Development and Evaluation of Ensemble Learning Models for Detection of DDOS Attacks in IoT

Year 2022, Volume 9, Issue 2, 73 - 82, 30.06.2022

Yıldıran YILMAZ Selim BUYRUKOĞLU

https://doi.org/10.17350/HJSE19030000257

Abstract

Internet of Things that process tremendous confidential data have difficulty performing traditional security algorithms, thus their security is at risk. The security tasks to be added to these devices should be able to operate without disturbing the smooth operation of the system so that the availability of the system will not be impaired. While various attack detection systems can detect attacks with high accuracy rates, it is often impos-sible to integrate them into Internet of Things devices. Therefore, in this work, the new Distributed Denial-of-Service (DDoS) detection models using feature selection and learn-ing algorithms jointly are proposed to detect DDoS attacks, which are the most common type encountered by Internet of Things networks. Additionally, this study evaluates the memory consumption of single-based, bagging, and boosting algorithms on the client-side which has scarce resources. Not only the evaluation of memory consumption but also development of ensemble learning models refer to the novel part of this study. The data set consisting of 79 features in total created for the detection of DDoS attacks was minimized by selecting the two most significant features. Evaluation results confirm that the DDoS attack can be detected with high accuracy and less memory usage by the base models com-pared to complex learning methods such as bagging and boosting models. As a result, the findings demonstrate the feasibility of the base models, for the Internet of Things DDoS detection task, due to their application performance.

