Shuhan Chen,Congqi Shen,Danrui Yu,Yuqin Wu,Chunming Wu

DOI: https://doi.org/10.1109/isncc52172.2021.9615889

2021-01-01

Abstract:Botnets provide a fundamental infrastructure for various kinds of network attacks, such as DDoS attack, etc. Detecting DDoS attack in botnet is a long-standing challenge. In this paper, we propose a novel method to detect DDoS attack in botnet through the analysis of packet forwarding and network traffic. The primary idea is to collect features from both overall network traffic and packet to describe the attack pattern and conduct a detection model with high accuracy. Firstly, apart from overall network traffic, we calculate several statistics related to looking up functions of flow tables during packet forwarding on switches to describe attack pattern. Secondly, these features are put into a deep learning model to detect DDoS attack. We perform evaluations under Software Defined Networking (SDN) paradigm. In particular, we compare the proposed method with traditional methods. The experimental results demonstrate that the proposed method is meaningful in improving the accuracy of DDoS attack detection by adding packet-level features extracted from packet forwarding.

Jiushuang Wang,Ying Liu,Wei Su,Huifen Feng

DOI: https://doi.org/10.1109/vtc2020-fall49728.2020.9348652

2020-01-01

Abstract:With the popularity of Internet of Things (IoT) applications, security has become extremely important. A recent distributed denial-of-service (DDoS) attack revealed vulnerabilities that are prevalent in IoT, and many IoT devices accidentally contributed to the DDoS attack. software-defined network provides a way to securely manage IoT devices. In this paper, we first present a general framework for software-defined Internet of Things (SD-IoT). The proposed framework consists of a SD-IoT controller, SD-IoT switches integrated with an IoT gateway, and IoT devices. We then propose a deep learning detection algorithm based on time series using the proposed SD-IoT framework. Finally, experimental results show that the proposed algorithm has good performance.

Yi-Wen Chen,Jang-Ping Sheu,Yung-Ching Kuo,Nguyen Van Cuong

DOI: https://doi.org/10.1109/eucnc48522.2020.9200909

2020-01-01

Abstract:DDoS attacks often happen in cloud servers and cause a devastating problem. However, an increasing number of Internet of Things (IoT) devices makes us not ignore the influence of large-scale DDoS attacks from IoT devices. In this paper, we propose a machine learning-based on a multi-layer IoT DDoS attack detection system, including IoT devices, IoT gateways, SDN switches, and cloud servers. Firstly, we build eight smart poles with various sensors on our campus and collect sensor data as our datasets through wireless networks or wired networks. Next, we extract the features based on DDoS attack types. The feature selection can result in high accuracy DDoS attack detection in the real IoT environment. The experimental results show that our multi-layer DDoS detection system can accurately detect DDoS attacks. And the SDN controller can block venomous devices effectively according to blacklists from the results of our IoT DDoS attacks detection system.

Kai Bu,Zhixin Sun

DOI: https://doi.org/10.1109/ICYCS.2008.324

2008-01-01

Abstract:The emergence of Distributed Denial of Service (DDoS) attack increases the destructive force of Denial of Service (DoS) attack drastically. Besides bringing more terrible threats, the attack from far and near and the employment of internet protocol (IP) spoofing make the abnormal traffic detection harder and harder. This paper proposes a mechanism defined as AMHI (Address Matching and Hash Inspection) and a method based on it for DDoS attacks detection and defense. Through the simulation experiment, the Address Matching and backup Hash Inspection operations to the suspicious traffic implemented on router interface for local subnet can detect and defend DDoS attacks effectively even when using IP Spoofing. In addition, this method can also decrease a mass of statistical work for the routers, and to some extent ease the pressure of heavy traffic caused by attacks.

Jiushuang Wang,Ying Liu,Huifen Feng

DOI: https://doi.org/10.3934/mbe.2022059

2021-01-01

Mathematical Biosciences and Engineering

Abstract:Network security has become considerably essential because of the expansion of internet of things (IoT) devices. One of the greatest hazards of today's networks is distributed denial of service (DDoS) attacks, which could destroy critical network services. Recent numerous IoT devices are unsuspectingly attacked by DDoS. To securely manage IoT equipment, researchers have introduced software-defined networks (SDN). Therefore, we propose a DDoS attack detection scheme to secure the real-time in the software-defined the internet of things (SD-IoT) environment. In this article, we utilize improved firefly algorithm to optimize the convolutional neural network (CNN), to provide detection for DDoS attacks in our proposed SD-IoT framework. Our results demonstrate that our scheme can achieve higher than 99% DDoS behavior and benign traffic detection accuracy.

