Emerging Technologies for Developing Countries. 5th EAI International Conference, AFRICATEK 2022, Bloemfontein, South Africa, December 5-7, 2022, Proceedings

Research Article

Modelling DDoS Attacks in IoT Networks Using Machine Learning

Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-031-35883-8_11,
    author={Pheeha Machaka and Olasupo Ajayi and Ferdinand Kahenga and Antoine Bagula and Kyandoghere Kyamakya},
    title={Modelling DDoS Attacks in IoT Networks Using Machine Learning},
    proceedings={Emerging Technologies for Developing Countries. 5th EAI International Conference, AFRICATEK 2022, Bloemfontein, South Africa, December 5-7, 2022, Proceedings},
    proceedings_a={AFRICATEK},
    year={2023},
    month={7},
    keywords={Anomaly Detection Distributed Denial of Service Internet of Things Machine Learning Regression Analysis},
    doi={10.1007/978-3-031-35883-8_11}
}
  • Pheeha Machaka
    Olasupo Ajayi
    Ferdinand Kahenga
    Antoine Bagula
    Kyandoghere Kyamakya
    Year: 2023
    Modelling DDoS Attacks in IoT Networks Using Machine Learning
    AFRICATEK
    Springer
    DOI: 10.1007/978-3-031-35883-8_11
Pheeha Machaka1,*, Olasupo Ajayi2, Ferdinand Kahenga2, Antoine Bagula2, Kyandoghere Kyamakya3
  • 1: University of South Africa
  • 2: University of Western Cape
  • 3: Alpen-Adria-Universität Klagenfurt
*Contact email: machap@unisa.ac.za

Abstract

The Internet-of-Things (IoT) relies on the TCP protocol to transport data from a source to a destination. Making it vulnerable to DDoS using the TCP SYN attack on Cyber-Physical Systems (CPS). Thus, with a potential propagation to the different servers located in both fog and the cloud infrastructures of the CPS. This study compares the effectiveness of supervised, unsupervised, semi-supervised machine learning algorithms, as well as statistical models for detecting DDoS attacks in CPS-IoT.

The models considered are broadly grouped into three: (i) ML-based detection - Logistic Regression, K-Means, and Artificial Neural Networks with two variants based on traffic slicing. We also investigated the effectiveness of semi-supervised hybrid learning models, which used unsupervised K-Means to label the data, then fed the output to a supervised learning model for attack detection. (ii) Statistic-based detection - Exponentially Weighted Moving Average and Linear Discriminant Analysis. (Iii) Prediction ‘algorithms - LGR, Kernel Ridge Regression and Support Vector Regression. Results of simulations showed that the hybrid model was able to achieve 100% accuracy with near zero false positives for all the ML models, while traffic slicing traffic helped improved detection time; the statistical models performed comparatively poorly, while the prediction models were able to achieve over 94% attack prediction accuracy.

Keywords
Anomaly Detection Distributed Denial of Service Internet of Things Machine Learning Regression Analysis
Published
2023-07-06
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-031-35883-8_11
Copyright © 2022–2025 ICST
EAI Logo

About EAI

Community

Publish with EAI