Article Preview
Top1. Introduction
The term Internet of Things (IoT) refers to all objects embedded with electronics, software, sensors, and actuators and connected via the Internet. These devices operate without human intervention and continuously exchange, collect, store and share data with each other. IoT devices are equipped with smart meters, sensors, processing power, chargers, tools, electrical vehicles and portable devices, which offer a variety of diverse features. They can be deployed in many environments such as home automation, industrial process monitoring and control, entertainment, electronic health and safety that automate and monitor all the daily activities (Yan, Zhang, and Vasilakos, 2014).
According to the report of the International Data Corporation (IDC), the rapid growth in the number of IoT devices automated network system is expected to increase from 8 billion in 2018 to 41 billion in 2022 (Jing, Vasilakos, and Qiu, 2018). However, the increasing demand and the rise of the Internet of Things popularity have made IoT devices a powerful amplifying platform for cyber-attacks. Because the IoT manufacturers have failed to implement a robust security system in the devices, security experts have warned the potential risk of a large numbers of unsecured devices connected to the Internet (Margaret Rouse,2013).They pointed that security measures that have been used become vulnerable with the vulnerability of IoT devices (Brian and Cynthia Larose,2016). Also, IoT devices use a wireless medium to broadcast data which makes them an easier target for an attack. In the local network, the normal communication attack is limited to small local domain or local nodes, however in IoT environment; attack expands over a larger scale domain and has devastating effects on IoT application of computer security. In addition, these attacks can cause electrical blackouts, failure of military equipment, breaches of national security secrets and other damage. The effects of these security issues may cause major interference to services operation (Talkin Cloud, 2016).
Some of the most extensive and destructive network cyber-attacks deployed in IoT environment is the Distributed Denial of Service (DDoS) attack. A DDoS attack is exemplified by the direct attempt of attackers to prevent legitimate users from using a specific service. Also, DDoS attacks is distributed in the way that the attacker is using multiple computers as attack platforms to launch DDoS attacks on one or more targets (the victim or related network) with the help of Control & Scan server technology. In addition, there are several types of DDoS attacks namely, SYN-flood, UDP-flood, SCAN-flood, ACK-flood, UDP-flood, Connection DDoS, DNS Reflect, ICMP-flood and so on (Mousavi, and Sthilaire, 2015). The main aim of the attackers is to jam the resources in order to deny services to the recipients. Attackers cause several strategies to achieve this goal, one of which is by flooding the network with bogus requests.
Thenceforth, a secured IoT infrastructure is necessary and requires immediate attention for the protection from DDoS attacks. In other hand, the rise of DDoS attacks in IoT applications motivates the development of new techniques to identify and block attack traffic from IoT devices. There are some detection methods to solve the problem mentioned above. Detection methods can be either, signature-based or anomaly based. The signature based solution establishes incoming traffic against the DDoS attack already known in the database, while the anomaly based scheme detects the DDoS attack as a behavioural deviation from normal traffic. However, with the constant increase in the attacker’s power resources and types, and with the development of Internet technology signature-based methods are unable to capture and detect new complex attacks, including various types of DDoS attacks, and they are vulnerable to unknown threats (Dong, Du, and Zhang, 2016).
Recent researchers in DDoS attacks detection have shown the promise of the intrusion detection system (IDS) based on deep learning methods, ensemble methods and machine learning methods (ML) (al quatf et al,2017, Yin et al, 2017;and Vinayakumar et al,2017). The deep learning methods exploit many layers of information processing stages for unsupervised feature learning and for pattern analysis or classification such as auto Encoder deep neural network (DNN), deep belief network (DBN), and recurrent neural network (RNN). The Ensemble learning techniques uses various ensemble to improve detection performance, including bagging, stacking, and combined classiðer methods. The last category use the recording of DDoS attack traffic features (Kakihata et al, 2017; XIANWEI et al, 2019; and Ahmad et al, 2017) to build a classiðer to detect intrusions such as support vector machines (SVM), decision tree (DT), and Multi-layer perceptron (MLP).