Development of an Intelligent Classifier Model for Denial of Service Attack Detection

  1. Álvaro Michelena 1
  2. Jose Aveleira-Mata 2
  3. Esteban Jove 1
  4. Héctor Alaiz-Moretón 2
  5. Héctor Quintián 1
  6. José Luis Calvo-Rolle 1
  1. 1 Universidade da Coruña

    Universidade da Coruña

    La Coruña, España


  2. 2 Universidad de León

    Universidad de León

    León, España



ISSN: 1989-1660

Year of publication: 2023

Volume: 8

Issue: 3

Pages: 33-42

Type: Article

DOI: 10.9781/IJIMAI.2023.08.003 DIALNET GOOGLE SCHOLAR lock_openDialnet editor

More publications in: IJIMAI


The prevalence of Internet of Things (IoT) systems deployment is increasing across various domains, from residential to industrial settings. These systems are typically characterized by their modest computationa requirements and use of lightweight communication protocols, such as MQTT. However, the rising adoption of IoT technology has also led to the emergence of novel attacks, increasing the susceptibility of these systems to compromise. Among the different attacks that can affect the main IoT protocols are Denial of Service attacks (DoS). In this scenario, this paper evaluates the performance of six supervised classification techniques (Decision Trees, Multi-layer Perceptron, Random Forest, Support Vector Machine, Fisher Linear Discriminant and Bernoulli and Gaussian Naive Bayes) combined with the Principal Component Analysis (PCA) feature extraction method for detecting DoS attacks in MQTT networks. For this purpose, a real dataset containing all the traffic generated in the network and many attacks executed has been used. The results obtained with several models have achieved performances above 99% AUC.

