Muhammad Almas Khan,Muazzam A. Khan,Sana Ullah Jan,Jawad Ahmad,Sajjad Shaukat Jamal,Awais Aziz Shah,Nikolaos Pitropakis,William J. Buchanan

DOI: https://doi.org/10.3390/s21217016

IF: 3.9

2021-10-22

Sensors

Abstract:A large number of smart devices in Internet of Things (IoT) environments communicate via different messaging protocols. Message Queuing Telemetry Transport (MQTT) is a widely used publish–subscribe-based protocol for the communication of sensor or event data. The publish–subscribe strategy makes it more attractive for intruders and thus increases the number of possible attacks over MQTT. In this paper, we proposed a Deep Neural Network (DNN) for intrusion detection in the MQTT-based protocol and also compared its performance with other traditional machine learning (ML) algorithms, such as a Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbour (kNN), Decision Tree (DT), Long Short-Term Memory (LSTM), and Gated Recurrent Units (GRUs). The performance is proved using two different publicly available datasets, including (1) MQTT-IoT-IDS2020 and (2) a dataset with three different types of attacks, such as Man in the Middle (MitM), Intrusion in the network, and Denial of Services (DoS). The MQTT-IoT-IDS2020 contains three abstract-level features, including Uni-Flow, Bi-Flow, and Packet-Flow. The results for the first dataset and binary classification show that the DNN-based model achieved 99.92%, 99.75%, and 94.94% accuracies for Uni-flow, Bi-flow, and Packet-flow, respectively. However, in the case of multi-label classification, these accuracies reduced to 97.08%, 98.12%, and 90.79%, respectively. On the other hand, the proposed DNN model attains the highest accuracy of 97.13% against LSTM and GRUs for the second dataset.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ziming Zhao,Zhuotao Liu,Huan Chen,Fan Zhang,Zhuoxue Song,Zhaoxuan Li

DOI: https://doi.org/10.1109/tdsc.2023.3349180

2024-01-01

Abstract:Defending against Distributed Denial of Service (DDoS) attacks is a fundamental problem in the Internet. Over the past few decades, the research and industry communities have proposed a variety of solutions, from adding incremental capabilities to the existing Internet routing stack, to clean-slate future Internet architectures, and to widely deployed commercial DDoS prevention services. Yet a recent interview with over 100 security practitioners in multiple sectors reveals that existing solutions are still insufficient against , due to either unenforceable protocol deployment or non-comprehensive traffic filters. This seemingly endless arms race with attackers probably means that we need a fundamental paradigm shift. In this paper, we propose a new DDoS prevention paradigm named preference-driven and in-network enforced traffic shaping , aiming to explore the novel DDoS prevention norms that focus on delivering victim-preferred traffic rather than consistently chasing after the DDoS attacks. Towards this end, we propose DFNet, a novel DDoS prevention system that provides reliable delivery of victim-preferred traffic without full knowledge of DDoS attacks. At a very high level, the core innovative design of DFNet embraces the advances in Machine Learning (ML) and new network dataplane primitives, by encoding the victim's traffic preference (in the form of complex ML models) into dataplane packet scheduling algorithms such that the victim-preferred traffic is forwarded with priority at line-speed, regardless of the attacker strategy. We implement a prototype of DFNet in 11,560 lines of code, and extensively evaluate it on our testbed. The results show that a single instance of DFNet can forward 99.93% of victim-desired traffic when facing previously unseen attacks, while imposing less than 0.1% forwarding overhead on a dataplane with 80 Gbps upstream links and a 40 Gbps bottleneck.

