Skip to content
BY 4.0 license Open Access Published by De Gruyter Open Access August 3, 2020

Distributed Denial-of-Service Prediction on IoT Framework by Learning Techniques

  • Shubhra Dwivedi EMAIL logo , Manu Vardhan and Sarsij Tripathi
From the journal Open Computer Science

Abstract

Distributed denial-of-service (DDoS) attacks on the Internet of Things (IoT) pose a serious threat to several web-based networks. The intruder’s ability to deal with the power of various cooperating devices to instigate an attack makes its administration even more multifaceted. This complexity can be further increased while lots of intruders attempt to overload an attack against a device. To counter and defend against modern DDoS attacks, several effective and powerful techniques have been used in the literature, such as data mining and artificial intelligence for the intrusion detection system (IDS), but they have some limitations. To overcome the existing limitations, in this study, we propose an intrusion detection mechanism that is an integration of a filter-based selection technique and a machine learning algorithm, called information gain-based intrusion detection system (IGIDS). In addition, IGIDS selects the most relevant features from the original IDS datasets that can help to distinguish typical low-speed DDoS attacks and, then, the selected features are passed on to the classifiers, i.e. support vector machine (SVM), decision tree (C4.5), naïve Bayes (NB) and multilayer perceptron (MLP) to detect attacks. The publicly available datasets as KDD Cup 99, CAIDA DDOS Attack 2007, CONFICKER worm, and UNINA traffic traces, are used for our experimental study. From the results of the simulation, it is clear that IGIDS with C4.5 acquires high detection and accuracy with a low false-positive rate.

References

[1] Buczak A., and Guven E., A survey of data mining and machine learning methods for cyber security intrusion detection, IEEE Commun Surv Tutorials, 2015, 18(2), 1153–7510.1109/COMST.2015.2494502Search in Google Scholar

[2] Chaabouni N., Mosbah M., Zemmari A., Sauvignac C., Faruki P., Network Intrusion Detection for IoT Security Based on Learning Techniques, IEEE Commun Surv Tutorials, 2019, 21(3), 2671–70110.1109/COMST.2019.2896380Search in Google Scholar

[3] Zargar S.T., Joshi J., Tipper D., A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks, IEEE Commun. Surv. Tutorials, 2013, 15, 2046–206910.1109/SURV.2013.031413.00127Search in Google Scholar

[4] Sagar K., Sanjaya S., Panda K., and Sahoo S. Toward secure software-defined networks against distributed denial of service attack, The Journal of Supercomputing, 2019, 1-46Search in Google Scholar

[5] Praseed A., Santhi Thilagam P., DDoS attacks at the application layer: Challenges and research perspectives for safeguarding web applications, IEEE Commun Surv Tutorials, 2019, 21(1), 661–8510.1109/COMST.2018.2870658Search in Google Scholar

[6] Daniel Marcillo Lara P., Alejandro Maldonado-Ruiz D., Daniel Arrais Díaz S., Isabel Barona López L., Leonardo Valdivieso Caraguay Á., Trends on Computer Security: Cryptography, User Authentication, Denial of Service and Intrusion Detection, ArXiv e-prints, 2019Search in Google Scholar

[7] Toledo A.L., Wang X., Robust detection of MAC layer denial-of-service attacks in CSMA/CA wireless networks, IEEE Trans Inf Forensics Secur, 2008, 3(3), 347–5810.1109/TIFS.2008.926098Search in Google Scholar

[8] Sahoo K.S., Puthal D., Tiwary M., Rodrigues J.J.P.C., Sahoo B., and Dash R., An Early Detection of Low Rate DDoS Attack to SDN Based Data Center Networks using Information Distance Metrics, Futur. Gener. Comput. Syst., 201810.1016/j.future.2018.07.017Search in Google Scholar

[9] Shukla A.K., Identification of cancerous gene groups from microarray data by employing adaptive genetic and support vector machine technique, Comput Intell., 2019, 1–3010.1111/coin.12245Search in Google Scholar

[10] Shukla A.K., Tripathi D., Reddy B.R., Chandramohan D., A study on metaheuristics approaches for gene selection in microarray data: algorithms, applications and open challenges, Evol. Intell, 2019, 1-2110.1007/s12065-019-00306-6Search in Google Scholar

[11] Shukla A.K., Singh P., Vardhan M., A new hybrid wrapper TLBO and SA with SVM approach for gene expression data, Information Sciences, 2019, 503, 238-25410.1016/j.ins.2019.06.063Search in Google Scholar

[12] Bhuvaneswari B.A., Selvakumar S., Deep Radial Intelligence with Cumulative Incarnation approach for detecting Denial of Service attacks, Neurocomputing, 2019, 340, 294–30810.1016/j.neucom.2019.02.047Search in Google Scholar

[13] Singh K.J., Thongam K., De T., Detection and differentiation of application layer DDoS attack from flash events using fuzzy-GA computation, IET Inf Secur, 2018, 12(6), 502–1210.1049/iet-ifs.2017.0500Search in Google Scholar

