong Li,Jiahai Yang,Zhiliang Wang

DOI: https://doi.org/10.1109/tdsc.2023.3340563

2024-01-01

Abstract:With Internet-of-Things (IoT) devices gaining popularity, dedicated monitoring systems which accurately detect intrusion traffic for them are in high demand. Existing methods mainly use statistical spatial-temporal traffic features and machine learning models. Their practicality has been limited due to the lack of detection ability for stealthy and tricky attacks, diagnostic utility and long-term performance. To address these problems and motivated by the simplicity of mini IoT devices, we propose to construct fully packet-level models to profile traffic patterns for IoT devices by constructing automaton for short flow and long flow, where the length and direction of each packet are the representative features. We apply these fine-grained models to design and develop a traffic monitoring system, namely IoTa , to detect intrusion traffic for IoT devices. IoTa matches the ongoing traffic with patterns extracted from normal traffic traces. With visible and interactive traffic profiles, IoTa can generate interpretable alerts and is available for long-term use under reasonable human efforts. Evaluations on dozens of common IoT devices show that IoTa can achieve excellent detection accuracy (nearly perfect recalls and always over 0.999 precisions) for various intrusion traffic covering the complete kill chains. Incorrect detection results can be compensated for by error recovery mechanisms and the understandable alert context can be used by the operator to enhance the system. The diagnostic utility and little alert weariness are recognized by the experienced operators.

Dawit Dejene Bikila,Jan Čapek

DOI: https://doi.org/10.1016/j.future.2024.107630

IF: 7.307

2024-12-03

Future Generation Computer Systems

Abstract:The number of Internet of Things (IoT) device connections is increasing rapidly as IoT applications are vital in any operation. IoT must maintain safe internet access that withstands various malicious attacks for instance Recon, Mirai, Distributed Denial of Service (DDoS), and Spoofing which has gained much attention. Intelligently changing and zero-day attacks are emerging every day. This highlights the need for intelligent security solutions tailored specifically to this technology. Various Machine Learning (ML) based approaches have been utilized for intrusion detection to tackle IoT attacks. However, the flaws of current attack detection and feature extraction techniques result in low detection accuracy. Thus, it hindered their real-world applications and highlighted the need for a lightweight and computationally robust model trained and assessed on a recent datasets. Therefore, this work proposed an attack detection model trained and validated using the CICIoT2023 and CICIDS2017 datasets. Initially, data preprocessing is done then features are extracted by using an unsupervised Elastic Deep Autoencoder (EDA) with optimum hyperparameters. Further, the Extreme Gradient Boosting (XGBoost) binary classifier is tuned by the Grey Wolf Optimizer (GWO) and fed extracted feature sets to classify attacks. The results of the experiments show the effectiveness of our model with a higher detection accuracy in both datasets. Finally, the performance comparison confirmed that the results of the proposed work is competitive with other state-of-the-art method in securing IoT infrastructures.

computer science, theory & methods

Jinhui Ning,Guan Gui,Yu Wang,Jie Yang,Bamidele Adebisi,Song Ci,Haris Gacanin,Fumiyuki Adachi

DOI: https://doi.org/10.1109/jiot.2021.3131981

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Malware traffic classification (MTC) is a key technology for anomaly and intrusion detection in secure Industrial Internet of Things (IIoT). Traditional MTC methods based on port, payload, and statistic depend on the manual-designed features, which have low accuracy. Recently, deep-learning methods have attracted a significant attention due to their high accuracy in terms of classification. However, in practical application scenarios, deep-learning methods require a large amount of labeled samples for training, while the available labeled samples for training are very rare. Furthermore, the preparation of a large amount of labeled samples requires a lot of labor costs. To solve these problems, this article proposes three methods based on semisupervised learning (SSL), transfer learning (TL), and domain adaptive (DA), respectively. Our proposed methods use a large amount of unlabeled data collected in the Internet traffic, which can greatly improve the classification accuracy with few labeled samples. Then, we use the DA method to solve the mismatch problem between the source domain and the target domain in the TL process. The proposed method is not only applicable to the shallow network but also to the deep neural network structure, and can achieve better classification results. Experimental results show that our proposed methods can satisfy the requirement of MTC in the case of few labeled samples in IIoT. The source code for all the experiments is available at GitHub.The code of this article can be downloaded from GitHub link: https://github.com/yzjh/Keras-MTC-DA-Ladder.

