The increasing use of Internet of Things (IoT) devices has led to a rise in Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks on these networks. These attacks can have severe consequences, resulting in the unavailability of critical services and financial losses. In this paper, we propose an Intrusion Detection System (IDS) based on a Conditional Tabular Generative Adversarial Network (CTGAN) for detecting DDoS and DoS attacks on IoT networks. Our CGAN-based IDS utilizes a generator network to produce synthetic traffic that mimics legitimate traffic patterns, while the discriminator network learns to differentiate between legitimate and malicious traffic. The syntactic tabular data generated by CTGAN is employed to train multiple shallow machine-learning and deep-learning classifiers, enhancing their detection model performance. The proposed approach is evaluated using the Bot-IoT dataset, measuring detection accuracy, precision, recall, and F1 measure. Our experimental results demonstrate the accurate detection of DDoS and DoS attacks on IoT networks using the proposed approach. Furthermore, the results highlight the significant contribution of CTGAN in improving the performance of detection models in machine learning and deep learning classifiers.
The Internet of Things (IoT) has brought significant advancements that have connected our world more closely than ever before. However, the growing number of connected devices has also increased the vulnerability of IoT networks to several types of attacks. In this paper, we present an approach for detecting attacks on IoT networks using a combination of two convolutional neural networks (CNN-CNN). The first CNN model is leveraged to select the significant features that contribute to IoT attack detection from the raw data on network traffic. The second CNN utilizes the features identified by the first CNN to build a robust detection model that accurately detects IoT attacks. The proposed approach is evaluated using the BoT IoT 2020 dataset. The results reveal that the proposed approach achieves 98.04% detection accuracy, 98.09% precision, 99.85% recall, 98.96% recall, and a 1.93% false positive rate (FPR). Furthermore, the proposed approach is compared with other deep learning algorithms and feature selection methods; the results show that it outperforms these algorithms.
The Internet of Things (IoT) has transformed our interaction with technology and introduced security challenges. The growing number of IoT attacks poses a significant threat to organizations and individuals. This paper proposes an approach for detecting attacks on IoT networks using ensemble feature selection and deep learning models. Ensemble feature selection combines filter techniques such as variance threshold, mutual information, Chi-square, ANOVA, and L1-based methods. By leveraging the strengths of each technique, the ensemble is formed by the union of selected features. However, this union operation may overlook redundancy and irrelevance, potentially leading to a larger feature set. To address this, a wrapper algorithm called Recursive Feature Elimination (RFE) is applied to refine the feature selection. The impact of the selected feature set on the performance of Deep Learning (DL) models (CNN, RNN, GRU, and LSTM) is evaluated using the IoT-Botnet 2020 dataset, considering detection accuracy, precision, recall, F1-measure, and False Positive Rate (FPR). All DL models achieved the highest detection accuracy, precision, recall, and F1 measure values, ranging from 97.05% to 97.87%, 96.99% to 97.95%, 99.80% to 99.95%, and 98.45% to 98.87%, respectively.
The significant surge in Internet of Things (IoT) devices presents substantial challenges to network security. Hackers are afforded a larger attack surface to exploit as more devices become interconnected. Furthermore, the sheer volume of data these devices generate can overwhelm conventional security systems, compromising their detection capabilities. To address these challenges posed by the increasing number of interconnected IoT devices and the data overload they generate, this paper presents an approach based on meta-learning principles to identify attacks within IoT networks. The proposed approach constructs a meta-learner model by stacking the predictions of three Deep-Learning (DL) models: RNN, LSTM, and CNN. Subsequently, the identification by the meta-learner relies on various methods, namely Logistic Regression (LR), Multilayer Perceptron (MLP), Support Vector Machine (SVM), and Extreme Gradient Boosting (XGBoost). To assess the effectiveness of this approach, extensive evaluations are conducted using the IoT dataset from 2020. The XGBoost model showcased outstanding performance, achieving the highest accuracy (98.75%), precision (98.30%), F1-measure (98.53%), and AUC-ROC (98.75%). On the other hand, the SVM model exhibited the highest recall (98.90%), representing a slight improvement of 0.14% over the performance achieved by XGBoost.
Software Defined Network (SDN) has alleviated traditional network limitations but faces a significant challenge due to the risk of Distributed Denial of Service (DDoS) attacks against an SDN controller, with current detection methods lacking evaluation on unrealistic SDN datasets and standard DDoS attacks (i.e., high-rate DDoS attack). Therefore, a realistic dataset called HLD-DDoSDN is introduced, encompassing prevalent DDoS attacks specifically aimed at an SDN controller, such as User Internet Control Message Protocol (ICMP), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP). This SDN dataset also incorporates diverse levels of traffic fluctuations, representing different traffic variation rates (i.e., high and low rates) in DDoS attacks. It is qualitatively compared to existing SDN datasets and quantitatively evaluated across all eight scenarios to ensure its superiority. Furthermore, it fulfils the requirements of a benchmark dataset in terms of size, variety of attacks and scenarios, with significant features that highly contribute to detecting realistic SDN attacks. The features of HLD-DDoSDN are evaluated using a Deep Multilayer Perception (D-MLP) based detection approach. Experimental findings indicate that the employed features exhibit high performance in the detection accuracy, recall, and precision of detecting high and low-rate DDoS flooding attacks.