Cross Layer Based DDoS Attack Detection in Internet of Things Using Machine Learning Algorithms

A cross-layer approach is an effective and practical security defense mechanism. To prevent unauthorized access, multiple intruders causing abnormal traffic to the server cause DDoS attacks. The DNS flood denotes DDoS attacks in which an intruder floods specific domain in the DNS server. DNS flood attacks will compromise the website with network traffic that distinguishes heavy traffic. In this approach, it focuses on a cross-layer intrusion detection system that specifically detects DDoS attacks from the transport layer and network layer. To detect DDoS attacks like TCP SYN flood, UDP flooding attack and ICMP flood at the corresponding layers of the IoT are analyzed using a machine learning-based algorithm. In the transport layer, TCP SYN floods with synchronization flooding and UDP floods where the attacker overwhelms the random ports on hosts with IP packets in the network layer, it focuses on ICMP flooding, where the attacker overwhelms those targeted devices with ICMP echo requests (also called ping requests). We also used many machine learning algorithms such as Decision tree, KNN, MLP and Logistic Regression to detect abnormal activities such as DDOS features. In the experimental results, we found that the KNN and decision tree achieved high accuracy to detect attacks.