Development and evaluation of ensemble learning models for detection of distributed denial-of-service attacks in ınternet of things

Abstract

Internet of Things that process tremendous confidential data have difficulty performing traditional security algorithms, thus their security is at risk. The security tasks to be added to these devices should be able to operate without disturbing the smooth operation of the system so that the availability of the system will not be impaired. While various attack detection systems can detect attacks with high accuracy rates, it is often impossible to integrate them into Internet of Things devices. Therefore, in this work, the new Distributed Denial-of-Service (DDoS) detection models using feature selection and learning algorithms jointly are proposed to detect DDoS attacks, which are the most common type encountered by Internet of Things networks. Additionally, this study evaluates the memory consumption of single-based, bagging, and boosting algorithms on the client-side which has scarce resources. Not only the evaluation of memory consumption but also development of ensemble learning models refer to the novel part of this study. The data set consisting of 79 features in total created for the detection of DDoS attacks was minimized by selecting the two most significant features. Evaluation results confirm that the DDoS attack can be detected with high accuracy and less memory usage by the base models compared to complex learning methods such as bagging and boosting models. As a result, the findings demonstrate the feasibility of the base models, for the Internet of Things DDoS detection task, due to their application performance.