Keval Doshi,Yasin Yilmaz,Suleyman Uludag

DOI: https://doi.org/10.48550/arXiv.2006.08064

2020-06-15

Abstract:Internet of Things (IoT) networks consist of sensors, actuators, mobile and wearable devices that can connect to the Internet. With billions of such devices already in the market which have significant vulnerabilities, there is a dangerous threat to the Internet services and also some cyber-physical systems that are also connected to the Internet. Specifically, due to their existing vulnerabilities IoT devices are susceptible to being compromised and being part of a new type of stealthy Distributed Denial of Service (DDoS) attack, called Mongolian DDoS, which is characterized by its widely distributed nature and small attack size from each source. This study proposes a novel anomaly-based Intrusion Detection System (IDS) that is capable of timely detecting and mitigating this emerging type of DDoS attacks. The proposed IDS's capability of detecting and mitigating stealthy DDoS attacks with even very low attack size per source is demonstrated through numerical and testbed experiments.

Cryptography and Security,Networking and Internet Architecture,Machine Learning

Ruomeng Xu,Jieren Cheng,Fengkai Wang,Xiangyan Tang,Jinying Xu

DOI: https://doi.org/10.1007/978-3-030-05234-8_21

2018-01-01

Abstract:Distributed denial-of-service (DDoS) has developed multiple variants, one of which is distributed reflective denial-of-service (DRDoS). Within the increasing number of Internet-of-Things (IoT) devices, the threat of DRDoS attack is growing, and the damage of a DRDoS attack is more destructive than other types. Many existing methods for DRDoS cannot generalize early detection, which leads to heavy load or degradation of service when deployed at the final point. In this paper, we propose a DRDoS detection and defense method based on deep forest model (DDDF), and then we integrate differentiated service into defense model to filter out DRDoS attack flow. Firstly, from the statistics perspective on different stages of DRDoS attack flow in the big data environment, we extract a host-based DRDoS threat index (HDTI) from the network flow. Secondly, using the HDTI feature we build a DRDoS detection and defense model based on deep forest, which consists of 5 estimators in each layer. Lastly, the differentiated service procedure applies the detection result from DDDF to drop the identified attack flow in different stages and different detection points. Theoretical analysis and experiments show that the method we proposed can effectively identify DRDoS attack with higher detection rate and a lower false alarm rate, the defense model also shows distinguishing ability to effectively eliminate the DRDoS attack flow, and dramatically reduce the damage of DRDoS attack.

Yizhen Jia,Fangtian Zhong,Arwa Alrawais,Bei Gong,Xiuzhen Cheng

DOI: https://doi.org/10.1109/jiot.2020.2993782

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) devices are getting more and more popular in recent years and IoT networks play an important role in the industry as well as people’s activities. On the one hand, they bring convenience to every aspect of our daily life; on the other hand, they are vulnerable to various attacks that in turn cancels out their benefits to a certain degree. In this article, we target the defense techniques against IoT Distributed Denial-of-Service (DDoS) attacks and propose an edge-centric IoT defense scheme termed FlowGuard for the detection, identification, classification, and mitigation of IoT DDoS attacks. We present a new DDoS attack detection algorithm based on traffic variations and design two machine learning models for DDoS identification and classification. To demonstrate the effectiveness of the two machine learning models, we generate a large data set by DDoS simulators BoNeSi and SlowHTTPTest, and combine it with the CICDDoS2019 data set, to test the identification and classification accuracy as well as the model efficiency. Our results indicate that the identification accuracy of the proposed long short-term memory is as high as 98.9%, which significantly outperforms the other four well-known learning models mentioned in the most related work. The classification accuracy of the proposed convolutional neural network is up to 99.9%. Besides, our models satisfactorily meet the delay requirements of IoT when deployed in edge servers with computational powers higher than a personal computer.

