Machine learning-based DDoS detection for IoT networks

Abstract

DDoS attacks are one of the most dangerous threats to IoT networks, and they involve using attacker-controlled botnets to flood the network with malicious traffic that denies legitimate services. The global DDoS landscape is rapidly evolving, and it has become increasingly important for devices to quickly identify the types of DDoS attacks they face so that they can choose and implement effective countermeasures against known attacks. Machine learning has emerged as a popular approach for detecting DDoS traffic in IoT networks. This paper implements four machine learning models, namely Support Vector Machine (SVM), Decision Tree, Long Short-Term Memory (LSTM), and Random Forest, to perform multiclass classification for DDoS attack detection. The study uses the CICDDoS2019 dataset for evaluation. The results show that all four models can detect most types of DDoS traffic effectively. The Random Forest model achieves the highest overall accuracy of 99.32%, followed by the Decision Tree model with an accuracy of 99.10%. The LSTM and SVM models have slightly lower accuracies at 98.20% and 93.00%, respectively. The study also evaluates the models' performance in terms of precision, recall, and F1 score. Decision Tree outperforms the other models in precision, while Random Forest has the highest recall score. Moreover, the Random Forest model performs the best in terms of the F1 score. In conclusion, this paper demonstrates the effectiveness of machine learning-based approaches for DDoS detection in IoT networks using four popular models. The results illustrate the potential for these models to provide reliable and accurate detection of DDoS traffic, thus enabling effective countermeasures to be taken against this type of attack.