Md Rashed Buiya,A K M Nuruzzaman Laskar,Md Rafiqul Islam,Sanjib Kumar Shil Sawalmeh,Muhammad Shoyaibur Rahman Chowdhury Roy,Reza E Rabbi Shawon Roy,Md Sumsuzoha

DOI: https://doi.org/10.32996/jcsts.2024.6.4.16

2024-10-18

Journal of Computer Science and Technology Studies

Abstract:The IoT is one of the most revolutionary technological advancements of the contemporary era, embedding networked devices into nearly every aspect of human life, from smart homes and wearables to industrial systems and healthcare applications in the U.S.A. The immediate need for better cybersecurity in the U.S.A. arises from the increasing sophistication and frequency of cyberattacks on IoT systems. Machine learning and AI have emerged as promising technologies to deal with the security challenges IoT systems pose. Unlike traditional rule-based systems, ML models learn from large datasets to identify deviations from the normal behavior pattern that signifies malicious activity. The prime objective of this research is to design, curate, evaluate, and deploy state-of-the-art machine learning models that improve the detection of cyberattacks over IoT network traffic. This research used a well-established dataset that emulates IoT network traffic consisting of benign and malicious activities. Benchmarks like the UNSW-NB15, CICIDS2017, and TON_IoT have been in extensive use by researchers in this domain because they contain a rich variety of network traffic created by various IoT devices and systems along with corresponding labels that classify normal and associated with specific types of cyberattacks: DDOS, MITM, and botnet attacks. Data preprocessing and cleaning ensured that the dataset was consistent, complete, and in a format that helps machine learning algorithms learn from it. Imputation techniques used the feature's mean/median/mode to handle missing values. In this research project, two machine learning algorithms were used in the experiment, notably, Logistic Regression and Random Forest. In this study, the machine learning algorithms used in the experiment undertaken for the current research project are Logistic Regression and Random Forest. The performance of Random Forest was superior to Logistic Regression in almost all metrics. While Logistic Regression provided a strong baseline, it struggled with detecting attacks, as evidenced by its lower recall and higher number of false negatives. This implied that Logistic Regression was less reliable in detecting cyberattacks, which could be critical in real-world cybersecurity settings. By contrast, Random Forest attained impressive accuracy and significantly diminished the number of false negatives. Its higher precision and recall demonstrate that it is better suited for detecting attacks in this dataset, offering a more reliable solution for cyberattack detection.

Tongxin Shi,Roy A. McCann,Ying Huang,Wei Wang,Jun Kong

DOI: https://doi.org/10.3390/s24134122

IF: 3.9

2024-06-25

Sensors

Abstract:The increasing usage of interconnected devices within the Internet of Things (IoT) and Industrial IoT (IIoT) has significantly enhanced efficiency and utility in both personal and industrial settings but also heightened cybersecurity vulnerabilities, particularly through IoT malware. This paper explores the use of one-class classification, a method of unsupervised learning, which is especially suitable for unlabeled data, dynamic environments, and malware detection, which is a form of anomaly detection. We introduce the TF-IDF method for transforming nominal features into numerical formats that avoid information loss and manage dimensionality effectively, which is crucial for enhancing pattern recognition when combined with n-grams. Furthermore, we compare the performance of multi-class vs. one-class classification models, including Isolation Forest and deep autoencoder, that are trained with both benign and malicious NetFlow samples vs. trained exclusively on benign NetFlow samples. We achieve 100% recall with precision rates above 80% and 90% across various test datasets using one-class classification. These models show the adaptability of unsupervised learning, especially one-class classification, to the evolving malware threats in the IoT domain, offering insights into enhancing IoT security frameworks and suggesting directions for future research in this critical area.

engineering, electrical & electronic,instruments & instrumentation,chemistry, analytical

