{"id":1090,"date":"2021-01-15T20:13:44","date_gmt":"2021-01-15T18:13:44","guid":{"rendered":"http:\/\/journals.khnu.km.ua\/vestnik\/?p=1090"},"modified":"2021-03-23T12:28:02","modified_gmt":"2021-03-23T10:28:02","slug":"%d0%bc%d0%b5%d1%82%d0%be%d0%b4-%d0%b2%d0%b8%d1%8f%d0%b2%d0%bb%d0%b5%d0%bd%d0%bd%d1%8f-ddos-%d0%b0%d1%82%d0%b0%d0%ba-%d0%bd%d0%b0-iot-%d0%bc%d0%b5%d1%80%d0%b5%d0%b6%d1%96","status":"publish","type":"post","link":"https:\/\/journals.khnu.km.ua\/vestnik\/?p=1090","title":{"rendered":"\u041c\u0435\u0442\u043e\u0434 \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u043d\u044f DDOS \u0430\u0442\u0430\u043a \u043d\u0430 IOT \u043c\u0435\u0440\u0435\u0436\u0456"},"content":{"rendered":"

\u041c\u0415\u0422\u041e\u0414 \u0412\u0418\u042f\u0412\u041b\u0415\u041d\u041d\u042f DDOS \u0410\u0422\u0410\u041a \u041d\u0410 IOT \u041c\u0415\u0420\u0415\u0416\u0406<\/p>\n

METHOD OF DETECTING DDOS ATTACKS ON IOT NETWORKS<\/p>\n

<\/a> \u0421\u0442\u043e\u0440\u0456\u043d\u043a\u0438: 184-191. \u041d\u043e\u043c\u0435\u0440: \u21161, 2020 (281)<\/strong>
\n\u0410\u0432\u0442\u043e\u0440\u0438:<\/strong>
\n\u0410.\u041e. \u041d\u0406\u0427\u0415\u041f\u041e\u0420\u0423\u041a, \u0410.\u0410. \u041d\u0406\u0427\u0415\u041f\u041e\u0420\u0423\u041a, \u041e.\u0412. \u0424\u0415\u0413\u0418\u0420, \u0410.\u0414. \u041a\u0410\u0417\u0410\u041d\u0426\u0415\u0412, \u042e.\u041e. \u041d\u0406\u0427\u0415\u041f\u041e\u0420\u0423\u041a
\n\u0425\u043c\u0435\u043b\u044c\u043d\u0438\u0446\u044c\u043a\u0438\u0439 \u043d\u0430\u0446\u0456\u043e\u043d\u0430\u043b\u044c\u043d\u0438\u0439 \u0443\u043d\u0456\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442
\nA.O. NICHEPORUK, A.A. NICHEPORUK, O.V. FEHYR, A.D. KAZANTSEV, Y.O. NICHEPORUK
\nKhmelnytskyi National University
\nDOI:<\/strong> https:\/\/www.doi.org\/10.31891\/2307-5732-2020-281-1-184-191<\/a>
\n\u0420\u0435\u0446\u0435\u043d\u0437\u0456\u044f\/Peer review :<\/strong> 13. 01.2020 \u0440.
\n\u041d\u0430\u0434\u0440\u0443\u043a\u043e\u0432\u0430\u043d\u0430\/Printed :<\/strong> 14.02.2020 \u0440.<\/p>\n

\u0410\u043d\u043e\u0442\u0430\u0446\u0456\u044f \u043c\u043e\u0432\u043e\u044e \u043e\u0440\u0438\u0433\u0456\u043d\u0430\u043b\u0443<\/strong><\/p>\n

