Machine Learning-based Detection of DoS and DRDoS Attacks in IoT Networks (IoT 네트워크 상의 머신러닝 기반 DoS 및 DRDoS 탐지연구)

Seung-Yeon Yeo (여승연); So-Young Jo (조소영); Jiyeon Kim (김지연)

doi:10.9708/jksci.2022.27.07.101

Machine Learning-based Detection of DoS and DRDoS Attacks in IoT Networks

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2022, 27(7), pp.101-108
DOI : 10.9708/jksci.2022.27.07.101
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : June 14, 2022
Accepted : July 21, 2022
Published : July 29, 2022

Seung-Yeon Yeo ¹, So-Young Jo ¹, Jiyeon Kim ²

¹서울여자대학교
²대구대학교

Accredited

ABSTRACT

We propose an intrusion detection model that detects denial-of-service(DoS) and distributed reflection denial-of-service(DRDoS) attacks, based on the empirical data of each internet of things(IoT) device by training system and network metrics that can be commonly collected from various IoT devices. First, we collect 37 system and network metrics from each IoT device considering IoT attack scenarios; further, we train them using six types of machine learning models to identify the most effective machine learning models as well as important metrics in detecting and distinguishing IoT attacks. Our experimental results show that the Random Forest model has the best performance with accuracy of over 96%, followed by the K-Nearest Neighbor model and Decision Tree model. Of the 37 metrics, we identified five types of CPU, memory, and network metrics that best imply the characteristics of the attacks in all the experimental scenarios. Furthermore, we found out that packets with higher transmission speeds than larger size packets represent the characteristics of DoS and DRDoS attacks more clearly in IoT networks.

KEYWORDS

Internet of Things, Intrusion Detection, Machine Learning, Denial of Service, Distributed Reflection Denial of Service

Citation status

* References for papers published after 2023 are currently being built.

[journal] Patel Keyur / 2016 / Internet of Things-IOT: Definition, Characteristics, Architecture, Enabling Technologies, Application & Future Challenges / IJESC 6(5)

[web] Knud Lasse Lueth / State of the IoT 2020: 12 billion IoT connections, surpassing non-IoT for the first time / https://iot-analytics.com/state-of-the-iot-2020-12-billion-iot-connections-surpassing-non-iotfor-the-first-time

[web] Paloaltonetworks / 2020 / 2020 Unit 42 IoT Threat Report / https://unit42.paloaltonetworks.com/iot-threat-report-2020

[web] IoTnews / 2021 / Kaspersky: Attacks on IoT devices double in a year / https://www.iottechnews.com/news/2021/sep/07/kaspersky-attacks-on-iot-devices-double-in-a-year

[web] / KDD Cup 1999 Data / http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

[web] / NSL-KDD dataset / https://www.unb.ca/cic/datasets/nsl.html

[web] / FrancoisXA, DS2OS traffic traces / https://www.kaggle.com/francoisxa/ds2ostraffictraces

[journal] Koroniotis Nickolaos / 2019 / Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset / Future Generation Computer Systems 100 : 779~796

[web] Sebastian Garcia / IoT-23: A labeled dataset with malicious and benign IoT network traffic / https://www.stratosphereips.org/blog/2020/1/22/aposematiot-23-a-labeled-dataset-with-malicious-and-benign-iot-network-traffic

[journal] Damasevicius Robertas / 2020 / LITNET-2020: An Annotated Real-World Network Flow Dataset for Network Intrusion Detection / Electronics 9(5)

[journal] Ullah Imtiaz / 2020 / A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks / Advances in Artificial Intelligence : 508~520

[journal] Booij Tim / 2022 / ToN_IoT: The Role of Heterogeneity and the Need for Standardization of Features and Attack Types in IoT Network Intrusion Datasets / IEEE Internet of Things Journal 9(1) : 485~496

[journal] Strecker Sam / 2021 / A Modern Analysis of Aging Machine Learning Based IoT Cybersecurity Methods / Journal of Computer Sciences and Applications 9(1) : 16~22

[other] Nicolas-Alin Stoian / 2020 / Machine Learning for Anomaly Detection in IoT networks: Malware analysis on the IoT-23 Data set

[journal] Islam Nahida / 2021 / Towards Machine Learning Based Intrusion Detection in IoT Networks / Computers, Materials and Continua 69(2) : 1801~1821

[journal] Raneem Qaddoura / 2021 / A Multi-Layer Classification Approach for Intrusion Detection in IoT Networks Based on Deep Learning / Sensors 21(9)

[journal] Hasan Alkahtani / 2021 / Intrusion Detection System to Advance Internet of Things Infrastructure-Based Deep Learning Algorithms / Complexity 2021(3)

[journal] Shahin Rawan / 2022 / A Secure IoT Framework Based on Blockchain and Machine Learning / International Journal of Computing and Digital Systems 11(1) : 671~683

[journal] Hasan Mahmudul / 2019 / Attack and Anomaly Detection in IoT Sensors in IoT Sites Using Machine Learning Approaches / Internet of Things

[journal] Reddy Dukka / 2020 / Deep neural network based anomaly detection in Internet of Things network traffic tracking for the applications of future smart cities / Transactions on Emerging Telecommunications Technologies 32(6)

[journal] Shafiq Muhammad / 2020 / Selection of effective machine learning algorithm and Bot-IoT attacks traffic identification for internet of things in smart city / Future Generation Computer Systems 107(4)

[other] Satish Pokhrel / 2021 / IoT Security:Botnet detection in IoT using Machine learning

[journal] Churcher Andrew / 2021 / An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks / Sensors 21(2) : 1~32

[journal] Das Anurag / 2020 / A Comprehensive Analysis of Accuracies of Machine Learning Algorithms for Network Intrusion Detection / Machine Learning for Networking : 40~57

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Machine Learning-based Detection of DoS and DRDoS Attacks in IoT Networks

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Machine Learning-based Detection of DoS and DRDoS Attacks in IoT Networks

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (24) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.