An Unsupervised Approach for the Detection of Zero-Day DDoS Attacks in IoT Networks
AbstractIn this article, an unsupervised IDS (Intrusion Detection System) is presented for the detection of zero-day DDoS (Distributed Denial of Service) attacks for IoT (Internet of Things) networks that can detect anomalies without the need for prior knowledge or training in attack information. Attackers exploit existing undiscovered vulnerabilities in the system to launch zero-day attacks. There exist many traditional deep learning and machine learning based attack detection systems that cannot deal with and detect new zero-day attacks and mostly misclassify those attacks. Zero-day attacks are often new unknown threats that have not been encountered before, in addition, labelling of data is a time-consuming task for security experts, So there exists a need for unsupervised methods that can detect unseen cyber-attacks on the zero-day. DDoS attacks have recently adversely affected many organisations in terms of finance and services, as these attacks have become more sophisticated and damaging. The growth of IoT networks has facilitated the launch of more DDoS attacks. In this work, an unsupervised approach-based algorithm is proposed for the detection of zero-day DDoS attacks in IoT networks by exploiting random projection for the feature selection process to reduce the dimensionality of the network data and ensemble model consisting of K-means, GMM and one-class SVM for the unsupervised classification of the data as attack and normal using the hard voting technique. The CIC-DDoS2019 datasets are used for an extensive evaluation of the proposed method. The proposed method has obtained an accuracy of 94.55%, which is better than the other state-of-the-art unsupervised learning-based methods.