Keywords

Attack Detection, Bagging, Base, Boosting, DDOS

Abstract

References

• [1] Salim, M. M., Rathore, S., & Park, J. H. Distributed denial of service attacks and its defenses in IoT: a survey. The Journal of Supercomputing, 76(7), 5320-5363, 2020.
• [2] Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. DDoS in the IoT: Mirai and other botnets. Computer, 50(7), 80-84, 2017.
• [3] Vishwakarma, R., & Jain, A. K. A survey of DDoS attacking techniques and defence mechanisms in the IoT network. Telecommunication systems, 73(1), 3-25, 2020.
• [4] Sharafaldin, I., Lashkari, A. H., Hakak, S., & Ghorbani, A. A. Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST), 1-8. IEEE, 2019.
• [5] Sutton, C. D. Classification and regression trees, bagging, and boosting. Handbook of statistics, 24, 303-329, 2005.
• [6] Dang-Van, T and Truong-Thu, H. A Multi-Criteria based Software Defined Networking System Architecture for DDoS-Attack Mitigation. REV J. Electron. Commun., vol. 6, no. 3, pp. 50–60, 2017, doi: 10.21553/rev-jec.123.
• [7] Al-Duwairi, B., Al-Kahla, W., AlRefai, M. A., Abdelqader, Y., Rawash, A., and Fahmawi, R. SIEM-based detection and mitigation of IoT-botnet DDoS attacks. Int. J. Electr. Comput. Eng., vol. 10, no. 2, pp. 2182–2191, 2020, doi: 10.11591/ijece.v10i2.pp2182-2191.
• [8] Mubarakali, A., Srinivasan, K., Mukhalid, R., Jaganathan, S. C. B., and Marina, N. Security challenges in internet of things: Distributed denial of service attack detection using support vector machine-based expert systems. Comput. Intell., vol. 36, no. 4, pp. 1580–1592, 2020, doi:10.1111/coin.12293.
• [9] Dong P, Du X, Zhang, H., and Xu, T. Adetectionmethod for a novel DDoS attack against SDN controllers by vast new low-traffic flows. IEEE International Conference on Communications (ICC); May 22-27, 1-6, 2016.
• [10] Mousavi SM, St-Hilaire M. Early detection of DDoS attacks against SDN controllers. International Conference on Computing, Networking and Communications (ICNC); February 16-19, 2015.
• [11] Li, J. IOT security analysis of BDT-SVM multi-classification algorithm. International Journal of Computers and Applications, 1-10, 2020.
• [12] Ma, L., Chai, Y., Cui, L., Ma, D., Fu, Y., & Xiao, A. A deep learning-based DDoS detection framework for Internet of Things. In ICC IEEE International Conference on Communications (ICC), 1-6, IEEE, 2020.
• [13] Soe, Y. N., Feng, Y., Santosa, P. I., Hartanto, R., & Sakurai K. Machine learning-based IoT-botnet attack detection with sequential architecture. Sensors, 20(16), 4372, 2020.
• [14] Karthik, M. G., & Krishnan, M. M. Hybrid random forest and synthetic minority over sampling technique for detecting internet of things attacks. Journal of Ambient Intelligence and Humanized Computing, 1-11, 2021.
• [15] Agarwal, M., Biswas, S., & Nandi, S. Detection of de-authentication dos attacks in wi-fi networks: A machine learning approach. In 2015 IEEE International Conference on Systems, Man, and Cybernetics, 246-251, 2015.
• [16] Luengo, J., García-Gil, D., Ramírez-Gallego, S., García, S., & Herrera, F. Big data preprocessing: enabling smart data. Springer Nature, 2020.
• [17] S. Lei. A Feature Selection Method Based on Information Gain and Genetic Algorithm. International Conference on Computer Science and Electronics Engineering, 355-358, 2012, doi: 10.1109/ICCSEE.2012.97
• [18] Omuya, E. O., Okeyo, G. O., & Kimwele, M. W. Feature Selection for Classification using Principal Component Analysis and Information Gain. Expert Systems with Applications, 174, 2021.
• [19] Ahmed, A., Jalal, A., & Kim, K. A novel statistical method for scene classification based on multi-object categorization and logistic regression. Sensors, 20(14), 3871, 2020.
• [20] Alasmary, H., Khormali, A., Anwar, A., Park, J., Choi, J., Abusnaina, A., & Mohaisen, A. Analyzing and detecting emerging internet of things malware: A graph-based approach. IEEE Internet of Things Journal, 6(5), 8977- 8988, 2019.
• [21] Suthaharan, S. (2016). Support vector machine. In Machine learning models and algorithms for big data classification, 207-235, 2016, Springer, Boston, MA.
• [22] Gomez, F. R., Rajapakse, A. D., Annakkage, U. D., & Fernando, I. T. Support vector machine-based algorithm for post-fault transient stability status prediction using synchronized measurements. IEEE Transactions on Power Systems, 26(3), 1474-1483, 2010.
• [23] Sahoo, K. S., Tripathy, B. K., Naik, K., Ramasubbareddy, S., Balusamy, B., Khari, M., & Burgos, D. An evolutionary SVM model for DDOS attack detection in software defined networks. IEEE Access, 8, 132502-132513, 2020.
• [24] Berrar, D. Bayes’ theorem and naive Bayes classifier. Encyclopedia of Bioinformatics and Computational Biology: ABC of Bioinformatics; Elsevier Science Publisher: Amsterdam, The Netherlands, 403-412, 2018.
• [25] Islam, M. J., Wu, Q. J., Ahmadi, M., & Sid-Ahmed, M. A. Investigating the performance of naive-bayes classifiers and k-nearest neighbor classifiers. International Conference on Convergence Information Technology (ICCIT 2007), 1541-1546, 2007, IEEE.
• [26] Subramanian, E. K., & Tamilselvan, L. A focus on future cloud: machine learning-based cloud security. Service Oriented Computing and Applications, 13(3), 237-249, 2019.
• [27] Anthony, M., & Bartlett, P. L. Neural network learning: Theoretical foundations, Cambridge University Press, 2009.
• [28] Breiman, L. Random forests, UC Berkeley TR567, 1999.
• [29] Friedman, J. H., & Hall, P. On bagging and nonlinear estimation. Journal of statistical planning and inference, 137(3), 669-683, 2007.
• [30] Kang, H., & Kim, H. Household appliance classification using lower odd-numbered harmonics and the bagging decision tree. IEEE Access, 8, 55937-55952, 2020.
• [31] Raspberry Pi (Trading) Ltd. [Accessed by 16 May 2020] https:// datasheets.raspberrypi.org/pico/pico- datasheet.pdf.
• [32] Chang, V., Li, T., & Zeng, Z. Towards an improved Adaboost algorithmic method for computational financial analysis. Journal of Parallel and Distributed Computing, 134, 219-232, 2019.
• [33] Kotsiantis, S. B. Bagging and boosting variants for handling classifications problems: a survey. The Knowledge Engineering Review, 29(1), 78-100, 2014.
• [34] Cil, A. E., Yildiz, K., & Buldu, A. (2021). Detection of DDoS attacks with feed forward based deep neural network model. Expert Systems with Applications, 169, 114520.
• [35] Saini, P. S., Behal, S., & Bhatia, S. (2020, March). Detection of DDoS attacks using machine learning algorithms. In 2020 7th International Conference on Computing for Sustainable Global Development (INDIACom) (pp. 16-21). IEEE.
• [36] Marvi, M., Arfeen, A., & Uddin, R. (2021). A generalized machine learning‐based model for the detection of DDoS attacks. International Journal of Network Management, 31(6), e2152.
• [37] Tonkal, Ö., Polat, H., Başaran, E., Cömert, Z., & Kocaoğlu, R. (2021). Machine Learning Approach Equipped with Neighbourhood Component Analysis for DDoS Attack Detection in Software-Defined Networking. Electronics, 10(11), 1227.