An LDDoS Attack Detection Method Based on Behavioral Characteristics and Stacking Mechanism

Abstract

Read online

Today, the development of the Internet of Things has grown, and the number of related IoT devices has reached the order of tens of billions. Most IoT devices are vulnerable to attacks, especially DdoS (Distributed Denial of Service attack) attacks. DDoS attacks can easily cause damage to IoT devices, and LDDoS is an attack launched against hardware resources through a small string of very slow traffic. Compared with traditional large-scale DDoS, their attacks require less bandwidth and generate traffic similar to that of normal users, making them difficult to distinguish when identifying them. This article uses the CICIoT2023 dataset combined with behavioral features and stacking mechanisms to extract information from the attack behavior of low-rate attacks as features and uses the stacking mechanism to improve the recognition effect. A method of behavioral characteristics and stacking mechanism is proposed to detect DDoS attacks. This method can accurately detect LDDoS. Experimental results show that the recognition rate of low-rate attacks of this scheme reaches 0.99, and other indicators such as accuracy, recall, and F1 score are all better than other LDDoS detection methods. Thus, the method model proposed in this paper can effectively detect LDDoS attacks. At present, DDoS attacks are relatively mature, and there are many related results, but there is less research on LDDoS detection alone. This paper focuses on the investigation and analysis of LDDoS attacks in DDoS attacks and deduces feasible LDDoS detection methods.

Keywords

• low-rate distributed denial of service attack
• CICIoT-2023
• feature selection
• stacking mechanism
• machine learning
• IoT