\u0412 \u0440\u043e\u0431\u043e\u0442\u0456 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043e \u043c\u0435\u0442\u043e\u0434 \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u043d\u044f DDoS \u0430\u0442\u0430\u043a \u043d\u0430 IoT-\u043c\u0435\u0440\u0435\u0436\u0456, \u0449\u043e \u0437\u0430\u0441\u043d\u043e\u0432\u0430\u043d\u0438\u0439 \u043d\u0430 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u0430\u043d\u043d\u0456 \u043b\u043e\u0433\u0456\u0441\u0442\u0438\u0447\u043d\u043e\u0457 \u0440\u0435\u0433\u0440\u0435\u0441\u0456\u0457. \u0417\u0430\u043f\u0440\u043e\u043f\u043e\u043d\u043e\u0432\u0430\u043d\u0438\u0439 \u043c\u0435\u0442\u043e\u0434 \u0441\u043a\u043b\u0430\u0434\u0430\u0454\u0442\u044c\u0441\u044f \u0437 \u0434\u0432\u043e\u0445 \u0435\u0442\u0430\u043f\u0456\u0432: offline \u0442\u0430 online. \u0413\u043e\u043b\u043e\u0432\u043d\u043e\u044e \u043c\u0435\u0442\u043e\u044e offline \u0435\u0442\u0430\u043f\u0443 \u0454 \u0441\u0442\u0432\u043e\u0440\u0435\u043d\u043d\u044f \u043c\u043e\u0434\u0435\u043b\u0456 \u043a\u043b\u0430\u0441\u0438\u0444\u0456\u043a\u0430\u0442\u043e\u0440\u0430, \u044f\u043a\u0430 \u0431\u0443\u0434\u0435 \u0432 \u043f\u043e\u0434\u0430\u043b\u044c\u0448\u043e\u043c\u0443 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u0430\u043d\u0430 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0456 \u0432\u0438\u043a\u043e\u043d\u0430\u043d\u043d\u044f online \u0435\u0442\u0430\u043f\u0443. \u0428\u043b\u044f\u0445\u043e\u043c \u043c\u043e\u043d\u0456\u0442\u043e\u0440\u0438\u043d\u0433\u0443 \u043c\u0435\u0440\u0435\u0436\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0456\u043a\u0443 \u0432 \u0440\u0435\u0436\u0438\u043c\u0456 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0447\u0430\u0441\u0443 \u0435\u0442\u0430\u043f online \u0437\u0434\u0456\u0439\u0441\u043d\u044e\u0454 \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u043d\u044f DDoS \u0430\u0442\u0430\u043a \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0456 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u0430\u043d\u043d\u044f \u0441\u0444\u043e\u0440\u043c\u043e\u0432\u0430\u043d\u043e\u0457 \u043d\u0430 \u0435\u0442\u0430\u043f\u0456 offline \u043c\u043e\u0434\u0435\u043b\u0456 \u043a\u043b\u0430\u0441\u0438\u0444\u0456\u043a\u0430\u0442\u043e\u0440\u0430. \u041f\u0440\u043e\u0446\u0435\u0441 \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u043d\u044f \u043f\u0435\u0440\u0435\u0434\u0431\u0430\u0447\u0430\u0454 \u0440\u043e\u0437\u0431\u0438\u0442\u0442\u044f \u0441\u043f\u043e\u0441\u0442\u0435\u0440\u0435\u0436\u0443\u0432\u0430\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0456\u043e\u0434\u0443 \u043c\u043e\u043d\u0456\u0442\u043e\u0440\u0438\u043d\u0433\u0443 \u0442\u0440\u0430\u0444\u0456\u043a\u0443 \u043d\u0430 10 \u0432\u0456\u0434\u0440\u0456\u0437\u043a\u0456\u0432 \u0442\u0430 \u0432\u0438\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044f \u043d\u0430 \u043a\u043e\u0436\u043d\u043e\u043c\u0443 \u0437 \u043d\u0438\u0445 \u043f\u0440\u043e\u043c\u0456\u0436\u043d\u0438\u0445 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0456\u0432. \u0412\u0438\u0441\u043d\u043e\u0432\u043e\u043a \u043f\u0440\u043e \u043d\u0430\u044f\u0432\u043d\u0456\u0441\u0442\u044c DDoS \u0430\u0442\u0430\u043a\u0438 \u0437\u0434\u0456\u0439\u0441\u043d\u044e\u0454\u0442\u044c\u0441\u044f \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0456 \u043f\u043e\u0440\u0456\u0432\u043d\u044f\u043d\u043d\u044f \u0441\u0435\u0440\u0435\u0434\u043d\u044c\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044f \u0441\u0435\u0440\u0435\u0434 \u0432\u0441\u0456\u0445 \u043f\u0440\u043e\u043c\u0456\u0436\u043d\u0438\u0445 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0456\u0432 \u043a\u043b\u0430\u0441\u0438\u0444\u0456\u043a\u0430\u0446\u0456\u0457 \u0437 \u043f\u043e\u0440\u043e\u0433\u043e\u0432\u0438\u043c \u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044f\u043c \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u043d\u044f. \u0423 \u0432\u0438\u043f\u0430\u0434\u043a\u0443 \u043f\u0435\u0440\u0435\u0432\u0438\u0449\u0435\u043d\u043d\u044f \u043f\u043e\u0440\u043e\u0433\u043e\u0432\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044f \u0440\u043e\u0431\u0438\u0442\u044c\u0441\u044f \u0432\u0438\u0441\u043d\u043e\u0432\u043e\u043a \u043f\u0440\u043e \u043d\u0430\u044f\u0432\u043d\u0456\u0441\u0442\u044c DDoS \u0430\u0442\u0430\u043a\u0438.
\n\u041a\u043b\u044e\u0447\u043e\u0432\u0456 \u0441\u043b\u043e\u0432\u0430:<\/strong> DDoS \u0430\u0442\u0430\u043a\u0430, IoT, \u043a\u043b\u0430\u0441\u0438\u0444\u0456\u043a\u0430\u0442\u043e\u0440, \u043c\u0435\u0440\u0435\u0436\u0435\u0432\u0438\u0439 \u0442\u0440\u0430\u0444\u0456\u043a.<\/p>\n

