Deep Ensemble Learning With Pruning for DDoS Attack Detection in IoT Networks

Abstract

The upsurge of Internet of Things (IoT) devices has increased their vulnerability to Distributed Denial of Service (DDoS) attacks. DDoS attacks have evolved into complex multi-vector threats that high-volume and low-volume attack strategies, posing challenges for detection using traditional methods. These challenges highlight the importance of reliable detection and prevention measures. This paper introduces a novel Deep Ensemble learning with Pruning (DEEPShield) system, to efficiently detect both high- and low-volume DDoS attacks in resource-constrained environments. The DEEPShield system uses ensemble learning by integrating a Convolutional Neural Network (CNN) and a Long Short-Term Memory (LSTM) network with a network traffic analysis system. This system analyzes and preprocesses network traffic while being data-agnostic, resulting in high detection accuracy. In addition, the DEEPShield system applies unit pruning to refine ensemble models, optimizing them for deployment on edge devices while maintaining a balance between accuracy and computational efficiency. To address the lack of a detailed dataset for high- and low-volume DDoS attacks, this paper also introduces a dataset named HL-IoT, which includes both attack types. Furthermore, the testbed evaluation of the DEEPShield system under various load scenarios and network traffic loads showcases its effectiveness and robustness. Compared to the state-of-the-art deep ensembles and deep learning methods across various datasets, including HL-IoT, ToN-IoT, CICIDS-17, and ISCX-12, the DEEPShield system consistently achieves an accuracy over 90% for both DDoS attack types. Furthermore, the DEEPShield system achieves this performance with reduced memory and processing requirements, underscoring its adaptability for edge computing scenarios.