AI-Based Techniques for DDoS Attack Detection in WSN: A Systematic Literature Review

: Wireless Sensor Networks (WSNs) are currently being used in various industries such as healthcare, engineering, the environment and so on. Security is a significant issue for WSN due to its infrastructure and limited physical security. Distributed Denial of Service (DDoS) is one of the most vulnerable attacks that can be defined as attacks launched from multiple ends into a set of legitimate sensor nodes in the WSN to drain their inadequate energy resources. Nowadays, Artificial intelligence techniques are performing better accuracy than the traditional methods to detect intrusion for the various attack. This Systematic Literature Review (SLR) attempts to investigate the current status of DDoS detection techniques and to identify the most capable and effective detection system using artificial intelligence to detect distributed DoS attack. Preferred Reporting Item for Systematic Review and Meta-Analysis (PRISMA) statement is used to conduct this review. Based on 15 out of 983 that met inclusion criteria, Support Vector Machine (SVM) and Artificial Neural Network (ANN) is the most used AI-based techniques to detect distributed denial of service attack in the wireless sensor network. The performance of AI techniques-based detection system for DDoS attack in WSN is remarkable.


Introduction
The wireless sensor network is a combination of self-configured sensors that can communicate via radio link without any centralized controlling system (Yu and Tsai, 2008). Distributed communication and sensing are the main features of a Wireless Sensor Network (WSN). In a different environment, for example, health, institutes, data centers and modern industries, the use of WSN is increasing extensively (Cheng et al., 2016;Ogbodo et al., 2017). Besides, WSN is composed of different independent, minor, minimal effort and low power sensor nodes. These nodes can accumulate data from the vast network and send data to concentrated backend elements called base stations or sinks for additional processing (Alsheikh et al., 2014). Security is one of the fundamental properties of any communication network, and WSNs were accompanied by a significant security flaw (Pelechrinis et al., 2011). Because of its untrussed environments operation, WSNs have been becoming popular to the researcher (Baig et al., 2006). An attacker can easily inject messages in WSNs because it uses radio communication which can be captured and inject malicious messages to perform a denial of service attack (Yu and Tsai, 2008).
DDoS attacks become a significant threat to its constancy because of the imperative nature of mobile sensors (Mazur et al., 2016). A Distributed DoS attack is easy to execute, but it is an excellent technique to attack the WSN (Mallikarjunan, 2016). DDoS is considered as a piece of digital fighting strategies (Shiaeles et al., 2012). In addition, DDoS attack can be conducted by flooding the packets to an exact server to make them nauseous in both the wired and wireless networks (Ashikur and Maruful, 2017;Patil and Gaikwad, 2015). Dispersed DoS Attacks is to assemble numerous frameworks over the Internet with infected zombies/agents (Di and Er, 2007;Gavrić and Simić, 2018).
Artificial intelligence was introduced machine learning algorithms as a technique that provide huge adaptability benefits in wireless sensor network (Alsheikh et al., 2014). During the previous decade, WSNs have seen a progressively severe selection of advanced AI techniques (Dwivedi et al., 2018;Patel, 2013). Artificial intelligence emphases on biologically inspired methods such as Neural Networks (NN), fuzzy systems and evolutionary algorithms (Das et al., 2010).
The goal of this SLR is to identify AI-based DDoS detection system used in wireless sensor network, by assessing peer-reviewed published research papers. Specifically, the following research questions are going to address in this SLR: RQ1: What is the status of the existing techniques for detecting distributed DoS attack in WSN?
RQ2: Which is the most capable and effective artificial intelligence-based detection scheme to detect DDoS?
That paper's structures are as follows. The methods of this SLR are discussed in section 2, and section 3 deliberates on the findings. The results will be discussed in section 4 of the article. Lastly, both the conclusion and possible research are written in section 5.

