DoS and DDoS Attacks on Internet of Things and Their Detection by Machine Learning Algorithms

Yıl 2024, Cilt: 15 Sayı: 2, 341 - 353

Muhammed Mustafa Şimşek Emrah Atılgan

https://doi.org/10.24012/dumf.1421337

Öz

Machine Learning (ML) algorithms play a crucial role in fortifying the security of Internet of Things (IoT) environments. In this study, we focus on several key ML algorithms, namely Random Forest, AdaBoost, Decision Trees, Naive Bayes, Logistic Regression, Support Vector Machines (SVM), and k-Nearest Neighbors (k-NN). These algorithms are evaluated within the unique context of IoT security, employing an original dataset meticulously crafted for this study. The dataset is designed to capture the intricacies of cyber threats in an IoT network, featuring attacks such as DDoS, HTTP Flood, SYN Flood, Port Scan, and UDP Flood. This original dataset serves as a foundation for the comprehensive evaluation of ML algorithms, allowing us to assess their effectiveness in identifying and mitigating diverse attack patterns targeting IoT devices. The algorithms are examined based on their performance metrics such as accuracy, F1-score, precision and recall, emphasizing their suitability for real-world IoT security applications. The results show that Random Forest and AdaBoost are the top performers in terms of performance metrics. The study aims to provide valuable insights into the strengths and limitations of these ML algorithms, aiding researchers and practitioners in developing resilient security measures designed for IoT settings.

Anahtar Kelimeler

DoS, DDoS,, IoT, Machine Learning, Classification

Nesnelerin İnternetinde DoS ve DDoS Saldırıları ile Bunların Makine Öğrenmesi Algoritmaları ile Tespiti

Öz

Makine Öğrenmesi (MÖ) algoritmaları, Nesnelerin İnterneti ortamlarının güvenliğini sağlamak adına kritik bir rol oynamaktadır. Bu çalışmada, Rastgele Orman, AdaBoost, Karar Ağaçları, Naive Bayes, Logistic Regression, Destek Vektör Makineleri (SVM) ve k-EnYakın Komşular (k-NN) algoritmalarına odaklanılmıştır. Bu algoritmalar, bu çalışma için özel olarak oluşturulmuş bir veri kümesi içinde Nesnelerin İnterneti güvenliği bağlamında değerlendirilmektedir. Veri kümesi, Nesnelerin İnterneti ağındaki siber tehditlerin inceliklerini yakalamak üzere tasarlanmıştır ve DDoS, HTTP Flood, SYN Flood, Port Scan ve UDP Flood gibi saldırıları içermektedir. Bu özgün veri kümesi, MÖ algoritmalarının kapsamlı bir değerlendirmesi için temel oluşturmakta ve böylece bu algoritmaların Nesnelerin İnterneti cihazlarını hedef alan çeşitli saldırı desenlerini tanımlama ve tespit etme konusundaki etkinliklerini değerlendirmemizi sağlamaktadır. Algoritmalar, doğruluk, F1-skor, hassasiyet ve duyarlılık gibi performans ölçütleri temelinde incelenmiştir ve gerçek hayat Nesnelerin İnterneti güvenlik uygulamaları için uygunluğu vurgulanmıştır. Sonuçlar, Rastgele Orman ve AdaBoost algoritmalarının performans ölçütleri açısından en iyi performans sergileyenler olduğunu göstermektedir. Çalışma, bu MÖ algoritmalarının güçlü yanları ve sınırlamaları hakkında değerli içgörüler sağlamayı amaçlamaktadır, bu da araştırmacılara ve uygulamacılara Nesnelerin İnterneti ortamları için dayanıklı güvenlik önlemleri geliştirmede yardımcı olabilir.

