Abstract
The Internet of Things (IoT) has shown incredible adaptability in recent years and has become an integral part of human life. The proliferation of IoT technology has made IoT devices more prone to severe security threats, such as Distributed Denial of Service (DDoS) attacks, which are dangerous threats to public systems and networks. Further, the frequency and complexity of IoT traffic-based DDoS attacks are increasing year-by-year. This article proposes an IoT traffic-based DDoS attack detection approach for classifying incoming IoT network traffic into 11 classes using multiclass machine learning techniques. The proposed approach comprises two phases: (i) designing and (ii) detection. In the designing phase, we employ the embedded feature reduction technique to create cost-effective and efficient classification models with a high feature reduction rate. Further, we evaluate these models using the K-fold cross-validation technique. While in the detection phase, we evaluate the performance of an efficient model by executing four different IoT traffic-based scenarios. A publicly available Bot-IoT dataset is employed to design and validate the proposed multiclass classification approach. The results show that the proposed approach provides an 84.4% feature reduction rate and approximately 5.19% higher classification accuracy than the existing approaches.
Similar content being viewed by others
Data availability
Data available in a public (Cyber Range Lab of UNSW Canberra, UNSW Sydney, Bot-IoT dataset) repository that issues datasets with DOIs (https://research.unsw.edu.au/projects/bot-iot-dataset)
References
Ahmed, S., Kalsoom, T., Ramzan, N., Pervez, Z., Azmat, M., Zeb, B., Ur Rehman, M.: Towards supply chain visibility using internet of things: a dyadic analysis review. Sensors 21(12), 4158 (2021)
Vaidian, I., Azmat, M., Kummer, S.: Impact of internet of things on urban mobility. (2019)
Kott, A., Swami, A., West, B.J.: The internet of battle things. Computer 49(12), 70–75 (2016)
Sinha, S.: Number of connected iot devices 2021. https://iot-analytics.com/number-connected-iot-devices/. (2021)
Vailshery, L.S.: Global iot end-user spending worldwide 2017–2025. https://www.statista.com/statistics/976313/global-iot-market-size/. (2021)
Ashton, K.: That ‘internet of things’ thing. RFID J. 22(7), 97–114 (2009)
Hazman, C., Guezzaz, A., Benkirane, S., Azrour, M.: lids-sioel: intrusion detection framework for iot-based smart environments security using ensemble learning. Clust. Comput. (2022). https://doi.org/10.1007/s10586-022-03810-0
Badotra, S., Panda, S.N.: Snort based early DDOS detection system using opendaylight and open networking operating system in software defined networking. Clust. Comput. 24(1), 501–513 (2021)
Vishwakarma, R., Jain, A.K.: A survey of DDOS attacking techniques and defence mechanisms in the IoT network. Telecommun. Syst. 73(1), 3–25 (2020)
Crowdstrike: What is a botnet? https://www.crowdstrike.com/cybersecurity-101/botnets/. (2022)
Somapa, S., Cools, M., Dullaert, W.: Characterizing supply chain visibility—a literature review. Int. J. Log. Manag. (2018)
Haddud, A., DeSouza, A., Khare, A., Lee, H.: Examining potential benefits and challenges associated with the internet of things integration in supply chains. J. Manuf. Technol. Manag. (2017)
Mahdavi Hezavehi, S., Rahmani, R.: An anomaly-based framework for mitigating effects of DDOS attacks using a third party auditor in cloud computing environments. Clust. Comput. 23(4), 2609–2627 (2020)
Patil, N.V., Rama Krishna, C., Kumar, K.: Distributed frameworks for detecting distributed denial of service attacks: a comprehensive review, challenges and future directions. Concurrency Comput. 33(10), e6197 (2021)
