Analysis of Machine Learning Techniques for Lightweight DDoS Attack Detection on IoT Networks


As botnet style distributed denial of service (DDoS) attacks continue to proliferate the Internet of Things (IoT) landscape, researchers have struggled to provide a definitive way of addressing concerns related to the IoT’s security. In this paper, we work from the axiom that DDoS attacks are easiest to detect at the target of the attack but are best mitigated closer to the attacker by implementing four machine learning models that detect botnet-infected DDoS attackers on their access network. These models operate on network packet counts, which can easily be gathered by an access router, and run in real-time or near real-time, even on a low power device, namely a Raspberry Pi. We introduce a novel method for visualizing network activity as graphical heatmaps and use convolutional neural network (CNN) models designed for embedded devices and mobile platforms to classify network traffic as benign or malicious. We compare this approach using a support vector machine (SVM) and a long short-term memory recurrent neural network (LSTM). Based on our results, we conclude that the use of lightweight CNNs to analyze network traffic through graphical heatmaps provides highly accurate botnet-based DDoS attack detection for IoT access networks, with an average accuracy of 99.8%, despite our training dataset being between 73×–2170× smaller than those seen in related works, and runtimes ranging from 334 ms to 2 s on a Raspberry Pi.


Computer Science

Document Type

Conference Proceeding




Convolutional neural networks, Deep learning, Distributed denial of service attacks, IoT security, LSTM, Support vector machines

Publication Date


Journal Title

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST