Abstract
The widespread adoption of Internet of Things (IoT) devices has increased exponentially in recent years. Consequently, the security risks and vulnerabilities related to these unsecured IoT devices are also continuously increasing. Among the significant challenges facing the IoT environment is the threat of Distributed Denial of Service (DDoS) attacks. Several solutions are available in the literature to detect DDoS attacks. However, these detection mechanisms can easily be evaded by attackers using advanced tools and techniques, posing difficulty in detecting such lethal attacks in real time. Therefore, this paper proposes a novel distributed ensemble method for detecting lethal IoT traffic-based DDoS attacks. This method comprises two key stages: first, develo** a distributed ensemble method using the breathtaking capabilities of the H2O.ai distributed machine learning platform and the ensemble learning technique. Secondly, this method was deployed on the Apache Storm stream processing framework, to swiftly analyze incoming network streams and categorize them into eleven distinct classes, including benign traffic and ten types of attacks, in near real time. The proposed method accurately identifies specific target categories within a multi-attack classification scenario by utilizing the expertise of various models. Ultimately, the prediction for a target class is determined based on the model with the highest detection rate. The effectiveness of this method has been examined using different configured scenarios. The experimental results show that our method can identify various attack categories more accurately with 99%+ accuracy and 8.45 s quicker than non-ensemble methods.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs13369-024-09144-w/MediaObjects/13369_2024_9144_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs13369-024-09144-w/MediaObjects/13369_2024_9144_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs13369-024-09144-w/MediaObjects/13369_2024_9144_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs13369-024-09144-w/MediaObjects/13369_2024_9144_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs13369-024-09144-w/MediaObjects/13369_2024_9144_Fig5_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs13369-024-09144-w/MediaObjects/13369_2024_9144_Figa_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs13369-024-09144-w/MediaObjects/13369_2024_9144_Fig6_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs13369-024-09144-w/MediaObjects/13369_2024_9144_Fig7_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs13369-024-09144-w/MediaObjects/13369_2024_9144_Figb_HTML.png)
Similar content being viewed by others
Data Availability
“Dataset is available in a public (Cyber Range Lab of UNSW Canberra, UNSW Sydney, Bot-IoT dataset) repository that issues datasets with DOIs (https://research.unsw.edu.au/projects/bot-iot-dataset)”
References
Manavalan, E.; Jayakrishna, K.: A review of internet of things (iot) embedded sustainable supply chain for industry 4.0 requirements. Comput. Ind. Eng. 127, 925–953 (2019)
Shukla, P.; Krishna, C.R.; Patil, N.V.: Iot traffic-based ddos attacks detection mechanisms: a comprehensive review. J. Supercomput. (2023). https://doi.org/10.1007/s11227-023-05843-7
Vermesan, O.; et al.: Internet of Things Strategic Research and Innovation Agenda, pp. 7–151. River Publishers (2022)
Ahmed, S.; et al.: Towards supply chain visibility using internet of things: a dyadic analysis review. Sensors 21, 4158 (2021)
Mohanta, B.K.; Jena, D.; Satapathy, U.; Patnaik, S.: Survey on iot security: challenges and solution using machine learning, artificial intelligence and blockchain technology. Internet Things 11, 100227 (2020)
Howarth, J.: Number of connected non-iot and iot active devices from 2010 to 2025. https://explodingtopics.com/blog/iot-stats (2023)
Jovanovic, B.: Internet of things statistics for 2023: taking things apart. https://dataprot.net/statistics/iot-statistics/ (2023).
