Detection of DIS Flooding Attacks in IoT Networks Using Machine Learning Methods

“…However, these studies have been limited in contribution because of the datasets used. Some of them (Al-Hadhrami & Hussain, 2020;Bhale, Dey, Biswas & Nandi, 2020;Cakir, Toklu & Yalcin, 2020;Cakir & Yalcin, 2021;Mbarek, Ge & Pitner, 2020;Sharma, Elmiligi, Gebali & Verma, 2019;Verma & Ranga, 2020;Yavuz, Ünal & Gül, 2018) use simulation data for developing their models but such data may not be very convenient to develop machine learning models especially in realistic attack scenarios because simulators simulate a certain behavior and the data generated by them may not be very realistic. Some other works (Mounica, Vijayasaraswathi & Vasavi, 2021;Rezvy, Luo, Petridis, Lasebae & Zebin, 2019), on the other hand, use outdated network datasets which consist of generic network attacks.…”

“…Therefore, they are not also suitable for developing IoT-specific intrusion detection systems and we aim to generate a dataset which consists of the traffic data collected from IoT devices in a real testbed in order to develop our models. (iii) Furthermore, the detection capabilities of the proposed models are restricted in the previous works (Cakir et al, 2020;Cakir & Yalcin, 2021;Ioannou & Vassiliou, 2020;Meidan, Bohadana, Mathov, Mirsky, Shabtai, Breitenbacher & Elovici, 2018;Mounica et al, 2021;Thamilarasu & Chawla, 2019;Yavuz et al, 2018) because they generally propose binary classifiers which classify each attack type against benign traffic separately in the form of anomaly detectors. This requires to develop separate models for different attack types so that such systems do not scale well.…”

“…Therefore, we aim to develop a node-based detection system by extracting node-level features to model the traffic characteristics of the nodes and pinpoint the exact location of the attackers. (v) Finally, the number of attacks aimed to be detected in the previous works (Al-Hadhrami & Hussain, 2020;Anthi, Williams, Słowińska, Theodorakopoulos & Burnap, 2019;Bhale et al, 2020;Cakir et al, 2020;Cakir & Yalcin, 2021;Ioannou & Vassiliou, 2020;Le, Park, Cho & Kim, 2018;Mbarek et al, 2020;Mounica et al, 2021;Raza et al, 2013;Rezvy et al, 2019;Sharma et al, 2019;Verma & Ranga, 2020;Yavuz et al, 2018) ranges from 1 to 4 so that their attack variety is relatively low. They also focus on only one type of attacker: insider or outsider.…”

“…There exists many studies that propose intrusion detection systems developed using simulationbased IoT data. In addition to the aforementioned works, most of the previous studies (Cakir et al, 2020;Cakir & Yalcin, 2021;Ioannou & Vassiliou, 2020;Mounica et al, 2021;Yavuz et al, 2018) develop binary classifiers in the form of anomaly detection models and this requires developing separate models for each attack type preventing the system to scale. Meidan et al (Meidan et al, 2018) propose an anomaly detection system using autoencoders for detecting the Mirai and Bashlite botnets.…”

“…Çakır et al(Cakir et al, 2020) leverage simulation data to detect hello flood attacks against benign traffic. There are many such studies(Al-Hadhrami & Hussain, 2020;Bhale et al, 2020;Cakir & Yalcin, 2021;Mbarek et al, 2020;Verma & Ranga, 2020) that use simulators to collect IoT attack datasets. However, simulators simulate a certain behavior and simulation data may not reflect the exact characteristics of a real attack traffic.…”

Data driven intrusion detection for 6LoWPAN based IoT systems

“…However, these studies have been limited in contribution because of the datasets used. Some of them (Al-Hadhrami & Hussain, 2020;Bhale, Dey, Biswas & Nandi, 2020;Cakir, Toklu & Yalcin, 2020;Cakir & Yalcin, 2021;Mbarek, Ge & Pitner, 2020;Sharma, Elmiligi, Gebali & Verma, 2019;Verma & Ranga, 2020;Yavuz, Ünal & Gül, 2018) use simulation data for developing their models but such data may not be very convenient to develop machine learning models especially in realistic attack scenarios because simulators simulate a certain behavior and the data generated by them may not be very realistic. Some other works (Mounica, Vijayasaraswathi & Vasavi, 2021;Rezvy, Luo, Petridis, Lasebae & Zebin, 2019), on the other hand, use outdated network datasets which consist of generic network attacks.…”

“…Therefore, they are not also suitable for developing IoT-specific intrusion detection systems and we aim to generate a dataset which consists of the traffic data collected from IoT devices in a real testbed in order to develop our models. (iii) Furthermore, the detection capabilities of the proposed models are restricted in the previous works (Cakir et al, 2020;Cakir & Yalcin, 2021;Ioannou & Vassiliou, 2020;Meidan, Bohadana, Mathov, Mirsky, Shabtai, Breitenbacher & Elovici, 2018;Mounica et al, 2021;Thamilarasu & Chawla, 2019;Yavuz et al, 2018) because they generally propose binary classifiers which classify each attack type against benign traffic separately in the form of anomaly detectors. This requires to develop separate models for different attack types so that such systems do not scale well.…”

“…Therefore, we aim to develop a node-based detection system by extracting node-level features to model the traffic characteristics of the nodes and pinpoint the exact location of the attackers. (v) Finally, the number of attacks aimed to be detected in the previous works (Al-Hadhrami & Hussain, 2020;Anthi, Williams, Słowińska, Theodorakopoulos & Burnap, 2019;Bhale et al, 2020;Cakir et al, 2020;Cakir & Yalcin, 2021;Ioannou & Vassiliou, 2020;Le, Park, Cho & Kim, 2018;Mbarek et al, 2020;Mounica et al, 2021;Raza et al, 2013;Rezvy et al, 2019;Sharma et al, 2019;Verma & Ranga, 2020;Yavuz et al, 2018) ranges from 1 to 4 so that their attack variety is relatively low. They also focus on only one type of attacker: insider or outsider.…”

“…There exists many studies that propose intrusion detection systems developed using simulationbased IoT data. In addition to the aforementioned works, most of the previous studies (Cakir et al, 2020;Cakir & Yalcin, 2021;Ioannou & Vassiliou, 2020;Mounica et al, 2021;Yavuz et al, 2018) develop binary classifiers in the form of anomaly detection models and this requires developing separate models for each attack type preventing the system to scale. Meidan et al (Meidan et al, 2018) propose an anomaly detection system using autoencoders for detecting the Mirai and Bashlite botnets.…”

“…Çakır et al(Cakir et al, 2020) leverage simulation data to detect hello flood attacks against benign traffic. There are many such studies(Al-Hadhrami & Hussain, 2020;Bhale et al, 2020;Cakir & Yalcin, 2021;Mbarek et al, 2020;Verma & Ranga, 2020) that use simulators to collect IoT attack datasets. However, simulators simulate a certain behavior and simulation data may not reflect the exact characteristics of a real attack traffic.…”

Data driven intrusion detection for 6LoWPAN based IoT systems

Detecting of the Cyber Attacks on IoT-Based Network Devices Using Machine Learning Algorithms