Protocol-Based Deep Intrusion Detection for DoS and DDoS Attacks Using UNSW-NB15 and Bot-IoT Data-Sets

Since its inception, the Internet of Things (IoT) has witnessed mushroom growth as a breakthrough technology. In a nutshell, IoT is the integration of devices and data such that processes are automated and centralized to a certain extent. IoT is revolutionizing the way business is done and is transforming society as a whole. As this technology advances further, the need to exploit detection and weakness awareness increases to prevent unauthorized access to critical resources and business functions, thereby rendering the system unavailable. Denial of Service (DoS) and Distributed DoS attacks are all too common. In this paper, we propose a Protocol Based Deep Intrusion Detection (PB-DID) architecture, in which we created a data-set of packets from IoT traffic by comparing features from the UNSWNB15 and Bot-IoT data-sets based on flow and Transmission Control Protocol (TCP). We classify non-anomalous, DoS, and DDoS traffic uniquely by taking care of the problems like imbalanced and over-fitting. We have achieved a classification accuracy of 96.3% by using deep learning (DL) technique.