\u0420\u043e\u0437\u0448\u0438\u0440\u0435\u043d\u0430 \u0430\u043d\u043e\u0442\u0430\u0446\u0456\u044f \u0430\u043d\u0433\u043b\u0456\u0439\u0441\u044c\u043a\u043e\u044e \u043c\u043e\u0432\u043e\u044e<\/strong><\/p>\n

The paper presents a method for detecting DDoS attacks on an IoT network based on the use of logistic regression. With limited computing power and available memory on IoT networks, the use of logistic regression is dictated by the low computational complexity and ease of implementation. The proposed method consists of two steps: offline and online. The main purpose of the offline stage is to create a classifier model that will be further used in the online stage execution process. The main purpose of the offline stage is that in during training the logistic classifier model, the entire training data set is split into two sets. The first dataset is labeled and will be used to train the logistic regression classifier. The second dataset is also labelled and used for validation. The training algorithm does not use validation dataset labels, instead they are used to test the predicted output of the classifier. By monitoring network traffic in real time, the online stage detects DDoS attacks based on the use of the offline classifier model. The detection process involves splitting the monitored monitoring period into 10 segments and identifying intermediate results on each of them. The conclusion that a DDoS attack is present is based on a comparison of the mean among all the intermediate classification results with the detection threshold. If the threshold is exceeded, it is concluded that a DDoS attack is present. According to the results of a study using the developed software, the highest efficiency of DDoS detection of TCP SYN attacks was achieved at the level of 91%. However, with the highest detection efficiency, the type 1 error rate was also the highest, at 10%. After carrying out 10 experiments, the average values of statistical indicators were determined, in particular the accuracy value was 89.9%, and the level of false positives was 9.6%.
\nKeywords:<\/strong> DDoS attack, IoT, classifier, network traffic.<\/p>\n

