Detection and classification of DDoS flooding attacks in smart home networks using machine learning techniques and rule-based algorithm

Tools

Kazaure, A.W., 2023. Detection and classification of DDoS flooding attacks in smart home networks using machine learning techniques and rule-based algorithm. PhD, Nottingham Trent University.

Preview

Text
Asmau Kazaure 2024.pdf - Published version
Download (12MB) | Preview

Abstract

Smart homes are gaining more popularity by the day due to the ease they provide in terms of running our homes. However, the energy and resource constrained nature of the smart home devices make security integration challenging, thus making them prone to cyber-attacks. DDoS remains one of the most threatening attacks to this network and IoT in general. To curb this issue, there is a need to study the behavioural pattern of this attack and smart home devices at a low level. This will aid in designing a timely and more effective DDoS detection and attack type classification system, which is what this thesis presents.

This research collects DDoS and benign traffic in a real smart home environment and performs an Exploratory Data Analysis (EDA), visualizing the behavioural pattern of DDoS flooding attacks when targeted at smart home networks in comparison to the benign smart home traffic pattern. Specific smart home traffic properties were selected, correlated, and visualized showing their reversed behaviour during an attack compared to their normal benign nature. To further validate the findings, public IoT datasets were analysed in the same manner and the same results were achieved. The results and observations from the findings are used to propose and implement a novel hybrid anomaly and feature-based DDoS detection and attack type classification system.

The implemented system detects and classifies a wide range of DDoS flooding attacks at the very onset including unfamiliar, amplification, and protocol-based attacks. To validate this system, it is tested rigorously on both private and public sourced benign and infiltrated smart home traffic. An excellent performance was recorded making it not user, device or attack centric among other benefits.

Due to the excellent performance recorded, the attack type classification approach was further applied to a supervised machine learning model, Random Forest. This was tested to find out the performance of the Random Forest model in attack type classification compared to when it is coupled with the classification module from the hybrid anomaly and feature-based solution. The performance clearly showed the latter outperforming the Random Forest model on its own by far in terms of attack type classification, thus proving that domain knowledge is very important when it comes to security design and implementation even when using Machine Leaning models.

Item Type:

Thesis

Creators:

Kazaure, A.W.

Contributors: