Skip to main content
SpringerLink
Log in

EIoT-DDoS: embedded classification approach for IoT traffic-based DDoS attacks

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) has shown incredible adaptability in recent years and has become an integral part of human life. The proliferation of IoT technology has made IoT devices more prone to severe security threats, such as Distributed Denial of Service (DDoS) attacks, which are dangerous threats to public systems and networks. Further, the frequency and complexity of IoT traffic-based DDoS attacks are increasing year-by-year. This article proposes an IoT traffic-based DDoS attack detection approach for classifying incoming IoT network traffic into 11 classes using multiclass machine learning techniques. The proposed approach comprises two phases: (i) designing and (ii) detection. In the designing phase, we employ the embedded feature reduction technique to create cost-effective and efficient classification models with a high feature reduction rate. Further, we evaluate these models using the K-fold cross-validation technique. While in the detection phase, we evaluate the performance of an efficient model by executing four different IoT traffic-based scenarios. A publicly available Bot-IoT dataset is employed to design and validate the proposed multiclass classification approach. The results show that the proposed approach provides an 84.4% feature reduction rate and approximately 5.19% higher classification accuracy than the existing approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Data availability

Data available in a public (Cyber Range Lab of UNSW Canberra, UNSW Sydney, Bot-IoT dataset) repository that issues datasets with DOIs (https://research.unsw.edu.au/projects/bot-iot-dataset)

References

  1. Ahmed, S., Kalsoom, T., Ramzan, N., Pervez, Z., Azmat, M., Zeb, B., Ur Rehman, M.: Towards supply chain visibility using internet of things: a dyadic analysis review. Sensors 21(12), 4158 (2021)

    Article  Google Scholar 

  2. Vaidian, I., Azmat, M., Kummer, S.: Impact of internet of things on urban mobility. (2019)

  3. Kott, A., Swami, A., West, B.J.: The internet of battle things. Computer 49(12), 70–75 (2016)

    Article  Google Scholar 

  4. Sinha, S.: Number of connected iot devices 2021. https://iot-analytics.com/number-connected-iot-devices/. (2021)

  5. Vailshery, L.S.: Global iot end-user spending worldwide 2017–2025. https://www.statista.com/statistics/976313/global-iot-market-size/. (2021)

  6. Ashton, K.: That ‘internet of things’ thing. RFID J. 22(7), 97–114 (2009)

    Google Scholar 

  7. Hazman, C., Guezzaz, A., Benkirane, S., Azrour, M.: lids-sioel: intrusion detection framework for iot-based smart environments security using ensemble learning. Clust. Comput. (2022). https://doi.org/10.1007/s10586-022-03810-0

    Article  Google Scholar 

  8. Badotra, S., Panda, S.N.: Snort based early DDOS detection system using opendaylight and open networking operating system in software defined networking. Clust. Comput. 24(1), 501–513 (2021)

    Article  Google Scholar 

  9. Vishwakarma, R., Jain, A.K.: A survey of DDOS attacking techniques and defence mechanisms in the IoT network. Telecommun. Syst. 73(1), 3–25 (2020)

    Article  Google Scholar 

  10. Crowdstrike: What is a botnet? https://www.crowdstrike.com/cybersecurity-101/botnets/. (2022)

  11. Somapa, S., Cools, M., Dullaert, W.: Characterizing supply chain visibility—a literature review. Int. J. Log. Manag. (2018)

  12. Haddud, A., DeSouza, A., Khare, A., Lee, H.: Examining potential benefits and challenges associated with the internet of things integration in supply chains. J. Manuf. Technol. Manag. (2017)

  13. Mahdavi Hezavehi, S., Rahmani, R.: An anomaly-based framework for mitigating effects of DDOS attacks using a third party auditor in cloud computing environments. Clust. Comput. 23(4), 2609–2627 (2020)

    Article  Google Scholar 

  14. Patil, N.V., Rama Krishna, C., Kumar, K.: Distributed frameworks for detecting distributed denial of service attacks: a comprehensive review, challenges and future directions. Concurrency Comput. 33(10), e6197 (2021)

    Article  Google Scholar 

  15. Omer Yoachimik, V.G.: Ddos attack trends for q4 2021. https://blog.cloudflare.com/ddos-attack-trends-for-2021-q4 (2022)

  16. Alsop, T.: Global internet of things security spending 2016–2021. https://www.statista.com/statistics/543089/iot-security-spending-worldwide/. (2020)

  17. D’Angelo, G., Castiglione, A., Palmieri, F.: A cluster-based multidimensional approach for detecting attacks on connected vehicles. IEEE Internet Things J. 8(16), 12 518-12 527 (2020)

    Article  Google Scholar 

  18. Cisco: Cisco visual networking index (vni) global mobile data traffic forecast update, 2017–2022. Cisco Systems Inc., San Jose, CA, USA, 2019 (2020)