Omer Yoachimik, V.G.: Ddos attack trends for q4 2021. https://blog.cloudflare.com/ddos-attack-trends-for-2021-q4 (2022)
Alsop, T.: Global internet of things security spending 2016–2021. https://www.statista.com/statistics/543089/iot-security-spending-worldwide/. (2020)
D’Angelo, G., Castiglione, A., Palmieri, F.: A cluster-based multidimensional approach for detecting attacks on connected vehicles. IEEE Internet Things J. 8(16), 12 518-12 527 (2020)
Cisco: Cisco visual networking index (vni) global mobile data traffic forecast update, 2017–2022. Cisco Systems Inc., San Jose, CA, USA, 2019 (2020)
Mukhopadhyay, S.C., Suryadevara, N.K.: Internet of things: Challenges and opportunities. Internet of Things. Springer, pp. 1–17 (2014)
Patil, N.V., Krishna, C.R., Kumar, K.: Apache hadoop based distributed denial of service detection framework. Int. Conf. Infor. Commun. Comput. Techno. Springer, pp. 25–35 (2019)
Patil, N.V., Krishna, C.R., Kumar, K., Behal, S.: E-had: A distributed and collaborative detection framework for early detection of DDOS attacks. J. King Saud Univ.-Comput. Inform. Sci. (2019)
Patil, N.V., Rama Krishna, C., Kumar, K.: S-DDOS: Apache spark based real-time DDOS detection system. J. Intell. Fuzzy Syst. pp. 1–9 (2020)
Patil, N.V., Krishna, C.R., Kumar, K.: Ks-DDOS: Kafka streams-based classification approach for DDOS attacks. J. Supercomput. pp. 1–31 (2022)
Patil, N.V., Krishna, C.R., Saluja, K.K.: Ssk-DDOS: distributed stream processing framework based classification system for DDOS attacks. Clust. Comput. pp. 1–18 (2022)
Jemili, F.: Intelligent intrusion detection based on fuzzy big data classification. Clust. Comput. pp. 1–18 (2022)
Patil, N.V., Krishna, C.R., Kumar, K.: Ss-DDOS: Spark-Based DDOS Attacks Classification Approach. Security and Resilience of Cyber Physical Systems, pp. 81–90. Chapman and Hall/CRC, Boca Raton (2022)
Naveed, K.: N-BAIOT dataset to detect IoT botnet attacks. https://www.kaggle.com/mkashifn/nbaiot-dataset/ (2020)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the kdd cup 99 data set. In: IEEE symposium on computational intelligence for security and defense applications. IEEE, vol. 2009, pp. 1–6 (2009)
Moustafa, N., Slay, J.: Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: Military communications and information systems conference (MilCIS). IEEE, vol. 2015, pp. 1–6 (2015)
Koroniotis, N., Moustafa, N., Sitnikova, E., Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Gener. Comput. Syst. 100, 779–796 (2019)
Kim, J., Shin, N., Jo, S.Y., Kim, S.H.: Method of intrusion detection using deep neural network. In: IEEE international conference on big data and smart computing (BigComp). IEEE, vol. 2017, pp. 313–316 (2017)
Meidan, Y., Bohadana, M., Mathov, Y., Mirsky, Y., Shabtai, A., Breitenbacher, D., Elovici, Y.: N-baiot-network-based detection of IoT botnet attacks using deep autoencoders. IEEE Pervasive Comput. 17(3), 12–22 (2018)
Yang, Y., Zheng, K., Wu, C., Yang, Y.: Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network. Sensors 19(11), 2528 (2019)
Parra, G.D.L.T., Rad, P., Choo, K.-K.R., Beebe, N.: Detecting internet of things attacks using distributed deep learning. J. Netw. Comput. Appl. 163, 102662 (2020)
Alkadi, O., Moustafa, N., Turnbull, B., Choo, K.-K.R.: A deep blockchain framework-enabled collaborative intrusion detection for protecting iot and cloud networks. IEEE Internet Things J. 8(12), 9463–9472 (2020)
Shafiq, M., Tian, Z., Bashir, A.K., Du, X., Guizani, M.: Corrauc: a malicious bot-iot traffic detection method in iot network using machine learning techniques. IEEE Internet Things J. (2020)
Soe, Y.N., Feng, Y., Santosa, P.I., Hartanto, R., Sakurai, K.: Machine learning-based iot-botnet attack detection with sequential architecture. Sensors 20(16), 4372 (2020)
