1. Home
  2. Vol 22, No 2 (2026)
  3. Billah

Deteksi Serangan DDoS pada Trafik IoT Menggunakan Random Forest dengan Dataset CICIoT2023

Muchammad Basroil Billah(1),Mohammad Idhom(2*),Hendra Maulana(3)
(1) Universitas Pembangunan Nasional "Veteran" Jawa Timur
(2) Universitas Pembangunan Nasional "Veteran" Jawa Timur
(3) Universitas Pembangunan Nasional "Veteran" Jawa Timur
(*) Corresponding Author
DOI : 10.35889/progresif.v22i2.3614

Abstract

As the number of Internet of Things (IoT) devices continues to grow, these devices become increasingly vulnerable to Distributed Denial of Service (DDoS) attacks. However, their limited computational capacity makes it difficult to implement conventional security mechanisms. This study proposes a model for detecting DDoS attacks using Random Forest, trained using the CICIoT2023 dataset, which consists of 46 flow-based features collected from 105 real-world IoT devices. The preprocessing stage includes binary classification, normalization using StandardScaler, and handling class imbalance through a combination of 1:10 undersampling and class weighting. Evaluation on 1,154,684 test samples shows excellent performance, achieving 99.99% accuracy, 100% precision, 99.99% recall, and 99.99% F1-score. To ensure reliability, six validation checks are conducted, including overfitting analysis, cross-validation. The results confirm that the model can generalize well beyond the training data. Most attack types are detected perfectly, although application-layer attacks such as DDoS-SlowLoris remain more challenging. Overall, Random Forest proves to be an effective and relatively lightweight approach for DDoS detection in IoT environments.

Keywords: DDoS; Random Forest; IoT; CICIoT2023; Machine Learning

Abstrak

Pertumbuhan jumlah perangkat IoT menyebabkan peningkatan risiko terhadap berbagai ancaman keamanan terhadap serangan Distributed Denial of Service (DDoS). Namun, keterbatasan kapasitas komputasi pada perangkat IoT menyulitkan penerapan mekanisme keamanan konvensional. Penelitian ini mengusulkan model deteksi DDoS berbasis Random Forest yang dilatih menggunakan dataset CICIoT2023, yang terdiri dari 46 fitur berbasis flow yang dikumpulkan dari 105 perangkat IoT nyata. Tahap preprocessing meliputi klasifikasi biner, normalisasi menggunakan StandardScaler, serta penanganan ketidakseimbangan kelas melalui kombinasi undersampling (1:10) dan class weighting. Hasil evaluasi pada 1.154.684 data uji menunjukkan performa yang sangat tinggi, dengan accuracy sebesar 99,99%, precision 100%, recall 99,99%, dan F1-score 99,99%. Untuk memastikan keandalan model, dilakukan enam pengujian validasi, termasuk analisis overfitting, cross-validation. Hasil penelitian mengonfirmasi bahwa model mampu melakukan generalisasi dengan baik terhadap data di luar data pelatihan. Sebagian besar jenis serangan berhasil dideteksi secara sempurna, meskipun serangan pada lapisan aplikasi seperti DDoS-SlowLoris masih menjadi tantangan. Secara keseluruhan, Random Forest terbukti sebagai pendekatan yang efektif dan relatif ringan untuk deteksi DDoS pada lingkungan IoT

 Kata kunci: DDoS; Random Forest; IoT; CICIoT2023; Machine Learning

References


Petroc Taylor, “Number of Internet of Things (IoT) connections worldwide from 2022 to 2023, with forecasts from 2024 to 2034,” statista. Accessed: Dec. 01, 2025. [Online]. Available: https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/

A. A. Alahmadi et al., “DDoS Attack Detection in IoT-Based Networks Using Machine Learning Models: A Survey and Research Directions,” Electronics (Switzerland), vol. 12, no. 14, pp. 1–24, Jul. 2023, doi: 10.3390/electronics12143103.

N. M. Karie, N. M. Sahri, W. Yang, C. Valli, and V. R. Kebande, “A Review of Security Standards and Frameworks for IoT-Based Smart Environments,” IEEE Access, vol. 9, pp. 121975–121995, 2021, doi: 10.1109/ACCESS.2021.3109886.

M. Aziz Al Kabir, W. Elmedany, and M. S. Sharif, “Securing IoT Devices Against Emerging Security Threats: Challenges and Mitigation Techniques,” Journal of Cyber Security Technology, vol. 7, no. 4, pp. 199–223, 2023, doi: 10.1080/23742917.2023.2228053.

J. P. Omer Yoachimik, “4.2 Tbps of bad packets and a whole lot more: Cloudflare’s Q3 DDoS report,” cloudflare. Accessed: Dec. 01, 2025. [Online]. Available: https://blog.cloudflare.com/ddos-threat-report-for-2024-q3/

awanpintar.id, “Laporan Ancaman Siber Indonesia Semester 1 Tahun 2025,” AwanPintar.id. Accessed: Nov. 30, 2025. [Online]. Available: https://www.awanpintar.id/publikasi/

C. Singh and A. K. Jain, “A comprehensive survey on DDoS attacks detection & mitigation in SDN-IoT network,” e-Prime - Advances in Electrical Engineering, Electronics and Energy, vol. 8, pp. 1–17, Jun. 2024, doi: 10.1016/j.prime.2024.100543.

S. H. Lee, Y. L. Shiue, C. H. Cheng, Y. H. Li, and Y. F. Huang, “Detection and Prevention of DDoS Attacks on the IoT,” Applied Sciences (Switzerland), vol. 12, no. 23, pp. 1–18, Dec. 2022, doi: 10.3390/app122312407.

N. Tekin, A. Acar, A. Aris, A. S. Uluagac, and V. C. Gungor, “Energy consumption of on-device machine learning models for IoT intrusion detection,” Internet of Things (Netherlands), vol. 21, pp. 1–13, Apr. 2023, doi: 10.1016/j.iot.2022.100670.

N. Gavric, G. Prasad Bhandari, and A. Shalaginov, “Towards Resource-Efficient DDoS Detection in IoT: Leveraging Feature Engineering of System and Network Usage Metrics,” Journal of Network and Systems Management, vol. 32, no. 4, pp. 1–21, Oct. 2024, doi: 10.1007/s10922-024-09848-2.

A. Hussain, E. Marin Tordera, X. Masip-Bruin, and H. C. Leligou, “Rule-Based With Machine Learning IDS for DDoS Attack Detection in Cyber-Physical Production Systems (CPPS),” IEEE Access, vol. 12, pp. 114894–114911, 2024, doi: 10.1109/ACCESS.2024.3445261.

S. Shakya and R. Abbas, “A Comparative Analysis of Machine Learning Models for DDoS Detection in IoT Networks,” arXiv preprint, Nov. 2024, [Online]. Available: http://arxiv.org/abs/2411.05890

M. Nawaz, S. Tahira, D. Shah, S. Ali, and M. Tahir, “Lightweight machine learning framework for efficient DDoS attack detection in IoT networks,” Sci. Rep., vol. 15, no. 1, pp. 1–24, Dec. 2025, doi: 10.1038/s41598-025-10092-0.

N. Thereza and K. Ramli, “Development of Intrusion Detection Models for IoT Networks Utilizing CICIoT2023 Dataset,” in IEEE, 2023 3rd International Conference on Smart Cities, Automation & Intelligent Computing Systems (ICON-SONICS), 2023, pp. 66–72.

B. Nugroho, H. Maulana, and A. Yuniarti, “Performance of Contrast Adjustment Techniques on The Face Recognition Method with Test Data Under Varying Lighting Conditions,” Network Security and Information System (IJCONSIST), vol. 6, no. 2, pp. 66–72.

M. Mahendra Alvanof, Bustami, and R. Kesuma Dinata, “Penerapan Algoritma Random Forest dalam Deteksi dan Klasifikasi Ransomware,” Jurnal Elektronika dan Teknologi Informasi, vol. 5, no. 2, pp. 23–31, 2024.

M. Idhom, A. Fauzi, A. Muhaimin, and W. Caesarendra, “Evaluation of CART and XGBoost Methods on Customer Loan Risk Prediction Based on Consumer Behavior,” TEM Journal, vol. 14, no. 3, pp. 2624–2630, Jan. 2025, doi: 10.18421/TEM143-64.

A. R. Dianto, F. T. Anggraeny, and H. Maulana, “Analisis Efektifitas Algoritma Mobilenetv3-Large Dan Efficientnet-B0 Untuk Klasifikasi Citra Penyakit Daun Jeruk,” Jurnal Informatika dan Teknik Elektro Terapan, vol. 13, no. 3, pp. 697–705, Jul. 2025, doi: 10.23960/jitet.v13i3.6956.


How To Cite This :

Refbacks

  • There are currently no refbacks.