This repository presents the source code for the Correlation-Aware Neural Networks for DDoS Attack Detection In IoT Systems paper. A preprint of this paper is available with this link.
The requirements.txt file contains the modules needed to run these scripts and can be installed by running the following command in the terminal:
- pip install -r requirements.txt
The project config file can be found in /source_code. The path to the dataset, source code, and output directory can be set in this file. Remember to unzip all compressed datasets before running the code.
Before running any code, the original dataset need to be unzip in the /dataset directory.
This file automate the pre-processing steps by getting the required inputs and run all pre-processing scripts.
This file genrates the bening_dataset which has N nodes and each node has time entries starting from the beginning to the end of original dataset with a step of time_step.
Input:
- Input Dataset
- Number of nodes
- Timestep
Output:
- Benign dataset
This script generates the euclidean distance of all pairs of the IoT devices.
Input:
- Benign Dataset
Output:
- Nodes Distance Dataset
This script generates the Pearson's correlation of the behavior all pairs of the IoT devices.
Input:
- Benign Dataset
Output:
- Nodes Pearson's Correlation Dataset
This script genrates the attacked dataset by considering the ratio of the nodes that are under attack, the attack duration, and also the attack start dates.
Input:
- Bening dataset
- Number of attack days
- Attack ratio
- Attack duration
- Attack start dates
Output:
- Attacked dataset
This script generates the general training dataset that includes the correlation information of the IoT ndoes and also the one-hot encoding.
Input:
- Attacked dataset
Output:
- Training dataset
Provide statistical analysis of the IoT nodes in the dataset.
This script generates the plot of the percentage of the active IoT nodes through the time of the day.
Input:
- Benign Dataset
Output:
- Plot of the percentage of the active IoT nodes throughout the day
This script generates the plot of the average time that IoT nodes are active/inactive throughout the day and night.
Input:
- Benign Dataset
Output:
- Plot of the average time that IoT nodes are active/inactive throughout the day and night.
Train different neural network models/architectures and generate results.
This script automate the process of training the neural network models and also generating the desired results for all combinations of architectures/NN models.
This script create a neural network model/architecture to train on the training dataset for detecting the attackers. The scrip save the final model and also the epochs logs and weights.
Input:
- General training dataset
Output:
- Trained neural network model with epochs' logs and weights
This script provides analysis like, binary accuracy, recall, F1 score, etc. based on the trained model/architectures.
Input:
- General training/testing dataset
- Trained neural network model
Output:
- General analysis on the training like accuracy, loss, confusion matrix, etc.
- Plots of true positive, false positive, and true attacks versus time for different attack ratios and durations
- SHAP plots of the most important features
- Attack properties analysis
Compare the performance of different models/architectures.
Input:
- Results of each model/architecture
Output:
- Plots of different metrics such as binary accuracy, auc, recall, etc. against k to compare the performance of different model/architecture.
This material is based upon work supported in part by Defense Advanced Research Projects Agency (DARPA) under Contract No. HR001120C0160 for the Open, Programmable, Secure 5G (OPS-5G) program. Any views, opinions, and/or findings expressed are those of the author(s) and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.