Ping flood attack pattern recognition using a K-Means algorithm in an Internet of Things (IoT) network
Security is the main challenge in Internet of Things (IoT) systems. The devices on the IoT networks are very heterogeneous, many of them have limited resources, and they are connected globally, which makes the IoT much more challenging to secure than other types of networks. Denial of service (DoS)...
Saved in:
Main Authors: | , , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Institute of Electrical and Electronics Engineers Inc.
2021
|
Subjects: | |
Online Access: | http://eprints.utm.my/id/eprint/97382/1/MohdYazidIdris2021_PingFloodAttackPatternRecognition.pdf http://eprints.utm.my/id/eprint/97382/ http://dx.doi.org/10.1109/ACCESS.2021.3105517 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Universiti Teknologi Malaysia |
Language: | English |
id |
my.utm.97382 |
---|---|
record_format |
eprints |
spelling |
my.utm.973822022-10-10T04:22:53Z http://eprints.utm.my/id/eprint/97382/ Ping flood attack pattern recognition using a K-Means algorithm in an Internet of Things (IoT) network Stiawan, Deris Meilinda Eka Suryani, Meilinda Eka Suryani Susanto, Susanto Idris, Mohd. Yazid Aldalaien, Muawya N. Alsharif, Nizar Budiarto, Rahmat QA75 Electronic computers. Computer science Security is the main challenge in Internet of Things (IoT) systems. The devices on the IoT networks are very heterogeneous, many of them have limited resources, and they are connected globally, which makes the IoT much more challenging to secure than other types of networks. Denial of service (DoS) is the most popular method used to attack IoT networks, either by flooding services or crashing services. Intrusion detection system (IDS) is one of countermeasures for DoS attack. Unfortunately, the existing IDSs are still suffering from detection accuracy problem due to difficulty of recognizing features of the DoS attacks. Thus, we need to determine specific features that representing well the traffic attacks, so the IDS will be able to distinguish normal traffic from the attacks. In this work, we investigate ping flood attack pattern recognition on IoT networks. Experiments were conducted using wireless communication with three different scenarios: normal traffic, attack traffic, and combined normal-attack traffic. Each scenario created an associated dataset. The datasets were then grouped into two clusters: normal and attack. The K-Means algorithm was used to produce the clustering results. The average number of packets in the attack cluster was 95 931 packets, and the average in the normal cluster was 4,068 packets. The accuracy level of the clustering results was calculated using a confusion matrix. The accuracy of the clustering using the implemented K-Means algorithm was 99.94%. The rates from the confusion matrix were true negative (98.62%), true positive (100.00%), false negative (0.00%), and false positive (1.38%). Institute of Electrical and Electronics Engineers Inc. 2021 Article PeerReviewed application/pdf en http://eprints.utm.my/id/eprint/97382/1/MohdYazidIdris2021_PingFloodAttackPatternRecognition.pdf Stiawan, Deris and Meilinda Eka Suryani, Meilinda Eka Suryani and Susanto, Susanto and Idris, Mohd. Yazid and Aldalaien, Muawya N. and Alsharif, Nizar and Budiarto, Rahmat (2021) Ping flood attack pattern recognition using a K-Means algorithm in an Internet of Things (IoT) network. IEEE Access, 9 (NA). pp. 116475-116484. ISSN 2169-3536 http://dx.doi.org/10.1109/ACCESS.2021.3105517 DOI : 10.1109/ACCESS.2021.3105517 |
institution |
Universiti Teknologi Malaysia |
building |
UTM Library |
collection |
Institutional Repository |
continent |
Asia |
country |
Malaysia |
content_provider |
Universiti Teknologi Malaysia |
content_source |
UTM Institutional Repository |
url_provider |
http://eprints.utm.my/ |
language |
English |
topic |
QA75 Electronic computers. Computer science |
spellingShingle |
QA75 Electronic computers. Computer science Stiawan, Deris Meilinda Eka Suryani, Meilinda Eka Suryani Susanto, Susanto Idris, Mohd. Yazid Aldalaien, Muawya N. Alsharif, Nizar Budiarto, Rahmat Ping flood attack pattern recognition using a K-Means algorithm in an Internet of Things (IoT) network |
description |
Security is the main challenge in Internet of Things (IoT) systems. The devices on the IoT networks are very heterogeneous, many of them have limited resources, and they are connected globally, which makes the IoT much more challenging to secure than other types of networks. Denial of service (DoS) is the most popular method used to attack IoT networks, either by flooding services or crashing services. Intrusion detection system (IDS) is one of countermeasures for DoS attack. Unfortunately, the existing IDSs are still suffering from detection accuracy problem due to difficulty of recognizing features of the DoS attacks. Thus, we need to determine specific features that representing well the traffic attacks, so the IDS will be able to distinguish normal traffic from the attacks. In this work, we investigate ping flood attack pattern recognition on IoT networks. Experiments were conducted using wireless communication with three different scenarios: normal traffic, attack traffic, and combined normal-attack traffic. Each scenario created an associated dataset. The datasets were then grouped into two clusters: normal and attack. The K-Means algorithm was used to produce the clustering results. The average number of packets in the attack cluster was 95 931 packets, and the average in the normal cluster was 4,068 packets. The accuracy level of the clustering results was calculated using a confusion matrix. The accuracy of the clustering using the implemented K-Means algorithm was 99.94%. The rates from the confusion matrix were true negative (98.62%), true positive (100.00%), false negative (0.00%), and false positive (1.38%). |
format |
Article |
author |
Stiawan, Deris Meilinda Eka Suryani, Meilinda Eka Suryani Susanto, Susanto Idris, Mohd. Yazid Aldalaien, Muawya N. Alsharif, Nizar Budiarto, Rahmat |
author_facet |
Stiawan, Deris Meilinda Eka Suryani, Meilinda Eka Suryani Susanto, Susanto Idris, Mohd. Yazid Aldalaien, Muawya N. Alsharif, Nizar Budiarto, Rahmat |
author_sort |
Stiawan, Deris |
title |
Ping flood attack pattern recognition using a K-Means algorithm in an Internet of Things (IoT) network |
title_short |
Ping flood attack pattern recognition using a K-Means algorithm in an Internet of Things (IoT) network |
title_full |
Ping flood attack pattern recognition using a K-Means algorithm in an Internet of Things (IoT) network |
title_fullStr |
Ping flood attack pattern recognition using a K-Means algorithm in an Internet of Things (IoT) network |
title_full_unstemmed |
Ping flood attack pattern recognition using a K-Means algorithm in an Internet of Things (IoT) network |
title_sort |
ping flood attack pattern recognition using a k-means algorithm in an internet of things (iot) network |
publisher |
Institute of Electrical and Electronics Engineers Inc. |
publishDate |
2021 |
url |
http://eprints.utm.my/id/eprint/97382/1/MohdYazidIdris2021_PingFloodAttackPatternRecognition.pdf http://eprints.utm.my/id/eprint/97382/ http://dx.doi.org/10.1109/ACCESS.2021.3105517 |
_version_ |
1748180451666690048 |