شناسایی حملات DDoS در سوئیچ های SDN با رویکرد یادگیری عمیق و هوش گروهی
محورهای موضوعی : اینترنت اشیا
محسن اقبالی
1
,
محمدرضا ملاخلیلی میبدی
2
1 - گروه مهندسی کامپیوتر، واحد میبد، دانشگاه آزاد اسلامی، میبد، ایران
2 - گروه مهندسی کامپیوتر، واحد میبد، دانشگاه آزاد اسلامی، میبد، ایران
کلید واژه: اینترنت اشیاء, یادگیری عمیق, شبکه SDN, حملات DDoS, سیستم تشخیص نفوذ,
چکیده مقاله :
در این مقاله، یک سیستم کارآمد تشخیص نفوذ برای اینترنت اشیا (IoT) ارائه شده است که به چالش گرههای IoT آلوده به بدافزارهای مختلف و تبدیل شدن هر دستگاه هوشمند به گره حملهکننده باتنت میپردازد. همچنین، مسائل موجود در سیستمهای تشخیص نفوذ فعلی، مانند انتخاب ویژگیهای هوشمند، عدم تعادل مجموعه دادههای آموزشی و تمرکزگرایی را نیز مد نظر قرار میدهد. سیستم پیشنهادی از معماری توزیعشده شبکههای نرمافزارمحور (SDN) بهره میبرد. روش پیشنهادی با متعادلسازی مجموعه دادهها با استفاده از تکنیک SMOTE آغاز میشود. سپس، ویژگیهای اساسی با استفاده از الگوریتم بهینهسازی کرکس آفریقایی انتخاب میشوند. در مرحله بعد، یک مدل یادگیری عمیق LSTM در کنترلر SDN آموزش داده میشود. سوئیچهای SDN از این مدل آموزشدیده برای تشخیص حملات استفاده میکنند. برای بهبود مقابله با حملات، آدرسهای گرههای حملهکننده بین سوئیچهای SDN به اشتراک گذاشته میشوند، که تشخیص سازگار را تضمین کرده و امکان جلوگیری موثر از حملات منع سرویس توزیعشده (DDoS) را در سراسر شبکه فراهم میکند. نتایج تجربی به دست آمده در MATLAB، با استفاده از مجموعه داده NSL-KDD، اثربخشی روش پیشنهادی را نشان میدهد و دقت 99.34٪، حساسیت 99.16٪ و دقت 98.93٪ را در تشخیص حملات به دست میآورد. روش پیشنهادی عملکرد بهتری نسبت به روشهای انتخاب ویژگی مبتنی بر الگوریتمهای WOA، HHO و AO، و روشهای یادگیری عمیق مانند LSTM، RNN و CNN، به ویژه در تشخیص حملات DDoS، دارد.
This paper introduces an efficient intrusion detection system for the Internet of Things, addressing the challenge of malware-infected IoT nodes acting as botnet attackers, along with issues in existing intrusion detection systems such as feature selection, data imbalance, and centralization. The proposed system leverages the distributed architecture of SDN. The method begins by balancing the dataset using the SMOTE technique. Essential features are then selected using the African Vulture Optimization Algorithm. Subsequently, an LSTM deep learning model is trained within the SDN controller. SDN switches utilize this trained model for attack detection. To enhance attack mitigation, attacking node addresses are shared among SDN switches, ensuring consistent recognition and enabling effective Distributed Denial-of-Service (DDoS) attack prevention across the network. Experimental results obtained in MATLAB, using the NSL-KDD dataset, demonstrate the proposed method’s effectiveness, achieving an accuracy of 99.34%, a sensitivity of 99.16%, and a precision of 98.93% in attack detection. The proposed method outperforms feature selection methods based on WOA, HHO, and AO algorithms, and deep learning methods like LSTM, RNN, and CNN, particularly in detecting DDoS attacks.
ارایه یک سیستم تشخیص نفوذ توزیع شده در بستر معماری SDN
متعادل سازی مجموعه داده با استفاده از روش SMOTE در کنترلر کننده SDN
ارایه یک نسخه انتخاب ویژگی و باینری از الگوریتم کرکس آفریقایی در تشخیص حملات
تلفیق هوش گروهی و یادگیری عمیق LSTM در شبکه SDN برای تشخیص حملات در اینترنت اشیاء
[1] B. Kaur, S. Dadkhah, F. Shoeleh, E. C. P. Neto, P. Xiong, S. Iqbal, P. Lamontagne, S. Ray and A. A. Ghorbani," Internet of things (IoT) security dataset evolution: Challenges and future directions," Internet of Things., vol. 22, p. 100780, July. 2023, doi: 10.1016/j.iot.2023.100780.
[2] H. Kareemullah, D. Najumnissa, M. M. Shajahan, M. Abhineshjayram, V. Mohan and S. A. Sheerin, "Robotic Arm controlled using IoT application," Computers and Electrical Engineering., vol. 105, p. 108539, Jun. 2023, doi: 10.1016/j.compeleceng.2022.108539.