Anahtar Kelimeler

DoS, DDoS, Nesnelerin İnterneti, Makine Öğrenmesi, Sınıflandırma

Kaynakça

• [1] I. H. Sarker, “Machine Learning: Algorithms, Real-World Applications and Research Directions,” SN Comput. Sci., vol. 2, no. 3, p. 160, May 2021, doi: 10.1007/s42979-021-00592-x.
• [2] B. Mahesh, “Machine Learning Algorithms - A Review,” Int. J. Sci. Res., vol. 9, no. 1, pp. 381–386, 2020, doi: 10.21275/ART20203995.
• [3] L. Breiman, “Random Forests,” Mach. Learn., vol. 45, pp. 5–32, 2001.
• [4] Y. CAO, Q.-G. MIAO, J.-C. LIU, and L. GAO, “Advance and Prospects of AdaBoost Algorithm,” Acta Autom. Sin., vol. 39, no. 6, pp. 745–758, Jun. 2013, doi: 10.1016/S1874-1029(13)60052-X.
• [5] B. Charbuty and A. Abdulazeez, “Classification Based on Decision Tree Algorithm for Machine Learning,” J. Appl. Sci. Technol. Trends, vol. 2, no. 01, pp. 20–28, Mar. 2021, doi: 10.38094/jastt20165.
• [6] A. Yasar and M. M. Saritas, “Performance Analysis of ANN and Naive Bayes Classification Algorithm for Data Classification,” Int. J. Intell. Syst. Appl. Eng., vol. 7, no. 2, pp. 88–91, 2019, doi: 10.18201/ijisae.2019252786.
• [7] R. D. Joshi and C. K. Dhakal, “Predicting Type 2 Diabetes Using Logistic Regression and Machine Learning Approaches,” Int. J. Environ. Res. Public Health, vol. 18, no. 14, p. 7346, Jul. 2021, doi: 10.3390/ijerph18147346.
• [8] J. Cervantes, F. Garcia-Lamont, L. Rodríguez-Mazahua, and A. Lopez, “A comprehensive survey on support vector machine classification: Applications, challenges and trends,” Neurocomputing, vol. 408, pp. 189–215, Sep. 2020, doi: 10.1016/j.neucom.2019.10.118.
• [9] P. Cunningham and S. J. Delany, “k-Nearest Neighbour Classifiers - A Tutorial,” ACM Comput. Surv., vol. 54, no. 6, pp. 1–25, Jul. 2022, doi: 10.1145/3459665.
• [10] F. Farahnakian and J. Heikkonen, “A deep auto-encoder based approach for intrusion detection system,” in 2018 20th International Conference on Advanced Communication Technology (ICACT), Feb. 2018, pp. 178–183, doi: 10.23919/ICACT.2018.8323688.
• [11] L. Khalvati, M. Keshtgary, and N. Rikhtegar, “Intrusion Detection based on a Novel Hybrid Learning Approach,” J. AI Data Min., vol. 6, no. 1, pp. 157–162, 2018, doi: 10.22044/jadm.2017.979.
• [12] I. Ullah and Q. H. Mahmoud, “A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks,” in Advances in Artificial Intelligence, 2020, pp. 508–520.
• [13] M. A. Ferrag, L. Shu, H. Djallel, and K.-K. R. Choo, “Deep Learning-Based Intrusion Detection for Distributed Denial of Service Attack in Agriculture 4.0,” Electronics, vol. 10, no. 11, p. 1257, May 2021, doi: 10.3390/electronics10111257.
• [14] İ. F. KILINÇER and O. KATAR, “A new Intrusion Detection System for Secured IoT/IIoT Networks based on LGBM,” Gazi Üniversitesi Fen Bilim. Derg. Part C Tasarım ve Teknol., vol. 11, no. 2, pp. 321–328, Jun. 2023, doi: 10.29109/gujsc.1173286.
• [15] S. K. Lakshmanaprabu, K. Shankar, M. Ilayaraja, A. W. Nasir, V. Vijayakumar, and N. Chilamkurti, “Random forest for big data classification in the internet of things using optimal features,” Int. J. Mach. Learn. Cybern., vol. 10, no. 10, pp. 2609–2618, Oct. 2019, doi: 10.1007/s13042-018-00916-z.
• [16] P. Kumar, H. Bagga, B. S. Netam, and V. Uduthalapally, “SAD-IoT: Security Analysis of DDoS Attacks in IoT Networks,” Wirel. Pers. Commun., vol. 122, no. 1, pp. 87–108, Jan. 2022, doi: 10.1007/s11277-021-08890-6.
