Adaptive Machine Learning Based Distributed Denial-of-Services Attacks Detection and Mitigation System for SDN-Enabled IoT

Integrated machine learning methods with oversampling technique for regional suitability prediction of waste-to-energy incineration projects

China's tiered strategy to enhance county-level waste incineration for energy aligns with the sustainable development goals (SDGs), emphasizing the need for comprehensive assessments of waste-to-energy (WtE) plant suitability. Traditional assessment methodologies face challenges, particularly in suggesting innovative site alternatives, adapting to new data sets, and their dependence on strict assumptions. This study introduced enhancements in three pivotal dimensions. Methodologically, it leverages data-driven machine learning (ML) approaches to capture the complex relationships essential for site selection, reducing dependency on strict assumptions. In terms of predictive performance, the integration of oversampling with stacked ensemble models enhances the diversity and generalizability of ML models. The area under curve (AUC) scores from four ML models, enhanced by the oversampled dataset, demonstrated significant improvements compared to the original dataset. The stacking model excelled, achieving a score of 92%. It also led in overall Precision and Recall, reaching 85.2% and 85.08% respectively. Nevertheless, a noticeable discrepancy existed in Precision and Recall for positive classes. The stacking model topped Precision scores at 83.1%, followed by eXtreme Gradient Boosting (XGBoost) (82.61%). In terms of Recall, XGBoost recorded the lowest at 85.07%, while the other three classifiers all marked 88.06%. From an industry applicability standpoint, the stacking model provides innovative location alternatives and demonstrates adaptability in Hunan province, offering a reusable tool for WtE location. In conclusion, this study not only enhances the methodological aspects of WtE site selection but also provides practical and adaptable solutions, contributing positively to sustainable waste management practices.

A novel IoT intrusion detection framework using Decisive Red Fox optimization and descriptive back propagated radial basis function models

The Internet of Things (IoT) is extensively used in modern-day life, such as in smart homes, intelligent transportation, etc. However, the present security measures cannot fully protect the IoT due to its vulnerability to malicious assaults. Intrusion detection can protect IoT devices from the most harmful attacks as a security tool. Nevertheless, the time and detection efficiencies of conventional intrusion detection methods need to be more accurate. The main contribution of this paper is to develop a simple as well as intelligent security framework for protecting IoT from cyber-attacks. For this purpose, a combination of Decisive Red Fox (DRF) Optimization and Descriptive Back Propagated Radial Basis Function (DBRF) classification are developed in the proposed work. The novelty of this work is, a recently developed DRF optimization methodology incorporated with the machine learning algorithm is utilized for maximizing the security level of IoT systems. First, the data preprocessing and normalization operations are performed to generate the balanced IoT dataset for improving the detection accuracy of classification. Then, the DRF optimization algorithm is applied to optimally tune the features required for accurate intrusion detection and classification. It also supports increasing the training speed and reducing the error rate of the classifier. Moreover, the DBRF classification model is deployed to categorize the normal and attacking data flows using optimized features. Here, the proposed DRF-DBRF security model's performance is validated and tested using five different and popular IoT benchmarking datasets. Finally, the results are compared with the previous anomaly detection approaches by using various evaluation parameters.

Novel deep learning approach for DDoS attack using elephant heard optimization algorithm along with a fuzzy classifier for rules learning

The research aims to provide network security so that it can be protected from several attacks, especially DoS (Denial-of-Service) or DDoS (Distributed Denial-of-Service) attacks that could at some point render the server inoperable. Security is one of the main obstacles. There are a lot of network risks and attacks available today. One of the most common and disruptive attacks is a DDoS attack. In this study, upgraded deep learning Elephant Herd Optimization with random forest classifier is employed for early DDos attack detection. The DDoS dataset’s number of characteristics is decreased by the proposed IDN-EHO method for classifying data learning that works with a lot of data. In the feature extraction stage, deep neural networks (DNN) approach is used, and the classified data packages are compared to return the DDoS attack traffic characteristics with a significant percentage. In the classification stage, the proposed deep learning Elephant Herd Optimization with random forest classifier used to classify the data learning which deal with a huge amount of data and minimise the number of features of the DDoS dataset. During the detection step, when the extracted features are used as input features, the attack detection model is trained using the improved deep learning Elephant Herd Optimization. The proposed framework has the potential to be a promising method for identifying unidentified DDoS attacks, according to experiments. 99% recall, precision, and accuracy can be attained using the suggested strategy, according on the findings of the experiments.