Rawan Bukhowah,Ahmed Aljughaiman,M. M. Hafizur Rahman

DOI: https://doi.org/10.3390/electronics13061031

IF: 2.9

2024-03-10

Electronics

Abstract:The Internet of Things (IoT) is a rapidly growing network that shares information over the Internet via interconnected devices. In addition, this network has led to new security challenges in recent years. One of the biggest challenges is the impact of denial-of-service (DoS) attacks on the IoT. The Information-Centric Network (ICN) infrastructure is a critical component of the IoT. The ICN has gained recognition as a promising networking solution for the IoT by supporting IoT devices to be able to communicate and exchange data with each other over the Internet. Moreover, the ICN provides easy access and straightforward security to IoT content. However, the integration of IoT devices into the ICN introduces new security challenges, particularly in the form of DoS attacks. These attacks aim to disrupt or disable the normal operation of the ICN, potentially leading to severe consequences for IoT applications. Machine learning (ML) is a powerful technology. This paper proposes a new approach for developing a robust and efficient solution for detecting DoS attacks in ICN-IoT networks using ML technology. ML is a subset of artificial intelligence (AI) that focuses on the development of algorithms. While several ML algorithms have been explored in the literature, including neural networks, decision trees (DTs), clustering algorithms, XGBoost, J48, multilayer perceptron (MLP) with backpropagation (BP), deep neural networks (DNNs), MLP-BP, RBF-PSO, RBF-JAYA, and RBF-TLBO, researchers compare these detection approaches using classification metrics such as accuracy. This classification metric indicates that SVM, RF, and KNN demonstrate superior performance compared to other alternatives. The proposed approach was carried out on the NDN architecture because, based on our findings, it is the most used one and has a high percentage of various types of cyberattacks. The proposed approach can be evaluated using an ndnSIM simulation and a synthetic dataset for detecting DoS attacks in ICN-IoT networks using ML algorithms.

engineering, electrical & electronic,computer science, information systems,physics, applied

Albara Awajan

DOI: https://doi.org/10.3390/computers12020034

2023-02-05

Computers

Abstract:The impressive growth rate of the Internet of Things (IoT) has drawn the attention of cybercriminals more than ever. The growing number of cyber-attacks on IoT devices and intermediate communication media backs the claim. Attacks on IoT, if they remain undetected for an extended period, cause severe service interruption resulting in financial loss. It also imposes the threat of identity protection. Detecting intrusion on IoT devices in real-time is essential to make IoT-enabled services reliable, secure, and profitable. This paper presents a novel Deep Learning (DL)-based intrusion detection system for IoT devices. This intelligent system uses a four-layer deep Fully Connected (FC) network architecture to detect malicious traffic that may initiate attacks on connected IoT devices. The proposed system has been developed as a communication protocol-independent system to reduce deployment complexities. The proposed system demonstrates reliable performance for simulated and real intrusions during the experimental performance analysis. It detects the Blackhole, Distributed Denial of Service, Opportunistic Service, Sinkhole, and Workhole attacks with an average accuracy of 93.74%. The proposed intrusion detection system’s precision, recall, and F1-score are 93.71%, 93.82%, and 93.47%, respectively, on average. This innovative deep learning-based IDS maintains a 93.21% average detection rate which is satisfactory for improving the security of IoT networks.

Yawar Abbas Abid,Jinsong Wu,Guangquan Xu,Shihui Fu,Muhammad Waqas

DOI: https://doi.org/10.1109/jiot.2024.3376578

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the increasing rates of interconnected Internet of Things (IoT) devices within Software-Defined Networking (SDN) environments, distributed denial of service (DDoS) attacks have become increasingly common. As a result of this challenge, novel detection and classification methods must be developed based on the unique characteristics of SDN-supported IoT networks. This paper proposes a novel approach to detecting and categorizing DDoS attacks that has been optimized specifically for such environments. As part of our methodology, we integrate convolutional neural networks (CNN) and long-short-term memory (LSTM) models into a multilevel deep neural network architecture. With this hybrid architecture, complex spatial and temporal patterns can be automatically extracted from raw network traffic data to facilitate comprehensive analysis and accurate identification of DDoS attacks. We validate the efficacy and superiority of our proposed approach over traditional machine learning algorithms by conducting rigorous experiments on real-world datasets. Our findings underscore the potential of the multi-level deep neural network approach as a robust and scalable solution for mitigating DDoS attacks in SDN-supported IoT networks. By improving network security and resilience to evolving threats, our methodology contributes to safeguarding critical infrastructures in the era of interconnected IoT ecosystems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Reem M. Alzhrani,Mohammed A. Alliheedi

