DDoS Attack Detection Based on Simple ANN with SMOTE for IoT Environment

As the IoT era is rapidly developed in recent years, the attackers are mostly targeting IoT environments. They boosted the IoT devices as the bots to attack the target organization, and these devices are easily infected by IoT malware due to their resource constraint to process the powerful security mechanism on these devices. One of very dangerous IoT malware, like Mirai, launched DDoS attacks to the targeted organization via infected IoT devices. Even though many security mechanisms were implemented for IoT devices, it is still needed to get an effective detection system for IoT environments. Our detection system uses the public dataset to detect that kind of attack using machine learning technique, simple architecture with Artificial Neural Network (ANN). Although we used the modern botnet attack dataset, Bot-IoT to detect the DDoS attack, it is needed to overcome one important issue, like imbalance data problem because this dataset has a small amount of benign data and large amount attack data. We used the SMOTE (Synthetic Minority Over-sampling Technique) for solving imbalance data problem to implement a machine learning-based DDoS detection system. Our results indicate that the proposed approach can effectively detect the DDoS attack for IoT environment.

[1]  Ítalo S. Cunha,et al.  The Evolution of Bashlite and Mirai IoT Botnets , 2018, 2018 IEEE Symposium on Computers and Communications (ISCC).

[2]  Ali Dehghantanha,et al.  A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks , 2019, IEEE Transactions on Emerging Topics in Computing.

[3]  Sudhir Kumar Sharma,et al.  An Empirical Comparison of Classifiers to Analyze Intrusion Detection , 2015, 2015 Fifth International Conference on Advanced Computing & Communication Technologies.

[4]  Yang Xu,et al.  DDoS attack detection under SDN context , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[5]  S. P. Shantharajah,et al.  A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms , 2015 .

[6]  Sushanta Karmakar,et al.  A Neural Network based system for Intrusion Detection and attack classification , 2016, 2016 Twenty Second National Conference on Communication (NCC).

[7]  Elena Sitnikova,et al.  Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset , 2018, Future Gener. Comput. Syst..

[8]  Biju Issac,et al.  Performance Comparison of Intrusion Detection Systems and Application of Machine Learning to Snort System , 2017, Future Gener. Comput. Syst..

[9]  Lu Zhou,et al.  DDoS attack detection using packet size interval , 2015 .

[10]  Stephen D. Bay,et al.  The UCI KDD archive of large data sets for data mining research and experimentation , 2000, SKDD.

[11]  Nitesh V. Chawla,et al.  SMOTE: Synthetic Minority Over-sampling Technique , 2002, J. Artif. Intell. Res..

[12]  Sanyam Shukla,et al.  A novel technique for converting nominal attributes to numeric attributes for intrusion detection , 2017, 2017 8th International Conference on Computing, Communication and Networking Technologies (ICCCNT).