D’Angelo, G.; Castiglione, A.; Palmieri, F.: A cluster-based multidimensional approach for detecting attacks on connected vehicles. IEEE Internet Things J. 8, 12518–12527 (2020)
Mukhopadhyay, S.C.; Suryadevara, N.K.: Inernet of Things: Challenges and Opportunities. Springer (2014)
Patil, N.V.; Rama-Krishna, C.; Kumar, K.: Apache spark based real-time ddos detection system. J. Intell. Fuzzy Syst. 38, 6527–6535 (2020)
Patil, N.V.; Krishna, C.R.; Kumar, K.: Ks-ddos: Kafka streams-based classification approach for ddos attacks. J. Supercomput. 78, 8946 (2022)
Patil, N.V.; Krishna, C.R.; Saluja, K.K.: Ssk-ddos: distributed stream processing framework based classification system for ddos attacks. Cluster Comput. 25, 1355 (2022)
Jemili, F.: Intelligent intrusion detection based on fuzzy big data classification. Cluster Comput. 26, 3719 (2022)
Patil, N.V.; Krishna, C.R.; Kumar, K.: Ss-ddos: Spark-Based ddos Attacks Classification Approach, pp. 81–90. Chapman and Hall/CRC (2022)
Shukla, P.; Krishna, C.R.; Patil, N.V.: Eiot-ddos: embedded classification approach for iot traffic-based ddos attacks. Cluster Comput. 27, 1471 (2023)
Crowdstrike. What is a botnet? https://www.crowdstrike.com/cybersecurity-101/botnets/ (2022)
Vishwakarma, R.; Jain, A.K.: A survey of ddos attacking techniques and defence mechanisms in the iot network. Telecommun. Syst. 73, 3–25 (2020)
Zhang, X.; Upton, O.; Beebe, N.L.; Choo, K.-K.R.: Iot botnet forensics: a comprehensive digital forensic case study on mirai botnet servers. For. Sci. Int. Digit. Investig. 32, 300926 (2020)
Mahdavi Hezavehi, S.; Rahmani, R.: An anomaly-based framework for mitigating effects of ddos attacks using a third party auditor in cloud computing environments. Clust. Comput. 23, 2609–2627 (2020)
Patil, N.V.; Rama Krishna, C.; Kumar, K.: Distributed frameworks for detecting distributed denial of service attacks: a comprehensive review, challenges and future directions. Concurr. Comput. Pract. Exp. 33, e6197 (2021)
StormWall. Q3 2023 in review: Ddos attacks report by stormwall. https://stormwall.network/ddos-report-stormwall-q3-2023 (2023)
Cyberinsiders. Massive surge in ddos attacks reported in first quarter of 2023. https://www.cybersecurity-insiders.com/massive-surge-in-ddos-attacks-reported-in-first-quarter-of-2023/ (2023)
James, N.: 45 global ddos attack statistics 2023. https://www.getastra.com/blog/security-audit/ddos-attack-statistics/ (2023)
Cisco. Cisco visual networking index (vni) global mobile data traffic forecast update, 2017-2022. Cisco Systems Inc., San Jose, CA, USA, 2019 (2020)
StormWall. Q1 2023 in review: Ddos attacks report by stormwall. https://stormwall.network/ddos-report-stormwall-q-1-2023 (2023)
Company, B. R.: Iot security global market report 2023. https://www.thebusinessresearchcompany.com/report/iot-security-global-market-report (2023)
Sharma, R. K.: Ddos attacks and the cyber threatscape. https://www.idsa.in/issuebrief/DDoS-Attacks-and-the-Cyber-Threatscape-RKSharma-010823 (2023)
Makuvaza, A.; Jat, D.S.; Gamundani, A.M.: Deep neural network (dnn) solution for real-time detection of distributed denial of service (ddos) attacks in software defined networks (sdns). SN Comput. Sci. 2, 1–10 (2021)
Ahmad, M.; et al.: Intrusion detection in internet of things using supervised machine learning based on application and transport layer features using unsw-nb15 data-set. EURASIP J. Wirel. Commun. Netw. 2021, 1–23 (2021)
Manjula, H.; Mangla, N.: An approach to on-stream ddos blitz detection using machine learning algorithms. Mater. Today Proc. 80, 3492–3499 (2023)
Soe, Y.N.; Feng, Y.; Santosa, P.I.; Hartanto, R.; Sakurai, K.: Machine learning-based iot-botnet attack detection with sequential architecture. Sensors 20, 4372 (2020)
Gaur, V.; Kumar, R.: Analysis of machine learning classifiers for early detection of ddos attacks on iot devices. Arab. J. Sci. Eng. 47, 1353–1374 (2022)
Gupta, B.; Chaudhary, P.; Chang, X.; Nedjah, N.: Smart defense against distributed denial of service attack in iot networks using supervised learning classifiers. Comput. Electr. Eng. 98, 107726 (2022)
Popoola, S.I.; et al.: smote-drnn: a deep learning algorithm for botnet detection in the internet-of-things networks. Sensors 21, 2985 (2021)
Apostol, I.; Preda, M.; Nila, C.; Bica, I.: Iot botnet anomaly detection using unsupervised deep learning. Electronics 10, 1876 (2021)
Adefemi Alimi, K.O.; Ouahada, K.; Abu-Mahfouz, A.M.; Rimer, S.; Alimi, O.A.: Refined lstm based intrusion detection for denial-of-service attack in internet of things. J. Sens. Actuator Netw. 11, 32 (2022)
