Skip to main content
SpringerLink
Log in

Analysis of Machine Learning Classifiers for Early Detection of DDoS Attacks on IoT Devices

  • Research Article-Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Distributed denial-of-service attacks are still difficult to handle as per current scenarios. The attack aim is a menace to network security and exhausting the target networks with malicious traffic from multiple sites. Although a plethora of conventional methods have been proposed to detect DDoS attacks, so far the rapid diagnosis of these attacks using feature selection algorithms is a daunting challenge. The proposed system uses a hybrid methodology for selecting features by applying feature selection methods on machine learning classifiers. Feature selections methods, namely chi-square, Extra Tree and ANOVA have been applied on four classifiers Random Forest, Decision Tree, k-Nearest Neighbors and XGBoost for early detection of DDoS attacks on IoT devices. We use the CICDDoS2019 dataset containing comprehensive DDoS attacks to train and assess the proposed methodology in a cloud-based environment (Google Colab). Based on the experimental results, the proposed hybrid methodology provides superior performance with a feature reduction ratio of 82.5% by achieving 98.34% accuracy with ANOVA for XGBoost and helps in early detection of DDoS attacks on IoT devices.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Abbreviations

DDoS:

Distributed denial of service

DT:

Decision tree

FNR:

False-negative rate

FPR:

False-positive rate

IDS:

Intrusion detection system

IoT:

Internet of Things

K-NN:

K-Nearest neighbors

LDAP:

Lightweight directory access protocol

LSTM:

Long short-term memory

NaN:

Not a number

NB:

Naïve bayes

NetBIOS:

Network basic input/output system

NTP:

Network time protocol

RF:

Random forest

TNR:

True-negative rate

TPR:

True-positive rate

References

  1. Mahjabin, T.; Xiao, Y.; Sun, G.; Jiang, W.: A survey of distributed denial-of-service attack, prevention, and mitigation techniques. Int. J. Distrib. Sens. N. 13(12), 1–33 (2017). https://doi.org/10.1177/1550147717741463

    Article  Google Scholar 

  2. Brasilino, L.R.; Swamy, M.: Mitigating DDoS Flooding Attacks against IoT using Custom Hardware Modules. In: Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS), Granada, Spain, 22–25 October2019, pp.58–64. Granada, Spain: IEEE

  3. Grammatikis, P.I.R.; Sarigiannidis, P.G.; Moscholios, I.D.: Securing the Internet of Things: challenges, threats and solutions. Internet Things 5, 41–70 (2019)

    Article  Google Scholar 

  4. Bodeia, C.; Chessaa, S.; Gallettab, L.: Measuring security in IoT communications. Theor. Comput. Sci. 764(1), 100–124 (2019). https://doi.org/10.1016/j.tcs.2018.12.002

    Article  MathSciNet  Google Scholar 

  5. Ray, P.: A survey on Internet of Things architectures. J. King Saud. Univ. Comp. Info. Sci. 30(3), 291–319 (2018). https://doi.org/10.1016/j.jksuci.2016.10.003

    Article  Google Scholar 

  6. Siegel, J.E.; Kumar, S.; Sarma, S.E.: The future internet of things: secure, efficient, and model-based. IEEE Internet Things J. 5(4), 2386–2398 (2017). https://doi.org/10.1109/JIOT.2017.2755620

    Article  Google Scholar 

  7. Munshi, A.; Alqarni, N.A.; Almalki, N.A.: DDOS Attack on IoT Devices. In: 3rd International Conference on Computer Applications & Information Security (ICCAIS), Riyadh, Saudi Arabia, 19–21 March2020, pp. 1–5. Riyadh, Saudi Arabia: IEEE

  8. Kim, M.: Supervised learning-based DDoS attacks detection: tuning. ETRI J. 41(5), 560–573 (2019). https://doi.org/10.4218/etrij.2019-0156

    Article  Google Scholar 

  9. Alzubi, O.; Alzubi, J.; Tedmori, S.; Rashaideh, H.; Almomani, O.: Consensus-based combining method for classifier ensembles. Int. Arab. J. Inf. Technol. 15(1), 76–86 (2018)

    Google Scholar 

  10. Alzubi, O.A.; Alzubi, J.A.; Alweshah, M.; Qiqieh, I.; Shami, S.A.; Ramachandran, M.: An optimal pruning algorithm of classifier ensembles: dynamic programming approach. Neural. Comput. Appl. 32(5), 16091–16107 (2020). https://doi.org/10.1007/s00521-020-04761-6

    Article  Google Scholar 

  11. Babu, M.V.; Alzubi, J.A.; Sekaran, R.; Patan, R.; Ramachandran, M.; Gupta, D.: An improved IDAF-FIT clustering based ASLPP-RR routing with secure data aggregation in wireless sensor network. Mob. Netw. Appl. (2020). https://doi.org/10.1007/s11036-020-01664-7

