Ping Flood Attack Pattern Recognition Using a K-Means Algorithm in an Internet of Things (IoT) Network

Susanto Susanto,Mohd Yazid Idris,Meilinda Eka Suryani,Muawya N Aldalaien,Nizar Alsharif,Rahmat Budiarto,Deris Stiawan

doi:10.1109/access.2021.3105517

Abstract

Security is the main challenge in Internet of Things (IoT) systems. The devices on the IoT networks are very heterogeneous, many of them have limited resources, and they are connected globally, which makes the IoT much more challenging to secure than other types of networks. Denial of service (DoS) is the most popular method used to attack IoT networks, either by flooding services or crashing services. Intrusion detection system (IDS) is one of countermeasures for DoS attack. Unfortunately, the existing IDSs are still suffering from detection accuracy problem due to difficulty of recognizing features of the DoS attacks. Thus, we need to determine specific features that representing well the traffic attacks, so the IDS will be able to distinguish normal traffic from the attacks. In this work, we investigate ping flood attack pattern recognition on IoT networks. Experiments were conducted using wireless communication with three different scenarios: normal traffic, attack traffic, and combined normal-attack traffic. Each scenario created an associated dataset. The datasets were then grouped into two clusters: normal and attack. The K-Means algorithm was used to produce the clustering results. The average number of packets in the attack cluster was 95 931 packets, and the average in the normal cluster was 4,068 packets. The accuracy level of the clustering results was calculated using a confusion matrix. The accuracy of the clustering using the implemented K-Means algorithm was 99.94%. The rates from the confusion matrix were true negative (98.62%), true positive (100.00%), false negative (0.00%), and false positive (1.38%).

Highlights

The Internet of Things (IoT) is a computing concept in which physical objects connected to the Internet are able to identify themselves and communicate with other devices in the network
The biggest dataset was for the combined scenario, which had a size of 93 MB and contained 1 662 966 packets (95% were Internet control message protocol (ICMP) packets); the smallest dataset was for the normal scenario
The dataset was made available as public dataset in the following URL: https://zenodo.org/record/4436208

Summary

Introduction

The Internet of Things (IoT) is a computing concept in which physical objects connected to the Internet are able to identify themselves and communicate with other devices in the network. The IoT provides a giant interconnected network of devices (‘‘things’’) that can serve any purpose imagined by their creators [1]. The IoT is a hybrid network of small—usually wireless sensor network (WSN)—devices and conventional. Unlike the conventional Internet, in which the devices are more homogeneous and powerful, the nodes (‘‘things’’) in the IoT are more heterogeneous devices and have limited resources. An IoT device could be a light bulb, microwave, car part, smartphone, PC/laptop, powerful server machine, or cloud component [2], [3]

Methods

Results

Conclusion