loading page

An Unsupervised Approach for the Detection of Zero-Day DDoS Attacks in IoT Networks
  • +3
  • Monika Roopak,
  • Simon Parkinson,
  • Gui Yun Tian,
  • Yachao Ran,
  • Saad Khan,
  • Balasubramaniyan Chandrasekaran
Monika Roopak
University of Huddersfield

Corresponding Author:[email protected]

Author Profile
Simon Parkinson
University of Huddersfield
Gui Yun Tian
Newcastle University
Yachao Ran
Newcastle University
Saad Khan
University of Huddersfield
Balasubramaniyan Chandrasekaran
Florida Polytechnic University


In this article, an unsupervised IDS (Intrusion Detection System) is presented for the detection of zero-day DDoS (Distributed Denial of Service) attacks for IoT (Internet of Things) networks that can detect anomalies without the need for prior knowledge or training in attack information. Attackers exploit existing undiscovered vulnerabilities in the system to launch zero-day attacks. There exist many traditional deep learning and machine learning based attack detection systems that cannot deal with and detect new zero-day attacks and mostly misclassify those attacks. Zero-day attacks are often new unknown threats that have not been encountered before, in addition, labelling of data is a time-consuming task for security experts, So there exists a need for unsupervised methods that can detect unseen cyber-attacks on the zero-day. DDoS attacks have recently adversely affected many organisations in terms of finance and services, as these attacks have become more sophisticated and damaging. The growth of IoT networks has facilitated the launch of more DDoS attacks. In this work, an unsupervised approach-based algorithm is proposed for the detection of zero-day DDoS attacks in IoT networks by exploiting random projection for the feature selection process to reduce the dimensionality of the network data and ensemble model consisting of K-means, GMM and one-class SVM for the unsupervised classification of the data as attack and normal using the hard voting technique. The CIC-DDoS2019 datasets are used for an extensive evaluation of the proposed method. The proposed method has obtained an accuracy of 94.55%, which is better than the other state-of-the-art unsupervised learning-based methods.