A Lightweight Model for DDoS Attack Detection Using Machine Learning Techniques

Abstract

The study in this paper characterizes lightweight IoT networks as being established by devices with few computer resources, such as reduced battery life, processing power, memory, and, more critically, minimal security and protection, which are easily vulnerable to DDoS attacks and propagating malware. A DDoS attack detection model is crucial for attacks in various industries, ensuring the availability and reliability of their networks and systems. The model distinguishes between legitimate and malicious traffic by analyzing network traffic patterns and identifying anomalies. This safeguards critical infrastructure, preserves business continuity, and protects the user experience, minimizing the impact of DDoS attacks. Numerous scholars have studied the notion that protecting lightweight IoT networks essentially requires improving intrusion detection systems. This research is valuable, as it follows a tailored pre-processing methodology specific to IoT network challenges, addressing a pressing need in cybersecurity by focusing on a growing concern related to IoT devices and DDoS attacks, enhancing the security of essential network systems in various industries by effectively detecting DDoS attacks, and developing a lightweight intrusion detection system that aligns with the limited resources of IoT devices. This manuscript proposes a compact and lightweight intrusion detection system that blends machine learning classifiers with a fresh approach to data pre-processing. The handling of missing values, data standardization using Standard Scalar, feature selection using ExtraTreeClassifier wherein only the 15 best features are extracted, and anomaly detection using a classifier are performed. The network dataset of TON-IOT and BOT-IOT datasets is used for experiments, specifically binary classifications and multiple-class classification for the experiment with DDoS and all attacks, respectively. There is an imbalance between the TON-IOT and BOT-IOT attack classes. In trials using the TON-IOT and BOT-IOT datasets, the classes were balanced using several iterations of the SMOTE approach. This research provides a number of classifier types, namely logistic regression, random forest, naïve bayes, artificial neural network, and k nearest neighbor algorithms, which are used to build a lightweight intrusion detection system that is ideally suited for protecting against DDoS attacks in IoT networks. The time taken to train and predict the DDoS attacks is also implemented. Random forest performed well under TON-IOT and naïve bayes performed well under BOT-IOT under binary and multiple-class classification, achieving an accuracy of 100% with less training and prediction time.