HDA-IDS: A Hybrid DoS Attacks Intrusion Detection System for IoT by using semi-supervised CL-GAN

Abstract

In recent years, the application of the internet of things (IoT) in areas such as intelligent transportation, smart cities, and the industrial internet has become increasingly widespread. As a crucial supporting infrastructure, IoT devices are utilized in various fields to construct IoT networks. However, due to the inherent limitations of IoT devices, such as limited computing resources and low memory capacity, security concerns have become increasingly prominent. Among these concerns are Denial-of-Service (DoS) and botnet attacks, which are difficult to prevent due to their large-scale and covert nature. To address these challenges, this paper proposes a Hybrid DoS Attack Intrusion Detection System (HDA-IDS) that combines signature-based detection with anomaly-based detection to effectively identify both known and unknown DoS/botnet attacks. Additionally, this paper introduces a novel anomaly-based detection model called CL-GAN. It integrates CNN-LSTM with GAN to establish a baseline for normal behavior and detect malicious traffic. In contrast to other semi-supervised models, the CL-GAN exhibits superior accuracy, as well as shorter training and testing times, in detecting DoS and botnet attacks. In addition, experimental results demonstrate that the HDA-IDS outperforms other IDSs in detecting DoS and botnet attacks. When tested on datasets such as NSL-KDD, CICIDS2018, and Bot-IoT, the HDA-IDS achieved an average of 5% overall improvement superior performance in terms of accuracy, precision, recall, and F1-Score compared to other works. These results highlight the effectiveness of the proposed system in addressing security issues in IoT networks, and presents a general framework that addresses the challenge of large-scale attacks constructed through the dissemination of false information.