Machine Learning Enabled Novel Real-Time IoT Targeted DoS/DDoS Cyber Attack Detection System.

The increasing prevalence of Internet of Things (IoT) devices has introduced a new phase of connectivity in recent years and, concurrently, has opened the floodgates for growing cyber threats. Among the myriad of potential attacks, Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks remain a dominant concern due to their capability to render services inoperable by overwhelming systems with an influx of traffic. As IoT devices often lack the inherent security measures found in more mature computing platforms, the need for robust DoS/DDoS detection systems tailored to IoT is paramount for the sustainable development of every domain that IoT serves. In this study, we investigate the effectiveness of three machine learning (ML) algorithms: extreme gradient boosting (XGB), multilayer perceptron (MLP) and random forest (RF), for the detection of IoT-targeted DoS/DDoS attacks and three feature engineering methods that have not been used in the existing state-of-the-art, and then employed the best performing algorithm to design a prototype of a novel real-time system towards detection of such DoS/DDoS attacks. The CICIoT2023 dataset was derived from the latest real-world IoT traffic, incorporates both benign and malicious network traffic patterns and after data preprocessing and feature engineering, the data was fed into our models for both training and validation, where findings suggest that while all three models exhibit commendable accuracy in detecting DoS/DDoS attacks, the use of particle swarm optimization (PSO) for feature selection has made great improvements in the performance (accuracy, precsion recall and F1-score of 99.93% for XGB) of the ML models and their execution time (491.023 sceonds for XGB) compared to recursive feature elimination (RFE) and random forest feature importance (RFI) methods. The proposed real-time system for DoS/DDoS attack detection entails the implementation of an platform capable of effectively processing and analyzing network traffic in real-time. This involves employing the best-performing ML algorithm for detection and the integration of warning mechanisms. We believe this approach will significantly enhance the field of security research and continue to refine it based on future insights and developments. [ABSTRACT FROM AUTHOR]