A single flow detection enabled method for DDoS attacks in IoT based on traffic feature reconstruction and mapping
To address the slow response time of existing detection modules to Internet of things (IoT) distributed denial of service (DDoS) attacks, their low feature differentiation, and poor detection performance, a single flow detection enabled method based on traffic feature reconstruction and mapping (SFD...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Beijing Xintong Media Co., Ltd
2024-01-01
|
| Series: | Dianxin kexue |
| Subjects: | |
| Online Access: | http://www.telecomsci.com/zh/article/doi/10.11959/j.issn.1000-0801.2024012/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841530885089787904 |
|---|---|
| author | Lixia XIE Bingdi YUAN Hongyu YANG Ze HU Xiang CHENG Liang ZHANG |
| author_facet | Lixia XIE Bingdi YUAN Hongyu YANG Ze HU Xiang CHENG Liang ZHANG |
| author_sort | Lixia XIE |
| collection | DOAJ |
| description | To address the slow response time of existing detection modules to Internet of things (IoT) distributed denial of service (DDoS) attacks, their low feature differentiation, and poor detection performance, a single flow detection enabled method based on traffic feature reconstruction and mapping (SFDTFRM) was proposed.Firstly, SFDTFRM employed a queue to store previously arrived flow based on the first in, first out rule.Secondly, to address the issue of similarity between normal communication traffic of IoT devices and DDoS attack traffic, a multidimensional reconstruction neural network model more lightweight compared to the baseline model and a function mapping method were proposed.The modified model loss function was utilized to reconstruct the quantitative feature matrix of the queue according to the corresponding index, and transformed into a mapping feature matrix through the function mapping method, enhancing the differences between different types of traffic, including normal communication traffic of IoT devices and DDoS attack traffic.Finally, the frequency information was extracted using a text convolutional network and information entropy calculation and the machine learning classifier was employed for DDoS attack traffic detection.The experimental results on two benchmark datasets show that SFDTFRM can effectively detect different DDoS attacks, and the average metrics value of SFDTFRM is a maximum of 12.01% higher than other existing methods. |
| format | Article |
| id | doaj-art-0c729b7a35bb44f79d2e91c40803a48e |
| institution | Kabale University |
| issn | 1000-0801 |
| language | zho |
| publishDate | 2024-01-01 |
| publisher | Beijing Xintong Media Co., Ltd |
| record_format | Article |
| series | Dianxin kexue |
| spelling | doaj-art-0c729b7a35bb44f79d2e91c40803a48e2025-01-15T02:57:32ZzhoBeijing Xintong Media Co., LtdDianxin kexue1000-08012024-01-01409210559557178A single flow detection enabled method for DDoS attacks in IoT based on traffic feature reconstruction and mappingLixia XIEBingdi YUANHongyu YANGZe HUXiang CHENGLiang ZHANGTo address the slow response time of existing detection modules to Internet of things (IoT) distributed denial of service (DDoS) attacks, their low feature differentiation, and poor detection performance, a single flow detection enabled method based on traffic feature reconstruction and mapping (SFDTFRM) was proposed.Firstly, SFDTFRM employed a queue to store previously arrived flow based on the first in, first out rule.Secondly, to address the issue of similarity between normal communication traffic of IoT devices and DDoS attack traffic, a multidimensional reconstruction neural network model more lightweight compared to the baseline model and a function mapping method were proposed.The modified model loss function was utilized to reconstruct the quantitative feature matrix of the queue according to the corresponding index, and transformed into a mapping feature matrix through the function mapping method, enhancing the differences between different types of traffic, including normal communication traffic of IoT devices and DDoS attack traffic.Finally, the frequency information was extracted using a text convolutional network and information entropy calculation and the machine learning classifier was employed for DDoS attack traffic detection.The experimental results on two benchmark datasets show that SFDTFRM can effectively detect different DDoS attacks, and the average metrics value of SFDTFRM is a maximum of 12.01% higher than other existing methods.http://www.telecomsci.com/zh/article/doi/10.11959/j.issn.1000-0801.2024012/DDoS attacks detectionmultidimensional reconstructionfunction mappingmachine learning |
| spellingShingle | Lixia XIE Bingdi YUAN Hongyu YANG Ze HU Xiang CHENG Liang ZHANG A single flow detection enabled method for DDoS attacks in IoT based on traffic feature reconstruction and mapping Dianxin kexue DDoS attacks detection multidimensional reconstruction function mapping machine learning |
| title | A single flow detection enabled method for DDoS attacks in IoT based on traffic feature reconstruction and mapping |
| title_full | A single flow detection enabled method for DDoS attacks in IoT based on traffic feature reconstruction and mapping |
| title_fullStr | A single flow detection enabled method for DDoS attacks in IoT based on traffic feature reconstruction and mapping |
| title_full_unstemmed | A single flow detection enabled method for DDoS attacks in IoT based on traffic feature reconstruction and mapping |
| title_short | A single flow detection enabled method for DDoS attacks in IoT based on traffic feature reconstruction and mapping |
| title_sort | single flow detection enabled method for ddos attacks in iot based on traffic feature reconstruction and mapping |
| topic | DDoS attacks detection multidimensional reconstruction function mapping machine learning |
| url | http://www.telecomsci.com/zh/article/doi/10.11959/j.issn.1000-0801.2024012/ |
| work_keys_str_mv | AT lixiaxie asingleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping AT bingdiyuan asingleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping AT hongyuyang asingleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping AT zehu asingleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping AT xiangcheng asingleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping AT liangzhang asingleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping AT lixiaxie singleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping AT bingdiyuan singleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping AT hongyuyang singleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping AT zehu singleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping AT xiangcheng singleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping AT liangzhang singleflowdetectionenabledmethodforddosattacksiniotbasedontrafficfeaturereconstructionandmapping |