Biaokai Zhu,Xinyi Hou,Sanman Liu,Wanli Ma,Meiya Dong,Haibin Wen,Qing Wei,Sixuan Du,Yufeng Zhang

DOI: https://doi.org/10.1109/access.2021.3054044

IF: 3.9

2022-01-01

IEEE Access

Abstract:Abnormal traffic and vulnerability attack monitoring play an important role in today's Internet of Things (IoT) applications. The existing solutions are usually based on machine learning for traffic, and its disadvantage is that a large number of manual operations are needed in the classification process, and the adaptability is poor. Moreover, for unknown attacks, the system cannot make a relative response in time. In this work, we design a monitoring system of IoT based on C5.0 decision tree and time-series analysis. The system transforms time-series into GAF graph, and uses CNN-LSTM combination model to monitor the traffic. The time-series model based on deep learning can also improve the inefficiency and manual intervention caused by data analysis. At the same time, the system introduces LSTM technology, which can solve a series of problems that may be caused during long sequence training. We select KDD Cup 99 data set for simulation experiments and comparison with traditional traffic monitoring methods. The results show that the average error rate of abnormal traffic attack types is 3.22%. The evaluations show that the system can effectively monitor unknown attacks with 96% accuracy. We further use whitelist matching technology to identify IoT device models. After comparison of experiments, it is proved that this method has its superiority in the monitoring of IoT devices.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hoang Nguyen,Rasha Kashef

DOI: https://doi.org/10.1016/j.knosys.2023.110966

IF: 8.139

2023-09-15

Knowledge-Based Systems

Abstract:With recent advances in the Internet of Things (IoT) technology, more people can have instant and easy access to the IoT network of vast and diverse interconnected devices (e.g., surveillance cameras, motion sensors, or smart watches). This trend leads to a significant increase in the frequency and complexity of cyber attacks in the IoT network. Further, these attacks inflict severe financial and privacy damages to individuals and evince the need to develop a more effective and robust network intrusion detection system (NIDS). Network Intrusion Detection (NID) aims to identify the attacks in the networked devices, which is an essential task to protect and maintain Cyber Security. Although recent Machine Learning-based methods have developed and provided more efficient non-human intervention solutions to this problem, these methods still have some unsolved issues. One of the main limitations of existing solutions is that most focus on extracting the features at the flow level independently and ignore their interactions in the network, which impacts the detection performance. To address this problem, in this paper, we propose a T raffic-aware S elf-supervised learning for IoT Network I ntrusion D etection S ystem, namely TS-IDS , which aims to capture the flow relationships between the network entities. Our approach leverages both node and edge features for improved performance. Additionally, we incorporate auxiliary property-based self-supervised learning (SSL) to enhance the graph representation , even in the absence of labelled data. We conducted experiments on two real-world datasets, NF-ToN-IoT and NF-BoT-IoT. We compared the proposed model with state-of-the-art baseline models to demonstrate the potential of our proposed framework.

computer science, artificial intelligence

Farhan Ullah,Ali Turab,Shamsher Ullah,Diletta Cacciagrano,Yue Zhao

DOI: https://doi.org/10.3390/s24134152

IF: 3.9

2024-06-27

Sensors

Abstract:Internet of Things (IoT) applications and resources are highly vulnerable to flood attacks, including Distributed Denial of Service (DDoS) attacks. These attacks overwhelm the targeted device with numerous network packets, making its resources inaccessible to authorized users. Such attacks may comprise attack references, attack types, sub-categories, host information, malicious scripts, etc. These details assist security professionals in identifying weaknesses, tailoring defense measures, and responding rapidly to possible threats, thereby improving the overall security posture of IoT devices. Developing an intelligent Intrusion Detection System (IDS) is highly complex due to its numerous network features. This study presents an improved IDS for IoT security that employs multimodal big data representation and transfer learning. First, the Packet Capture (PCAP) files are crawled to retrieve the necessary attacks and bytes. Second, Spark-based big data optimization algorithms handle huge volumes of data. Second, a transfer learning approach such as word2vec retrieves semantically-based observed features. Third, an algorithm is developed to convert network bytes into images, and texture features are extracted by configuring an attention-based Residual Network (ResNet). Finally, the trained text and texture features are combined and used as multimodal features to classify various attacks. The proposed method is thoroughly evaluated on three widely used IoT-based datasets: CIC-IoT 2022, CIC-IoT 2023, and Edge-IIoT. The proposed method achieves excellent classification performance, with an accuracy of 98.2%. In addition, we present a game theory-based process to validate the proposed approach formally.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Shaza Dawood Ahmed Rihan,Mohammed Anbar,Basim Ahmad Alabsi