DOI: https://doi.org/10.48550/arXiv.2311.06938

2023-11-13

Abstract:The development and implementation of Internet of Things (IoT) devices have been accelerated dramatically in recent years. As a result, a super-network is required to handle the massive volumes of data collected and transmitted to these devices. Fifth generation (5G) technology is a new, comprehensive wireless technology that has the potential to be the primary enabling technology for the IoT. The rapid spread of IoT devices can encounter many security limits and concerns. As a result, new and serious security and privacy risks have emerged. Attackers use IoT devices to launch massive attacks; one of the most famous is the Distributed Denial of Service (DDoS) attack. Deep Learning techniques have proven their effectiveness in detecting and mitigating DDoS attacks. In this paper, we applied two Deep Learning algorithms Convolutional Neural Network (CNN) and Feed Forward Neural Network (FNN) in dataset was specifically designed for IoT devices within 5G networks. We constructed the 5G network infrastructure using OMNeT++ with the INET and Simu5G frameworks. The dataset encompasses both normal network traffic and DDoS attacks. The Deep Learning algorithms, CNN and FNN, showed impressive accuracy levels, both reaching 99%. These results underscore the potential of Deep Learning to enhance the security of IoT devices within 5G networks.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Nouf Saeed Alotaibi,Hassan I. Sayed Ahmed,Samah Osama M. Kamel,Ghada Farouk ElKabbany,Hassan I. Sayed Sayed Ahmed

DOI: https://doi.org/10.3390/s24051638

IF: 3.9

2024-03-03

Sensors

Abstract:The Message Queuing Telemetry Transport (MQTT) protocol stands out as one of the foremost and widely recognized messaging protocols in the field. It is often used to transfer and manage data between devices and is extensively employed for applications ranging from smart homes and industrial automation to healthcare and transportation systems. However, it lacks built-in security features, thereby making it vulnerable to many types of attacks such as man-in-the-middle (MitM), buffer overflow, pre-shared key, brute force authentication, malformed data, distributed denial-of-service (DDoS) attacks, and MQTT publish flood attacks. Traditional methods for detecting MQTT attacks, such as deep neural networks (DNNs), k-nearest neighbor (KNN), linear discriminant analysis (LDA), and fuzzy logic, may exist. The increasing prevalence of device connectivity, sensor usage, and environmental scalability become the most challenging aspects that novel detection approaches need to address. This paper presents a new solution that leverages an H2O-based distributed machine learning (ML) framework to improve the security of the MQTT protocol in networks, particularly in IoT environments. The proposed approach leverages the strengths of the H2O algorithm and architecture to enable real-time monitoring and distributed detection and classification of anomalous behavior (deviations from expected activity patterns). By harnessing H2O's algorithms, the identification and timely mitigation of potential security threats are achieved. Various H2O algorithms, including random forests, generalized linear models (GLMs), gradient boosting machine (GBM), XGBoost, and the deep learning (DL) algorithm, have been assessed to determine the most reliable algorithm in terms of detection performance. This study encompasses the development of the proposed algorithm, including implementation details and evaluation results. To assess the proposed model, various evaluation metrics such as mean squared error (MSE), root-mean-square error (RMSE), mean per class error (MCE), and log loss are employed. The results obtained indicate that the H2OXGBoost algorithm outperforms other H2O models in terms of accuracy. This research contributes to the advancement of secure IoT networks and offers a practical approach to enhancing the security of MQTT communication channels through distributed detection and classification techniques.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Basharat Ahmad,Zhaoliang Wu,Yongfeng Huang,Sadaqat Ur Rehman