• [17] W. Feng, C. Ma, G. Zhao, and R. Zhang, “FSRF:An Improved Random Forest for Classification,” in 2020 IEEE International Conference on Advances in Electrical Engineering and Computer Applications( AEECA), Aug. 2020, pp. 173–178, doi: 10.1109/AEECA49918.2020.9213456.
• [18] F. Wang, D. Jiang, H. Wen, and H. Song, “Adaboost-based security level classification of mobile intelligent terminals,” J. Supercomput., vol. 75, no. 11, pp. 7460–7478, Nov. 2019, doi: 10.1007/s11227-019-02954-y.
• [19] S. Rachmadi, S. Mandala, and D. Oktaria, “Detection of DoS Attack using AdaBoost Algorithm on IoT System,” in 2021 International Conference on Data Science and Its Applications (ICoDSA), Oct. 2021, pp. 28–33, doi: 10.1109/ICoDSA53588.2021.9617545.
• [20] E. Nazarenko, V. Varkentin, and T. Polyakova, “Features of Application of Machine Learning Methods for Classification of Network Traffic (Features, Advantages, Disadvantages),” in 2019 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon), Oct. 2019, pp. 1–5, doi: 10.1109/FarEastCon.2019.8934236.
• [21] M. Douiba, S. Benkirane, A. Guezzaz, and M. Azrour, “An improved anomaly detection model for IoT security using decision tree and gradient boosting,” J. Supercomput., vol. 79, no. 3, pp. 3392–3411, Feb. 2023, doi: 10.1007/s11227-022-04783-y.
• [22] M. A. Bouke, A. Abdullah, S. H. ALshatebi, M. T. Abdullah, and H. El Atigh, “An intelligent DDoS attack detection tree-based model using Gini index feature selection method,” Microprocess. Microsyst., vol. 98, p. 104823, Apr. 2023, doi: 10.1016/j.micpro.2023.104823.
• [23] M. Aamir, S. S. H. Rizvi, M. A. Hashmani, M. Zubair, and J. A. . Usman, “Machine Learning Classification of Port Scanning and DDoS Attacks: A Comparative Analysis,” Mehran Univ. Res. J. Eng. Technol., vol. 40, no. 1, pp. 215–229, Jan. 2021, doi: 10.22581/muet1982.2101.19.
• [24] L. Chen and S. Wang, “Automated feature weighting in naive bayes for high-dimensional data classification,” in Proceedings of the 21st ACM international conference on Information and knowledge management, Oct. 2012, pp. 1243–1252, doi: 10.1145/2396761.2398426.
• [25] A. Mehmood, M. Mukherjee, S. H. Ahmed, H. Song, and K. M. Malik, “NBC-MAIDS: Naïve Bayesian classification technique in multi-agent system-enriched IDS for securing IoT against DDoS attacks,” J. Supercomput., vol. 74, no. 10, pp. 5156–5170, Oct. 2018, doi: 10.1007/s11227-018-2413-7.
• [26] J. Ren, S. D. Lee, X. Chen, B. Kao, R. Cheng, and D. Cheung, “Naive Bayes Classification of Uncertain Data,” in 2009 Ninth IEEE International Conference on Data Mining, Dec. 2009, pp. 944–949, doi: 10.1109/ICDM.2009.90.
• [27] K. Prathapchandran and T. Janani, “A Trust-Based Security Model to Detect Misbehaving Nodes in Internet of Things (IoT) Environment using Logistic Regression,” J. Phys. Conf. Ser., vol. 1850, no. 1, p. 012031, May 2021, doi: 10.1088/1742-6596/1850/1/012031.
• [28] N. K. Sahu and I. Mukherjee, “Machine Learning based anomaly detection for IoT Network: (Anomaly detection in IoT Network),” in 2020 4th International Conference on Trends in Electronics and Informatics (ICOEI), Jun. 2020, pp. 787–794, doi: 10.1109/ICOEI48184.2020.9142921.