Shukla, P.; Krishna, C.R.; Patil, N.V.: A Detection Approach for iot Traffic-based ddos Attacks, pp. 201–214. Springer (2023)
Zhang, H.; Dai, S.; Li, Y.; Zhang, W.: Real-time distributed-random-forest-based network intrusion detection system using apache spark, 1–7. (2018)
Alsirhani, A.; Sampalli, S.; Bodorik, P.: Ddos detection system: using a set of classification algorithms controlled by fuzzy logic system in apache spark. IEEE Trans. Netw. Serv. Manag. 16, 936–949 (2019)
Sharma, A.; Agrawal, C.; Singh, A.; Kumar, K.: Real-Time ddos Detection Based on Entropy Using Hadoop Framework, pp. 297–305. Springer (2020)
Ahmed, A.; Hameed, S.; Rafi, M.; Mirza, Q.K.A.: An intelligent and time-efficient ddos identification framework for real-time enterprise networks: Sad-f: spark based anomaly detection framework. IEEE Access 8, 219483–219502 (2020)
Awan, M.J.; et al.: Real-time ddos attack detection system using big data approach. Sustainability 13, 10743 (2021)
Snehi, M.; Bhandari, A.: A novel distributed stack ensembled meta-learning-based optimized classification framework for real-time prolific iot traffic streams. Arab. J. Sci. Eng. 47, 9907–9930 (2022)
Gumaste, S.; Shinde, S.; et al.: Detection of ddos attacks in openstack-based private cloud using apache spark. J. Telecommun. Inf. Technol. 30, 62 (2020)
Kaur, A.; Krishna, C.R.; Patil, N.V.: K-ddos-sdn: A distributed ddos attacks detection approach for protecting sdn environment. Concurr. Comput. Pract. Exp. 36, e7912 (2024)
Shukla, P.; Krishna, C.R.; Patil, N.V.: Sdda-iot: storm-based distributed detection approach for iot network traffic-based ddos attacks. Cluster Comput. (2024). https://doi.org/10.1007/s10586-024-04297-7
Patil, N.V.; Krishna, C.R.; Kumar, K.; Behal, S.: E-had: A distributed and collaborative detection framework for early detection of ddos attacks. Journal of King Saud University-Computer and Information Sciences in press (2019)
Patil, N.V.; Krishna, C.R.; Kumar, K.: Apache Hadoop Based Distributed Denial of Service Detection Framework, pp. 25–35. Springer (2019)
Kumar, P.; Kumar, R.; Gupta, G.P.; Tripathi, R.: A distributed framework for detecting ddos attacks in smart contract-based blockchain-iot systems by leveraging fog computing. Trans. Emerg. Telecommun. Technol. 32, e4112 (2021)
Kaur, A.; Krishna, C.R.; Patil, N.V.: K-ddos-sdn: a distributed ddos attacks detection approach for protecting sdn environment. Concurr. Comput. Pract. Exp. 36, e7912 (2024)
Bhayo, J.; Hameed, S.; Shah, S.A.: An efficient counter-based ddos attack detection framework leveraging software defined iot (sd-iot). IEEE Access 8, 221612–221631 (2020)
Bhayo, J.; Jafaq, R.; Ahmed, A.; Hameed, S.; Shah, S.A.: A time-efficient approach toward ddos attack detection in iot network using sdn. IEEE Internet Things J. 9, 3612–3630 (2021)
Cherian, M.; Varma, S.L.: Secure sdn-iot framework for ddos attack detection using deep learning and counter based approach. J. Netw. Syst. Manag. 31, 54 (2023)
Patil, N.V.; Krishna, C.R.; Kumar, K.; Behal, S.: E-had: a distributed and collaborative detection framework for early detection of ddos attacks. J. King Saud Univ. Comput, Inf. Sci. 34, 1373–1387 (2022)
Foundation, A. S.: Apache storm. https://storm.apache.org/ (2022)
Rao, T.R.; Mitra, P.; Bhatt, R.; Goswami, A.: The big data system, components, tools, and technologies: a survey. Knowl. Inf. Syst. 60, 1165–1245 (2019)
H2O. H2o.ai distributed machine learning platform. https://docs.h2o.ai/h2o/latest-stable/h2o-docs/data-science.html (2023)
Koroniotis, N.; Moustafa, N.; Sitnikova, E.; Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Futur. Gener. Comput. Syst. 100, 779–796 (2019)
D’Angelo, G.; Palmieri, F.: Network traffic classification using deep convolutional recurrent autoencoder neural networks for spatial-temporal features extraction. J. Netw. Comput. Appl. 173, 102890 (2021)
D’Angelo, G.; Palmieri, F.; Robustelli, A.; Castiglione, A.: Effective classification of android malware families through dynamic features and neural networks. Connect. Sci. 33, 786–801 (2021)
Saravanan, S.; Reddy, S.V.S.: Performance evaluation of classification algorithms in the design of apache spark based intrusion detection system, 443–447 (2020)
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Shukla, P., Krishna, C.R. & Patil, N.V. Distributed Ensemble Method Using Deep Learning to Detect DDoS Attacks in IoT Networks. Arab J Sci Eng (2024). https://doi.org/10.1007/s13369-024-09144-w
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13369-024-09144-w