DOI: https://doi.org/10.1016/j.knosys.2024.112614

IF: 8.139

2024-10-21

Knowledge-Based Systems

Abstract:The Internet of Things (IoT) networks, which are defined by their interconnected devices and data streams are an expanding attack surface for cyber adversaries. Industrial Internet of Things (IIoT) is a subset of IoT and has significant importance in-terms of security. Robust intrusion detection systems (IDS) are essential for protecting these critical infrastructures. Our research suggests a novel approach to the detection of anomalies in IoT and IIoT networks that leverages the capabilities of deep transfer learning. Our methodology begins with the EdgeIIoT dataset, which serves as the basis for our data analysis. We convert the data into an appropriate image format to enable Convolutional Neural Network (CNN)-based processing. The hyper-parameters of individual machine learning models are subsequently optimized using a Random Search algorithm. This optimization phase optimizes the performance of each model by modifying the hyper-parameters that are unique to the learning algorithms. The performance of each model is meticulously assessed subsequent to hyper-parameter optimization. The top-performing models are subsequently, strategically selected and combined using the ensemble technique. The IDS scheme's overall detection accuracy and generalizability are improved by the integration of strengths from multiple models. The proposed scheme demonstrates significant effectiveness in identifying a broad spectrum of attacks, encompassing a total of 14 distinct attack types. This comprehensive detection capability contributes to a more secure and resilient IoT ecosystem. Furthermore, application of quantization to our best models reduces resource utilization significantly without compromising accuracy.

computer science, artificial intelligence

Muhammad Aslam,Dengpan Ye,Aqil Tariq,Muhammad Asad,Muhammad Hanif,David Ndzi,Samia Allaoua Chelloug,Mohamed Abd Elaziz,Mohammed A A Al-Qaness,Syeda Fizzah Jilani

DOI: https://doi.org/10.3390/s22072697

2022-03-31

Abstract:The development of smart network infrastructure of the Internet of Things (IoT) faces the immense threat of sophisticated Distributed Denial-of-Services (DDoS) security attacks. The existing network security solutions of enterprise networks are significantly expensive and unscalable for IoT. The integration of recently developed Software Defined Networking (SDN) reduces a significant amount of computational overhead for IoT network devices and enables additional security measurements. At the prelude stage of SDN-enabled IoT network infrastructure, the sampling based security approach currently results in low accuracy and low DDoS attack detection. In this paper, we propose an Adaptive Machine Learning based SDN-enabled Distributed Denial-of-Services attacks Detection and Mitigation (AMLSDM) framework. The proposed AMLSDM framework develops an SDN-enabled security mechanism for IoT devices with the support of an adaptive machine learning classification model to achieve the successful detection and mitigation of DDoS attacks. The proposed framework utilizes machine learning algorithms in an adaptive multilayered feed-forwarding scheme to successfully detect the DDoS attacks by examining the static features of the inspected network traffic. In the proposed adaptive multilayered feed-forwarding framework, the first layer utilizes Support Vector Machine (SVM), Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbor (kNN), and Logistic Regression (LR) classifiers to build a model for detecting DDoS attacks from the training and testing environment-specific datasets. The output of the first layer passes to an Ensemble Voting (EV) algorithm, which accumulates the performance of the first layer classifiers. In the third layer, the adaptive frameworks measures the real-time live network traffic to detect the DDoS attacks in the network traffic. The proposed framework utilizes a remote SDN controller to mitigate the detected DDoS attacks over Open Flow (OF) switches and reconfigures the network resources for legitimate network hosts. The experimental results show the better performance of the proposed framework as compared to existing state-of-the art solutions in terms of higher accuracy of DDoS detection and low false alarm rate.