Jiabin Li,Ming Liu,Zhi Xue,Xiaochen Fan,Xiangjian He

DOI: https://doi.org/10.1109/access.2020.2974293

IF: 3.9

2020-01-01

IEEE Access

Abstract:Distributed Denial of Service (DDoS) attacks are increasingly harmful to the cyberspace nowadays. The attackers can now easily launch a bigger and more challenging DDoS attack both towards and with Internet-of-Things (IoT) devices, due to the fast popularization of them. Because of the characteristic of fast overwhelming, it is important to make fast as well as accurate response to DDoS attacks, and the real-time performance can be even more important to prevent and legitimate the attacks. Among the methods proposed by researchers, the entropy-based detection method provides a sensitive and reliable performance. However, the balance between computational complexity and recognition accuracy remains a challenge. In this paper, we propose a detection method that consists of 3 main parts in different aspects: a sliding time window to fasten the entropy calculation, a single-directional filter to realize early detection during the DDoS progress but not after the crash, and a quintile deviation check algorithm to optimize the detection result. These will eventually lead to a real-time and high-efficient performance to recognize IoT DDoS attacks as soon as possible.

Xu Chen,Liang Xiao,Wei Feng,Ning Ge,Xianbin Wang

DOI: https://doi.org/10.1109/jiot.2021.3138094

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The proliferation of Distributed Denial of Service (DDoS) attacks in Internet of Things (IoT) not only threatens the security of digital devices and infrastructure but also severely degrades IoT system performance due to the overly consumed network resources. With the knowledge of identity information of devices and signaling data, Internet service providers (ISPs) can detect and block DDoS traffic by monitoring the upstream IoT packets, and thereby, improve network efficiency. However, inspecting all data packets online for DDoS detection will significantly increase both the network delay and the computational overhead. Therefore, the packet sampling strategy is crucial for the defenders to detect DDoS attacks. To this end, this article formulates a Stackelberg game model to analyze the collaborative IoT packet sampling against DDoS attacks. Through the equilibrium analysis of the DDoS game, we derive the lower bound of packet sampling rate (PSR) that can effectively deter potential attackers. Unlike traditional offline detection, our proposed packet sampling strategy can support both the online detection and proactive prevention of DDoS traffic. As a use case, a multipoint DDoS defense framework is developed to address the IP spoofing in 5G networks based on the proposed packet sampling strategy, which deters DDoS attacks and reduces the packet sampling cost, and thereby, maximizes the IoT utility, compared with existing methods. In typical reflection attacks (in which no more than five packets of response are triggered by a request packet), our proposed scheme not only reduces more than 70% of the sampling rate but also demonstrates superior robustness against boundary condition variation.

Youqiong Zhuang,Hua Wu,Songtao Liu,Guang Cheng,Xiaoyan Hu

DOI: https://doi.org/10.23919/apnoms56106.2022.9919987

2022-01-01

Abstract:As the scale of Distributed Denial of Service (DDoS) flooding attacks has increased significantly, many detection methods have applied sketch data structures to compress the IP traffic for storage saving. However, due to the large IP address space, these methods need to flush the sketch frequently to reduce the hash collisions. Besides, few of them can be applied to detect attacks in the high-speed network where sampling is usually adopted. This paper proposes a hierarchical system named HDS for efficient and continuous DDoS flooding attack detection in high-speed networks. Rather than directly processing the IP traffic, HDS uses sketches to track sampled traffic at different levels of aggregation: interface level, area level, and host level. Then traffic classifiers are trained for each level for attack detection. The main advantage of our approach is that each detection level only tracks a small set of traffic, which can identify the attack victim fastly and hardly causes hash collisions. Experimental results on the real-world 10Gbps network traffic datasets show that HDS can effectively detect various DDoS flooding attacks with high accuracy and identify the victim within an average of 10s when the sampling rate exceeds 1/2048.

