Skip to main content

Research Repository

Advanced Search

Explainable AI-Based DDOS Attack Identification Method for IoT Networks

Kalutharage, Chathuranga Sampath; Liu, Xiaodong; Chrysoulas, Christos; Pitropakis, Nikolaos; Papadopoulos, Pavlos



The modern digitized world is mainly dependent on online services. The availability of online systems continues to be seriously challenged by distributed denial of service (DDoS) attacks. The challenge in mitigating attacks is not limited to identifying DDoS attacks when they happen, but also identifying the streams of attacks. However, existing attack detection methods cannot accurately and efficiently detect DDoS attacks. To this end, we propose an explainable artificial intelligence (XAI)-based novel method to identify DDoS attacks. This method detects abnormal behaviours of network traffic flows by analysing the traffic at the network layer. Moreover, it chooses the most influential features for each anomalous instance with influence weight and then sets a threshold value for each feature. Hence, this DDoS attack detection method defines security policies based on each feature threshold value for application-layer-based, volumetric-based, and transport control protocol (TCP) state-exhaustion-based features. Since the proposed method is based on layer three traffic, it can identify DDoS attacks on both Internet of Things (IoT) and traditional networks. Extensive experiments were performed on the University of Sannio, Benevento Instrution Detection System (USB-IDS) dataset, which consists of different types of DDoS attacks to test the performance of the proposed solution. The results of the comparison show that the proposed method provides greater detection accuracy and attack certainty than the state-of-the-art methods.

Journal Article Type Article
Acceptance Date Feb 1, 2023
Online Publication Date Feb 3, 2023
Publication Date 2023
Deposit Date Feb 13, 2023
Publicly Available Date Feb 13, 2023
Journal Computers
Electronic ISSN 2073-431X
Publisher MDPI
Peer Reviewed Peer Reviewed
Volume 12
Issue 2
Article Number 32
Keywords explainable AI, DDoS attack, IoT network, feature influence, anomaly detection, supervised learning


You might also like

Downloadable Citations