    Article  Google Scholar 

  12. Alzubi, J.A.: Bipolar fully recurrent deep structured neural learning based attack detection for securing industrial sensor networks. T. Emerg. Telecommun. T. (2020). https://doi.org/10.1002/ett.4069

    Article  Google Scholar 

  13. Alzubi, J.: Optimal classifier ensemble design based on cooperative game theory. Res. J. Appl. Sci. 11(12), 1336–1343 (2015). https://doi.org/10.19026/rjaset.11.2241

    Article  Google Scholar 

  14. Salahuddin, M.A.; Bari, M.F.; Alameddine, H.A.; Pourahmadi, V.; Boutaba, R.: Time Based Anomaly Detection using Autoencoder. In: International Conference on Network and Service Management, Izmir, Turkey, 2–6 November2020, pp.1–9. Izmir, Turkey: IEEE

  15. Elsayed, M.S.; Khac, N.A.L.; Dev, S.; Jurcut, A.D.: DDoSNet: A Deep-Learning Model for detecting network attacks. In: 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM), Cork, Ireland, 31 August-03 September2020, pp.391–396. Cork, Ireland: IEEE

  16. Maranhao, J.P.A.; Costa, J.P.C.L.D.; Freitas, E.P.D.; Javidi, E.; Junior, R.T.D.S.: Error-robust distributed denial of service attack detection based on an average common feature extraction technique. Sensors 20(20), 5845–5866 (2020). https://doi.org/10.3390/s20205845

    Article  Google Scholar 

  17. Silveria, F.A.F.; Junior, A.D.M.B.; Vargas-Solar, G.; Silveria, L.F.: Smart Detection: an online approach for DoS/DDoS attack detection using machine learning. Secur. Commun. Netw. (2019). https://doi.org/10.1155/2019/1574749

    Article  Google Scholar 

  18. Shurman, M.; Khrais, R.; Yateem, A.: DoS and DDoS attack detection using deep learning and IDS. Int. Arab J. Inf. Technol. 17(4A), 655–661 (2020). https://doi.org/10.34028/iajit/17/4A/10

    Article  Google Scholar 

  19. Li, J.; Liu, M.; Xue, Z.; Fan, X.; He, X.: Rtvd: a real-time volumetric detection scheme for ddos in the internet of things. IEEE Access 8, 36191–36201 (2020). https://doi.org/10.1109/ACCESS.2020.2974293

    Article  Google Scholar 

  20. Jia, Y.; Zhong, F.; Alrawais, A.; Gong, B.; Cheng, X.: Flowguard: an intelligent edge defense mechanism against IoT DDoS attacks. IEEE Internet Things J. 7(10), 9552–9562 (2020). https://doi.org/10.1109/ACCESS.2020.2974293

    Article  Google Scholar 

  21. Sharafaldin, I.; Lashkari, A.H.; Hakak, S.; Ghorbani, A.A.: Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In: 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, pp. 1–8, 1–3 October2019, Chennai, India: IEEE

  22. Alsamiri, J.; Alsubhi, K.: Internet of things cyber attacks detection using machine learning. Int. J. Adv. Comput. Sci. Appl. 10(12), 627–634 (2019). https://doi.org/10.14569/IJACSA.2019.0101280

    Article  Google Scholar 

  23. Gurulakshmi, A.K.: Analysis of IoT Bots against DDOS attack using Machine Learning Algorithm. In: Proceedings of the 2nd International Conference on Trends in Electronics and Informatics (ICOEI 2018), Tirunelveli, India, pp. 1052–1057, 11–12 May 2018, Tirunelveli, India: IEEE. https://doi.org/10.1109/ICOEI.2018.8553896

  24. Meidan, Y.; Sachidananda, V.; Peng, H.; Sagron, R.; Elovici, Y.; Shabtai, A.: A novel approach for detecting vulnerable IoT devices connected behind a home NAT. Comput. Secur. 97, 101968–101991 (2020). https://doi.org/10.1016/j.cose.2020.101968-101991

    Article  Google Scholar 

  25. Wehbi, K.; Hong, L.; Al-salah, T.; Bhutta, A.A.: A Survey on Machine Learning Based Detection on DDoS Attacks for IoT Systems. In: 2019 SoutheastCon, Huntsville, AL, USA, pp. 1–6, 11–14 April2019, AL, USA: IEEE. https://doi.org/10.1109/SoutheastCon42311.2019.9020468

  26. Hosseini, S.; Azizi, M.: The hybrid technique for DDoS detection with supervised learning algorithms. Comput. Netw. 158, 35–45 (2019). https://doi.org/10.1016/j.comnet.2019.04.027