Qasem Abu Al-Haija,Charles McCurry,Saleh Zein-Sabatto

DOI: https://doi.org/10.20944/preprints202011.0508.v1

2020-11-19

Abstract:With the rapid expansion of intelligent resource-constrained devices and high-speed communication technologies, Internet of Things (IoT) has earned a wide recognition as the primary standard for low-power lossy networks (LLNs). Nevertheless, IoT infrastructures are vulnerable to cyber-attacks due to the constraints in computation, storage, and communication capacity of the endpoint devices. From one side, the majority of newly developed cyber-attacks are formed by slightly mutating formerly established cyber-attacks to produce a new attack tending to be treated as a normal traffic through the IoT network. From the other side, the influence of coupling the deep learning techniques with cybersecurity field has become a recent inclination of many security applications due to their impressive performance. In this paper, we provide a comprehensive development of a new intelligent and autonomous deep learning-based detection and classification system for cyber-attacks in IoT communication networks leveraging the power of convolutional neural networks, abbreviated as (IoT-IDCS-CNN). The proposed IoT-IDCS-CNN makes use of the high-performance computing employing the robust CUDA based Nvidia GPUs and the parallel processing employing the high-speed I9-Cores based Intel CPUs. In particular, the proposed system is composed of three subsystems: Feature Engineering subsystem, Feature Learning subsystem and Traffic classification subsystem. All subsystems are developed, verified, integrated, and validated in this research. To evaluate the developed system, we employed the NSL-KDD dataset which includes all the key attacks in the IoT computing. The simulation results demonstrated more than 99.3% and 98.2% of cyber-attacks’ classification accuracy for the binary-class classifier (normal vs anomaly) and the multi-class classifier (five categories) respectively. The proposed system was validated using k-fold cross validation method and was evaluated using the confusion matrix parameters (i.e., TN, TP, FN, FP) along with other classification performance metrics including precision, recall, F1-score, and false alarm rate. The test and evaluation results of the IoT-IDCS-CNN system outperformed many recent machine-learning based IDCS systems in the same area of study.

Ahmad Almadhor,Ali Altalbe,Imen Bouazzi,Abdullah Al Hejaili,Natalia Kryvinska

DOI: https://doi.org/10.1038/s41598-024-76016-6

IF: 4.6

2024-10-18

Scientific Reports

Abstract:Due to the rising use of the Internet of Things (IoT), the connectivity of networks increases the risk of Distributed Denial of Service (DDoS) attacks. Decentralized systems commonly used in centralized security systems fail to adequately prevent potential cyber threats in IoT because of the issues of privacy and scaling. The method proposed in this study seeks to remedy these facts by employing Explainable Artificial Intelligence (XAI) together with Federated Deep Neural Networks (FDNNs) to detect and prevent DDoS attacks. Our approach is thus to use federated learning models that are to be trained on distributed and dissimilar sources of data without compromising on the privacy aspect. FDNNs were trained over three rounds with information from three client gadgets incorporating pre-processed datasets of various types of DDoS attacks. Additionally, for feature selection, we integrated XGBoost with SHapley Additive exPlanations (SHAP) to improve model interpretability. The proposed solution can be considered to be quite robust, privacy-preserving, and highly scalable for the detection of DDoS attacks on the IoT network. The results shown on the server side indicate that this approach accurately detects 99.78% of DDoS attacks with a precision rate as high as 99.80%, recall rate (detection rate) going up to 99.74% and F1 score reaching 99.76%. They emphasize that FL-based IDSs are strong enough to cope with cybersecurity challenges in IoT, thus offering hope for securing modern network infrastructures against ever-growing cyber threats.

multidisciplinary sciences

Aisha Ibrahim Gide,Abubakar Aminu Mu’azu

DOI: https://doi.org/10.58496/bjiot/2024/008

2024-07-05

Abstract:As more devices are connected to the Internet through the Internet of Things (IoT), there are huge security challenges. One of the major problems is Distributed Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. These attacks floods networks with useless traffic, disrupting IoT services. There is a need for better security measures to handle this. Intrusion Detection Systems (IDS) is used to find suspicious activities, but many of them can't keep up with new types of attacks in real time. This study focuses on creating an efficient real time hybrid framework that uses the Kth Nearest Neighbor (KNN) algorithm and dense neural networks. This proposed framework aims to identify and categorize DoS/DDoS attacks in real time through the utilization of a simulation model and MQTT-IoT-IDS2020 dataset and compared with existing frameworks, our proposed framework excels in accuracy, precision, and recall.

