分散式阻斷服務攻擊通常發生在雲端，而且只要一發生攻擊，就會造成很嚴重的癱瘓問題。然而，隨著物聯網裝置數量逐漸增加，從物聯網裝置發起的大規模分散式阻斷服務攻擊，對網路所造成的影響已經不容被忽視。所以，在此篇論文，我們提出一個多層物聯網分散式阻斷服務攻擊偵測系統，其中包含物聯網裝置、物聯網閘道器、軟體定義網路交換機、雲端伺服器四層。我們提出對於物聯網裝置傳輸協定的安全認證，並透過機器學習偵測分散式阻斷服務攻擊。在校園中，實際佈署了八盞智慧路燈與多種類型的感測器作為我們的實驗環境。蒐集所有從路燈來的封包作為我們訓練資料集，其中分為從路燈蒐集來的感測資料與行人透過無線網路上網的網路資料。我們根據不同的攻擊類型，對訓練特徵進行提取。實驗結果顯示：在真實的物聯網環境中，我們的分散式阻斷服務攻擊偵測系統能達到高於98% 的準確率。根據機器學習偵測出來的惡意攻擊裝置會被列入黑名單中，並由軟體定義網路控制器對黑名單內裝置進行阻擋。

DDoS attacks often happen in cloud servers and cause a devastating problem. However, an increasing number of Internet of Things devices makes us not ignore the influence of large-scale DDoS attacks from IoT devices. In this paper, we proposed a multi-layer IoT DDoS attack detection system, including IoT devices, IoT gateways, SDN switches, and cloud servers. We propose our IoT security certification for protocols and detect system of DDoS attacks based on machine learning. We implement eight smart poles with various sensors in our campus and collect packets as our datasets that are sensor data from smart poles through wireless network or wired network and network data from pedestrians via Wi-Fi. We extract the features based on DDoS attack types. The feature selection can result in high accuracy DDoS attack detection in the real IoT environment. The experimental results show that our multi-layer DDoS detection system can detect DDoS attacks accurately. Then the SDN controller can block venomous devices effectively according to blacklists from the results of our machine learning detection system.

Section I Introduction 1
Section II Related Work 4
Section III A Multi-layer DDOS Detection Methodologies in IOTs 8
A. IoT Security Certification 9
B. Feature Selection 10
C. System Architecture 12
Section IV Implementation 16
A. Experimental Environment 16
B. Data Collection and DDoS Attacks 20
C. Detection Result 20
D. SDN Controller 22
Section V Conclusion 25
References 26