Ahmad, M., Riaz, Q., Zeeshan, M., Tahir, H., Haider, S.A., Khan, M.S.: Intrusion detection in internet of things using supervised machine learning based on application and transport layer features using unsw-nb15 data-set. EURASIP J. Wirel. Commun. Netw. 2021(1), 1–23 (2021)
Alkahtani, H., Aldhyani, T.H.: Botnet attack detection by using cnn-lstm model for internet of things applications. Secur. Commun. Netw. vol. 2021 (2021)
Larriva-Novo, X., Villagrá, V.A., Vega-Barbas, M., Rivera, D., Sanz Rodrigo, M.: An IoT-focused intrusion detection system approach based on preprocessing characterization for cybersecurity datasets. Sensors 21(2), 656 (2021)
Churcher, A., Ullah, R., Ahmad, J., Ur Rehman, S., Masood, F., Gogate, M., Alqahtani, F., Nour, B., Buchanan, W.J.: An experimental analysis of attack classification using machine learning in iot networks. Sensors 21(2), 446 (2021)
Popoola, S.I., Adebisi, B., Ande, R., Hammoudeh, M., Anoh, K., Atayero, A.A.: SMOTE-DRNN: a deep learning algorithm for botnet detection in the internet-of-things networks. Sensors 21(9), 2985 (2021)
Zeeshan, M., Riaz, Q., Bilal, M.A., Shahzad, M.K., Jabeen, H., Haider, S.A., Rahim, A.: Protocol-based deep intrusion detection for dos and DDOS attacks using unsw-nb15 and bot-iot data-sets. IEEE Access 10, 2269–2283 (2021)
Apostol, I., Preda, M., Nila, C., Bica, I.: Iot botnet anomaly detection using unsupervised deep learning. Electronics 10(16), 1876 (2021)
Hezam, A.A., Mostafa, S.A., Baharum, Z., Alanda, A., Salikon, M.Z.: Combining deep learning models for enhancing the detection of botnet attacks in multiple sensors internet of things networks. JOIV 5(4), 380–387 (2021)
Latif, S., Zou, Z., Idrees, Z., Ahmad, J.: A novel attack detection scheme for the industrial internet of things using a lightweight random neural network. IEEE Access 8, 89 337-89 350 (2020)
Gaur, V., Kumar, R.: Analysis of machine learning classifiers for early detection of DDOS attacks on iot devices. Arab. J. Sci. Eng. 47(2), 1353–1374 (2022)
Gupta, B., Chaudhary, P., Chang, X., Nedjah, N.: Smart defense against distributed denial of service attack in iot networks using supervised learning classifiers. Comput. Electr. Eng. 98, 107726 (2022)
Adefemi Alimi, K.O., Ouahada, K., Abu-Mahfouz, A.M., Rimer, S., Alimi, O.A.: Refined lstm based intrusion detection for denial-of-service attack in internet of things. J. Sens. Actuator Netw. 11(3), 32 (2022)
Moustafa, N.: The bot-iot dataset. (2019) https://doi.org/10.21227/r7v2-x988
D’Angelo, G., Palmieri, F.: Network traffic classification using deep convolutional recurrent autoencoder neural networks for spatial-temporal features extraction. J. Netw. Comput. Appl. 173, 102890 (2021)
D’Angelo, G., Palmieri, F., Robustelli, A., Castiglione, A.: Effective classification of android malware families through dynamic features and neural networks. Connect. Sci. 33(3), 786–801 (2021)
Ibitoye, O., Shafiq, O., Matrawy, A.: Analyzing adversarial attacks against deep learning for intrusion detection in iot networks. In: 2019 IEEE global communications conference (GLOBECOM). IEEE pp. 1–6 (2019)
Ge, M., Syed, N.F., Fu, X., Baig, Z., Robles-Kelly, A.: Towards a deep learning-driven intrusion detection approach for internet of things. Comput. Netw. 186, 107784 (2021)
Funding
No funding was received for this work.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Shukla, P., Krishna, C.R. & Patil, N.V. EIoT-DDoS: embedded classification approach for IoT traffic-based DDoS attacks. Cluster Comput 27, 1471–1490 (2024). https://doi.org/10.1007/s10586-023-04027-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-023-04027-5