  19. Mukhopadhyay, S.C., Suryadevara, N.K.: Internet of things: Challenges and opportunities. Internet of Things. Springer, pp. 1–17 (2014)

  20. Patil, N.V., Krishna, C.R., Kumar, K.: Apache hadoop based distributed denial of service detection framework. Int. Conf. Infor. Commun. Comput. Techno. Springer, pp. 25–35 (2019)

  21. Patil, N.V., Krishna, C.R., Kumar, K., Behal, S.: E-had: A distributed and collaborative detection framework for early detection of DDOS attacks. J. King Saud Univ.-Comput. Inform. Sci. (2019)

  22. Patil, N.V., Rama Krishna, C., Kumar, K.: S-DDOS: Apache spark based real-time DDOS detection system. J. Intell. Fuzzy Syst. pp. 1–9 (2020)

  23. Patil, N.V., Krishna, C.R., Kumar, K.: Ks-DDOS: Kafka streams-based classification approach for DDOS attacks. J. Supercomput. pp. 1–31 (2022)

  24. Patil, N.V., Krishna, C.R., Saluja, K.K.: Ssk-DDOS: distributed stream processing framework based classification system for DDOS attacks. Clust. Comput. pp. 1–18 (2022)

  25. Jemili, F.: Intelligent intrusion detection based on fuzzy big data classification. Clust. Comput. pp. 1–18 (2022)

  26. Patil, N.V., Krishna, C.R., Kumar, K.: Ss-DDOS: Spark-Based DDOS Attacks Classification Approach. Security and Resilience of Cyber Physical Systems, pp. 81–90. Chapman and Hall/CRC, Boca Raton (2022)

    Google Scholar 

  27. Naveed, K.: N-BAIOT dataset to detect IoT botnet attacks. https://www.kaggle.com/mkashifn/nbaiot-dataset/ (2020)

  28. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the kdd cup 99 data set. In: IEEE symposium on computational intelligence for security and defense applications. IEEE, vol. 2009, pp. 1–6 (2009)

  29. Moustafa, N., Slay, J.: Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: Military communications and information systems conference (MilCIS). IEEE, vol. 2015, pp. 1–6 (2015)

  30. Koroniotis, N., Moustafa, N., Sitnikova, E., Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Gener. Comput. Syst. 100, 779–796 (2019)

    Article  Google Scholar 

  31. Kim, J., Shin, N., Jo, S.Y., Kim, S.H.: Method of intrusion detection using deep neural network. In: IEEE international conference on big data and smart computing (BigComp). IEEE, vol. 2017, pp. 313–316 (2017)

  32. Meidan, Y., Bohadana, M., Mathov, Y., Mirsky, Y., Shabtai, A., Breitenbacher, D., Elovici, Y.: N-baiot-network-based detection of IoT botnet attacks using deep autoencoders. IEEE Pervasive Comput. 17(3), 12–22 (2018)

    Article  Google Scholar 

  33. Yang, Y., Zheng, K., Wu, C., Yang, Y.: Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network. Sensors 19(11), 2528 (2019)

    Article  Google Scholar 

  34. Parra, G.D.L.T., Rad, P., Choo, K.-K.R., Beebe, N.: Detecting internet of things attacks using distributed deep learning. J. Netw. Comput. Appl. 163, 102662 (2020)

    Article  Google Scholar 

  35. Alkadi, O., Moustafa, N., Turnbull, B., Choo, K.-K.R.: A deep blockchain framework-enabled collaborative intrusion detection for protecting iot and cloud networks. IEEE Internet Things J. 8(12), 9463–9472 (2020)

    Article  Google Scholar 

  36. Shafiq, M., Tian, Z., Bashir, A.K., Du, X., Guizani, M.: Corrauc: a malicious bot-iot traffic detection method in iot network using machine learning techniques. IEEE Internet Things J. (2020)

  37. Soe, Y.N., Feng, Y., Santosa, P.I., Hartanto, R., Sakurai, K.: Machine learning-based iot-botnet attack detection with sequential architecture. Sensors 20(16), 4372 (2020)

    Article  Google Scholar 

  38. Ahmad, M., Riaz, Q., Zeeshan, M., Tahir, H., Haider, S.A., Khan, M.S.: Intrusion detection in internet of things using supervised machine learning based on application and transport layer features using unsw-nb15 data-set. EURASIP J. Wirel. Commun. Netw. 2021(1), 1–23 (2021)

    Article  Google Scholar 

  39. Alkahtani, H., Aldhyani, T.H.: Botnet attack detection by using cnn-lstm model for internet of things applications. Secur. Commun. Netw. vol. 2021 (2021)