Yuming Feng,Weizhe Zhang,Shujun Yin,Hao Tang,Yang Xiang,Yu Zhang

DOI: https://doi.org/10.1109/jiot.2023.3279615

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The weaknesses of Internet of Things (IoT) devices leads to vulnerabilities easily, which can be exploited by criminals to launch Distributed Denial-of-Service (DDoS) attacks, becoming a major security hazard. Nowadays, the rapid development of the IoT makes the IoT-based DDoS attacks have the characteristics of wide distribution, large scale, and more stealthy that brings greater challenges for the DDoS detection. In this article, we conduct our research based on the edge side of IoT for providing earlier detection capability and more efficient resource utilization. We propose a novel reinforcement learning-based collaborative DDoS detection method and design a lightweight unsupervised classifier based on statistics. We deploy the classifiers in IoT edge gateways to detect anomalies by analyzing network traffic features in time. In order to deal with the dynamic changes of the IoT environment, we use the soft actor–critic (SAC) reinforcement learning model deployed on the edge server to adjust the parameter configuration of the underlying unsupervised classifier dynamically, which can ensure excellent detection effect for different types of IoT devices. In addition, a collaborative aggregation module is designed in the edge server to share the observation state and historical experience, which has a unique collaborative reward mechanism for the reinforcement learning model to fully mobilize the collaborative work capability. The experiments on public data set and constructed real-world testbed demonstrate that our proposed method has excellent detection performance and especially it can also discover stealthy IoT-based DDoS attacks accurately.

Xu Chen,Yunfei Chen,Wei Feng,Liang Xiao,Xiangling Li,Jie Zhang,Ning Ge

DOI: https://doi.org/10.1109/jiot.2022.3218728

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:While 5G networks have accelerated the development of the Internet of Things (IoT), they have also introduced a large number of vulnerable IoT devices into the network, which would lead to severe Distributed Denial-of-Service (DDoS) attacks. The newly emerging DDoS attack methods generally have a shorter duration, which imposes higher requirements for the response time of DDoS mitigation technologies. Existing DDoS defense methods cannot achieve real-time detection due to the difficulty of reducing the delay of feature extraction and large-scale data processing. In this article, we focus on the timeliness of DDoS detection and mitigation. We hope that deploying effective defense countermeasures at the source side will block the majority of DDoS attack traffic in real time before it enters the data network (DN). To this end, we propose a real-time DDoS defense framework based on multidomain collaboration that combines multisource information to detect attack sessions with high accuracy in 5G networks. To operate the framework at line rate, we propose an optimal packet sampling strategy based on the accurate session size estimation, which can greatly reduce the detection overhead while ensuring good accuracy. In a typical scenario with an attack session size larger than 10, this method can achieve a 99% detection rate while reducing the packet inspection rate (PIR) to less than 37%.

Yuyang Zhou,Guang Cheng,Shui Yu

DOI: https://doi.org/10.1109/tifs.2021.3127009

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The Internet of Things (IoT) is becoming truly ubiquitous in every domain of human lives, and a large number of objects can be connected and enabled to communicate with cloud servers at any time. However, complex connections and vulnerabilities of IoT devices introduce inevitable security threats, in which distributed denial-of-service (DDoS) attacks usually incur catastrophic results. Unfortunately, the existing DDoS mitigation methods cannot provide effective protection. Moreover, the amplifying complexity and increasing delay incurred by defense greatly affect the stability of IoT networks. To tackle these problems, we present a novel framework that can proactively adapt the attack surface of IoT networks, dynamically optimize defense strategies, and rapidly deploy the corresponding defense mechanisms. In particular, we establish hybrid proactive defense mechanisms combining Moving Target Defense (MTD) techniques with cyber deception to spread camouflage information to confuse attackers. Based on these mechanisms, we introduce a defender-led signaling game model to formalize defense scenarios and depict the interactions between the defender and the attacker. Besides, we present an optimal algorithm to solve decision problems and optimize defense implementation in a cost-effective manner. Our extensive experiments demonstrate that the proposed approach can effectively mitigate DDoS attacks and maintain a high level of performance in IoT networks with acceptable overhead.