Neder Karmous,Mohamed Ould-Elhassen Aoueileyine,Manel Abdelkader,Lamia Romdhani,Neji Youssef

DOI: https://doi.org/10.3390/s24155022

2024-08-03

Abstract:The number of connected devices or Internet of Things (IoT) devices has rapidly increased. According to the latest available statistics, in 2023, there were approximately 17.2 billion connected IoT devices; this is expected to reach 25.4 billion IoT devices by 2030 and grow year over year for the foreseeable future. IoT devices share, collect, and exchange data via the internet, wireless networks, or other networks with one another. IoT interconnection technology improves and facilitates people's lives but, at the same time, poses a real threat to their security. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are considered the most common and threatening attacks that strike IoT devices' security. These are considered to be an increasing trend, and it will be a major challenge to reduce risk, especially in the future. In this context, this paper presents an improved framework (SDN-ML-IoT) that works as an Intrusion and Prevention Detection System (IDPS) that could help to detect DDoS attacks with more efficiency and mitigate them in real time. This SDN-ML-IoT uses a Machine Learning (ML) method in a Software-Defined Networking (SDN) environment in order to protect smart home IoT devices from DDoS attacks. We employed an ML method based on Random Forest (RF), Logistic Regression (LR), k-Nearest Neighbors (kNN), and Naive Bayes (NB) with a One-versus-Rest (OvR) strategy and then compared our work to other related works. Based on the performance metrics, such as confusion matrix, training time, prediction time, accuracy, and Area Under the Receiver Operating Characteristic curve (AUC-ROC), it was established that SDN-ML-IoT, when applied to RF, outperforms other ML algorithms, as well as similar approaches related to our work. It had an impressive accuracy of 99.99%, and it could mitigate DDoS attacks in less than 3 s. We conducted a comparative analysis of various models and algorithms used in the related works. The results indicated that our proposed approach outperforms others, showcasing its effectiveness in both detecting and mitigating DDoS attacks within SDNs. Based on these promising results, we have opted to deploy SDN-ML-IoT within the SDN. This implementation ensures the safeguarding of IoT devices in smart homes against DDoS attacks within the network traffic.

DOI: https://doi.org/10.1007/s13042-024-02147-x

2024-05-14

International Journal of Machine Learning and Cybernetics

Abstract:The Internet of Things (IoT) connects billions of devices. However, because of its heterogeneous system and broad connectivity, it is vulnerable to various intrusion challenges, resulting in data and financial loss. The IoT environment must be secured from such threats. This research proposes an SDN-enabled Deep-Learning-Driven System for IoT intrusion detection. Intrusion detection can detect unknown threats from network traffic and is a good network security measure. Most current network anomaly detection approaches use standard machine learning models like KNN and SVM. These approaches have some significant advantages, but they are not very accurate and rely on manual traffic design, which is outmoded in the age of big data. Our proposed Hybrid Deep Learning-based Intrusion Detection System (HDLIDS) addresses low accuracy and feature engineering issues. HDLIDS uses a novel Modified Hybrid Deep Belief Network with Weights (MHDBN-W) algorithm to detect existing and new cyberattacks. The MHDBN-W method consists of an MCL, a layer combining the MGBRBM and DNN-W algorithms, and an aggregator layer. The MHDBN-W technique has two phases: UL and SL of traffic features into normal and abnormal classes. The HDLIDS model is evaluated on the CICIDS2018 dataset compared to other conventional learning methods. It outperforms all other models in all performance criteria.

