FlowGuard: An Intelligent Edge Defense Mechanism Against IoT DDoS Attacks

Jia, Yizhen; Zhong, Fangtian; Alrawais, Arwa; Gong, Bei; Cheng, Xiuzhen

doi:10.1109/jiot.2020.2993782

Cited by 219 publications

(110 citation statements)

References 29 publications

Supporting

Mentioning

108

Contrasting

Unclassified

Order By: Relevance

“…CICFlowMeter is a network traffic generator written by Java, and it provides greater flexibility in selecting features to be calculated. CICFlowMeter can extract features of original data, such as quantity, the number of bytes, and packet length [20]. The output of the CICFlowMeter consists of more than 80 network traffic features, such as destination port, protocol, flow duration, the total number of packets in the forward direction, the number of packets per second of traffic flows, and the average size of the packet.…”

Section: A Feature Selectionmentioning

confidence: 99%

See 1 more Smart Citation

Intrusion Detection for Secure Social Internet of Things Based on Collaborative Edge Computing: A Generative Adversarial Network-Based Approach

Nie

Wang

et al. 2022

IEEE Trans. Comput. Soc. Syst.

View full text Add to dashboard Cite

The Social Internet of Things (SIoT) now penetrates our daily lives. As a strategy to alleviate the escalation of resource congestion, collaborative edge computing (CEC) has become a new paradigm for solving the needs of the Internet of Things (IoT). CEC can provide computing, storage, and network connection resources for remote devices. Because the edge network is closer to the connected devices, it involves a large amount of users' privacy. This also makes edge networks face more and more security issues, such as Denial-of-Service (DoS) attacks, unauthorized access, packet sniffing, and man-inthe-middle attacks. To combat these issues and enhance the security of edge networks, we propose a deep learning-based intrusion detection algorithm. Based on the generative adversarial network (GAN), we designed a powerful intrusion detection method. Our intrusion detection method includes three phases. First, we use the feature selection module to process the collaborative edge network traffic. Second, a deep learning architecture based on GAN is designed for intrusion detection aiming at a single attack. Finally, we propose a new intrusion detection model by combining several intrusion detection models that aim at a single attack. Intrusion detection aiming at multiple attacks is realized through the designed GAN-based deep learning architecture. Besides, we provide a comprehensive evaluation to verify the effectiveness of the proposed method. Index Terms-Collaborative edge computing (CEC), generative adversarial network (GAN), intrusion detection, social internet of things (SIoT).

show abstract

Section: A Feature Selectionmentioning

confidence: 99%

“…In our simulation, we use CSE-CIC-IDS2018 and CIC-DDoS2019 [20], [38] to evaluate our method. CICFlowMeter is utilized to preprocess the CSE-CIC-IDS2018 data set and CIC-DDoS2019 data set, which consists of 83 features.…”

Section: A Data Setmentioning

confidence: 99%

Intrusion Detection for Secure Social Internet of Things Based on Collaborative Edge Computing: A Generative Adversarial Network-Based Approach

Nie

Wang

et al. 2022

IEEE Trans. Comput. Soc. Syst.

View full text Add to dashboard Cite

show abstract

“…The work in [16] combined an RNN with autoencoder and achieved a binary classification accuracy of 99%. The work in [17] combined LSTM and CNN models and obtained a detection accuracy above 98.9% on an altered version of the CICDDoS2019 dataset. This solution was not evaluated in a real or simulated network environment, though.…”

Section: ) Comparison With Previous Workmentioning

confidence: 99%

SDN-Based Architecture for Transport and Application Layer DDoS Attack Detection by Using Machine and Deep Learning

2021

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks represent the most common and critical attacks targeting conventional and new generation networks, such as the Internet of Things (IoT), cloud computing, and fifth-generation (5G) communication networks. In recent years, DDoS attacks have become not only massive but also sophisticated. Software-Defined Networking (SDN) technology has demonstrated effectiveness in counter-measuring complex attacks since it provides flexibility on global network monitoring and inline network configuration. Although several works have been proposed to detect DDoS attacks, in most of them the authors did not use up-to-date datasets that contain the newest threats. Furthermore, only a few previous works assessed their solutions using simulated scenarios, easing the migration to production networks. This document presents the implementation of a modular and flexible SDN-based architecture to detect transport and application layer DDoS attacks using multiple Machine Learning (ML) and Deep Learning (DL) models. Exploring diverse ML/DL methods allowed us to resolve which methods perform better under different attack types and conditions. We tested the ML/DL models using two up-to-date security datasets, and they showed accuracy above 99% on classifying unseen traffic (testing set). We also deployed a simulated environment using the network emulator Mininet and the Open Network Operating System (ONOS) SDN controller. In this experimental setup, we demonstrated high detection rates, above 98% for transport DDoS attacks and up to 95% for application-layer DDoS attacks.INDEX TERMS Software Defined Networking, deep learning, machine learning, DDoS attack, transport layer, application layer, slow-rate attacks.

show abstract

“…This type of approach proposes solutions to isolate threats outside of the cloud and edge, which may ignore the security of the edge computing server devices themselves. In [21], [22], machine learning models for denial of service identification and classification were designed for DDoS attacks, however, match identification algorithms applied to edge computing may be limited by their computational resources.…”

Section: Introductionmentioning

confidence: 99%

New Security State Awareness Model for IoT Devices With Edge Intelligence

Lei¹,

Wen²,

Hou³

et al. 2021

IEEE Access

View full text Add to dashboard Cite

Edge computing has become one of the most critical technologies in the Internet of Things (IoT), which is vulnerable to be hacked itself due to its closing to the terminals' wide variety of applications and digital assets. Aiming to find a new paradigm for cybersecurity based on edge computing at the device level, we leverage the storage, communication, and computational capabilities of edge computing devices to acquire and transform the massive amounts of data generated during work into the states. Through the analysis of the states, the security threats of the edge computing device can be identified. Based on the complex network theory, a security state awareness model is established, which can accurately indicate a device's current security state, be aware of the attack behavior, and perform protection methods.

show abstract

FlowGuard: An Intelligent Edge Defense Mechanism Against IoT DDoS Attacks

Cited by 219 publications

References 29 publications

Intrusion Detection for Secure Social Internet of Things Based on Collaborative Edge Computing: A Generative Adversarial Network-Based Approach

Intrusion Detection for Secure Social Internet of Things Based on Collaborative Edge Computing: A Generative Adversarial Network-Based Approach

SDN-Based Architecture for Transport and Application Layer DDoS Attack Detection by Using Machine and Deep Learning

New Security State Awareness Model for IoT Devices With Edge Intelligence

Contact Info

Product

Resources

About