DDOSHIELD-IoT: A Testbed for Simulating and Lightweight Detection of IoT Botnet DDoS Attacks

In the rapidly expanding realm of the Internet of Things (IoT), the escalation of sophisticated cyber threats, particularly botnet Distributed Denial of Service (DDoS) attacks, highlights the importance of Intrusion Detection Systems (IDS) for maintaining network integrity. IDSs are necessary tools for identifying and mitigating such threats. Consequently, there is a compelling need for a testbed that can facilitate the development and rigorous evaluation of IDS solutions, specifically designed to meet unique requirements and constraints of IoT environments. To bridge this gap, DDOSHIELD-IoT, an IDS testbed, is introduced, aiming to provide a platform for creating and evaluating IDSs within the IoT context. DDOSHIELD-IoT leverages Docker containers and the NS-3 network simulator to accurately mimic IoT environments and traffic. DDOSHIELD-IoT is used to implement and evaluate multiple IDSs. These IDSs leverage different machine learning models, such as K-Means, to detect Mirai botnet DDoS traffic, achieving an accuracy of over 90%. This evaluation highlights DDOSHIELD-IoT's precision as an IDS testbed. Furthermore, DDOSHIELD-IoT provides the capability to measure diverse performance metrics, such as CPU and memory usage. These assessments show DDOSHIELD-IoT's contributions to IoT security practices by offering scalability and reproducibility for enhanced IDS creation and evaluation.