[1] J. Mirkovic and P. Reiher, " A Taxonomy of DDoS Attack and DDoS Defense Mechanisms," ACM SIGCOMM Computer Communications Review, vol. 34, no. 2, pp. 39-53, 2004.
[2] Z. He, T. Zhang, and R.B. Lee, " Machine Learning Based DDoS Attack Detection from Source Side in Cloud," Proceedings of the IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), July 2017.
[3] S.S. Mohammed, R. Hussain, B. Bimaganbetov, and J. Lee, " A New Machine Learning-based Collaborative DDoS Mitigation Mechanism in Software-Defined Network," Proceedings of the 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Oct. 2018.
[4] Y. Liu, M. Dong, K. Ota, J. Li, and J. Wu, " Deep Reinforcement Learning based Smart Mitigation of DDoS Flooding in Software-Defined Networks," Proceedings of the IEEE 23rd International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), Sept. 2018.
[5] M. Zekri, S.E. Kafhali, N. Aboutabit, and Y. Saadi, " DDoS Attack Detection Using Machine Learning Techniques in Cloud Computing Environments," Proceedings of the 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech), Oct. 2017.
[6] R. Doshi, N. Apthorpe, and N. Feamster, " Machine Learning DDoS Detection for Consumer Internet of Things Devices," Proceedings of the IEEE Security and Privacy Workshops (SPW), May 2018.
[7] Q. Yan, W. Huang, X. Luo, Q. Gong, and F. Richard Yu, " A Multi-Level DDoS Mitigation Framework for the Industrial Internet of Things," IEEE Communications Magazine, Feb. 2018.
[8] E. Aras, G.S. Ramachandran, P. Lawrence, and D. Hughes, " Exploring the Security Vulnerabilities of LoRa," Proceedings of the 3rd IEEE International Conference on Cybernetics (CYBCONF), June 2017.
[9] S. Dowling, M. Schukat, and H. Melvin, " A ZigBee Honeypot to assess IoT Cyberattack Behaviour," Proceedings of the 28th Irish Signals and Systems Conference (ISSC), June 2017.
[10] A. Mishra and A. Dixit, " Resolving Threats in IoT: ID Spoofing to DDoS," Proceedings of the 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), July 2018.
[11] S.S. Hassan, S.D. Bibon, M.S. Hossain, and M. Atiquzzaman, " Security Threats in Bluetooth Technology," Computers & Security Volume 74, May 2018.
[12] W. Albazrqaoe, J. Huang, and G. Xing, " Practical Bluetooth Traffic Sniffing: Systems and Privacy Implications," Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, June 2016.
[13] K. Chen, A. R. Junuthula, I. K. Siddhrau, Y. Xu, and H. J. Chao, " SDNShield: Towards More Comprehensive Defense against DDoS Attacks on SDN Control Plane," Proceedings of the IEEE Conference on Communications and Network Security (CNS), Feb. 2017.
[14] K. Kalkan, L. Altay, G. Gür, and F. Alagöz, " JESS: Joint Entropy-Based DDoS Defense Scheme in SDN," IEEE Journal on Selected Areas in Communications, Sep. 2018.
[15] D. Yin, L. Zhang, and K. Yang, " A DDoS Attack Detection and Mitigation With Software-Defined Internet of Things Framework, " IEEE Access, Apr. 2018.
[16] P. MohanaPriya and S. Mercy Shalinie, " Restricted Boltzmann Machine Based Detection System for DDoS Attack in Software Defined Networks," Proceedings of the Fourth International Conference on Signal Processing, Communication and Networking (ICSCN), Oct. 2017.
[17] L. Yang and H. Zhao, " DDoS Attack Identification and Defense Using SDN Based on Machine Learning Method," Proceedings of the 15th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN), Feb. 2019.
[18] Y. Feng, H. Akiyama, L. Lu, and K. Sakurai, " Feature Selection for Machine Learning-Based Early Detection of Distributed Cyber Attacks," Proceedings of the IEEE 16th Intl Conf on DASC/PiCom/DataCom/CyberSciTech, Oct. 2018.
[19] V. Selis and A. Marshall, " A Classification-Based Algorithm to Detect Forged Embedded Machines in IoT Environments," IEEE Systems Journal, May 2018.
[20] M. Roopak, G. Y. Tian, and J. Chambers, " Deep Learning Models for Cyber Security in IoT Networks," Proceedings of the IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Mar. 2019.
[21] G. Kaur, " A Novel Distributed Machine Learning Framework for Semi-Supervised Detection of Botnet Attacks," Proceedings of the Eleventh International Conference on Contemporary Computing (IC3), Nov. 2018.
[22] K. Gurulakshmi and A. Nesarani, " Analysis of IoT Bots Against DDOS Attack Using Machine Learning Algorithm," Proceedings of the 2nd International Conference on Trends in Electronics and Informatics (ICOEI), Dec. 2018.
[23] L. Dhanabal1 and Dr. S.P. Shantharajah, " A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms," International Journal of Advanced Research in Computer and Communication Engineering, June 2015.
[24] " Dataset," http://smartcity.cs.nthu.edu.tw/dataset/download.php, 2019.
[25] scikit-learn: https://scikit-learn.org/stable/