Feature Engineering and Machine Learning Framework for DDoS Attack Detection in the Standardized Internet of Things

Abstract

Over the past decade, there has been huge rise in the number of Internet of Things (IoT) devices and networks often characterized by resource constraints on energy, memory, communication and computation power and thus integration of security mechanisms in these networks is often neglected. As the attacks increase, it becomes essential to secure the networks with Machine Learning (ML) based Intrusion Detection System (IDS) for their higher accuracy and reduced false alarms. However, these systems higly rely on data and optimal features for extrapolation and attack detection. Existing benchmark datasets are obsolete and lack IoT compatible traffic data and therefore to address this issue, we explore a novel dataset, IoT-CIDDS dataset with 21 features and single labelling attribute. In this study, we propose a feature engineering and machine learning framework to detect DDoS attacks of IoT-CIDDS dataset. The framework consists of two phases: In the first phase, we develop algorithms for dataset enrichment and emphasize on advanced feature engineering for statistically analyzing the dataset with probability distribution and correlation among features. In the second phase, we propose a ML model and perform complexity analysis of the feature engineered dataset with five machine learning techniques by creating training, validation and testing datasets from IoT-CIDDS. The ML models are evaluated in terms of accuracy, precision, recall, area under curve, false positive rate and computational time for training the classifiers. The experimental results show that substantial feature reduction optimizes the performance of ML-based IDS for detecting DDoS attacks in standardized IoT networks employing 6LoWPAN stack.