
Research Article
Modelling DDoS Attacks in IoT Networks Using Machine Learning
@INPROCEEDINGS{10.1007/978-3-031-35883-8_11, author={Pheeha Machaka and Olasupo Ajayi and Ferdinand Kahenga and Antoine Bagula and Kyandoghere Kyamakya}, title={Modelling DDoS Attacks in IoT Networks Using Machine Learning}, proceedings={Emerging Technologies for Developing Countries. 5th EAI International Conference, AFRICATEK 2022, Bloemfontein, South Africa, December 5-7, 2022, Proceedings}, proceedings_a={AFRICATEK}, year={2023}, month={7}, keywords={Anomaly Detection Distributed Denial of Service Internet of Things Machine Learning Regression Analysis}, doi={10.1007/978-3-031-35883-8_11} }
- Pheeha Machaka
Olasupo Ajayi
Ferdinand Kahenga
Antoine Bagula
Kyandoghere Kyamakya
Year: 2023
Modelling DDoS Attacks in IoT Networks Using Machine Learning
AFRICATEK
Springer
DOI: 10.1007/978-3-031-35883-8_11
Abstract
The Internet-of-Things (IoT) relies on the TCP protocol to transport data from a source to a destination. Making it vulnerable to DDoS using the TCP SYN attack on Cyber-Physical Systems (CPS). Thus, with a potential propagation to the different servers located in both fog and the cloud infrastructures of the CPS. This study compares the effectiveness of supervised, unsupervised, semi-supervised machine learning algorithms, as well as statistical models for detecting DDoS attacks in CPS-IoT.
The models considered are broadly grouped into three: (i) ML-based detection - Logistic Regression, K-Means, and Artificial Neural Networks with two variants based on traffic slicing. We also investigated the effectiveness of semi-supervised hybrid learning models, which used unsupervised K-Means to label the data, then fed the output to a supervised learning model for attack detection. (ii) Statistic-based detection - Exponentially Weighted Moving Average and Linear Discriminant Analysis. (Iii) Prediction ‘algorithms - LGR, Kernel Ridge Regression and Support Vector Regression. Results of simulations showed that the hybrid model was able to achieve 100% accuracy with near zero false positives for all the ML models, while traffic slicing traffic helped improved detection time; the statistical models performed comparatively poorly, while the prediction models were able to achieve over 94% attack prediction accuracy.