Adaptive systems for DDoS attacks detection and mitigation in IoT networks

Abstract

The rapid growth of IoT devices has revolutionized industries while exposing IoT networks to cybersecurity threats, particularly DDoS attacks, which compromise network stability. Traditional detection methods struggle to address the constraints of resource-limited environments, scalability, and the need for lightweight, optimized, and reliable systems. This thesis addresses these challenges through five objectives aimed at adaptive DDoS detection and mitigation systems for IoT networks, balancing accuracy, resource efficiency, and adaptability. The first objective focuses on developing a Flow and Unified Information-based DDoS detection system (FLUID) for small-scale IoT networks, enabling DDoS detection with minimal computational overhead. The FLUID system uses flow metrics and unified information measures, to detects both high and low-volume attacks while optimizing resource use. The second objective introduces a system with novel hybrid feature selection to enhance detection accuracy in medium-scale IoT networks. By combining Genetic Algorithm and t-test for DDoS Attack Detection (GADAD), this system improves feature selection efficiency and supporting binary and multiclass classification. For large-scale networks, the third objective is the design of a Deep Ensemble Learning with Pruning (DEEPShield) system that integrates CNN and LSTM architectures, optimized through post-training pruning and a novel preprocessing method. This system achieves high detection accuracy with low resource demand, suitable for resource-constrained IoT environments. The fourth objective focuses on optimizing deep learning-based detection systems to enhance resource efficiency and explainability using the OMEGA, ADEPT, and SHIELD systems. The Optimized Ensemble Learning with Pruning (OMEGA) and Interactive and Explainable Optimized Learning (ADEPT) systems apply techniques like genetic algorithms and differential evolution for resource efficiency. The SHAP-Based Explanation and Lightweight DDoS Attack Detection (SHIELD) system uses SHapley Additive exPlanations (SHAP) for interpretability of individual predictions. The final objective addresses adaptive mitigation through a Game-Theoretic DDoS Defense Strategy Model (GT-DDSM) that dynamically adjusts defense strategies based on attack intensity. These systems are evaluated on metrics such as accuracy, precision, recall, F1-score, and scalability, while optimization efficiency is assessed by preprocessing time, inference speed, memory usage, and model size. Explainability is assessed through SHAP and priority assessment values, while mitigation effectiveness is measured by gradients, cumulative payoff, mitigation time, resource utilization, and network QoS parameters.