References<\/strong><\/p>\n

    \n
  1. Arbor NETSCOUT Arbor\u2019s 13th Annual Worldwide Infrastructure Security Report. 23 January 2018. URL: https:\/\/pages.arbornetworks.com\/rs\/082-KNA-087\/images\/13th_Worldwide_Infrastructure_Security_ Report.pdf.<\/li>\n
  2. Elzen v. d. Techniques for detecting compromised IoT Devices \/ I. v. d. Elzen, J. v. Heugten \/\/ MSc System and network Engineering, University of Asterdam. \u2013 2017. \u2013 \u0420. 1\u201326.<\/li>\n
  3. Zhang C. Communication security in internet of thing: preventive measure and avoid ddos attack over iot network \/ C. Zhang, R. Green \/\/ Proceedings of the 18th Symposium on Communications & Networking. Society for Computer Simulation International. \u2013 Alexandria Virginia, 2015. \u2013 \u0420. 8\u201315.<\/li>\n
  4. Nobakht M. A host-based intrusion detection and mitigation framework for smart home iot using openflow \/ M. Nobakht,\u00a0 \u00a0 Sivaraman,\u00a0 and\u00a0 R.\u00a0 Boreli \/\/ Proceedings of the 11th International Conference in Availability, Reliability and Security (ARES). \u2013 Salzburg, Austria, 2016. \u2013 \u0420. 147\u2013156.<\/li>\n
  5. Jerkins J. A. Motivating a market\u00a0 or\u00a0 regulatory\u00a0 solution\u00a0 to\u00a0 iot\u00a0 in security\u00a0 with\u00a0 the\u00a0 mirai\u00a0 botnet\u00a0 code \/ J.\u00a0 \u00a0 Jerkins \/\/ Proceedings of the 7th Annual Computing and Communication Workshop and Conference (CCWC). \u2013 Las Vegas, NV, USA, 2017. \u2013 \u0420. 1\u20135.<\/li>\n
  6. Jun C. Design of complex event-processing idsin internet of things \/ C. Jun, C. Chi \/\/ Proceedings of the Sixth International Conference on Measuring Technology and Mechatronics Automation (ICMTMA). \u2013 Zhangjiajie, China, 2014. \u2013 \u0420. 226\u2013<\/li>\n
  7. Xiang Y. Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics \/ Y.Xiang, K. Li, W. Zhou \/\/ IEEE Transactions on Information Forensics and Security. \u2013 2011\u2013 Vol. 6. \u2013 No. 2. \u2013 \u0420.426\u2013437.<\/li>\n
  8. Du P. IP packet size entropy-based scheme for detection of DoS\/DDoS attacks \/ P. Du, S. Abe \/\/ IEICE transactions on information and systems. \u2013 2008. \u2013 Vol. 91. \u2013 Issue 5. \u2013 \u0420. 1274\u20131281.<\/li>\n
  9. Meidan Y. N-BaIoT\u2014Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders \/ Y.Meidan, M. Bohadana, Y. Mathov et al. \/\/ IEEE Pervasive Computing. \u2013 2018. \u2013 Vol. 17. \u2013 Issue 3. \u2013 \u0420. 12\u201322.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

    \u041c\u0415\u0422\u041e\u0414 \u0412\u0418\u042f\u0412\u041b\u0415\u041d\u041d\u042f DDOS \u0410\u0422\u0410\u041a \u041d\u0410 IOT \u041c\u0415\u0420\u0415\u0416\u0406 METHOD OF DETECTING DDOS ATTACKS ON IOT NETWORKS \u0421\u0442\u043e\u0440\u0456\u043d\u043a\u0438: 184-191. \u041d\u043e\u043c\u0435\u0440: \u21161, 2020 (281) \u0410\u0432\u0442\u043e\u0440\u0438: \u0410.\u041e. \u041d\u0406\u0427\u0415\u041f\u041e\u0420\u0423\u041a, \u0410.\u0410. \u041d\u0406\u0427\u0415\u041f\u041e\u0420\u0423\u041a, \u041e.\u0412. \u0424\u0415\u0413\u0418\u0420, \u0410.\u0414. \u041a\u0410\u0417\u0410\u041d\u0426\u0415\u0412, \u042e.\u041e. \u041d\u0406\u0427\u0415\u041f\u041e\u0420\u0423\u041a \u0425\u043c\u0435\u043b\u044c\u043d\u0438\u0446\u044c\u043a\u0438\u0439 \u043d\u0430\u0446\u0456\u043e\u043d\u0430\u043b\u044c\u043d\u0438\u0439 \u0443\u043d\u0456\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442 A.O. NICHEPORUK, A.A. NICHEPORUK, O.V. FEHYR, A.D. KAZANTSEV, Y.O. NICHEPORUK Khmelnytskyi National University DOI: https:\/\/www.doi.org\/10.31891\/2307-5732-2020-281-1-184-191 \u0420\u0435\u0446\u0435\u043d\u0437\u0456\u044f\/Peer review : 13. 01.2020 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[13],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/posts\/1090"}],"collection":[{"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1090"}],"version-history":[{"count":3,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/posts\/1090\/revisions"}],"predecessor-version":[{"id":5133,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/posts\/1090\/revisions\/5133"}],"wp:attachment":[{"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1090"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1090"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}