Modelling, mapping and monitoring of forest cover changes, using support vector machine, kernel logistic regression and naive bayes tree models with optical remote sensing data

The present study is designed to monitor the spatio-temporal changes in forest cover using Remote Sensing (RS) and Geographic Information system (GIS) techniques from 1990 to 2017. Landsat data from 1990 (Thematic mapper [TM]), 2000 and 2010 (Enhanced Thematic Mapper [ETM+]), and 2013 to 2017 (Operational Land Imager/Thermal Infrared Sensor [OLI/TIRS]) were classified into the classes termed snow, water, barren land, built-up area, forest, and vegetation. The method was built using multitemporal Landsat images and the machine learning techniques Support Vector Machine (SVM), Naive Bayes Tree (NBT) and Kernel Logistic Regression (KLR). According to the results, forest area was decreased from 19,360 km² (26.0%) to 18,784 km² (25.2%) from 1990 to 2010, while forest area was increased from 18,640 km² (25.0%) to 26,765 km² (35.9%) area from 2013 to 2017 due to "One billion tree Project". According to our findings, SVM performed better than KLR and NBT on all three accuracy metrics (recall, precision, and accuracy) and the F1 score was >0.89. The study demonstrated that concurrent reforestation in barren land areas improved methods of sustaining the forest and RS and GIS into everyday forestry organization practices in Khyber Pakhtun Khwa (KPK), Pakistan. The study results were beneficial, especially at the decision-making level for the local or provincial government of KPK and for understanding the global scenario for regional planning.

Review of Botnet Attack Detection in SDN-Enabled IoT Using Machine Learning

The orchestration of software-defined networks (SDN) and the internet of things (IoT) has revolutionized the computing fields. These include the broad spectrum of connectivity to sensors and electronic appliances beyond standard computing devices. However, these networks are still vulnerable to botnet attacks such as distributed denial of service, network probing, backdoors, information stealing, and phishing attacks. These attacks can disrupt and sometimes cause irreversible damage to several sectors of the economy. As a result, several machine learning-based solutions have been proposed to improve the real-time detection of botnet attacks in SDN-enabled IoT networks. The aim of this review is to investigate research studies that applied machine learning techniques for deterring botnet attacks in SDN-enabled IoT networks. Initially the first major botnet attacks in SDN-IoT networks have been thoroughly discussed. Secondly a commonly used machine learning techniques for detecting and mitigating botnet attacks in SDN-IoT networks are discussed. Finally, the performance of these machine learning techniques in detecting and mitigating botnet attacks is presented in terms of commonly used machine learning models' performance metrics. Both classical machine learning (ML) and deep learning (DL) techniques have comparable performance in botnet attack detection. However, the classical ML techniques require extensive feature engineering to achieve optimal features for efficient botnet attack detection. Besides, they fall short of detecting unforeseen botnet attacks. Furthermore, timely detection, real-time monitoring, and adaptability to new types of attacks are still challenging tasks in classical ML techniques. These are mainly because classical machine learning techniques use signatures of the already known malware both in training and after deployment.

A novel hybrid optimization enabled robust CNN algorithm for an IoT network intrusion detection approach

Due to the huge number of connected Internet of Things (IoT) devices within a network, denial of service and flooding attacks on networks are on the rise. IoT devices are disrupted and denied service because of these attacks. In this study, we proposed a novel hybrid meta-heuristic adaptive particle swarm optimization-whale optimizer algorithm (APSO-WOA) for optimization of the hyperparameters of a convolutional neural network (APSO-WOA-CNN). The APSO-WOA optimization algorithm's fitness value is defined as the validation set's cross-entropy loss function during CNN model training. In this study, we compare our optimization algorithm with other optimization algorithms, such as the APSO algorithm, for optimization of the hyperparameters of CNN. In model training, the APSO-WOA-CNN algorithm achieved the best performance compared to the FNN algorithm, which used manual parameter settings. We evaluated the APSO-WOA-CNN algorithm against APSO-CNN, SVM, and FNN. The simulation results suggest that APSO-WOA-CNf[N is effective and can reliably detect multi-type IoT network attacks. The results show that the APSO-WOA-CNN algorithm improves accuracy by 1.25%, average precision by 1%, the kappa coefficient by 11%, Hamming loss by 1.2%, and the Jaccard similarity coefficient by 2%, as compared to the APSO-CNN algorithm, and the APSO-CNN algorithm achieves the best performance, as compared to other algorithms.

A Machine Learning-Based Anomaly Prediction Service for Software-Defined Networks

Software-defined networking (SDN) has gained tremendous growth and can be exploited in different network scenarios, from data centers to wide-area 5G networks. It shifts control logic from the devices to a centralized entity (programmable controller) for efficient traffic monitoring and flow management. A software-based controller enforces rules and policies on the requests sent by forwarding elements; however, it cannot detect anomalous patterns in the network traffic. Due to this, the controller may install the flow rules against the anomalies, reducing the overall network performance. These anomalies may indicate threats to the network and decrease its performance and security. Machine learning (ML) approaches can identify such traffic flow patterns and predict the systems' impending threats. We propose an ML-based service to predict traffic anomalies for software-defined networks in this work. We first create a large dataset for network traffic by modeling a programmable data center with a signature-based intrusion-detection system. The feature vectors are pre-processed and are constructed against each flow request by the forwarding element. Then, we input the feature vector of each request to a machine learning classifier for training to predict anomalies. Finally, we use the holdout cross-validation technique to evaluate the proposed approach. The evaluation results specify that the proposed approach is highly accurate. In contrast to baseline approaches (random prediction and zero rule), the performance improvement of the proposed approach in average accuracy, precision, recall, and f-measure is (54.14%, 65.30%, 81.63%, and 73.70%) and (4.61%, 11.13%, 9.45%, and 10.29%), respectively.