Bibliographic References

  • [1] T. M. Ghazal, M. K. Hasan, M. T. Alshurideh, H. M. Alzoubi, M. Ahmad, S. S. Akbar, B. Al Kurdi, I. A. Akour, “Iot for smart cities: Machine learning approaches in smart healthcare—a review,” Future Internet, vol. 13, no. 8, 2021, doi: 10.3390/fi13080218.
  • [2] P. K. Malik, R. Sharma, R. Singh, A. Gehlot, S. C. Satapathy, W. S. Alnumay, D. Pelusi, U. Ghosh, J. Nayak, “Industrial internet of things and its applications in industry 4.0: State of the art,” Computer Communications, vol. 166, pp. 125–139, 1 2021, doi: 10.1016/j.comcom.2020.11.016.
  • [3] M. Rothmuller, S. Barker, “Iot the internet of transformation 2020,” Juniper Research, Basingstoke, UK, Whitepaper, 2020.
  • [4] M. Ahmad, T. Younis, M. A. Habib, R. Ashraf, S. H. Ahmed, “A review of current security issues in internet of things,” Recent Trends and Advances in Wireless and IoT-enabled Networks, pp. 11–23, 2019, doi: 10.1007/978- 3-319-99966-2.
  • [5] M. H. Khalid, M. Murtaza, M. Habbal, “Study of security and privacy issues in internet of things,” CITISIA 2020 - IEEE Conference on Innovative Technologies in Intelligent Systems and Industrial Applications, Proceedings, 11 2020, doi: 10.1109/CITISIA50690.2020.9371828.
  • [6] B. Kepçeoğlu, A. Murzaeva, S. Demirci, “Performing energy consuming attacks on iot devices,” in 2019 27th Telecommunications Forum (TELFOR), 2019, pp. 1–4.
  • [7] J. Granjal, E. Monteiro, J. S. Silva, “Security for the internet of things: A survey of existing protocols and open research issues,” IEEE Communications Surveys and Tutorials, vol. 17, pp. 1294–1312, 2015, doi: 10.1109/COMST.2015.2388550.
  • [8] R. Yugha, S. Chithra, “A survey on technologies and security protocols: Reference for future generation iot,” Journal of Network and Computer Applications, vol. 169, p. 102763, 11 2020, doi: 10.1016/j.jnca.2020.102763.
  • [9] Y. Lu, L. D. Xu, “Internet of things (iot) cybersecurity research: A review of current research topics,” IEEE Internet of Things Journal, vol. 6, pp. 2103–2115, 4 2019, doi: 10.1109/JIOT.2018.2869847.
  • [10] J. Tournier, F. Lesueur, F. L. Mouël, L. Guyon, H. Ben-Hassine, “A survey of iot protocols and their security issues through the lens of a generic iot stack,” Internet of Things, vol. 16, p. 100264, 12 2021, doi: 10.1016/J. IOT.2020.100264.
  • [11] E. Džaferović, A. Sokol, A. A. Almisreb, S. M. Norzeli, “Dos and ddos vulnerability of iot: a review,” Sustainable Engineering and Innovation, vol. 1, no. 1, pp. 43–48, 2019.
  • [12] M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, et al., “Understanding the mirai botnet,” in 26th USENIX security symposium (USENIX Security 17), 2017, pp. 1093–1110.
  • [13] M. H. Khalid, M. Murtaza, M. Habbal, “Study of security and privacy issues in internet of things,” in 2020 5th International Conference on Innovative Technologies in Intelligent Systems and Industrial Applications (CITISIA), 2020, pp. 1–5, IEEE.
  • [14] T. A. Idriss, H. A. Idriss, M. A. Bayoumi, “A lightweight puf-based authentication protocol using secret pattern recognition for constrained iot devices,” IEEE Access, vol. 9, pp. 80546–80558, 2021, doi: 10.1109/ ACCESS.2021.3084903.
  • [15] S. Amanlou, M. K. Hasan, K. A. A. Bakar, “Lightweight and secure authentication scheme for iot network based on publish–subscribe fog computing model,” Computer Networks, vol. 199, p. 108465, 11 2021, doi: 10.1016/J.COMNET.2021.108465.
  • [16] X. Zhu, H. Deng, “A security situation awareness approach for iot software chain based on markov game model,” International Journal of Interactive Multimedia and Artificial Intelligence, vol. 7, pp. 59–65, 2022, doi: 10.9781/ijimai.2022.08.002.
  • [17] D. Choudhary, R. Pahuja, “Improvement in quality of service against doppelganger attacks for connected network,” International Journal of Interactive Multimedia and Artificial Intelligence, vol. 7, pp. 51–58, 2022, doi: 10.9781/ijimai.2022.08.003.
  • [18] R. Berjón, M. Mateos, M. E. Beato, A. F. García, “An event mesh for event driven iot applications,” International Journal of Interactive Multimedia and Artificial Intelligence, vol. 7, pp. 54–59, 2022, doi: 10.9781/ ijimai.2022.09.003.
  • [19] H. J. Liao, C. H. R. Lin, Y. C. Lin, K. Y. Tung, “Intrusion detection system: A comprehensive review,” Journal of Network and Computer Applications, vol. 36, pp. 16–24, 1 2013, doi: 10.1016/J.JNCA.2012.09.004.
  • [20] L. Aversano, M. L. Bernardi, M. Cimitile, R. Pecori, “A systematic review on deep learning approaches for iot security,” Computer Science Review, vol. 40, p. 100389, 2021.
