An FCM-based hybrid method for DDoS attack detection in resource-constrained devices

IF 2.2 4区计算机科学 Q3 TELECOMMUNICATIONS

Annals of Telecommunications Pub Date : 2025-10-27 DOI:10.1007/s12243-025-01130-z

Prathibha Keshavamurthy, Sarvesh Kulkarni

{"title":"An FCM-based hybrid method for DDoS attack detection in resource-constrained devices","authors":"Prathibha Keshavamurthy, Sarvesh Kulkarni","doi":"10.1007/s12243-025-01130-z","DOIUrl":null,"url":null,"abstract":"<div><p>Smart interconnected devices belonging to the Internet of Things ecosystem are resource-constrained in terms of hardware and software. They are also prime attack targets for malicious parties. Although there has been an extensive exploration of attack detection methods rooted in machine learning, such approaches necessitate high processing overhead, which is ill-suited for devices of modest processing capabilities. Furthermore, machine learning algorithms are opaque black boxes. Therefore, we present a novel hybrid approach to detect distributed denial-of-service attacks using fuzzy cognitive maps paired with machine learning feature selection. Our approach incorporates contextual information (features) drawn from network packets. We utilize feature selection methods to compute the weights of the features. The weights capture the influence of each input feature on the target output feature that determines the classification of any packet as malicious or benign. The features and weights are used to construct a fuzzy cognitive map for each type of attack. The fuzzy cognitive map is then used to train and test the dataset. We also auto-compute a threshold value that allows our model to classify a packet as malicious or benign. Our model performs best using the weights computed by two particular statistical feature selection algorithms, namely, SelectKBest-Classification and SelectKBest Chi-squared, combined with FCM. Our experiments show that this hybrid approach is simple, reliable, and transparent with a low memory footprint, and therefore well-suited for devices with limited resources.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"80 -","pages":"1071 - 1094"},"PeriodicalIF":2.2000,"publicationDate":"2025-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s12243-025-01130-z.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annals of Telecommunications","FirstCategoryId":"94","ListUrlMain":"https://link.springer.com/article/10.1007/s12243-025-01130-z","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Smart interconnected devices belonging to the Internet of Things ecosystem are resource-constrained in terms of hardware and software. They are also prime attack targets for malicious parties. Although there has been an extensive exploration of attack detection methods rooted in machine learning, such approaches necessitate high processing overhead, which is ill-suited for devices of modest processing capabilities. Furthermore, machine learning algorithms are opaque black boxes. Therefore, we present a novel hybrid approach to detect distributed denial-of-service attacks using fuzzy cognitive maps paired with machine learning feature selection. Our approach incorporates contextual information (features) drawn from network packets. We utilize feature selection methods to compute the weights of the features. The weights capture the influence of each input feature on the target output feature that determines the classification of any packet as malicious or benign. The features and weights are used to construct a fuzzy cognitive map for each type of attack. The fuzzy cognitive map is then used to train and test the dataset. We also auto-compute a threshold value that allows our model to classify a packet as malicious or benign. Our model performs best using the weights computed by two particular statistical feature selection algorithms, namely, SelectKBest-Classification and SelectKBest Chi-squared, combined with FCM. Our experiments show that this hybrid approach is simple, reliable, and transparent with a low memory footprint, and therefore well-suited for devices with limited resources.

查看原文本刊更多论文

一种基于fcm的资源受限设备DDoS攻击检测混合方法

属于物联网生态系统的智能互联设备在硬件和软件方面都是资源受限的。它们也是恶意方的主要攻击目标。尽管人们对基于机器学习的攻击检测方法进行了广泛的探索，但这种方法需要很高的处理开销，这并不适合处理能力中等的设备。此外，机器学习算法是不透明的黑盒子。因此，我们提出了一种新的混合方法，使用模糊认知地图与机器学习特征选择相结合来检测分布式拒绝服务攻击。我们的方法结合了从网络数据包中提取的上下文信息（特征）。我们利用特征选择方法来计算特征的权重。权重捕获每个输入特征对目标输出特征的影响，确定任何数据包的分类为恶意或良性。利用特征和权值为每种攻击类型构建模糊认知图。然后使用模糊认知图来训练和测试数据集。我们还自动计算一个阈值，允许我们的模型将数据包分类为恶意或良性。我们的模型使用两种特定的统计特征选择算法（即SelectKBest- classification和SelectKBest Chi-squared）结合FCM计算的权重时表现最佳。我们的实验表明，这种混合方法简单、可靠、透明，内存占用少，因此非常适合资源有限的设备。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Annals of Telecommunications 工程技术-电信学

CiteScore

5.20

自引率

5.30%

发文量

审稿时长

4.5 months

期刊介绍： Annals of Telecommunications is an international journal publishing original peer-reviewed papers in the field of telecommunications. It covers all the essential branches of modern telecommunications, ranging from digital communications to communication networks and the internet, to software, protocols and services, uses and economics. This large spectrum of topics accounts for the rapid convergence through telecommunications of the underlying technologies in computers, communications, content management towards the emergence of the information and knowledge society. As a consequence, the Journal provides a medium for exchanging research results and technological achievements accomplished by the European and international scientific community from academia and industry.