computer science, artificial intelligence

Yantian Luo,Xu Chen,Ning Ge,Jianhua Lu

DOI: https://doi.org/10.1109/globecom46510.2021.9685728

2021-01-01

Abstract:With the rapid development of 5G networks, a great amount of Internet of Things (IoT) devices are connected to the Internet. Most of these devices are cost limited and thus are easily compromised by attackers to launch distributed denial of service (DDoS) attacks. The traditional DDoS defense methods at server side can not adapt to this new challenge, thus access-side DDoS detection architecture is urgently needed. In this paper, we propose a deep learning (DL) based IoT device classification method to support fine-grained behavior modeling of malicious traffic and thus enable access-side DDoS detection. Different from traditional studies based on machine learning (ML) which need expertise feature engineering, we propose a time characteristics extraction method based on 1-D convolutional neural network to capture high level time series features automatically for better classification performance. To avoid the feature loss problem, we propose a feature enhancement method based on residual connection module. Experimental results verify the effectiveness of our method, which offers a meaningful gain in terms of both accuracy and macro F1 score over existing approaches.

Nadeem Ahmed,Fayaz Hassan,Khursheed Aurangzeb,Arif Hussain Magsi,Musaed Alhussein

DOI: https://doi.org/10.1016/j.heliyon.2024.e28844

IF: 3.776

2024-03-29

Heliyon

Abstract:Recent years have witnessed security as a great concern in vehicular networks (VANET). Particularly, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks can jeopardize the network by broadcasting a storm of packets. Correspondingly, the network resources are jammed with malicious traffic. In this connection, the existing research presented various techniques to cope with DoS and DDoS attacks. Different from those traditional approaches, this study proposes an Intelligent Intrusion Detection System (IDS) by leveraging Machine Learning (ML). The proposed IDS utilizes a publicly available dataset on the application layer for mitigating DDoS attacks. The designed ML-based IDS relies on combining both the Random Projection (RP) and Randomized Matrix Factorization (RMF) methods to achieve the best results for enhancing the detection capabilities of the IDS. This amalgamation enhances the system's detection capabilities by extracting and analyzing meaningful features from network traffic data. Experimental validation of our approach involves a comprehensive evaluation of various ML models, including Extra Tree Classifier (ETC), Logistic Regression (LR), and Random Forest (RF). Remarkably, the combined accuracy of these models yields an average system accuracy of 0.98, surpassing existing methods. Unlike conventional approaches, our proposed IDS excels in efficiency and exhibits notable performance in detecting DoS and DDoS attacks in VANET. This proficiency ensures the integrity and safety of vehicle communications. Thus, our research substantially contributes to the vehicular network security field. The presented findings establish a foundation for future advancements in securing connected vehicles.

Noor Wali Khan,Mohammed S Alshehri,Muazzam A Khan,Sultan Almakdi,Naghmeh Moradpoor,Abdulwahab Alazeb,Safi Ullah,Naila Naz,Jawad Ahmad

DOI: https://doi.org/10.3934/mbe.2023602

2023-06-13

Abstract:The Internet of Things (IoT) is a rapidly evolving technology with a wide range of potential applications, but the security of IoT networks remains a major concern. The existing system needs improvement in detecting intrusions in IoT networks. Several researchers have focused on intrusion detection systems (IDS) that address only one layer of the three-layered IoT architecture, which limits their effectiveness in detecting attacks across the entire network. To address these limitations, this paper proposes an intelligent IDS for IoT networks based on deep learning algorithms. The proposed model consists of a recurrent neural network and gated recurrent units (RNN-GRU), which can classify attacks across the physical, network, and application layers. The proposed model is trained and tested using the ToN-IoT dataset, specifically collected for a three-layered IoT system, and includes new types of attacks compared to other publicly available datasets. The performance analysis of the proposed model was carried out by a number of evaluation metrics such as accuracy, precision, recall, and F1-measure. Two optimization techniques, Adam and Adamax, were applied in the evaluation process of the model, and the Adam performance was found to be optimal. Moreover, the proposed model was compared with various advanced deep learning (DL) and traditional machine learning (ML) techniques. The results show that the proposed system achieves an accuracy of 99% for network flow datasets and 98% for application layer datasets, demonstrating its superiority over previous IDS models.