Manish Snehi,Abhinav Bhandari,Jyoti Verma

DOI: https://doi.org/10.1016/j.cose.2024.103702

IF: 5.105

2024-01-12

Computers & Security

Abstract:Introduction The convergence of the Internet of Anything (IoX), software-defined communication layer, and sophisticated cloud platform has steered the dawn of the fourth industrial revolution era (Industry 4.0). The technological leap forward has given shelter to the umbrella of cyber-physical systems such as Smart Grids, Agriculture, and Healthcare. The exponential growth of vulnerable spots (the Internet of Things) in multi-layer cyber-physical systems is involuntarily contributing to malignant IoT-generated denial-of-service attacks. The IoT devices manifest a high degree of diversity in traffic patterns, and a single dataset is insufficient to cover fiducial attack scenarios. In addition, the research community is pressing to overcome other roadblocks, such as an optimal architecture for solution efficacy, performance issues, and the need for comprehensive validation of the proposed solutions. Methods The paper offers a five-stage defense framework for building a mitigation against IoT-based DDoS attacks. The article brings forth an amalgamated dataset concocted from InSDN, BoT-IoT, and UNSW-Sydney datasets and a simulated dataset for IoT-DDoS to the research community. The paper employs a multi-stage Stack-Ensembled framework at the heart of the solution pillared on physical devices' behavioral attributes, resulting in a universal defense approach. The experiment leverages fog computing with distributed computational nodes to reduce response latency. Furthermore, the paper implements attack-detection-as-a-service on top of the Docker framework for a cost-effective, reusable, and portable framework. The novel design of the framework presents a light mitigation scheme to the SDN controller, ensuring a negligible impact on the controller's performance. Results and Discussion The hand-crafted feature selection process reduced the features by 80%, demonstrating a high accuracy of 99.99% with benchmark datasets, 98.84% accuracy in the simulation environment, and collateral damage of 1.52%. The experiment observes encouraging values for vital performance parameters that researchers often miss to discuss. Furthermore, the paper thoroughly analyzes IoT-DDoS mitigation framework performance parameters.

computer science, information systems

Hang Guo,John Heidemann

2020-01-01

Abstract:We propose IoTSTEED, a system running in edge routers to defend against Distributed Denial-of-Service (DDoS) attacks launched from compromised Internet-of-Things (IoT) devices. IoTSTEED watches traffic that leaves and enters the home network, detecting IoT devices at home, learning the benign servers they talk to, and filtering their traffic to other servers as a potential DDoS attack. We validate IoTSTEED’s accuracy and false positives (FPs) at detecting devices, learning servers and filtering traffic with replay of 10 days of benign traffic captured from an IoT access network. We show IoTSTEED correctly detects all 14 IoT and 6 non-IoT devices in this network (100% accuracy) and maintains low false-positive rates when learning the servers IoT devices talk to (flagging 2% benign servers as suspicious) and filtering IoT traffic (dropping only 0.45% benign packets). We validate IoTSTEED’s true positives (TPs) and false negatives (FNs) in filtering attack traffic with replay of realworld DDoS traffic. Our experiments show IoTSTEED mitigates all typical attacks, regardless of the attacks’ traffic types, attacking devices and victims; an intelligent adversary can design to avoid detection in a few cases, but at the cost of a weaker attack. Lastly, we deploy IoTSTEED in NAT router of an IoT access network for 10 days, showing reasonable resource usage and verifying our testbed experiments for accuracy and learning in practice.

Yuming Feng,Weizhe Zhang,Shujun Yin,Hao Tang,Yang Xiang,Yu Zhang

DOI: https://doi.org/10.1109/jiot.2023.3279615

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The weaknesses of IoT devices leads to vulnerabilities easily, which can be exploited by criminals to launch distributed denial of service (DDoS) attacks, becoming a major security hazard. Nowadays, the rapid development of the Internet of Things (IoT) makes the IoT-based DDoS attacks have the characteristics of wide distribution, large scale and more stealthy that brings greater challenges for the DDoS detection. In this paper, we conduct our research based on the edge-side of IoT for providing earlier detection capability and more efficient resource utilization. We propose a novel reinforcement learning-based collaborative DDoS detection method and design a lightweight unsupervised classifier based on statistics. We deploy the classifiers in IoT edge gateways to detect anomalies by analyzing network traffic features in time. In order to deal with the dynamic changes of the IoT environment, we use the Soft Actor-Critic (SAC) reinforcement learning model deployed on the edge server to adjust the parameter configuration of the underlying unsupervised classifier dynamically, which can ensure excellent detection effect for different types of IoT devices. In addition, a collaborative aggregation module is designed in the edge server to share the observation state and historical experience, which has a unique collaborative reward mechanism for the reinforcement learning model to fully mobilize the collaborative work capability. The experiments on public dataset and constructed real-world testbed demonstrate that our proposed method has excellent detection performance and especially it can also discover stealthy IoT-based DDoS attacks accurately.

computer science, information systems,telecommunications,engineering, electrical & electronic

