IEEE Access (Jan 2023)
IoT Network-Based Intrusion Detection Framework: A Solution to Process Ping Floods Originating From Embedded Devices
Abstract
Internet of things (IoT) devices are gaining traction around the globe. These devices are sometimes hijacked and turned into zombies or botnets. One risk posed by hijacked devices is a ping flood attack, also known as an internet control message protocol echo request flood. Current literature lacks a ping flood attack dataset generated from an IoT device. This paper contributes by developing an IoT network intrusion detection framework for ping flood attacks. This framework deploys an IoT testbed using embedded devices to emulate two datasets, normal ping traffic and malicious ping flood attack traffic. Features are extracted from the captured traffic using the Zeek tool. Attacks are detected using three machine learning algorithms: logistic regression, K-nearest neighbor, and support vector machine. These models are compared using evaluations such as the confusion matrix, accuracy, precision, recall, F1-score, and misclassification (error rate). The models are validated using split validation and cross-fold validation. The time consumed in training and testing the models across various data levels is also analyzed, along with the time required for feature extraction. The discrepancies between capturing tools are discussed. The use of criteria based on the time difference between requests to detect malicious traffic is considered, as is the impact of machine learning models on memory usage. Our work is compared with similar research. The testbed concluded that the K-nearest neighbor algorithm achieved 99.67% detection accuracy, with an error rate of 0.33% and an F1-score of 99.67%, which is the best amongst the three algorithms.
Keywords
