A FeedForward–Convolutional Neural Network to Detect Low-Rate DoS in IoT

Abstract

The lack of standardization and the heterogeneous nature of the Internet of Things (IoT) has exacerbated the issue of security and privacy. In literature, to improve security at the network layer of the IoT architecture, the possibility of using Software-Defined Networking (SDN) was explored. SDN is also plagued by network threats that affect conventional networks. One such threat to a network is the Low-Rate Denial of Service (LR DoS) attack, where the attacker sends precise traffic bursts that force a TCP flow to enter a retransmission timeout state. LR DoS attacks are difficult to detect as their attack signature is similar to benign network traffic. The existing AI-based detection algorithms in the literature are signature-based, and their efficacy in detecting unknown LR DoS attacks was not explored. In this work, an AI-based anomaly detection scheme called FeedForward–Convolutional Neural Network (FFCNN) is proposed to detect LR DoS attacks in IoT-SDN. The Canadian Institute of Cybersecurity Denial of Service 2017 (CIC DoS 2017) dataset is used for the study. An iterative wrapper-based feature selection using Support Vector Machine (SVM) is used to derive the significant features required for detection. The performance of FFCNN is compared to the machine learning algorithms-J48, Random Forest, Random Tree, REP Tree, SVM, and Multi-Layer Perceptron (MLP). The performance of the models is measured using the metrics accuracy, precision, recall, F1 score, detection time per flow, and ROC curves. The empirical analysis shows that FFCNN outperforms other machine learning algorithms on all metrics.