Haosu Cheng,Jianwei Liu,Tongge Xu,Bohan Ren,Jian Mao,Wei Zhang

DOI: https://doi.org/10.1504/ijsnet.2020.109720

2020-01-01

International Journal of Sensor Networks

Abstract:The software-defined network (SDN) enabled internet of things (IoT) architecture is deployed in many industrial systems. The ability of SDN to intelligently route traffic and use underutilised network resources, enables IoT networks to cope with data onslaught smoothly. SDN also eliminates bottlenecks and helps to process IoT data efficiently without placing a larger strain on the network. The SDN-based IoT network is vulnerable to DDoS attack in a sophisticated usage environment. The SDN-based IoT network behaviours are different from traditional networks, which makes the detection of low-traffic DDoS attacks more difficult. In this paper, we propose a learning-based detection approach that deploys learning algorithms and utilizes stateful and stateless features from Openflow packages to identify attack traffics in SDN control and data planes. Our prototype approach and experiment results show that our system identified the low-rate DDoS attack traffic accurately with relatively low system performance overheads.

Sifan Li,Yue Cao,Shuohan Liu,Yuping Lai,Yongdong Zhu,Naveed Ahmad

DOI: https://doi.org/10.1016/j.eswa.2023.122198

IF: 8.5

2023-01-01

Expert Systems with Applications

Abstract:In recent years, the application of the internet of things (IoT) in areas such as intelligent transportation, smart cities, and the industrial internet has become increasingly widespread. As a crucial supporting infrastructure, IoT devices are utilized in various fields to construct IoT networks. However, due to the inherent limitations of IoT devices, such as limited computing resources and low memory capacity, security concerns have become increasingly prominent. Among these concerns are Denial-of-Service (DoS) and botnet attacks, which are difficult to prevent due to their large-scale and covert nature. To address these challenges, this paper proposes a Hybrid DoS Attack Intrusion Detection System (HDA-IDS) that combines signature-based detection with anomaly-based detection to effectively identify both known and unknown DoS/botnet attacks. Additionally, this paper introduces a novel anomaly-based detection model called CL-GAN. It integrates CNN-LSTM with GAN to establish a baseline for normal behavior and detect malicious traffic. In contrast to other semi-supervised models, the CL-GAN exhibits superior accuracy, as well as shorter training and testing times, in detecting DoS and botnet attacks. In addition, experimental results demonstrate that the HDA-IDS outperforms other IDSs in detecting DoS and botnet attacks. When tested on datasets such as NSL-KDD, CICIDS2018, and Bot-IoT, the HDA-IDS achieved an average of 5% overall improvement superior performance in terms of accuracy, precision, recall, and F1-Score compared to other works. These results highlight the effectiveness of the proposed system in addressing security issues in IoT networks, and presents a general framework that addresses the challenge of large-scale attacks constructed through the dissemination of false information.

Praveen Shukla,C. Rama Krishna,Nilesh Vishwasrao Patil

DOI: https://doi.org/10.1007/s10586-024-04297-7

2024-03-02

Cluster Computing

Abstract:In the world of connected devices, there is huge growth of less secure Internet of Things (IoT) devices, and the ease of performing sophisticated cyberattacks using these devices has posed a serious threat to the security of Internet-based services or networks. Distributed Denial of Service (DDoS) attack is one of the most significant cyberattacks. It aims to damage or exhaust victims' resources, services, or networks and make them unavailable to legitimate users. Several solutions are available in the literature to detect DDoS attacks. However, it is difficult to detect them in real-time due to today's high speed or high volume of attack traffic. Therefore, this paper proposes an Apache Storm-based distributed detection approach for IoT network traffic-based DDoS attacks, namely SDDA-IoT. SDDA-IoT is composed of two primary modules: model development and model deployment. In the case of model development, we created five distributed detection models by utilizing a Hadoop cluster and the extremely scalable H2O.ai machine learning platform. In the case of model deployment, we deploy an efficient distributed detection model on the Apache Storm stream processing framework for analyzing ingress streaming data and classifying it into seven classes in near-real-time. To create new models or update existing ones, this module also saves the highly discriminating input features of each network flow along with the predicted outcome in the Hadoop Distributed File System (HDFS). The effectiveness of the SDDA-IoT approach has been examined using a variety of configured scenarios. The experimental results show that the SDDA-IoT approach detects DDoS attacks faster than recent state-of-the-art methods and more accurately with 99%+ accuracy.

computer science, information systems, theory & methods