Detection and classification of DDoS flooding attacks in smart home networks using machine learning techniques and rule-based algorithm

Kazaure, AW, 2023. Detection and classification of DDoS flooding attacks in smart home networks using machine learning techniques and rule-based algorithm. PhD, Nottingham Trent University.

[thumbnail of Asmau Kazaure 2024.pdf]
Preview
Text
Asmau Kazaure 2024.pdf - Published version

Download (12MB) | Preview

Abstract

Smart homes are gaining more popularity by the day due to the ease they provide in terms of running our homes. However, the energy and resource constrained nature of the smart home devices make security integration challenging, thus making them prone to cyber-attacks. DDoS remains one of the most threatening attacks to this network and IoT in general. To curb this issue, there is a need to study the behavioural pattern of this attack and smart home devices at a low level. This will aid in designing a timely and more effective DDoS detection and attack type classification system, which is what this thesis presents.

This research collects DDoS and benign traffic in a real smart home environment and performs an Exploratory Data Analysis (EDA), visualizing the behavioural pattern of DDoS flooding attacks when targeted at smart home networks in comparison to the benign smart home traffic pattern. Specific smart home traffic properties were selected, correlated, and visualized showing their reversed behaviour during an attack compared to their normal benign nature. To further validate the findings, public IoT datasets were analysed in the same manner and the same results were achieved. The results and observations from the findings are used to propose and implement a novel hybrid anomaly and feature-based DDoS detection and attack type classification system.

The implemented system detects and classifies a wide range of DDoS flooding attacks at the very onset including unfamiliar, amplification, and protocol-based attacks. To validate this system, it is tested rigorously on both private and public sourced benign and infiltrated smart home traffic. An excellent performance was recorded making it not user, device or attack centric among other benefits.

Due to the excellent performance recorded, the attack type classification approach was further applied to a supervised machine learning model, Random Forest. This was tested to find out the performance of the Random Forest model in attack type classification compared to when it is coupled with the classification module from the hybrid anomaly and feature-based solution. The performance clearly showed the latter outperforming the Random Forest model on its own by far in terms of attack type classification, thus proving that domain knowledge is very important when it comes to security design and implementation even when using Machine Leaning models.

Item Type: Thesis
Creators: Kazaure, A.W.
Contributors:
Name
Role
NTU ID
ORCID
Ma, X.
Thesis supervisor
CMP3MAX
He, J.
Thesis supervisor
CMP3HEJ
Date: March 2023
Rights: Copyright c 2023 by Asmau Wali Kazaure
Divisions: Schools > School of Science and Technology
Record created by: Laura Ward
Date Added: 15 Nov 2024 16:30
Last Modified: 15 Nov 2024 16:30
URI: https://irep.ntu.ac.uk/id/eprint/52584

Actions (login required)

Edit View Edit View

Statistics

Views

Views per month over past year

Downloads

Downloads per month over past year