[3] O. E. Tayfour, A. Mubarakali, A. E. Tayfour, M. N. Marsono, E. Hassan and A. M. Abdelrahman, "Adapting deep learning-LSTM method using optimized dataset in SDN controller for secure IoT," Soft Computing., pp. 1-9, Mar. 2023, doi: 10.1007/s00500-023-08348-w.
[4] A. Bashaiwth, H. Binsalleeh and B. AsSadhan, "An Explanation of the LSTM Model Used for DDoS Attacks Classification," Applied Sciences, vol. 13, no. 15, pp. 1-30, Jul. 2023, doi: 10.3390/app13158820.
[5] DDoS Attacks History. Radware. Available online: https://www.radware.com/security/ddos-knowledge-center/ddos-chronicles/ddos-attacks-history, accessed on 17 July 2023.
[6] K. P. Reddy, K. R. Raju, K. C. Mouli and M. Praveen, "An intelligent network intrusion detection system for anomaly analyzer using machine learning for software defined networks," In AIP Conference Proceedings, vol. 2548, no. 1, July 2023, doi: 10.1063/5.0118479.
[7] R. J. Gohari, L. Aliahmadipour and M. K. Rafsanjani, "Deep learning-based intrusion detection systems: A comprehensive survey of four main fields of cyber security," Journal of Mahani Mathematical Research Center, vol. 12, no. 2, pp. 289-324, May. 2023, doi: 10.22103/jmmr.2022.19961.1305.
[8] A. Javadpour, P. Pinto, F. Ja’fari and W. Zhang, "DMAIDPS: a distributed multi-agent intrusion detection and prevention system for cloud IoT environments," Cluster Computing, vol. 26, no. 1, pp. 367-384, May. 2022, doi: 10.1007/s10586-022-03621-3.
[9] S. Javanmardi, M. Shojafar, R. Mohammadi, M. Alazab and A. M. Caruso, "An SDN perspective IoT-Fog security: A survey," Computer Networks, vol. 229, p. 109732, June. 2023, doi: 10.1016/j.comnet.2023.109732.
[10] P. Kumari and A. K. Jain, "A comprehensive study of DDoS attacks over IoT network and their countermeasures," Computers & Security, vol. 127, p. 103096, April 2023, doi: 10.1016/j.cose.2023.103096.
[11] Y. Gao and M. Xu, "Defense against software-defined network topology poisoning attacks," Tsinghua Science and Technology, vol. 28, no. 1, pp. 39-46, February 2023, doi: 10.26599/TST.2021.9010077.
[12] C. Singh and A. K. Jain, "Detection and Mitigation of DDoS Attacks on SDN Controller in IoT Network using Gini Impurity," Computer Security and Reliability, pp. 1-27, May 2023, doi: 10.21203/rs.3.rs-2991752/v1.
[13] D. Jin, S. Chen, H. He, X. Jiang, S. Cheng and J. Yang, "Federated Incremental Learning based Evolvable Intrusion Detection System for Zero-Day Attacks," IEEE Network, vol. 37, no. 1, pp. 125-132, April 2023, doi: 10.1109/MNET.018.2200349.
[14] O. Habibi, M. Chemmakha, and M. Lazaar, "Imbalanced tabular data modelization using CTGAN and machine learning to improve IoT Botnet attacks detection," Engineering Applications of Artificial Intelligence, vol. 118, p. 105669, Feb. 2023, doi: 10.1016/j.engappai.2022.105669.
[15] B. Abdollahzadeh, F. S. Gharehchopogh and S. Mirjalili, "African vultures optimization algorithm: A new nature-inspired metaheuristic algorithm for global optimization problems," Computers & Industrial Engineering, vol. 158, p. 107408, 2021, doi: 10.1016/j.cie.2021.107408.
[16] R. M. A. Haseeb-ur-rehman, A. H. M. Aman, M. K. Hasan, K. A. Z. Ariffin, A. Namoun, A. Tufail and K. H. Kim, "High-Speed Network DDoS Attack Detection: A Survey," Sensors, vol. 23, no. 6850, Aug. 2023, doi: 10.3390/s23156850.
[17] S. Ullah, Z. Mahmood, N. Ali, T. Ahmad and A. Buriro, "Machine Learning-Based Dynamic Attribute Selection Technique for DDoS Attack Classification in IoT Networks," Computers, vol. 12, no. 115, May 2023, doi: 10.3390/computers12060115.
[18] Ö. Tonkal, H. Polat, E. Başaran, Z. Cömert and R. Kocaoğlu, "Machine learning approach equipped with neighbourhood component analysis for DDoS attack detection in software-defined networking," Electronics, vol. 10, no. 11, p. 1227, 2021, doi: 10.3390/electronics10111227.
