Table 14 ANNs-based approaches of detection of DoS/DDoS threats in IoT-driven systems
Methodology | Data set | Study limitations | Improvement |
|---|---|---|---|
ANN + FF and Backward algorithm [117] | NSL-KDD dataset | (−) Insufficient parameters for performance evaluation | ( +) Requires other parameters for better performance |
Fuzzy clustering (FC)-ANN [118] | KDD CUP 1999 | (−) Effective only for low-frequent attacks i.e. R2L and U2R (-) Determining number of clustering can be issue | ( +) The clustering techniques can be improved through advanced data mining techniques i.e. outlier detection, evolutionary computing etc |
Deep learning model [18] | CICIDS2017 datasets | (−) Data set adopted is redundant (−) Data set requires extra computing and processing | ( +) Implementation required for fog to node testing ( +) Data set can be filtered through labelling |
ANN with pattern analysis [19] | Multiple datasets related to DDoS attack | (−) Detecting encrypted DDoS attacks is concern | ( +) Updating dataset for new information regarding encrypted DDoS attacks (−) Training of ANNs algorithm after some time |
ANNs with Synthetic Minority Over-sampling Technique (SMOTE) [20] | Bot-IoT | (−) Proposed approach targets only Mirai IoT attack | ( +) Extending same approach for other types of attack |
Deep belief network learning model[21] | IoT benign network traffic | (−) Some other attacks Sybil and spoofing attacks like requires consideration | ( +) Model can be optimized for zero-day attacks |
ANN-based IDS [111] | IoT benign network traffic (Test dataset) | (−) Offline approach for detecting shellcode pattern (−) Not applicable to SQL injection attack and cross-site scripting (−) Implementation on real-world network traffic | ( +) False positive rate should be reduced ( +) Live network optimization is required |
Multi-level perception approach (MLP) [109] | IoT network traffic collected from sensor nodes | (−) Testing model in real world | ( +) Accuracy and reliability can be improved by adding recurrent and CNNs |
Neural network approach [157] | Consumer IoT local network traffic | (−) Limited features and dataset (−) Hypothetical approach (−) Real DDoS traffic can be a challenge | ( +) Requires more sophisticated approach for building model by adding more features set and ML approaches |
ANNs based IDS [124] | Raw traffic captured from IoT devices (Bulbs) | (−) Hypothetical proposed model (−) Tested only on Wi-Fi network (−) Experiment is limited to only specific class of IoT devices such as bulbs | ( +) Devices diversification issue should be resolved ( +) It should be tested on other networks like Zigbee, or Zwabe etc |
IoTDePT [166] | Local IoT network traffic | (−) Limited dataset and features | ( +) Advanced approach for enhancing the behaviour pattern analysis |
ANN approach [108] | UNSW-NB15 Dataset | (−) Threat identification can be issues due to class imbalance and overlapping (−) Accuracy can be improved | ( +) More techniques are required for real time traffic |
MLP architecture [167] | IoT benign network traffic | (−) Reliability issues against the latest type of threats (−) Limited data set and features (−) Tested in simulated IoT environment | ( +) More training required by adding latest threats definitions |
ANN based prediction model [120] | DS2OS dataset | (−) This model is tested for single data set (−) Limited features in dataset | ( +) More experiments are required for model implementation in real time setup |
Bi-directional LSTM RNN approach [116] | UNSW-NB15 Dataset | (−) Class imbalance and overlapping issue in dataset | ( +) Data processing and clustering techniques should be employed for building efficient model |
Back propagation (BP) Radial basis function (RBF) neural networks [122] | KDD99 dataset | (−) Limited number of attacks are available in dataset | ( +) Extension is required for addressing issues in mobile edge servers |
Adaptive Particle Swarm Optimization (CNN) [154] | Data collected from Nine IoT devices | (−) Large number of features may affect the model training time (−) More work is required to reduce the heuristic time complexity | ( +) Upgrading of proposed framework for including effective features for testing in heterogeneous platforms |