Machine Learning based Hybrid Intrusion Detection System for detecting Cross-layer DoS attacks in IoT

Abstract

Abstract The Internet of Things (IoT) is critically prone to Denial of Service attacks at multiple layers. Intrusion Detection Systems (IDS), if designed carefully, can be able to detect these attacks effectively. In the proposed study, we develop a Hybrid IDS to detect Cross-Layer DoS attacks in IoT. The proposed system considerably reduces the false positive rate more than a single IDS. The IDS is designed by ensembling multiple machine learning techniques to avoid overfitting or underfitting. The Hybrid IDS works in two stages, with the first stage for detecting an occurrence of attack(Anomaly detection) followed by a second stage to classify the attack types(Signature of the episodes). The output of the first stage is Correctly Detected Samples (CDS) which are again tested by the second stage to get Correctly Classified Samples(CCS). Another unique aspect of the proposed study is generating the dataset for different attacks. Rather than using the existing dataset, we have developed a trace file in NetSim Simulator by designing an attack environment. At the same time, during the feature selection process, a novel and efficient technique is applied to select the best feature set along with the critical feature (CF). Simulation results show an accuracy of detecting CDS of up to 95% and CCS is up to 96% with a weighted average F1 score of up to 96%. The testing time of the proposed model is also considerably lower than individual models, which makes the system efficient and lightweight.