  • [21] A. Khraisat, A. Alazab, “A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges,” Cybersecurity, vol. 4, pp. 1–27, dec 2021, doi: 10.1186/s42400-021-00077-7.
  • [22] Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, F. Ahmad, “Network intrusion detection system: A systematic study of machine learning and deep learning approaches,” Transactions on Emerging Telecommunications Technologies, vol. 32, no. 1, p. e4150, 2021.
  • [23] S. Andy, B. Rahardjo, B. Hanindhito, “Attack scenarios and security analysis of mqtt communication protocol in iot system,” in 2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), 2017, pp. 1–6.
  • [24] D. H. Deshmukh, T. Ghorpade, P. Padiya, “Intrusion detection system by improved preprocessing methods and naïve bayes classifier using nsl-kdd 99 dataset,” in 2014 International Conference on Electronics and Communication Systems (ICECS), 2014, pp. 1–7.
  • [25] M. Esmaeili, S. H. Goki, B. H. K. Masjidi, M. Sameh, H. Gharagozlou, A. S. Mohammed, “Ml-ddosnet: Iot intrusion detection based on denial-ofservice attacks using machine learning methods and nsl- kdd,” Wireless Communications and Mobile Computing, vol. 2022, pp. 1–16, 8 2022, doi: 10.1155/2022/8481452.
  • [26] J. Liu, B. Kantarci, C. Adams, “Machine Learning- Driven Intrusion Detection for Contiki-NG-Based IoT Networks Exposed to NSL-KDD Dataset,” in Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning, New York, NY, USA, 2020, ACM.
  • [27] P. Sethi, S. R. Sarangi, “Internet of things: architectures, protocols, and applications,” Journal of Electrical and Computer Engineering, vol. 2017, 2017, doi: 10.1155/2017/9324035.
  • [28] K. Ramamoorthy, S. Karthikeyan, T. Chelladurai, “An investigation on industrial internet of things for mission critical things in industry 4 . 0 2 . literature review,” Seybold Report, vol. 15, pp. 3294–3300, 2020.
  • [29] H. Hindy, E. Bayne, M. Bures, R. Atkinson, C. Tachtatzis, X. Bellekens, “Machine learning based iot intrusion detection system: An mqtt case study (mqtt-iot-ids2020 dataset),” in International Networking Conference, 2020, pp. 73–84, Springer.
  • [30] A. Alsaedi, N. Moustafa, Z. Tari, A. Mahmood, A. N. Anwar, “Ton-iot telemetry dataset: A new generation dataset of iot and iiot for datadriven intrusion detection systems,” IEEE Access, vol. 8, pp. 165130– 165150, 2020, doi: 10.1109/ACCESS.2020.3022862.
  • [31] VMware, “Vmware nsx data center datasheet.” [Online]. Available: https://kb.vmware.
  • [32] J. Deogirikar, A. Vidhate, “Security attacks in iot: A survey,” Proceedings of the International Conference on IoT in Social, Mobile, Analytics and Cloud, I-SMAC 2017, pp. 32–37, 2017, doi: 10.1109/I-SMAC.2017.8058363.
  • [33] “GitHub - moscajs/aedes: Barebone MQTT broker that can run on any stream server, the node way.” [Online]. Available: moscajs/aedes.
  • [34] K. Palsson, “mqtt-malaria @,” 2018. [Online]. Available:
  • [35] J. Aveleira-Mata, H. Alaiz-Moreton, “Functional prototype for intrusion detection system oriented to intelligent iot models,” in International Symposium on Ambient Intelligence, 2019, pp. 179–186, Springer.
  • [36] “MQTT Dataset LE-229-18,” 2019. [Online]. Available: https://joseaveleira. es/dataset.
  • [37] K. Pearson, “Liii. on lines and planes of closest fit to systems of points in space,” The London, Edinburgh, and Dublin philosophical magazine and journal of science, vol. 2, no. 11, pp. 559–572, 1901.
  • [38] H. Abdi, L. J. Williams, “Principal component analysis,” Wiley interdisciplinary reviews: computational statistics, vol. 2, no. 4, pp. 433– 459, 2010.
  • [39] L. Rokach, O. Maimon, “Decision trees,” in Data mining and knowledge discovery handbook, Springer, 2005, pp. 165–192.
  • [40] O. I. Abiodun, A. Jantan, A. E. Omolara, K. V. Dada, N. A. Mohamed, H. Arshad, “State-of-the-art in artificial neural network applications: A survey,” Heliyon, vol. 4, no. 11, p. e00938, 2018.
  • [41] A. Cutler, D. R. Cutler, J. R. Stevens, “Random forests,” in Ensemble machine learning, Springer, 2012, pp. 157– 175.
  • [42] C. Cortes, V. Vapnik, “Support-vector networks,” Machine learning, vol. 20, no. 3, pp. 273–297, 1995.
  • [43] J. Yang, Z. Jin, J.-y. Yang, D. Zhang, A. F. Frangi, “Essence of kernel fisher discriminant: Kpca plus lda,” Pattern Recognition, vol. 37, no. 10, pp. 2097– 2100, 2004.
  • [44] I. Rish, et al., “An empirical study of the naive bayes classifier,” in IJCAI 2001 workshop on empirical methods in artificial intelligence, vol. 3, 2001, pp. 41–46.