ShieldRNN: A Distributed Flow-Based DDoS Detection Solution for IoT Using Sequence Majority Voting

The Distributed Denial of Service (DDoS) attack is considered one of the most critical threats on the Internet, blocking legitimate users from accessing online services. Botnets have exploited insecure IoT devices and used them to launch DDoS attacks. Providing IoT devices with the ability to detect DDoS attacks will prevent them from becoming contributors to these attacks. This paper presents an efficient solution to defend IoT devices against such inevitable attacks. The proposed solution consists of two parts: an IoT node detector and a server detector. The IoT node detector is a lightweight classifier to monitor egress traffic. The server detector is a more accurate classifier that is used by the IoT node if it suspected itself to be a contributor to a DDoS attack. To develop an accurate server detector, this paper proposes ShieldRNN: a novel training and prediction approach for RNN/LSTM models. We compare ShieldRNN with other supervised and unsupervised models on the CIC-IDS2017 dataset and show that it outperforms them. Also, we set baseline results for DDoS detection on the CIC IoT 2022 dataset.

Automated summary

This paper presents a solution to protect IoT devices from DDoS attacks, consisting of an IoT node detector and a server detector. By utilizing ShieldRNN for training and prediction, an accurate server detector is developed and its superiority is demonstrated on the dataset.