Professional Documents
Culture Documents
1
Agenda
Today’s presentation
2. Solution Proposal
2
Introduction & Problem Definition
3
Quarter Trends
Total number of DDoS attacks
Q2 2021 Q2 2022
400%
300%
200%
302.5%
273.12%
100%
100% 100%
0%
Total Smart attacks
SYN
20.25% UDP
62.53%
6
Objectives
• The application of a Machine Learning (ML) and Deep Learning (DL) models selection for the
design of an Intrusion Detection System (IDS) with an accuracy of at least 95%, for DoS and
DDoS attacks directed to IoT devices in Software De ned Networks (SDN).
1. Analyze the state of the art for a proper ML and DL models selection.
2. Create a smart IDS for DoS and DDoS attacks based on UDP, TCP, and HTTP protocols.
3. Deploy the IDS in a production simulated environment based on ONOS controller and
Mininet.
7
fi
Solution Proposal
8
Data Distribution for the IDS
Class balancing from the Bot-IoT dataset*
*Koroniotis, N., Moustafa, N., Sitnikova, E., & Turnbull, B. (2019). Towards the development of realistic botnet dataset in the Internet of Things for network forensic
analytics: Bot-IoT dataset. Future Generation Computer Systems, 100, 779–796. doi:10.1016/j.future.2019.05.041
9
fl
Feature Sets Selected
Range between 15 and 18 variables
Class
balancing
ML models
evaluation
DL models
evaluation
Feature
set(s)
proposal
Time
performance
evaluation
Flow-level
detection
11
fi
The LATAM-DDoS-IoT Dataset
Based on physical IoT devices and real users
12
LATAM-DDoS-IoT
Comparison against the popular related work around IoT datasets
LATAM Bot-IoT (2019) TON_IoT (2020) CIC IoT (2022)
Flow-level
information
Number of
20 32 22 48
attributes
13
ffi
fi
ffi
LATAM Dataset
Balanced data distribution for the DoS and DDoS versions
14
fl
fl
SDN Architecture
A modular framework*
*J. A. Pérez-Díaz, I. A. Valdovinos, K. -K. R. Choo and D. Zhu, "A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks
Using Machine Learning," in IEEE Access, vol. 8, pp. 155859-155872, 2020, doi: 10.1109/ACCESS.2020.3019330.
15
SDN Testbed for the IDS Deployment
An architecture with physical and virtual components
16
Experimental Results &
Discussion
17
Bot-IoT Dataset Results
Time performance and Classi cation results of Decision Tree
30,362
29,940
29,453 29,452
99% 29,000
1st feature set 2nd feature set 3rd feature set 1st feature set 2nd feature set 3rd feature set
18
fl
fi
fi
fi
fi
fi
LATAM-DDoS-IoT Dataset Results
Time performance and Classi cation results
99% 40,000
98.911% 98.908%
98.834% 98.834%
9,990 9,764
98% 0
Binary classi cation Multiclass classi cation Binary classi cation Multiclass classi cation
Using the 2nd feature set from the Bot-IoT dataset experiments Using the 2nd feature set from the Bot-IoT dataset experiments
19
fl
fi
fi
fi
fi
fi
IDS Deployment Results in the SDN Testbed
Results from concatenating the Bot-IoT and LATAM-DDoS-IoT
20
IDS Deployment Results in the SDN Testbed
Runtime screenshots
21
Conclusions & Future Work
22
Conclusions
The Bot-IoT dataset
• The proposed IDS trained with the Bot-IoT dataset presents results without
biases towards a majority class, achieving an average accuracy >99% with
our 3 distinct feature sets, whilst being suitable for implementation in real-
time production environments.
23
fl
Conclusions
The LATAM dataset
• It is a novel state-of-the-art dataset with real normal tra c from actual clients
consuming real services, and also real attack tra c directed to physical IoT devices.
• We conducted binary and multiclass classi cations with its balanced DoS and
DDoS versions, getting an average accuracy of 99.967% and 98.872%,
respectively.
• When concatenating it with the Bot-IoT dataset, we achieved results such as the
99.99% of accuracy from the Decision Tree in binary classi cation for DoS.
24
fi
ffi
fi
ffi
Conclusions
IDS deployment in the SDN testbed
• We can say our smart IDS behaves strongly, where 100% of the ows
identi ed as attacks were correctly classi ed, and above 90% of the attack
ows were detected.
25
fl
fi
fi
ffi
fl
Future Work
The next steps
26
Future Work
The next steps
classi ers, since the characteristics of real tra c from actual clients and also
attack tra c directed to physical IoT devices make our dataset convenient for
27
fi
ffi
ffi
Appendix
28
Transport and Application Layer Towards the Protection of IoT
DDoS Attacks Detection to IoT Networks: Introducing the LATAM-
Devices by Using ML and DL Models DDoS-IoT Dataset
29
LATAM-DDoS-IoT
Dataset
30
Project Funding
31
¡Gracias!
Any questions?
genaroalmaraz@exatec.tec.mx
LinkedIn: Genaro Almaraz
32