Abstract
Network available and accessible is of great importance to the Internet of things (IoT) devices. In this study, a novel machine learning method is presented to predict the occurrence of distributed denial-of-service (DDoS) attacks. Firstly, a structure of edges and vertices within graph theory is created to simultaneously extract traffic data characteristics. Eight characteristics of traffic data are selected as input variables. Secondly, the principal component analysis (PCA) model is adopted to extract DDoS and normal communication features further. Then, DDoSs are detected by fuzzy C-means (FCM) clustering with these features. In the case study, 2000 traffic data in dataset CICIDS-2017 are used to verify the practicability of this method. The results of recall, false positive, true positive, true negative, and false negative are 100.00%, 1.05%, 68.95%, 0.00%, and 30.00%. Compared with other methods, the results demonstrate that the detecting reliability is improved, and the method has a good effect on the detection of DDoS attacks.
Highlights
Network security problems have become increasingly outstanding with the development of the Internet of things (IoT) technology. ere are a lot of malicious attacks on the network
For acquiring an effective detection method of Distributed denial-of-service (DDoS) attacks, this study proposes a novel detected method. e traffic dataset of network communication is first analyzed using graph theory. en, the principal component analysis (PCA) is used to filter the characterization factors of DDoS attacks. e fuzzy C-means (FCM) clustering model divides the network flows of traffic data into different partitions
Conclusion is study presents a novel PCA-FCM model to detect DDoS attacks where the topological structure is taken into account between IP ports of source and destination. en, characteristics, including total forward packet, total backward packet, the standard deviation of backward packet length, total visit view, average packet length, flow duration, the standard deviation of flow interval time, and mean active time of flow, are considered input variables for clustering
Summary
Network security problems have become increasingly outstanding with the development of the Internet of things (IoT) technology. ere are a lot of malicious attacks on the network. Verizon revealed a DDoS attack on a US university, the campus network speed has slowed down significantly, and the domain name server (DNS) was flooded with abnormal queries from the school’s approximately 5,000 IoT devices, including streetlights, vending machines, and other botnet devices [5]. It is usually hard for network security officers to identify them because many network devices such as routers, switches, and servers produce a vast amount of system log data. The dataset of CICIDS-2017 was selected to verify the practicability of the method, and the results were presented. e novelty of this model is as follows: (1) the traffic data can be unsupervised for training, so labels are not needed; (2) using graph theory considers the topological structure relationship between IP and ports and considers flows; and (3) many factors of traffic data can be automatically selected to reduce the overload of calculation and improve the accuracy of clustering
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
