Distributed Denial Of Service (DDOS) Attack Detection On Zigbee Protocol Using Naive Bayes Algoritm

(1) * Ibnu Masud Mail (Universitas Amikom Yogyakarta, Indonesia)
(2) Kusrini Kusrini Mail (Universitas Amikom Yogyakarta, Indonesia)
(3) Agung Budi Prasetio Mail (Universitas Amikom Yogyakarta, Indonesia)
*corresponding author


Distributed Denial of Service or better known as DDoS is an attempted attack from several computer systems that target a server so that the amount of traffic becomes too high so that the server cannot handle the request. DDoS is usually done by using several computer systems that are used as sources of attacks. So they attack one server through several computers so that the amount of traffic can also be higher. A DDoS attack is like a traffic jam that prevents a driver from reaching their desired destination on time. According to data, 33% of businesses in the world have fallen victim to DDoS attacks. DDoS is hard to trace. Some types of DDoS attacks can be very powerful and even reach speeds of 1.35 Tbps. Additionally, DDoS attacks can cause losses of $ 40,000 per hour if they occur. ZigBee is a standard from IEEE 802.15.4 for data communication on personal consumer devices as well as for business scale. ZigBee is designed with low power consumption and works for low level personal networks. ZigBee devices are commonly used to control another device or as a wireless sensor. ZigBee has a feature which is able to manage its own network, or manage data exchange on the network [1]. Another advantage of ZigBee is that it requires low power, so it can be used as a wireless control device which only needs to be installed once, because only one battery can make ZigBee last up to a year. In addition, ZigBee also has a "mesh" network topology so that it can form a wider network and more reliable data. In the previous research of Muhammad Aziz, Rusydi Umar, Faizin Ridho (2019) based on the results of the analysis carried out that the attack information that has been detected by the IDS based on signatures needs to be reviewed for accuracy using classification with statistical calculations. Based on the analysis and testing carried out with the artificial neural network method, it was found that the accuracy was 95.2381%. The neural network method can be applied in the field of network forensics in determining accurate results and helping to strengthen evidence at trial. The Naïve Bayes model performed relatively poor overall and produced the lowest accuracy score of this study (45%) when trained with the CICDDoS2019 dataset [47]. For the same model, precision was 66% and recall was 54%, meaning that almost half the time, the model misses to identify threats.





Article metrics

10.29099/ijair.v5i2.214 Abstract views : 352 | PDF views : 20




Full Text



S. Dua and X. Du, Data Mining and Machine Learning in Cybersecurity. Boca Raton, Florida: Auerbach Publications, 2016.

C. Canongia and R. Mandarino, “Cybersecurity: The new challenge of the information society,” in Handbook of Research on Business Social Networking: Organizational, Managerial, and Technological Dimensions, 2011.

P. Twomey, “Cyber Security Threats.” The Lowy Institute for International Policy, Sydney, 2010.

R. Von Solms and J. Van Niekerk, “From information security to cyber security,” Comput. Secur., vol. 38, pp. 97–102, 2013.

J. B. Fraley and J. Cannady, “The promise of machine learning in cybersecurity,” in SouthEastCon 2017, 2017, pp. 1–6.

OWASP, “OWASP Top 10 - 2017 - The Ten Most Critical Web Application Security Risks,” Top 10 2017, 2017.

C. Douligeris and A. Mitrokotsa, “DDoS attacks and defense mechanisms: Classification and state-of-the-art,” Comput. Networks, vol. 44, no. 5, pp. 643–666, 2004.

S. K. Sahu, S. Sarangi, and S. K. Jena, “A detail analysis on intrusion detection datasets,” in Souvenir of the 2014 IEEE International Advance Computing Conference, IACC 2014, 2014, pp. 1348–1353.

J. O. Nehinbe, “A critical evaluation of datasets for investigating IDSs and IPSs researches,” in Proceedings of 2011, 10th IEEE International Conference on Cybernetic Intelligent Systems, CIS 2011, 2011, pp. 1–6.

