An Enhanced LSTM Approach for Detecting IoT-Based DDoS Attacks Using Honeypot Data
Abstract One of the widening perils in network security is the Distributed Denial of Service (DDoS) attacks on the Internet of Things (IoT) ecosystem. This paper presents an enhanced Intrusion Detection System (IDS) through the proposal of an enhanced version of the long short-term memory (LSTM) mod...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Springer
2025-02-01
|
| Series: | International Journal of Computational Intelligence Systems |
| Subjects: | |
| Online Access: | https://doi.org/10.1007/s44196-025-00741-7 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1823861631674744832 |
|---|---|
| author | Arjun Kumar Bose Arnob M. F. Mridha Mejdl Safran Md Amiruzzaman Md. Rajibul Islam |
| author_facet | Arjun Kumar Bose Arnob M. F. Mridha Mejdl Safran Md Amiruzzaman Md. Rajibul Islam |
| author_sort | Arjun Kumar Bose Arnob |
| collection | DOAJ |
| description | Abstract One of the widening perils in network security is the Distributed Denial of Service (DDoS) attacks on the Internet of Things (IoT) ecosystem. This paper presents an enhanced Intrusion Detection System (IDS) through the proposal of an enhanced version of the long short-term memory (LSTM) model to detect DDoS attacks using honeypot-generated data. The proposed model aggregates the Conv1D, Bidirectional Long Short-Term Memory (Bi-LSTM), Bidirectional Gated Recurrent Unit (Bi-GRU), and dropout layers to extract temporal and spatial features from IoT traffic effectively. We tested the efficacy of the proposed system on a real-world IoT-DH dataset, which showed a remarkable accuracy of 99.41%, with an AUC score of 0.9999. A comparative analysis with other baseline models, such as LSTM, Bidirectional LSTM (Bi-LSTM), Gated Recurrent Unit (GRU), Recurrent Neural Network (RNN), Feedforward Neural Network (FNN), and Temporal Convolutional Network (TCN), proved that enhanced LSTM outperformed the other models. This indicates the robustness of the proposed model in correctly detecting DDoS attacks with high generalization capability for unseen traffic data. The contribution of this paper will be an addition to the deep learning techniques applied for the solution of intrusion detection systems (IDS), which will also allow the building and implementation of more efficient security mechanisms in IoT environments. |
| format | Article |
| id | doaj-art-3e11d7e3f83c44069faae17ceb9d7246 |
| institution | Kabale University |
| issn | 1875-6883 |
| language | English |
| publishDate | 2025-02-01 |
| publisher | Springer |
| record_format | Article |
| series | International Journal of Computational Intelligence Systems |
| spelling | doaj-art-3e11d7e3f83c44069faae17ceb9d72462025-02-09T12:53:46ZengSpringerInternational Journal of Computational Intelligence Systems1875-68832025-02-0118112210.1007/s44196-025-00741-7An Enhanced LSTM Approach for Detecting IoT-Based DDoS Attacks Using Honeypot DataArjun Kumar Bose Arnob0M. F. Mridha1Mejdl Safran2Md Amiruzzaman3Md. Rajibul Islam4Department of Computer Science, American International University-BangladeshDepartment of Computer Science, American International University-BangladeshDepartment of Computer Science, College of Computer and Information Sciences, King Saud UniversityDepartment of Computer Science, West Chester UniversityDepartment of Electrical and Electronic Engineering, The Hong Kong Polytechnic UniversityAbstract One of the widening perils in network security is the Distributed Denial of Service (DDoS) attacks on the Internet of Things (IoT) ecosystem. This paper presents an enhanced Intrusion Detection System (IDS) through the proposal of an enhanced version of the long short-term memory (LSTM) model to detect DDoS attacks using honeypot-generated data. The proposed model aggregates the Conv1D, Bidirectional Long Short-Term Memory (Bi-LSTM), Bidirectional Gated Recurrent Unit (Bi-GRU), and dropout layers to extract temporal and spatial features from IoT traffic effectively. We tested the efficacy of the proposed system on a real-world IoT-DH dataset, which showed a remarkable accuracy of 99.41%, with an AUC score of 0.9999. A comparative analysis with other baseline models, such as LSTM, Bidirectional LSTM (Bi-LSTM), Gated Recurrent Unit (GRU), Recurrent Neural Network (RNN), Feedforward Neural Network (FNN), and Temporal Convolutional Network (TCN), proved that enhanced LSTM outperformed the other models. This indicates the robustness of the proposed model in correctly detecting DDoS attacks with high generalization capability for unseen traffic data. The contribution of this paper will be an addition to the deep learning techniques applied for the solution of intrusion detection systems (IDS), which will also allow the building and implementation of more efficient security mechanisms in IoT environments.https://doi.org/10.1007/s44196-025-00741-7IoTDDoS attacksIntrusion detectionEnhanced LSTMHoneypotIoT-DH Dataset |
| spellingShingle | Arjun Kumar Bose Arnob M. F. Mridha Mejdl Safran Md Amiruzzaman Md. Rajibul Islam An Enhanced LSTM Approach for Detecting IoT-Based DDoS Attacks Using Honeypot Data International Journal of Computational Intelligence Systems IoT DDoS attacks Intrusion detection Enhanced LSTM Honeypot IoT-DH Dataset |
| title | An Enhanced LSTM Approach for Detecting IoT-Based DDoS Attacks Using Honeypot Data |
| title_full | An Enhanced LSTM Approach for Detecting IoT-Based DDoS Attacks Using Honeypot Data |
| title_fullStr | An Enhanced LSTM Approach for Detecting IoT-Based DDoS Attacks Using Honeypot Data |
| title_full_unstemmed | An Enhanced LSTM Approach for Detecting IoT-Based DDoS Attacks Using Honeypot Data |
| title_short | An Enhanced LSTM Approach for Detecting IoT-Based DDoS Attacks Using Honeypot Data |
| title_sort | enhanced lstm approach for detecting iot based ddos attacks using honeypot data |
| topic | IoT DDoS attacks Intrusion detection Enhanced LSTM Honeypot IoT-DH Dataset |
| url | https://doi.org/10.1007/s44196-025-00741-7 |
| work_keys_str_mv | AT arjunkumarbosearnob anenhancedlstmapproachfordetectingiotbasedddosattacksusinghoneypotdata AT mfmridha anenhancedlstmapproachfordetectingiotbasedddosattacksusinghoneypotdata AT mejdlsafran anenhancedlstmapproachfordetectingiotbasedddosattacksusinghoneypotdata AT mdamiruzzaman anenhancedlstmapproachfordetectingiotbasedddosattacksusinghoneypotdata AT mdrajibulislam anenhancedlstmapproachfordetectingiotbasedddosattacksusinghoneypotdata AT arjunkumarbosearnob enhancedlstmapproachfordetectingiotbasedddosattacksusinghoneypotdata AT mfmridha enhancedlstmapproachfordetectingiotbasedddosattacksusinghoneypotdata AT mejdlsafran enhancedlstmapproachfordetectingiotbasedddosattacksusinghoneypotdata AT mdamiruzzaman enhancedlstmapproachfordetectingiotbasedddosattacksusinghoneypotdata AT mdrajibulislam enhancedlstmapproachfordetectingiotbasedddosattacksusinghoneypotdata |