1 research outputs found
Correlation-Aware Neural Networks for DDoS Attack Detection In IoT Systems
We present a comprehensive study on applying machine learning to detect
distributed Denial of service (DDoS) attacks using large-scale Internet of
Things (IoT) systems. While prior works and existing DDoS attacks have largely
focused on individual nodes transmitting packets at a high volume, we
investigate more sophisticated futuristic attacks that use large numbers of IoT
devices and camouflage their attack by having each node transmit at a volume
typical of benign traffic. We introduce new correlation-aware architectures
that take into account the correlation of traffic across IoT nodes, and we also
compare the effectiveness of centralized and distributed detection models. We
extensively analyze the proposed architectures by evaluating five different
neural network models trained on a dataset derived from a 4060-node real-world
IoT system. We observe that long short-term memory (LSTM) and a
transformer-based model, in conjunction with the architectures that use
correlation information of the IoT nodes, provide higher performance (in terms
of F1 score and binary accuracy) than the other models and architectures,
especially when the attacker camouflages itself by following benign traffic
distribution on each transmitting node. For instance, by using the LSTM model,
the distributed correlation-aware architecture gives 81% F1 score for the
attacker that camouflages their attack with benign traffic as compared to 35%
for the architecture that does not use correlation information. We also
investigate the performance of heuristics for selecting a subset of nodes to
share their data for correlation-aware architectures to meet resource
constraints.Comment: 16 pages, 17 figures, journa