A. Gharib, I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “An Evaluation Framework for Intrusion Detection Dataset,” in ICISS 2016 - 2016 International Conference on Information Science and Security, 2017, pp. 1–6.

M. Ring, S. Wunderlich, D. Scheuring, D. Landes, and A. Hotho, “A survey of networkbased intrusion detection data sets,” Comput. Secur., vol. 86, pp. 147–167, 2019.

O. Yavanoglu and M. Aydos, “A review on cyber security datasets for machine learning algorithms,” in Proceedings - 2017 IEEE International Conference on Big Data, Big Data 2017, 2017, pp. 2186–2193.

C. Thomas, V. Sharma, and N. Balakrishnan, “Usefulness of DARPA dataset for intrusion detection system evaluation,” in Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008, 2008.

L. Dhanabal and S. P. Shantharajah, “A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms,” Int. J. Adv. Res. Comput. Commun. Eng., vol. 4, no. 6, 2015.

M. Małowidzki, P. Berezi, and M. Mazur, “Network Intrusion Detection: Half a Kingdom for a Good Dataset,” in ECCWS 2017 16th European Conference on Cyber Warfare and Security, 2017.

R. Bace and P. Mell, “NIST special publication on intrusion detection systems,” Special Publication (NIST SP), 2001.

Nexus Guard, “Nexusguard Research Shows DNS Amplification Attacks Grew Nearly 4,800% Year-over-Year; Highlighted by Sharp Increase in TCP SYN Flood,” 2019. [Online]. Available: https://www.nexusguard.com/newsroom/press-release/dns-amplificationattacks-rise-twofold-in-q1-0-0.

J. Mirkovic and P. Reiher, “A taxonomy of DDoS attack and DDoS defense mechanisms,” Comput. Commun. Rev., vol. 34, no. 2, pp. 39–53, 2004.

K. Scarfone and P. Mell, “Guide to Intrusion Detection and Prevention Systems (IDPS), National Institute of Standards and Technology. Special Publication (NIST SP), 2007.

P. Ferguson and D. Senie, “Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing,” RFC Editor, 2000. [Online]. Available: https://tools.ietf.org/html/rfc2827.

G. C. Kessler and D. E. Levin, Denial-of-Service Attacks, 4th ed. John Wiley & Sons, 2015.

R. Das and T. H. Morris, “Machine learning and cyber security,” in 2017 International Conference on Computer, Electrical and Communication Engineering, ICCECE 2017, 2018, pp. 1–7.

I. Sofi, A. Mahajan, and V. Mansotra, “Machine Learning Techniques used for the Detection and Analysis of Modern Types of DDoS Attacks,” Int. Res. J. Eng. Technol., 2017.

N. Sharma, A. Mahajan, and V. Mansotra, “Machine Learning Techniques Used in Detection of DOS Attacks: A Literature Review,” Int. J. Adv. Res. Comput. Sci. Softw. Eng., 2016.

M. Zekri, S. El Kafhali, N. Aboutabit, and Y. Saadi, “DDoS attack detection using machine learning techniques in cloud computing environments,” in Proceedings of 2017 International Conference of Cloud Computing Technologies and Applications, CloudTech 2017, 2018.

D. M. Farid, N. Harbi, E. Bahri, M. Z. Rahman, and C. M. Rahman, “Attacks classification in adaptive intrusion detection using decision tree,” World Acad. Sci. Eng. Technol., pp. 368–372, 2010.

Y. C. Wu, H. R. Tseng, W. Yang, and R. H. Jan, “DDoS detection and traceback with decision tree and grey relational analysis,” in 3rd International Conference on Multimedia and Ubiquitous Engineering, MUE 2009, 2009.

A. Andhare, P. Arvind, and B. Patil, “Denial-of-Service Attack Detection Using GeneticBased Algorithm,” vol. 2, no. 2, pp. 94–98, 2012.

M. Aamir and S. M. A. Zaidi, “DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation,” Int. J. Inf. Secur., pp. 1–25, 2019.

A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges,” Cybersecurity, vol. 2, no. 1, p. 20, 2019.