DOI: https://doi.org/10.3390/s23198191

2023-09-30

Abstract:The significant surge in Internet of Things (IoT) devices presents substantial challenges to network security. Hackers are afforded a larger attack surface to exploit as more devices become interconnected. Furthermore, the sheer volume of data these devices generate can overwhelm conventional security systems, compromising their detection capabilities. To address these challenges posed by the increasing number of interconnected IoT devices and the data overload they generate, this paper presents an approach based on meta-learning principles to identify attacks within IoT networks. The proposed approach constructs a meta-learner model by stacking the predictions of three Deep-Learning (DL) models: RNN, LSTM, and CNN. Subsequently, the identification by the meta-learner relies on various methods, namely Logistic Regression (LR), Multilayer Perceptron (MLP), Support Vector Machine (SVM), and Extreme Gradient Boosting (XGBoost). To assess the effectiveness of this approach, extensive evaluations are conducted using the IoT dataset from 2020. The XGBoost model showcased outstanding performance, achieving the highest accuracy (98.75%), precision (98.30%), F1-measure (98.53%), and AUC-ROC (98.75%). On the other hand, the SVM model exhibited the highest recall (98.90%), representing a slight improvement of 0.14% over the performance achieved by XGBoost.

Alireza Seifousadati,Saeid Ghasemshirazi,Mohammad Fathian

DOI: https://doi.org/10.48550/arXiv.2110.14911

2021-10-28

Abstract:In the current world, the Internet is being used almost everywhere. With the rise of IoT technology, which is one of the most used technologies, billions of IoT devices are interconnected over the Internet. However, DoS/DDoS attacks are the most frequent and perilous threat to this growing technology. New types of DDoS attacks are highly advanced and complicated, and it is almost impossible to detect or mitigate by the existing intrusion detection systems and traditional methods. Fortunately, Big Data, Data mining, and Machine Learning technologies make it possible to detect DDoS traffic effectively. This paper suggests a DDoS detection model based on data mining and machine learning techniques. For writing this paper, the latest available Dataset, CICDDoS2019, experimented with the most popular machine learning algorithms and specified the most correlated features with predicted classes are being used. It is discovered that AdaBoost and XGBoost were extraordinarily accurate and correctly predicted the type of network traffic with 100% accuracy. Future research can be extended by enhancing the model for multiclassification of different DDoS attack types and testing hybrid algorithms and newer datasets on this model.

Cryptography and Security

Hayelom Gebrye,Yong Wang,Fagen Li

DOI: https://doi.org/10.1007/s13042-022-01765-7

2023-01-07

International Journal of Machine Learning and Cybernetics

Abstract:The fast expansion of the Internet of Things (IoT) networks raises the possibility of further network threats. In today's world, network traffic analysis has become an increasingly critical and useful tool for monitoring network traffic in general and analyzing attack patterns in particular. A few years ago, distributed denial-of-service attacks on IoT networks were considered the most pressing problem that needed to be addressed. The absence of high-quality datasets is one of the main obstacles to applying DDOS detection systems based on machine learning. Researchers have developed numerous methods to extract and analyze information from recorded files. From a literature review, it is clear that most of these tools share similar drawbacks. In this study, we proposed an intelligent raw network data extractor and labeler tool by incorporating the limitations of the tools that are available to transform PCAP to CSV. To generate and process a high-quality DDOS attack dataset suitable for machine learning models, we employed several data preprocessing operations on the selected network intrusion dataset. To confirm the validity and acceptability of the dataset, we tested different models. Among the models tested, the random forest was the most accurate in detecting the DDOS attack.