Özet:

The recent growth in Internet of Things (IoT) deployment has increased the rapidness of integration and extended the reach of the internet from computers, tablets, and phones to countless devices in our physical world. This growth makes our life more convenient and industries more efficient. However, at the same time, it brought numerous challenges in terms of security and expanded the area of cyber-attacks, especially the DoS and DDoS attacks. Moreover, since many IoT devices run custom or outdated operating systems, and most do not have enough resources to run typical intrusion detection systems, it was necessary to search for alternative solutions. Therefore, many researchers have joined the race to develop new lightweight intrusion detection methods. In this study, we have investigated the detection of different DoS attacks on the IoT network using machine learning techniques. The studied attacks are TCP Syn-Flood Attack, UDP Flood Attack, HTTP Slowloris GET Attack, Apache Range Header DoS, and Port Scan attack. We have proposed a new dataset, namely HEIoT21, which was generated in a real smart home environment using a collective of IoT devices and non-IoT devices connected to a wireless network. The proposed dataset included normal and anomaly data, and using the CiCflowmeter application, we extracted 82 network features from the proposed dataset. The dataset was labeled and categorized into binary-class and multi-class. Our dataset underwent multiple feature selection methods to keep only enough features to produce a good detection accuracy; for that, we have used Anova F-value Feature Selection, Random Forest importance feature selection, and Sequential Forward Feature Selection. The feature selection techniques produced three new sub-datasets, which were evaluated using multiple machine learning algorithms like Logistic Regression (LR), J48 Decision Tree (DT), Naïve Bayes, and Artificial Neural Network (ANN). A comparison study was conducted on the result obtained from applying the different machine learning algorithms on the derived sub-datasets, which led to the finding that the most suitable feature selection technique for the proposed dataset was Anova F-value and the best-fit machine learning algorithm for the proposed dataset was The Decision Tree which produced an accuracy result of 99.92% for binary classification and 99.94% for multi-class classification. In the end, our study was compared with other studies in the field of IoT intrusion detection, and we found that the result obtained through this study was higher than most others. Therefore, the proposed dataset could be of great use to those who want to work on the analysis and detection of the existing network security threats. Also, this study can be considered a cornerstone for a proper lightweight intrusion detection system, where the datasets can be expanded to include other types of attacks, new detection rules can be added, and an alert mechanism can be integrated to become a complete detection system.

Anahtar Kelimeler: