A Hybrid Intrusion Detection Model to Alleviate Denial of Service and Distributed Denial of Service Attacks in Internet of Things

Abstract

The Internet of Things (IoT) refers to a network of interconnected smart devices. The growth of IoT devices has increased the vulnerability of the network to attacks, such as Denial of Service (DoS) and Distributed Denial of Service (DDoS). Denial-of-Service (DoS) attacks are malicious activities aimed at rendering a computer network, system, or online service unavailable to legitimate users. This research addresses the growing vulnerability of IoT networks to DoS/DDoS attacks by developing a hybrid intrusion detection model to detect these attacks. The model integrates Kalman Filter (KF) with Artificial Neural Network (KF-ANN), Random Forest (KF-RF), Support Vector Machine (KF-SVM) and K-Nearest Neighbor (KF-KNN) machine learning models. The Kalman filter is an efficient tool for estimating the state of a system especially in the midst of uncertainty. Kalman filter was used to estimate the state of the system while the machine learning models were used to make predictions based on the estimated state to detect attacks in IoT. The model was tested using the DoS/DDoS Message Queueing Telemetry Protocol (MQTT) IoT dataset. Results shows Receiver Operative Curve Area Under the Curve (ROC-AUC) of 0.99% for KF-ANN and KF-RF, 0.98% and 0.97% for KF-KNN and KF-SVM. Detection accuracy of approximately 0.96%, 0.94% and 93% for KF-RF and KF-ANN, KF-KNN and KF-SVM respectively