  40. Larriva-Novo, X., Villagrá, V.A., Vega-Barbas, M., Rivera, D., Sanz Rodrigo, M.: An IoT-focused intrusion detection system approach based on preprocessing characterization for cybersecurity datasets. Sensors 21(2), 656 (2021)

    Article  Google Scholar 

  41. Churcher, A., Ullah, R., Ahmad, J., Ur Rehman, S., Masood, F., Gogate, M., Alqahtani, F., Nour, B., Buchanan, W.J.: An experimental analysis of attack classification using machine learning in iot networks. Sensors 21(2), 446 (2021)

    Article  Google Scholar 

  42. Popoola, S.I., Adebisi, B., Ande, R., Hammoudeh, M., Anoh, K., Atayero, A.A.: SMOTE-DRNN: a deep learning algorithm for botnet detection in the internet-of-things networks. Sensors 21(9), 2985 (2021)

    Article  Google Scholar 

  43. Zeeshan, M., Riaz, Q., Bilal, M.A., Shahzad, M.K., Jabeen, H., Haider, S.A., Rahim, A.: Protocol-based deep intrusion detection for dos and DDOS attacks using unsw-nb15 and bot-iot data-sets. IEEE Access 10, 2269–2283 (2021)

    Article  Google Scholar 

  44. Apostol, I., Preda, M., Nila, C., Bica, I.: Iot botnet anomaly detection using unsupervised deep learning. Electronics 10(16), 1876 (2021)

    Article  Google Scholar 

  45. Hezam, A.A., Mostafa, S.A., Baharum, Z., Alanda, A., Salikon, M.Z.: Combining deep learning models for enhancing the detection of botnet attacks in multiple sensors internet of things networks. JOIV 5(4), 380–387 (2021)

    Article  Google Scholar 

  46. Latif, S., Zou, Z., Idrees, Z., Ahmad, J.: A novel attack detection scheme for the industrial internet of things using a lightweight random neural network. IEEE Access 8, 89 337-89 350 (2020)

    Article  Google Scholar 

  47. Gaur, V., Kumar, R.: Analysis of machine learning classifiers for early detection of DDOS attacks on iot devices. Arab. J. Sci. Eng. 47(2), 1353–1374 (2022)

    Article  Google Scholar 

  48. Gupta, B., Chaudhary, P., Chang, X., Nedjah, N.: Smart defense against distributed denial of service attack in iot networks using supervised learning classifiers. Comput. Electr. Eng. 98, 107726 (2022)

    Article  Google Scholar 

  49. Adefemi Alimi, K.O., Ouahada, K., Abu-Mahfouz, A.M., Rimer, S., Alimi, O.A.: Refined lstm based intrusion detection for denial-of-service attack in internet of things. J. Sens. Actuator Netw. 11(3), 32 (2022)

    Article  Google Scholar 

  50. Moustafa, N.: The bot-iot dataset. (2019) https://doi.org/10.21227/r7v2-x988

  51. D’Angelo, G., Palmieri, F.: Network traffic classification using deep convolutional recurrent autoencoder neural networks for spatial-temporal features extraction. J. Netw. Comput. Appl. 173, 102890 (2021)

    Article  Google Scholar 

  52. D’Angelo, G., Palmieri, F., Robustelli, A., Castiglione, A.: Effective classification of android malware families through dynamic features and neural networks. Connect. Sci. 33(3), 786–801 (2021)

    Article  Google Scholar 

  53. Ibitoye, O., Shafiq, O., Matrawy, A.: Analyzing adversarial attacks against deep learning for intrusion detection in iot networks. In: 2019 IEEE global communications conference (GLOBECOM). IEEE pp. 1–6 (2019)

  54. Ge, M., Syed, N.F., Fu, X., Baig, Z., Robles-Kelly, A.: Towards a deep learning-driven intrusion detection approach for internet of things. Comput. Netw. 186, 107784 (2021)

    Article  Google Scholar 

Download references

Funding

No funding was received for this work.

Author information

Authors and Affiliations

  1. Computer Science & Engineering, National Institute of Technical Teachers Training & Research, Chandigarh, Panjab University, Chandigarh, India

    Praveen Shukla & C. Rama Krishna

  2. Computer Engineering, Government Polytechnic, Ahmednagar, Maharashtra, India

    Nilesh Vishwasrao Patil

Authors
  1. Praveen Shukla
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. C. Rama Krishna
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nilesh Vishwasrao Patil
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nilesh Vishwasrao Patil.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shukla, P., Krishna, C.R. & Patil, N.V. EIoT-DDoS: embedded classification approach for IoT traffic-based DDoS attacks. Cluster Comput 27, 1471–1490 (2024). https://doi.org/10.1007/s10586-023-04027-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-023-04027-5

Keywords

Search

Navigation