An efficient approach to detect distributed denial of service attacks for software defined internet of things combining autoencoder and extreme gradient boosting with feature selection and hyperparameter tuning optimization

Abstract

AbstractThe growing popularity of Software Defined Networks (SDN) and the Internet of Things (IoT) has led to the emergence of Software Defined Internet of Things (SDIoT) based on centralized network management by the Control Plane, which can handle the dynamic nature of IoT devices and the high volume of network traffic. However, due to their specific design, SDIoTs are the ideal target for Distributed Denial of Service (DDoS) attacks, becoming one of the most destructive threats. Machine learning (ML) techniques are best suited to solve this problem due to the recent growth and sophistication of DDoS attacks. In this study, we propose an enhanced deep learning approach based on combining AutoEncoder (AE) and Extreme Gradient Boosting (XGBoost). First, we applied the SHapley Additive exPlanations (SHAP) feature selection method to select the appropriate features subset according to their correlation results. Next, the AE is trained on the previous subset to learn a compact representation of the input features. The latent representation generated by the AE is then used as input for the XGBoost model, which is trained to predict the target variable and classify the traffic as usual or attack. In parallel, Grid Search Cross Validation (GSCV) is used to find the optimal hyperparameters for the AE‐XGBoost. The experimental results using two publicly available realistic SDN‐Iot datasets demonstrate that the proposed approach enables precise identification of DDoS attacks in SDIoT networks, achieving a 99.9920% accuracy, an F1 score of 0.999917, and a low false positive rate. Furthermore, the proposed model's performance exceeds that of the models used for comparison.