Firas Mohammed Aswad,Ali Mohammed Saleh Ahmed,Nafea Ali Majeed Alhammadi,Bashar Ahmad Khalaf,Salama A. Mostafa

DOI: https://doi.org/10.1515/jisys-2022-0155

2023-01-01

Journal of Intelligent Systems

Abstract:Abstract With the rapid growth of informatics systems’ technology in this modern age, the Internet of Things (IoT) has become more valuable and vital to everyday life in many ways. IoT applications are now more popular than they used to be due to the availability of many gadgets that work as IoT enablers, including smartwatches, smartphones, security cameras, and smart sensors. However, the insecure nature of IoT devices has led to several difficulties, one of which is distributed denial-of-service (DDoS) attacks. IoT systems have several security limitations due to their disreputability characteristics, like dynamic communication between IoT devices. The dynamic communications resulted from the limited resources of these devices, such as their data storage and processing units. Recently, many attempts have been made to develop intelligent models to protect IoT networks against DDoS attacks. The main ongoing research issue is developing a model capable of protecting the network from DDoS attacks that is sensitive to various classes of DDoS and can recognize legitimate traffic to avoid false alarms. Subsequently, this study proposes combining three deep learning algorithms, namely recurrent neural network (RNN), long short-term memory (LSTM)-RNN, and convolutional neural network (CNN), to build a bidirectional CNN-BiLSTM DDoS detection model. The RNN, CNN, LSTM, and CNN-BiLSTM are implemented and tested to determine the most effective model against DDoS attacks that can accurately detect and distinguish DDoS from legitimate traffic. The intrusion detection evaluation dataset (CICIDS2017) is used to provide more realistic detection. The CICIDS2017 dataset includes benign and up-to-date examples of typical attacks, closely matching real-world data of Packet Capture. The four models are tested and assessed using Confusion Metrix against four commonly used criteria: accuracy, precision, recall, and F -measure. The performance of the models is quite effective as they obtain an accuracy rate of around 99.00%, except for the CNN model, which achieves an accuracy of 98.82%. The CNN-BiLSTM achieves the best accuracy of 99.76% and precision of 98.90%.

Mohammed Almehdhar,Mohammed M. Abdelsamea,Na Ruan

DOI: https://doi.org/10.1504/ijics.2023.135902

2023-01-01

International Journal of Information and Computer Security

Abstract:Internet of things (IoT) devices usually offer limited resources such as processing, memory, and network capacity, bringing more security threats to the environment. Distributed denial of service (DDoS) signal attacks are among the most serious threats. Software-defined networking (SDN) is a promising paradigm that could offer a scalable security solution optimised for the IoT ecosystem. However, investigating a robust security solution is still one of the most challenging problems that a smart home environment faces in SDN. In this paper, we introduce a multi-locality deep learning model for the detection of DDoS signals in an SDN-based smart home. It employs convolutional neural networks (CNNs) by learning different levels of local information from the data. In this work, an ensemble of two CNNs to detect malicious traffic flows with low computation overhead framework is proposed. Experimental results demonstrate the robustness, effectiveness, and efficiency of our solution in detecting DDoS attacks in SDN smart home.

Yining Pang,Chenghan Li

2024-12-11

Abstract:With the proliferation of the Internet and smart devices, IoT technology has seen significant advancements and has become an integral component of smart homes, urban security, smart logistics, and other sectors. IoT facilitates real-time monitoring of critical production indicators, enabling businesses to detect potential quality issues, anticipate equipment malfunctions, and refine processes, thereby minimizing losses and reducing costs. Furthermore, IoT enhances real-time asset tracking, optimizing asset utilization and management. However, the expansion of IoT has also led to a rise in cybercrimes, with devices increasingly serving as vectors for malicious attacks. As the number of IoT devices grows, there is an urgent need for robust network security measures to counter these escalating threats. This paper introduces a deep learning model incorporating LSTM and attention mechanisms, a pivotal strategy in combating cybercrime in IoT networks. Our experiments, conducted on datasets including IoT-23, BoT-IoT, IoT network intrusion, MQTT, and MQTTset, demonstrate that our proposed method outperforms existing baselines.

Cryptography and Security,Machine Learning