An Energy-Efficient and Blockchain-Integrated Software Defined Network for the Industrial Internet of Things

The number of unsecured and portable Internet of Things (IoT) devices in the smart industry is growing exponentially. A diversity of centralized and distributed platforms have been implemented to defend against security attacks; however, these platforms are insecure because of their low storage capacities, high power utilization, single node failure, underutilized resources, and high end-to-end delay. Blockchain and Software-Defined Networking (SDN) are growing technologies to create a secure system and to ensure safe network connectivity. Blockchain technology offers a strong and trustworthy foundation to deal with threats and problems, including safety, privacy, adaptability, scalability, and security. However, the integration of blockchain with SDN is still in the implementation phase, which provides an efficient resource allocation and reduced latency that can overcome the issues of industrial IoT networks. We propose an energy-efficient blockchain-integrated software-defined networking architecture for Industrial IoT (IIoT) to overcome these challenges. We present a framework for implementing decentralized blockchain integrated with SDN for IIoT applications to achieve efficient energy utilization and cluster-head selection. Additionally, the blockchain-enabled distributed ledger ensures data consistency throughout the SDN controller network and keeps a record of the nodes enforced in the controller. The simulation result shows that the proposed model provides the best energy consumption, end-to-end latency, and overall throughput compared to the existing works.

Early Detection of Abnormal Attacks in Software-Defined Networking Using Machine Learning Approaches

Recent developments have made software-defined networking (SDN) a popular technology for solving the inherent problems of conventional distributed networks. The key benefit of SDN is the decoupling between the control plane and the data plane, which makes the network more flexible and easier to manage. SDN is a new generation network architecture; however, its configuration settings are centralized, making it vulnerable to hackers. Our study investigated the feasibility of applying artificial intelligence technology to detect abnormal attacks in an SDN environment based on the current unit network architecture; therefore, the concept of symmetry includes the sustainability of SDN applications and robust performance of machine learning (ML) models in the case of various malicious attacks. In this study, we focus on the early detection of abnormal attacks in an SDN environment. On detection of malicious traffic in SDN topology, the AI module in the topology is applied to detect and act against the attack source through machine learning algorithms, making the network architecture more flexible. Under multiple abnormal attacks, we propose a hierarchical multi-class (HMC) architecture to effectively address the imbalanced dataset problem and improve the performance of minority classes. The experimental results show that the decision tree, random forest, bagging, AdaBoost, and deep learning models exhibit the best performance for distributed denial-of-service (DDoS) attacks. In addition, for the imbalanced dataset problem of multiclass classification, our proposed HMC architecture performs better than previous single classifiers. We also simulated the SDN topology and scenario verification. In summary, we concatenated the AI module to enhance the security and effectiveness of SDN networks in a practical manner.

The Robustness of Detecting Known and Unknown DDoS Saturation Attacks in SDN via the Integration of Supervised and Semi-Supervised Classifiers

The design of existing machine-learning-based DoS detection systems in software-defined networking (SDN) suffers from two major problems. First, the proper time window for conducting network traffic analysis is unknown and has proven challenging to determine. Second, it is unable to detect unknown types of DoS saturation attacks. An unknown saturation attack is an attack that is not represented in the training data. In this paper, we evaluate three supervised classifiers for detecting a family of DDoS flooding attacks (UDP, TCP-SYN, IP-Spoofing, TCP-SARFU, and ICMP) and their combinations using different time windows. This work represents an extension of the runner-up best-paper award entitled ‘Detecting Saturation Attacks in SDN via Machine Learning’ published in the 2019 4th International Conference on Computing, Communications and Security (ICCCS). The results in this paper show that the trained supervised models fail in detecting unknown saturation attacks, and their overall detection performance decreases when the time window of the network traffic increases. Moreover, we investigate the performance of four semi-supervised classifiers in detecting unknown flooding attacks. The results indicate that semi-supervised classifiers outperform the supervised classifiers in the detection of unknown flooding attacks. Furthermore, to further increase the possibility of detecting the known and unknown flooding attacks, we propose an enhanced hybrid approach that combines two supervised and semi-supervised classifiers. The results demonstrate that the hybrid approach has outperformed individually supervised or semi-supervised classifiers in detecting the known and unknown flooding DoS attacks in SDN.