In the world of connected devices, there is huge growth of less secure Internet of Things (IoT) devices, and the ease of performing sophisticated cyberattacks using these devices has posed a serious threat to the security of Internet-based services or networks. Distributed Denial of Service (DDoS) attack is one of the most significant cyberattacks. It aims to damage or exhaust victims’ resources, services, or networks and make them unavailable to legitimate users. Several solutions are available in the literature to detect DDoS attacks. However, it is difficult to detect them in real-time due to today’s high speed or high volume of attack traffic. Therefore, this paper proposes an Apache Storm-based distributed detection approach for IoT network traffic-based DDoS attacks, namely SDDA-IoT. SDDA-IoT is composed of two primary modules: model development and model deployment. In the case of model development, we created five distributed detection models by utilizing a Hadoop cluster and the extremely scalable H2O.ai machine learning platform. In the case of model deployment, we deploy an efficient distributed detection model on the Apache Storm stream processing framework for analyzing ingress streaming data and classifying it into seven classes in near-real-time. To create new models or update existing ones, this module also saves the highly discriminating input features of each network flow along with the predicted outcome in the Hadoop Distributed File System (HDFS). The effectiveness of the SDDA-IoT approach has been examined using a variety of configured scenarios. The experimental results show that the SDDA-IoT approach detects DDoS attacks faster than recent state-of-the-art methods and more accurately with 99%+ accuracy.

在互联设备的世界中，安全性较低的物联网 (IoT) 设备大量增长，并且使用这些设备轻松执行复杂的网络攻击对基于互联网的服务或网络的安全构成了严重威胁。分布式拒绝服务 (DDoS) 攻击是最严重的网络攻击之一。它的目的是破坏或耗尽受害者的资源、服务或网络，并使合法用户无法使用它们。文献中提供了多种检测 DDoS 攻击的解决方案。然而，由于当今攻击流量的高速或大量，很难实时检测它们。因此，本文提出一种基于Apache Storm的针对物联网网络流量的DDoS攻击的分布式检测方法，即SDDA-IoT。SDDA-IoT由两个主要模块组成：模型开发和模型部署。在模型开发方面，我们利用 Hadoop 集群和高度可扩展的 H2O.ai 机器学习平台创建了五个分布式检测模型。在模型部署方面，我们在 Apache Storm 流处理框架上部署了一个高效的分布式检测模型，用于分析入口流数据并将其近实时地分为七类。为了创建新模型或更新现有模型，该模块还将每个网络流的高度辨别性输入特征以及 Hadoop 分布式文件系统 (HDFS) 中的预测结果保存起来。SDDA-IoT 方法的有效性已使用各种配置场景进行了检验。实验结果表明，SDDA-IoT 方法比最新最先进的方法更快地检测 DDoS 攻击，并且更准确，准确率超过 99%。