• [29] F. Abbasi, M. Naderan, and S. E. Alavi, “Anomaly detection in Internet of Things using feature selection and classification based on Logistic Regression and Artificial Neural Network on N-BaIoT dataset,” in 2021 5th International Conference on Internet of Things and Applications (IoT), May 2021, pp. 1–7, doi: 10.1109/IoT52625.2021.9469605.
• [30] C. Ioannou and V. Vassiliou, “Network Attack Classification in IoT Using Support Vector Machines,” J. Sens. Actuator Networks, vol. 10, no. 3, p. 58, Aug. 2021, doi: 10.3390/jsan10030058.
• [31] A. Mubarakali, K. Srinivasan, R. Mukhalid, S. C. B. Jaganathan, and N. Marina, “Security challenges in internet of things: Distributed denial of service attack detection using support vector machine‐based expert systems,” Comput. Intell., vol. 36, no. 4, pp. 1580–1592, Nov. 2020, doi: 10.1111/coin.12293.
• [32] M. Al-Akhras, M. Alawairdhi, A. Alkoudari, and S. Atawneh, “Using Machine Learning to Build a Classification Model for IoT Networks to Detect Attack Signatures,” Int. J. Comput. Networks Commun., vol. 12, no. 6, pp. 99–116, Nov. 2020, doi: 10.5121/ijcnc.2020.12607.
• [33] M. Mohy-eddine, A. Guezzaz, S. Benkirane, and M. Azrour, “An efficient network intrusion detection model for IoT security using K-NN classifier and feature selection,” Multimed. Tools Appl., vol. 82, no. 15, pp. 23615–23633, Jun. 2023, doi: 10.1007/s11042-023-14795-2.
• [34] Y. Liao and V. R. Vemuri, “Use of K-Nearest Neighbor classifier for intrusion detection,” Comput. Secur., vol. 21, no. 5, pp. 439–448, Oct. 2002, doi: 10.1016/S0167-4048(02)00514-X.
• [35] M. A. Gómez Maureira, D. Oldenhof, and L. Teernstra, “ThingSpeak – an API and Web Service for the Internet of Things,” World Wide Web. 2014, [Online]. Available: https://staas.home.xs4all.nl/t/swtr/documents/wt2014_thingspeak.pdf.
• [36] D. Parida, A. Behera, J. K. Naik, S. Pattanaik, and R. S. Nanda, “Real-time Environment Monitoring System using ESP8266 and ThingSpeak on Internet of Things Platform,” in 2019 International Conference on Intelligent Computing and Control Systems (ICCS), May 2019, pp. 225–229, doi: 10.1109/ICCS45141.2019.9065451.
• [37] I. Ozcelik and R. R. Brooks, Distributed Denial of Service Attacks. CRC Press, 2020.
• [38] K. Sonar and H. Upadhyay, “A survey: DDOS Attack on Internet of Things,” Int. J. Eng. Res. Dev., vol. 10, no. 11, pp. 58–63, 2014.
• [39] F. Moldovan, P. Satmarean, and C. Oprisa, “An Analysis of HTTP Attacks on Home IoT Devices,” in 2020 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR), May 2020, pp. 1–6, doi: 10.1109/AQTR49680.2020.9129980.
• [40] N. Abughazaleh, R. Bin, M. Btish, and H. M., “DoS Attacks in IoT Systems and Proposed Solutions,” Int. J. Comput. Appl., vol. 176, no. 33, pp. 16–19, Jun. 2020, doi: 10.5120/ijca2020920397.
• [41] K. Geetha and N. Sreenath, “SYN flooding attack - Identification and analysis,” in International Conference on Information Communication and Embedded Systems (ICICES2014), Feb. 2014, pp. 1–7, doi: 10.1109/ICICES.2014.7033828.
• [42] Q. A. Al-Haija, E. Saleh, and M. Alnabhan, “Detecting Port Scan Attacks Using Logistic Regression,” in 2021 4th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), Dec. 2021, pp. 1–5, doi: 10.1109/ISAECT53699.2021.9668562.
• [43] L. Huraj, M. Simon, and T. Horak, “IoT Measuring of UDP-Based Distributed Reflective DoS Attack,” in 2018 IEEE 16th International Symposium on Intelligent Systems and Informatics (SISY), Sep. 2018, pp. 000209–000214, doi: 10.1109/SISY.2018.8524703.