簡易檢索 / 詳目顯示

回結果列表
研究生: 陳奕雯
Chen, Yi-Wen
論文名稱: 基於機器學習設計並實作物聯網分散式阻斷服務攻擊偵測系統
Design and Implementation of IoT DDoS Attacks Detection System based on Machine Learning
指導教授: 許健平
Sheu, Jang-Ping
口試委員: 高榮駿
Kao, Jung-Chun
楊舜仁
Yang, Shun-Ren
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 通訊工程研究所
Communications Engineering
論文出版年: 2019
畢業學年度: 108
語文別: 英文
論文頁數: 29
中文關鍵詞: 分散式阻斷服務攻擊物聯網機器學習軟體定義網路
外文關鍵詞: Distributed Denial of Service, Internet of Things, Machine Learning, Software Defined Networking
相關次數: 點閱:2下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 分散式阻斷服務攻擊通常發生在雲端,而且只要一發生攻擊,就會造成很嚴重的癱瘓問題。然而,隨著物聯網裝置數量逐漸增加,從物聯網裝置發起的大規模分散式阻斷服務攻擊,對網路所造成的影響已經不容被忽視。所以,在此篇論文,我們提出一個多層物聯網分散式阻斷服務攻擊偵測系統,其中包含物聯網裝置、物聯網閘道器、軟體定義網路交換機、雲端伺服器四層。我們提出對於物聯網裝置傳輸協定的安全認證,並透過機器學習偵測分散式阻斷服務攻擊。在校園中,實際佈署了八盞智慧路燈與多種類型的感測器作為我們的實驗環境。蒐集所有從路燈來的封包作為我們訓練資料集,其中分為從路燈蒐集來的感測資料與行人透過無線網路上網的網路資料。我們根據不同的攻擊類型,對訓練特徵進行提取。實驗結果顯示:在真實的物聯網環境中,我們的分散式阻斷服務攻擊偵測系統能達到高於98% 的準確率。根據機器學習偵測出來的惡意攻擊裝置會被列入黑名單中,並由軟體定義網路控制器對黑名單內裝置進行阻擋。

    DDoS attacks often happen in cloud servers and cause a devastating problem. However, an increasing number of Internet of Things devices makes us not ignore the influence of large-scale DDoS attacks from IoT devices. In this paper, we proposed a multi-layer IoT DDoS attack detection system, including IoT devices, IoT gateways, SDN switches, and cloud servers. We propose our IoT security certification for protocols and detect system of DDoS attacks based on machine learning. We implement eight smart poles with various sensors in our campus and collect packets as our datasets that are sensor data from smart poles through wireless network or wired network and network data from pedestrians via Wi-Fi. We extract the features based on DDoS attack types. The feature selection can result in high accuracy DDoS attack detection in the real IoT environment. The experimental results show that our multi-layer DDoS detection system can detect DDoS attacks accurately. Then the SDN controller can block venomous devices effectively according to blacklists from the results of our machine learning detection system.

    Section I Introduction 1 Section II Related Work 4 Section III A Multi-layer DDOS Detection Methodologies in IOTs 8 A. IoT Security Certification 9 B. Feature Selection 10 C. System Architecture 12 Section IV Implementation 16 A. Experimental Environment 16 B. Data Collection and DDoS Attacks 20 C. Detection Result 20 D. SDN Controller 22 Section V Conclusion 25 References 26