    Article  Google Scholar 

  27. Alkasassbeh, M.; Hassanat, A.B.; Naymat, G.A.; Almseidin, M.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016). https://doi.org/10.14569/IJACSA.2016.070159

    Article  Google Scholar 

  28. Wang, M.; Lu, Y.; Qin, J.: A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput. Secur. 88, 101645–101659 (2020). https://doi.org/10.1016/j.cose.2019.101645

    Article  Google Scholar 

  29. Al Hamad, M.; Zeki, A.M.: Accuracy vs. cost in decision trees: A survey. In: 2018 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT), Sakhier, Bahrain, pp. 1–4, 18–20 November 2020, Sakhier, Bahrain: IEEE. https://doi.org/10.1109/3ICT.2018.8855780

  30. Azad, M.; Moshkov, M.: Classification and Optimization of Decision Trees for Inconsistent Decision Tables Represented as MVD tables. In: Proceedings of the Federated Conferenc e on Computer Science and Information Systems, Lodz, Poland, pp. 31–38, 13–16 September 2015, Lodz, Poland. IEEE. https://doi.org/10.15439/2015F231

  31. Rani, P.; Kumar, R.; Jain, A.: Multistage model for accurate prediction of missing values using imputation methods in heart disease dataset. In: Raj, J.S.; Iliyasu, A.M.; Bestak, R.; Baig, Z.A. (Eds.) Innovative Data Communication Technologies and Application, pp. 637–653. Springer, Singapore (2021). https://doi.org/10.1007/978-981-15-9651-3_53

    Chapter  Google Scholar 

  32. Rani, P.; Kumar, R.; Ahmed, N.M.S.; Jain, A.: A decision support system for heart disease prediction based upon machine learning. J. Reliab. Intell. Environ. (2021). https://doi.org/10.1007/s40860-021-00133-6

    Article  Google Scholar 

  33. Xue, H.; Wang, P.: An Improved Sample Mean KNN Algorithm Based on LDA. In: 11th International Conference on Intelligent Human-Machine Systems and Cybernetics (IHMSC), Hangzhou, China, pp. 266–270, 24–25 August 2019, Hangzhou, China. https://doi.org/10.1109/IHMSC.2019.00068

  34. Zhang, C.; Wang, D.; Song, C.; Wang, L.; Song, J.; Guan, L.; Zhang, M.: Interpretable learning algorithm based on XGboost for fault prediction in optical network. In: 2020 Optical Fiber Communications Conference and Exhibition (OFC), San Diego, CA, USA pp. 1–3, 8–12 March 2020, San Diego, CA, USA IEEE

  35. Sadique, K.M.; Rahmani, R.; Johannesson, P.: Towards security on internet of things: applications and challenges in technology. Proc. Comput. Sci. 141, 199–206 (2018). https://doi.org/10.1016/j.procs.2018.10.168

    Article  Google Scholar 

  36. Sharma, D.: Implementing Chi-Square method and even mirroring for cryptography of speech signal using Matlab. In: International Conference on Next Generation Computing Technologies (NGCT), Dehradun, India pp. 394–397, 4–5 September2015, Dehradun, India. IEEE. https://doi.org/10.1109/NGCT.2015.7375148

  37. Alsariera, Y.A.; Adeyemo, V.E.; Balogun, A.O.; Alazzawi, A.K.: AI meta-learners and extra-trees algorithm for the detection of phishing websites. IEEE Access 8, 142532–142542 (2020). https://doi.org/10.1109/ACCESS.2020.3013699

    Article  Google Scholar 

  38. Pena, M.; Alvarez, X.; Jadán, D.; Lucero, P.; Barragán, M.; Guamán, R.; Sánchez, V.; Cerrada, M.: ANOVA and cluster distance based contributions for feature empirical analysis to fault diagnosis in rotating machinery. In: International Conference on Sensing, Diagnostics, Prognostics, and Control (SDPC), Shanghai, China pp. 69–74, 16–18 August2017, Shanghai, China IEEE. https://doi.org/10.1109/SDPC.2017.23

Download references

Author information

Authors and Affiliations

  1. MMEC, Maharishi Markandeshwar Deemed to be University, Mullana Ambala, India

    Vimal Gaur

  2. Maharaja Surajmal Institute of Technology, Janakpuri, Delhi, 110058, India

    Vimal Gaur

  3. Department of CSE, MMEC, Maharishi Markandeshwar (Deemed to be University), Mullana, Ambala, 133207, India

    Rajneesh Kumar

Authors
  1. Vimal Gaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rajneesh Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vimal Gaur.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gaur, V., Kumar, R. Analysis of Machine Learning Classifiers for Early Detection of DDoS Attacks on IoT Devices. Arab J Sci Eng 47, 1353–1374 (2022). https://doi.org/10.1007/s13369-021-05947-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-021-05947-3

Keywords

Search

Navigation