R. Koch, “Towards next-generation intrusion detection,” in 2011 3rd International Conference on Cyber Conflict, ICCC 2011 - Proceedings, 2011.

J. O. Nehinbe, “A simple method for improving intrusion detections in corporate networks,” in Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, 2010.

. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in 2015 Military Communications and Information Systems Conference, MilCIS 2015 - Proceedings, 2015.

M. Ring, S. Wunderlich, D. Grüdl, D. Landes, and A. Hotho, “Flow-based benchmark data sets for intrusion detection,” in European Conference on Information Warfare and Security, ECCWS, 2017

M. Ghorbani, Ali A., Lu, Wei, Tavallaee, Network Intrusion Detection and Prevention. Springer, 2010.

The Cooperative Association for Internet Data Analysis, “CAIDA - The Cooperative Association for Internet Data Analysis,” CAIDA. 2010.

J. Mchugh, “Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory,” ACM Trans. Inf. Syst. Secur., vol. 3, no. 4, pp. 1094–9224, 2000.

M. Tavallaee, E. Bagheri, W. Lu, and A. Ghorbani, “Detailed Analysis of the KDD CUP 99 Data Set,” Submitted to Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 2009. .

University Of California, “KDD-Cup Dataset ’99,” The UCI KDD Archive, 1999. .

University Of California, “KDD-Cup Dataset ’98,” The UCI KDD Archive, 1998. .

J. Heidemann and C. Papadopoulos, “Uses and challenges for network datasets,” in Proceedings - Cybersecurity Applications and Technology Conference for Homeland Security, CATCH 2009, 2009.

Defense Advanced Research Projects Agency, “1999 DARPA Intrusion Detection Evaluation Dataset,” 1999. [Online]. Available: https://www.ll.mit.edu/r-d/datasets/1999- darpa-intrusion-detection-evaluation-dataset.

M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Network anomaly detection: Methods, systems and tools,” IEEE Commun. Surv. Tutorials, vol. 16, no. 1, pp. 303–336, 2014.

A. Nisioti, A. Mylonas, P. D. Yoo, and V. Katos, “From intrusion detection to attacker attribution: A comprehensive survey of unsupervised methods,” IEEE Commun. Surv. Tutorials, vol. 20, no. 4, pp. 3369–3388, 2018.

T. H. Morris, Z. Thornton, and I. Turnipseed, “Industrial Control System Simulation and Data Logging for Intrusion Detection System Research,” Seventh Annu. Southeast. Cyber Secur. Summit, 2015.

R. Wirth, “CRISP-DM : Towards a Standard Process Model for Data Mining,” Proc. Fourth Int. Conf. Pract. Appl. Knowl. Discov. Data Min., pp. 29–39, 2000.

University of New Brunswick, “DDoS Evaluation Dataset (CICDDoS2019),” unb.ca, 2019. [Online]. Available: https://www.unb.ca/cic/datasets/ddos-2019.html.

University of New Brunswick, “CSE-CIC-IDS2018 on AWS,” 2018. [Online]. Available: https://www.unb.ca/cic/datasets/ids-2018.html.

F. Beer, T. Hofer, D. Karimi, and U. Bühler, “A new attack composition for network security,” in Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI), 2017.

Canadian Institute for Cybersecurity, “CICIDS2017,” unb.ca, 2017. [Online]. Available: https://www.unb.ca/cic/datasets/ids-2017.html.

A. H. Lashkari, Y. Zang, G. Owhuo, M. S. I. Mamun, and G. D. Gil, “CICFlowMeter,” Github. 2017.

Pandas.pydaya.org, “Pandas.Dataframe.Fillna,” Pandas 1.0.3 Documentation, 2014. [Online]. Available: https://pandas.pydata.org/pandasdocs/stable/reference/api/pandas.DataFrame.fillna.html.

Scikit-learn, “Train_test_split,” Scikit-learn 0.22.2 Documentation, 2019. [Online]. Available: https://scikitlearn.org/stable/modules/generated/sklearn.model_selection.train_test_split.html.

