A Genetic Algorithm- and t-Test-Based System for DDoS Attack Detection in IoT Networks

Internet and cloud-based technologies have facilitated the implementation of large-scale Internet of Things (IoT) networks. However, these networks are susceptible to emerging attacks. This paper proposes a novel lightweight system for detecting both high- and low-volume Distributed Denial of Service (DDoS) attacks in IoT networks, namely Genetic Algorithm (GA) and t-Test for DDoS Attack Detection (GADAD). The GADAD system employs edge-based technologies and has three phases. In the first phase, it creates and preprocesses an HL-IoT (High- and Low-volume attacks in IoT networks) dataset, which includes both high- and low-volume DDoS attacks. The second phase introduces a novel and lightweight method, called GAStats, for optimal feature selection using the GA and statistical parameters (Stats.). In the third phase, the system trains three tree-based Machine Learning (ML) models: Random Forest (RF), Extra-Tree (ET), and Adaptive Boosting (AdaBoost), along with other ML models, using both the self-generated HL-IoT dataset and the publicly available ToN-IoT dataset. The evaluation includes the assessment of key performance metrics such as accuracy, precision, recall, F1-score, Receiver Operating Characteristic Curve (ROC), computation time, and scalability analysis with overall system performance. The experimental results illustrate the efficacy of the feature selection method in optimizing the system's efficiency in detecting DDoS attacks in IoT networks, along with a reduction in computation time compared to existing state-of-the-art techniques.