[14] Lee S.J., Xu Z., Li T., Yang Y., A novel bagging C4.5 algorithm based on wrapper feature selection for supporting wise clinical decision making, J Biomed Inform, 2018, 78, 144–5510.1016/j.jbi.2017.11.005Search in Google Scholar PubMed

[15] Nakano M., Takahashi A., Takahashi S., Fuzzy logic-based portfolio selection with particle filtering and anomaly detection, Knowledge-Based Syst, 2017, 131, 113–2410.1016/j.knosys.2017.06.006Search in Google Scholar

[16] Wang W., He Y., Liu J., Gombault S., Constructing important features from massive network traflc for lightweight intrusion detection, IET Inf Secur, 2015, 9(6), 374–910.1049/iet-ifs.2014.0353Search in Google Scholar

[17] Arun Raj Kumar P., Selvakumar S., Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems, Comput Commun, 2013, 36(3), 303–1910.1016/j.comcom.2012.09.010Search in Google Scholar

[18] Selvakumar B., Muneeswaran K., Firefly algorithm based Feature Selection for Network Intrusion Detection, Comput Secur, 2018Search in Google Scholar

[19] Shukla A.K., Singh P., Vardhan M., A hybrid framework for optimal feature subset selection, Journal of Intelligent & Fuzzy Systems, 2019, 36, 2247-225910.3233/JIFS-169936Search in Google Scholar

[20] Bojović P.D., Bašičević I., Ocovaj S., Popović M., A practical approach to detection of distributed denial-of-service attacks using a hybrid detection method, Comput Electr Eng, 2019, 73, 84–9610.1016/j.compeleceng.2018.11.004Search in Google Scholar

[21] Kumar P.A.R., Selvakumar S., Distributed denial of service attack detection using an ensemble of neural classifier. Comput Commun, 2011, 34(11), 1328–4110.1016/j.comcom.2011.01.012Search in Google Scholar

[22] Al-garadi M.A., Mohamed A., Al-ali A., Du X., Guizani M., A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security, arXiv Prepr, 2018, 1–42Search in Google Scholar

[23] Tan Z., Jamdagni A., He X., Nanda P., Liu RP., A system for denial-of-service attack detection based on multivariate correlation analysis, IEEE Trans Parallel Distrib Syst, 2014, 25(2), 447–5610.1109/TPDS.2013.146Search in Google Scholar

[24] Cui J., Wang M., Luo Y., Zhong H., DDoS detection and defense mechanism based on cognitive-inspired computing in SDN, Futur Gener Comput Syst, 2019, 97, 275–8310.1016/j.future.2019.02.037Search in Google Scholar

[25] Osanaiye O., Cai H., Choo K.R., Dehghantanha A., Xu Z., Dlodlo M., Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing, J Wirel Commun Netw, 201610.1186/s13638-016-0623-3Search in Google Scholar

[26] Prasad K.M., Reddy A.R.M. Rao K.V., BARTD: Bio-inspired anomaly based real time detection of under rated App-DDoS attack on web, J King Saud Univ - Comput Inf Sci, 2017Search in Google Scholar

[27] Gavrilis D., Dermatas E., Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features, Comput Networks, 2005, 48(2), 235–4510.1016/j.comnet.2004.08.014Search in Google Scholar

[28] Du D., Li X., Li W., Chen R., Fei M., Wu L., ADMM-Based Distributed State Estimation of Smart Grid Under Data Deception and Denial of Service Attacks, IEEE Trans Syst Man Cybern Syst, 2019, 49(8), 1–1410.1109/TSMC.2019.2896292Search in Google Scholar

[29] Dwivedi S., Vardhan M., Tripathi S., Kumar A., Implementation of adaptive scheme in evolutionary technique for anomaly-based intrusion detection, Evol Intell, 2020, 13(1), 103–1710.1007/s12065-019-00293-8Search in Google Scholar

[30] Shukla A.K., Building Effective Approach Toward Intrusion Detection Framework : Using Ensemble Feature Selection, Int J Inf Secur Priv, 2019, 13(3), 31–4710.4018/IJISP.201907010102Search in Google Scholar

[31] Farid D.M., Zhang L., Rahman C.M., Hossain M.A., Strachan R., Hybrid decision tree and naïve Bayes classifiers for multi-class classification tasks,Expert Syst Appl, 2014, 41(4), 1937–4610.1016/j.eswa.2013.08.089Search in Google Scholar

[32] Tan Z., Detection of Denial-of-Service Attacks Based on Computer Vision Techniques, IEEE Trans Comput, 2013, 64, 1–14Search in Google Scholar

Received: 2019-09-21
Accepted: 2020-01-02
Published Online: 2020-08-03

© 2020 Shubhra Dwivedi et al., published by De Gruyter

This work is licensed under the Creative Commons Attribution 4.0 International License.

Downloaded on 29.3.2024 from https://www.degruyter.com/document/doi/10.1515/comp-2020-0009/html
Scroll to top button