A Model Selection Methodology for Simultaneous Rapid Reset-Slow Rate DoS Attacks Detection in 5G-IIoT: Balancing Performance and Fitting

Ever-evolving cyber attacks require ever-evolving cyber attack detection systems, and these attacks are diversifying into deeper and more specific types. Thus, the cyber attack detection systems need to follow this trend. 5G-based industrial Internet of Things (IIoT) networks have become a primary target of these specific attacks, underscoring the need for 5G-IIoT-based intrusion detection systems (IDS). This research paper presents a comprehensive IDS against denial of service (DoS) attacks, specifically targeting rapid reset attacks and their counterpart, slow rate attacks, when attacking individually and simultaneously, with a focus on accuracy and overfitting mitigation. We utilize the 5G-Flow dataset from the IEEE dataport, and propose optimized variations of K-Nearest Neighbors (KNN), Naive Bayes (NB), and Deep Neural Networks (DNN) as best performers based on attack category, detection purpose, and metric optimization. This research presents simultaneous RR-SR attacks as a new global problem and proposes naive Bayes as the current best algorithm to detect them. It presents a novel purpose-based selection framework for selecting the best-performing and fitting models from our experiment, as well as an enhanced security-first architecture for SR-RR detection in 5G-IIoT networks. The proposed system demonstrates efficient results in detecting coordinated multi-vector attacks in 5G-IIoT environments, providing a robust foundation for next-generation industrial cybersecurity.