T. Mitchell, Machine Learning. Burr Ridge, IL: McGraw Hill, 1997.

M. Mohri, A. Rostamizadeh, and A. Talwalkar, Foundations of Machine Learning, 2nd ed. London, England: The MIT Press, 2018.

L. Rokach, “Ensemble-based classifiers,” Artif. Intell. Rev., vol. 33, pp. 1–39, 2010.

F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, and B. Thirion, “Scikit-learn: Machine learning in Python,” J. Mach. Learn. Res., vol. 12, pp. 2825–2830, 2011.

Scikit-learn, “KNeighborsClassier,” scikit-learn.org, 2019. [Online]. Available: https://scikitlearn.org/stable/modules/generated/sklearn.neighbors.KNeighborsClassifier.html.

Scikit-learn, “LinearSVC,” scikit-learn.org, 2019. [Online]. Available: https://scikitlearn.org/stable/modules/generated/sklearn.svm.LinearSVC.html.

Scikit-learn, “GaussianNB,” scikit-learn.org, 2019. [Online]. Available: https://scikit-learn.org/stable/modules/generated/sklearn.naive_bayes.GaussianNB.html.

Scikit-learn, “DecisionTreeClassifier,” scikit-learn.org, 2019. [Online]. Available: https://scikitlearn.org/stable/modules/generated/sklearn.tree.DecisionTreeClassifier.html.

Scikit-learn, “RandomForestClassifier,” scikit-learn.org, 2019. [Online]. Available: https://scikitlearn.org/stable/modules/generated/sklearn.ensemble.RandomForestClassifier.html.

Scikit-learn, “LogisticRegressionClassifier,” scikit-learn.org, 2019. [Online]. Available: https://scikitlearn.org/stable/modules/generated/sklearn.linear_model.LogisticRegression.html.

Scikit-learn, “StratifiedKFold,” Scikit-learn 0.22.2 Documentation, 2019. .

D. M. Powers, “Evaluation: From Precision, Recall and F-Factor to ROC, Informedness, Markedness & Correlation,” J. Mach. Learn. Technol., vol. 2, 2007.

A. a, Alfantookh, “DoS Attacks Intelligent Detection using Neural Networks,” J. King Saud Univ. -Comput. Inf. Sci., Vol. 18, no. 2006, pp. 31-51, 2006.

Alfine Ridho, M, Molavi Arman, “Analisis Serang DDoS Menggunakan Metode Jaringan Saraf Tiruan”, Sisfokom, Palembang, vol. 09. No. 03, PP 373-379, 2020.

Alfa Saleh, Implementasi Metode Klasifikasi Naïve Bayes Dalam Memprediksi Besarnya Penggunaan Listrik Rumah Tangga , Yogyakarta, Citec Journal, Vol. 2, No. 3, Mei 2015 – Juli 2015.

Al Riza Khadafy, Romi Satria Wahono, “Penerapan Naive Bayes untuk Mengurangi Data Noise pada Klasifikasi Multi Kelas dengan Decision Tree”, Jakarta, Journal of Intelligent Systems, Vol. 1, No. 2, December 2015.

Arif Wirawan Muhammad, Cik Feresa Mohd Foozy, Ahmad Azhari, “Machine Learning-Based Distributed Denial of Service Attack Detection on Intrusion Detection System Regarding to Feature Selection”, New South Wales, vol. 4, no. 1, pp. 01-08, 2020.

Aziz Muhammad, Rusydi Umar, Faizin Ridho, “Implementasi Jaringan Saraf Tiruan Untuk Untuk Mendeteksi Serang DDoS Pada Forensik Jaringan”, Yogyakarta, Vol. 3, No. 01, 2019.

Chris Jordan Sihombing Jodi, Dany Primanita Kartikasari, Adhitya Bhawiyuga, “Implementasi Sistem Deteksi dan Mitigasi Serangan Distributed Denial of Service (DDoS) menggunakan SVM Classifier pada Arsitektur Software Defined Network (SDN)”, Malang, Vol. 3, No. 10, halm. 9608-9613, 2019

Dong Shi, Khushnood Abbas, Raj Jain, “A Survey on Distributed Denial of Service (DDoS) Attact in SDN and Cloud Computing Environments”, India, Vol. 7, pp. 80813-80828, 2019.