[19] H. Zhou, Y. Zheng, X. Jia and J. Shu, "Collaborative prediction and detection of DDoS attacks in edge computing: A deep learning-based approach with distributed SDN," Computer Networks, vol. 225, p. 109642, April 2023, doi: 10.1016/j.comnet.2023.109642.
[20] M. Cherian and S. L. Varma, "Secure SDN–IoT Framework for DDoS Attack Detection Using Deep Learning and Counter Based Approach," Journal of Network and Systems Management, vol. 31, no. 54, 2023, doi: 10.1007/s10922-023-09749-w.
[21] T. M. Ghazal, N. A. Al-Dmour, R. A. Said, A. Omidvar, U. Y. Khan, T. R. Soomro, H. M. Alzoubi, M. Alshurideh, T. M. Abdellatif, A. Moubayed and L. Ali, "DDoS Intrusion Detection with Ensemble Stream Mining for IoT Smart Sensing Devices," In The Effect of Information Technology on Business and Marketing Intelligence Systems, pp. 1987-2012, 2023, doi: 10.1007/978-3-031-12382-5_109.
[22] X. H. Nguyen and K. H. Le, "Robust detection of unknown DoS/DDoS attacks in IoT networks using a hybrid learning model," Internet of Things, vol. 23, p. 100851, 2023, doi: 10.1016/j.iot.2023.100851.
[23] A. Hekmati, N. Jethwa, E. Grippo and B. Krishnamachari, "Correlation-Aware Neural Networks for DDoS Attack Detection In IoT Systems," Computer Science, Feb. 2023,
doi: 10.48550/arXiv.2302.07982.
[24] N. Pandey and P. K. Mishra, "Performance analysis of entropy variation-based detection of DDoS attacks in IoT," Internet of Things, vol. 23, p. 100812, October. 2023, doi: 10.1016/j.iot.2023.100812.
[25] P. Shukla, C. R. Krishna and N. V. Patil, "EIoT-DDoS: embedded classification approach for IoT traffic-based DDoS attacks," Cluster Computing, pp. 1-20, 2023, doi: 10.1007/s10586-023-04027-5.
[26] S. S. S. Othman, C. F. M. Foozy and S. N. B. Mustafa, "Feature Selection of Distributed Denial of Service (DDos) IoT Bot Attack Detection Using Machine Learning Techniques," Journal of Soft Computing and Data Mining, vol. 4, no. 1, pp. 63-71, 2023, doi: 10.30880/jscdm.2023.04.01.006.
[27] I. Priyadarshini, P. Mohanty, A. Alkhayyat, R. Sharma and S. Kumar, "SDN and application layer DDoS attacks detection in IoT devices by attention‐based Bi‐LSTM‐CNN," Transactions on Emerging Telecommunications Technologies, vol. 34, no. 4, pp. 1-14, Feb.2023, doi: 10.1002/ett.4758.
[28] J. N. Lee and J. Y. Lee, "An Efficient SMOTE-Based Deep Learning Model for Voice Pathology Detection," Applied Sciences, vol. 13, no. 3571, Feb. 2023, doi: 10.3390/app13063571.
[29] J. Too, A. R. Abdullah and N. Mohd Saad, "Binary competitive swarm optimizer approaches for feature selection," Computation, vol. 7, no. 31, 2019, doi: 10.3390/computation7020031.
[30] R. Elsayed, R. Hamada, M. Hammoudeh, M. Abdalla and S. A. Elsaid, "A Hierarchical Deep Learning-Based Intrusion Detection Architecture for Clustered Internet of Things," Journal of Sensor and Actuator Networks, vol. 12, no. 3, December 2022, doi: 10.3390/jsan12010003.
[31] G. Dlamini and M. Fahim, "DGM: a data generative model to improve minority class presence in anomaly detection domain," Neural Computing and Applications, vol. 33, no. 33, pp. 13635-13646, 2021, doi: 10.1007/s00521-021-05993-w.
[32] K. O. Adefemi Alimi, K. Ouahada, A. M. Abu-Mahfouz, S. Rimer and O. A. Alimi, "Refined LSTM based intrusion detection for denial-of-service attack in Internet of Things," Journal of sensor and actuator networks, vol. 11, no. 32, July 2022, doi: 10.3390/jsan11030032.
[33] M. Bakro, R. R. Kumar, A. A. Alabrah, Z. Ashraf, S. K. Bisoy, N. Parveen, S. Khawatmi and A. Abdelsalam, "Efficient Intrusion Detection System in the Cloud Using Fusion Feature Selection Approaches and an Ensemble Classifier," Electronics, vol. 12, no. 11, May 2023, doi: 10.3390/electronics12112427.
[34] M. H. Alwan, Y. I. Hammadi, O. A. Mahmood, A. Muthanna and A. Koucheryavy, "High Density Sensor Networks Intrusion Detection System for Anomaly Intruders Using the Slime Mould Algorithm," Electronics, vol. 11, no. 20, October 2022, doi: 10.3390/electronics11203332.
