Kafka‐Shield: Kafka Streams‐based distributed detection scheme for IoT traffic‐based DDoS attacks

SECURITY AND PRIVACY Pub Date : 2024-05-21 DOI:10.1002/spy2.416

Praveen Shukla, C. R. Krishna, N. Patil

{"title":"Kafka‐Shield: Kafka Streams‐based distributed detection scheme for IoT traffic‐based DDoS attacks","authors":"Praveen Shukla, C. R. Krishna, N. Patil","doi":"10.1002/spy2.416","DOIUrl":null,"url":null,"abstract":"With the rapid proliferation of insecure Internet of Things (IoT) devices, the security of Internet‐based applications and networks has become a prominent concern. One of the most significant security threats encountered in IoT environments is a Distributed Denial of Service (DDoS) attack. This attack can severely disrupt critical services and prevent smart devices from functioning normally, leading to severe consequences for businesses and individuals. It aims to overwhelm victims' resources, websites, and other services by flooding them with massive attack packets, making them inaccessible to legitimate users. Researchers have developed multiple detection schemes to detect DDoS attacks. As technology advances and other facilitating factors have increased, it is a challenge to identify such powerful attacks in real‐time. In this paper, we propose a novel distributed detection scheme for IoT network traffic‐based DDoS attacks by deploying it in a Kafka Streams processing framework named Kafka‐Shield. The Kafka‐Shield comprises two stages: design and deployment. Firstly, the detection scheme is designed on the Hadoop cluster employing a highly scalable H2O.ai machine learning platform. Secondly, a portable, scalable, and distributed detection scheme is deployed on the Kafka Streams processing framework. To analyze the incoming traffic data and categorize it into nine target classes in real time. Additionally, Kafka‐Shield stores each network flow with significant input features and the predicted outcome in the Hadoop Distributed File System (HDFS). It enables the development of new models or updating current ones. To validate the effectiveness of the Kafka‐Shield, we performed critical analysis using various configured attack scenarios. The experimental results affirm Kafka‐Shield's remarkable efficiency in detecting DDoS attacks. It has a detection rate of over 99% and can process 0.928 million traces in nearly 3.027 s.","PeriodicalId":506233,"journal":{"name":"SECURITY AND PRIVACY","volume":"34 31","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"SECURITY AND PRIVACY","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1002/spy2.416","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

With the rapid proliferation of insecure Internet of Things (IoT) devices, the security of Internet‐based applications and networks has become a prominent concern. One of the most significant security threats encountered in IoT environments is a Distributed Denial of Service (DDoS) attack. This attack can severely disrupt critical services and prevent smart devices from functioning normally, leading to severe consequences for businesses and individuals. It aims to overwhelm victims' resources, websites, and other services by flooding them with massive attack packets, making them inaccessible to legitimate users. Researchers have developed multiple detection schemes to detect DDoS attacks. As technology advances and other facilitating factors have increased, it is a challenge to identify such powerful attacks in real‐time. In this paper, we propose a novel distributed detection scheme for IoT network traffic‐based DDoS attacks by deploying it in a Kafka Streams processing framework named Kafka‐Shield. The Kafka‐Shield comprises two stages: design and deployment. Firstly, the detection scheme is designed on the Hadoop cluster employing a highly scalable H2O.ai machine learning platform. Secondly, a portable, scalable, and distributed detection scheme is deployed on the Kafka Streams processing framework. To analyze the incoming traffic data and categorize it into nine target classes in real time. Additionally, Kafka‐Shield stores each network flow with significant input features and the predicted outcome in the Hadoop Distributed File System (HDFS). It enables the development of new models or updating current ones. To validate the effectiveness of the Kafka‐Shield, we performed critical analysis using various configured attack scenarios. The experimental results affirm Kafka‐Shield's remarkable efficiency in detecting DDoS attacks. It has a detection rate of over 99% and can process 0.928 million traces in nearly 3.027 s.

查看原文本刊更多论文

Kafka-Shield：针对基于物联网流量的 DDoS 攻击的基于 Kafka 流的分布式检测方案

随着不安全的物联网（IoT）设备的迅速扩散，基于互联网的应用程序和网络的安全性已成为一个突出的问题。物联网环境中遇到的最严重的安全威胁之一是分布式拒绝服务（DDoS）攻击。这种攻击会严重扰乱关键服务，使智能设备无法正常运行，给企业和个人带来严重后果。其目的是通过大量攻击数据包淹没受害者的资源、网站和其他服务，使合法用户无法访问。研究人员开发了多种检测方案来检测 DDoS 攻击。随着技术的进步和其他有利因素的增加，要实时识别这种强大的攻击是一项挑战。在本文中，我们针对基于物联网网络流量的 DDoS 攻击提出了一种新型分布式检测方案，并将其部署在名为 Kafka-Shield 的 Kafka Streams 处理框架中。Kafka-Shield 包括两个阶段：设计和部署。首先，利用高度可扩展的 H2O.ai 机器学习平台，在 Hadoop 集群上设计检测方案。其次，在 Kafka Streams 处理框架上部署可移植、可扩展的分布式检测方案。对传入的流量数据进行分析，并实时将其分为九个目标类别。此外，Kafka-Shield 还将每个网络流的重要输入特征和预测结果存储在 Hadoop 分布式文件系统（HDFS）中。这使得开发新模型或更新现有模型成为可能。为了验证 Kafka-Shield 的有效性，我们使用各种配置的攻击场景进行了临界分析。实验结果证实了 Kafka-Shield 在检测 DDoS 攻击方面的显著效率。它的检测率超过 99%，可在近 3.027 秒内处理 0.928 百万条痕迹。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

SECURITY AND PRIVACY

自引率

0.00%

发文量