Billah, Muchammad Basroil (2026) IMPLEMENTATION OF HYBRID DETECTION WITH CASCADE MECHANISM FOR DDOS MITIGATION ON IOT NETWORKS USING RASPBERRY-PI. Undergraduate thesis, UPN Veteran Jawa Timur.
|
Text (cover)
22081010260.-cover.pdf Download (2MB) | Preview |
|
|
Text (bab 1)
22081010260.-bab1.pdf Download (188kB) | Preview |
|
![[img]](https://repository.upnjatim.ac.id/style/images/fileicons/text.png) |
Text (bab 2)
22081010260.-bab2.pdf Restricted to Repository staff only until 16 April 2029. Download (754kB) |
|
|
Text (bab 3)
22081010260.-bab3.pdf Restricted to Repository staff only until 16 April 2029. Download (978kB) |
|
|
Text (bab 4)
22081010260.-bab4.pdf Restricted to Repository staff only until 16 April 2029. Download (6MB) |
|
|
Text (bab5)
22081010260.-bab5.pdf Restricted to Repository staff only until 16 April 2029. Download (178kB) |
|
|
Text (Daftar pustaka)
22081010260.-daftarpustaka.pdf Download (185kB) | Preview |
|
|
Text (Lampiran)
22081010260.-lampiran.pdf Restricted to Repository staff only until 16 April 2029. Download (2MB) |
Abstract
Internet of Things (IoT) devices typically operate with limited computational resources, leaving them highly vulnerable to Distributed Denial of Service (DDoS) attacks. Existing approaches present a fundamental trade-off: rule-based detection offers low latency but struggles with ambiguous attack patterns, while machine learning achieves higher accuracy at the cost of substantial computational overhead unsuitable for edge devices. This research develops a hybrid DDoS detection system with a cascade mechanism on a Raspberry Pi 4B acting as a security gateway. The architecture consists of three sequential layers: Tier 1 rule-based detection for immediate blocking using three high-precision rules (R1: rate > 456.08 pps; R2: ICMP flag; R3: SYN-only flag), Tier 2 weighted scoring with five rules (R4–R8, maximum score 160, blocking threshold 70%) for ambiguous traffic, and a Random Forest model trained on the CICIoT2023 dataset (46 features, 1,154,684 samples) as the final layer. Threshold values were derived from percentile-based statistical distribution analysis, with mitigation enforced through iptables and real-time alerts delivered via Telegram Bot API. Evaluation results demonstrate 99.84% accuracy, 99.99% recall, and 99.92% F1-score, with 94.76% of traffic resolved directly by the rule-based layer. Stress testing up to 50,000 pps recorded maximum CPU usage of 26.2%, confirming sufficient headroom on the Raspberry Pi 4B. Scenario testing and independent pentester validation confirmed a 100% detection rate across volumetric, protocol, and application-layer attacks with detection latency below one second, while MQTT-based IoT communication remained unaffected with zero false positives. The proposed cascade-based hybrid detection system effectively combines rule-based responsiveness with machine learning accuracy on resource-constrained devices.
| Item Type: | Thesis (Undergraduate) | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Contributors: |
|
||||||||||||
| Subjects: | Q Science > QA Mathematics > QA76.9 .A25 Computer Security | ||||||||||||
| Divisions: | Faculty of Computer Science > Departemen of Informatics | ||||||||||||
| Depositing User: | Muchammad Basroil Billah | ||||||||||||
| Date Deposited: | 21 May 2026 08:00 | ||||||||||||
| Last Modified: | 21 May 2026 08:59 | ||||||||||||
| URI: | https://repository.upnjatim.ac.id/id/eprint/52071 |
Actions (login required)
 |
View Item |