OPTIMIST: Lightweight and Transparent IDS With Optimum Placement Strategy to Mitigate Mixed-Rate DDoS Attacks in IoT Networks

Abstract

Distributed denial of service (DDoS) attacks are widespread for Internet of things (IoT) systems that aim to disrupt the availability of a system completely (high-rate DDoS) or partially (low-rate DDoS). Design and placement of Intrusion Detection Systems (IDS) for DDoS attacks on IoT systems are challenging due to the low power and lossy nature of networks. Existing IDSs are designed to handle either high-rate or low-rate DDoS but cannot handle both with good accuracy. Existing IDS placement techniques are mostly non-transparent, making malicious nodes aware of the presence of IDS nodes. Most of the IDS placement strategies are non-optimal, making them energy inefficient. Accordingly, this work proposes a transparent, optimally placed, distributed IDS solution, namely OPTIMIST, which can handle both high-rate and low-rate DDoS attacks with good accuracy. The placement problem is formulated as the weighted minimum vertex cover problem of a K-uniform hypergraph and solved with an approximation algorithm. The IDS module is based on a LSTM model where a novel offline training method for LSTM is proposed using WGAN-generated artificial flows. Extensive experimentation on simulation and testbed shows that the OPTIMIST can best achieve the balance between DDoS detection and energy overhead.