E. D. Meutia, J. Teknik, E. Universitas, and S. Kuala, “Internet of Things–Keamanan dan Privasi,” in Seminar Nasional dan Expo Teknik Elektro ISSN, 2015, pp. 2088–9984.

Fitriyani,Romi Satria Wahono, “Integrasi Bagging dan Greedy Forward Selection pada Prediksi Cacat Software dengan Menggunakan Naïve Bayes”, Jakartaa, Journal of Software Engineering, Vol. 1, No. 2, December 2015.

I. Alsmadi and D. Xu, “Security of Software Defined Network: A Survey, ” Comput. Secur., vol. 53, pp. 79-108, 2015.

Iman Sharafaldin, Arash Habibi Lashkari, Saqib Hakak, and Ali A. Ghorbani, "Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy", IEEE 53rd International Carnahan Conference on Security Technology, Chennai, India, 2019.

J. S. Reddy, “ZigBee Security,” pp. 1–22, 2004.

Kurniabudi, Abdul Harris, Abdul Rahim, “Seleksi Fitur dengan Information Gain untuk Meningkatkan Deteksi Serangan DDoS Menggunakan Random Forest”, Jambi, Vol. 19, No. 1, halm. 56-66, 2020.

K. Hengst, “DDoS through the Internet of Things,” pp. 1-9, 2016.

K. Masica and K. Masica, “Recommended Practices Guide For Securing ZigBee Wireless Networks in Process Control System Environments Networks in Process Control,” Program, no. April, 2007.

Lila Dini Utami, Romi Satria Wahono, “Integrasi Metode Information Gain Untuk Seleksi Fitur dan Adaboost Untuk Mengurangi Bias Pada Analisis Sentimen Review Restoran Menggunakan Algoritma Naïve Bayes”, Jakarta, Journal of Intelligent Systems, Vol. 1, No. 2, December 2015

R. Sokullu, “GTS Attack : An IEEE 802 . 15 . 4 MAC Layer Attack in Wireless Sensor Networks,” Int. J., vol. 2, no. 1, pp. 105–116, 2009.

S. Nadila, Y. Galuh, S. Fatia, K. Fahmi Hayati Holle, Deteksi Serangan Distributed Denial of Services (DDOS) Berbasis HTTP Menggunakan Metode Fuzzy Sugeno, JISKa, Vol. 4, No. 3, Pp. 156 – 164, Januari 2020.

S. Raza, L. Wallgren, and T. Voigt, “SVELTE: Real-time intrusion detection in the Internet of Things,” Ad Hoc Networks, vol. 11, no. 8, pp. 2661–2674, 2013.

Sukmawati Anggraini Putri, Romi Satria Wahono,” Integrasi SMOTE dan Information Gain pada Naive Bayes untuk Prediksi Cacat Software”, Jakarta, Journal of Software Engineering, Vol. 1, No. 2, December 2015.

V. Hema and C. E. Shyni, “DoS Attack Detection Based on Naive Bayes Classifier,” Middle-East J. Sci. Red. Signal Process. Secur., Vol, 23, pp. 398- 405, 2015.

W. Razouk, G. V. Crosby, and A. Sekkaki, “New security approach for ZigBee weaknesses,” Procedia Comput. Sci., vol. 37, pp. 376–381, 2014.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


International Journal Of Artificial Intelligence Research

Organized by: Departemen Teknik Informatika STMIK Dharma Wacana
Published by: STMIK Dharma Wacana
Jl. Kenanga No.03 Mulyojati 16C Metro Barat Kota Metro Lampung
phone. +62725-7850671
Fax. +62725-7850671
Email: jurnal.ijair@gmail.com | herinurdiyanto@dharmawacana.ac.id

View IJAIR Statcounter

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.