    [1] J. Mirkovic and P. Reiher, " A Taxonomy of DDoS Attack and DDoS Defense Mechanisms," ACM SIGCOMM Computer Communications Review, vol. 34, no. 2, pp. 39-53, 2004.
    [2] Z. He, T. Zhang, and R.B. Lee, " Machine Learning Based DDoS Attack Detection from Source Side in Cloud," Proceedings of the IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), July 2017.
    [3] S.S. Mohammed, R. Hussain, B. Bimaganbetov, and J. Lee, " A New Machine Learning-based Collaborative DDoS Mitigation Mechanism in Software-Defined Network," Proceedings of the 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Oct. 2018.
    [4] Y. Liu, M. Dong, K. Ota, J. Li, and J. Wu, " Deep Reinforcement Learning based Smart Mitigation of DDoS Flooding in Software-Defined Networks," Proceedings of the IEEE 23rd International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), Sept. 2018.
    [5] M. Zekri, S.E. Kafhali, N. Aboutabit, and Y. Saadi, " DDoS Attack Detection Using Machine Learning Techniques in Cloud Computing Environments," Proceedings of the 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech), Oct. 2017.
    [6] R. Doshi, N. Apthorpe, and N. Feamster, " Machine Learning DDoS Detection for Consumer Internet of Things Devices," Proceedings of the IEEE Security and Privacy Workshops (SPW), May 2018.
    [7] Q. Yan, W. Huang, X. Luo, Q. Gong, and F. Richard Yu, " A Multi-Level DDoS Mitigation Framework for the Industrial Internet of Things," IEEE Communications Magazine, Feb. 2018.
    [8] E. Aras, G.S. Ramachandran, P. Lawrence, and D. Hughes, " Exploring the Security Vulnerabilities of LoRa," Proceedings of the 3rd IEEE International Conference on Cybernetics (CYBCONF), June 2017.
    [9] S. Dowling, M. Schukat, and H. Melvin, " A ZigBee Honeypot to assess IoT Cyberattack Behaviour," Proceedings of the 28th Irish Signals and Systems Conference (ISSC), June 2017.
    [10] A. Mishra and A. Dixit, " Resolving Threats in IoT: ID Spoofing to DDoS," Proceedings of the 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), July 2018.
    [11] S.S. Hassan, S.D. Bibon, M.S. Hossain, and M. Atiquzzaman, " Security Threats in Bluetooth Technology," Computers & Security Volume 74, May 2018.
    [12] W. Albazrqaoe, J. Huang, and G. Xing, " Practical Bluetooth Traffic Sniffing: Systems and Privacy Implications," Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, June 2016.
    [13] K. Chen, A. R. Junuthula, I. K. Siddhrau, Y. Xu, and H. J. Chao, " SDNShield: Towards More Comprehensive Defense against DDoS Attacks on SDN Control Plane," Proceedings of the IEEE Conference on Communications and Network Security (CNS), Feb. 2017.
    [14] K. Kalkan, L. Altay, G. Gür, and F. Alagöz, " JESS: Joint Entropy-Based DDoS Defense Scheme in SDN," IEEE Journal on Selected Areas in Communications, Sep. 2018.
    [15] D. Yin, L. Zhang, and K. Yang, " A DDoS Attack Detection and Mitigation With Software-Defined Internet of Things Framework, " IEEE Access, Apr. 2018.
    [16] P. MohanaPriya and S. Mercy Shalinie, " Restricted Boltzmann Machine Based Detection System for DDoS Attack in Software Defined Networks," Proceedings of the Fourth International Conference on Signal Processing, Communication and Networking (ICSCN), Oct. 2017.
    [17] L. Yang and H. Zhao, " DDoS Attack Identification and Defense Using SDN Based on Machine Learning Method," Proceedings of the 15th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN), Feb. 2019.
    [18] Y. Feng, H. Akiyama, L. Lu, and K. Sakurai, " Feature Selection for Machine Learning-Based Early Detection of Distributed Cyber Attacks," Proceedings of the IEEE 16th Intl Conf on DASC/PiCom/DataCom/CyberSciTech, Oct. 2018.
    [19] V. Selis and A. Marshall, " A Classification-Based Algorithm to Detect Forged Embedded Machines in IoT Environments," IEEE Systems Journal, May 2018.
    [20] M. Roopak, G. Y. Tian, and J. Chambers, " Deep Learning Models for Cyber Security in IoT Networks," Proceedings of the IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Mar. 2019.
    [21] G. Kaur, " A Novel Distributed Machine Learning Framework for Semi-Supervised Detection of Botnet Attacks," Proceedings of the Eleventh International Conference on Contemporary Computing (IC3), Nov. 2018.
    [22] K. Gurulakshmi and A. Nesarani, " Analysis of IoT Bots Against DDOS Attack Using Machine Learning Algorithm," Proceedings of the 2nd International Conference on Trends in Electronics and Informatics (ICOEI), Dec. 2018.
    [23] L. Dhanabal1 and Dr. S.P. Shantharajah, " A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms," International Journal of Advanced Research in Computer and Communication Engineering, June 2015.
    [24] " Dataset," http://smartcity.cs.nthu.edu.tw/dataset/download.php, 2019.
    [25] scikit-learn: https://scikit-learn.org/stable/

    QR CODE