Ping flood attack pattern recognition using a K-means algorithm in an Internet of Things (IoT) network

Security is the main challenge in Internet of Things (IoT) systems. The devices on the IoT networks are very heterogeneous, many of them have limited resources, and they are connected globally, which makes the IoT much more challenging to secure than other types of networks. Denial of service (DoS)...

Full description

Saved in:
Bibliographic Details
Main Authors: Stiawan, Deris, Meilinda Eka Suryani, Meilinda Eka Suryani, Susanto, Susanto, Idris, Mohd. Yazid, Aldalaien, Muawya N., Alsharif, Nizar, Budiarto, Rahmat
Format: Article
Language:English
Published: Institute of Electrical and Electronics Engineers Inc. 2021
Subjects:
Online Access:http://eprints.utm.my/id/eprint/97434/1/MohdYazidIdris2021_PingFloodAttackPatternRecognitionUsingaKMeans.pdf
http://eprints.utm.my/id/eprint/97434/
http://dx.doi.org/10.1109/ACCESS.2021.3105517
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Teknologi Malaysia
Language: English
Description
Summary:Security is the main challenge in Internet of Things (IoT) systems. The devices on the IoT networks are very heterogeneous, many of them have limited resources, and they are connected globally, which makes the IoT much more challenging to secure than other types of networks. Denial of service (DoS) is the most popular method used to attack IoT networks, either by flooding services or crashing services. Intrusion detection system (IDS) is one of countermeasures for DoS attack. Unfortunately, the existing IDSs are still suffering from detection accuracy problem due to difficulty of recognizing features of the DoS attacks. Thus, we need to determine specific features that representing well the traffic attacks, so the IDS will be able to distinguish normal traffic from the attacks. In this work, we investigate ping flood attack pattern recognition on IoT networks. Experiments were conducted using wireless communication with three different scenarios: normal traffic, attack traffic, and combined normal-attack traffic. Each scenario created an associated dataset. The datasets were then grouped into two clusters: normal and attack. The K-Means algorithm was used to produce the clustering results. The average number of packets in the attack cluster was 95 931 packets, and the average in the normal cluster was 4,068 packets. The accuracy level of the clustering results was calculated using a confusion matrix. The accuracy of the clustering using the implemented K-Means algorithm was 99.94%. The rates from the confusion matrix were true negative (98.62%), true positive (100.00%), false negative (0.00%), and false positive (1.38%).