Materials and Methods
To conduct this SLR, we have followed one of the most popular protocols named Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) (Moher et al., 2009). A four-phase flow diagram and a checklist of 27 items must have to follow as a requirement of PRISMA statement (Panic et al., 2013). In addition, an evidence-based SLR was completed by reviewing and evaluating randomized selections available in the electronic database. Moreover, for selecting the most accurate papers to do this systematic literature review, a selection criterion must set with inclusion and exclusion criteria. According to PRISMA guidelines, the full process of four-phase flow diagram illustrates in Fig. 1. The first step of SLR is to search for relevant papers from the electronic database on wireless sensor network, for example, IEEE, ScienceDirect and Google Scholar. The searching terms were like the following: • ((("Full Text and Metadata": Distributed denial of service) AND "Full Text and Metadata": Wireless sensor network) AND "Full Text and Metadata": Artificial intelligence) The key terms were 'distributed denial of service', 'wireless sensor network' and 'artificial intelligence'. Furthermore, not only key terms but also the mesh words of key terms are used to search in online databases. In the first phase, 983 scientific papers were found from multiple databases during searching. Subsequent, we omitted 131 articles due to repetition.
The following two criteria were used when choosing the correct articles as inclusion criteria, which are as follows: • Papers published from January 2013 to March 2019 • We also involved papers that were related to artificial intelligence to detect DoS/DDoS Meanwhile, the following exclusion criteria are defined to exclude irrelevant papers: • The published papers were not peer-reviewed articles • Exclude those papers which were published in other languages except English • Papers are not associated with the Wireless Sensor Network In the second phase, after checking the title and abstract, 529 papers were excluded because of the selection criteria. In the third phase, 61 scientific papers were fulfilled the inclusion criteria after studying 323 research papers. The fourth phase is data extraction. For data extraction, 15 research papers were selected. Rest of the 46 articles were excluded from this systematic literature review. The references of the finalized papers were also used for further investigation but never contacted with authors.

Results
In this systematic literature review, we used two inclusion criteria and three exclusion criteria for selecting papers. As per the first inclusion criteria of this SLR, Papers were selected from the year 2013 to 2019. 33.33% of the Papers were selected from the year 2016. 20.0% of papers were published in the year 2013. From the year 2014, 2017 and 2019, each year, 13.33% of articles were included after following inclusion criteria. Only one paper was selected for 2015, which is 6.67. No paper was chosen from the year 2018 (Fig. 2). Table 1 and 2 represents the answer to the second inclusion criteria.
In the single paper, multiple techniques were used and compare their performance. Table 1 shows the used  methods for detecting distributed DoS attack, and Table  2 shows the used techniques for detecting denial of service attack.
In this research, 15 papers were included where 40% of articles were selected from the Institute of Electrical and Electronics Engineers (IEEE). Meanwhile, rest of the papers were published in 9 different international journals such as Engineering Applications of Artificial Intelligence, Security and Communication Networks, International journal of electronics and wireless personal communications, International Journal of Application or Innovation in Engineering and Management, Neurocomputing, International Journal of Computer Science and Network Security, Journal of Electrical and Computer Engineering and International Journal of Distributed Sensor Networks. Figure 3 presents the source of the selected paper.
After analysing 15 selected papers in this systematic literature review, 40.0% of the studies used Artificial Neural Network (ANN) to detect distributed DoS attack in the wireless sensor network. Second highest used artificial intelligence-based technique is Support Vector Machine (SVM) which is 33.33%. Decision Tree (DT), K Nearest Neighbor (KNN) and Naive Bayes algorithms are also popular techniques used to detect DDoS 13.33% both. Other AI-based techniques like fuzzy learning and K-Means are also used in WSN. Mostly used machine learning technics statistics are presented in Fig. 4.      According to Table 1, most of the research conducted using simulated data. All the papers were focused on distributed denial of service attack. Tang et al. (2016) applied multiple techniques, for example, Naive Bayes, support vector machine, decision tree and deep neural network on KDD'99 dataset to detect DDoS attack and test the accuracy. They also compared the performance among those intrusion detection techniques. Among these machine learning techniques, DNN performs better than others. Barki et al. (2016) applied supervised and unsupervised learning techniques on simulated datasets and supervised learning techniques outperforms than unsupervised learning techniques. Many types of research were conducted using the support vector machine, and the accuracy rate was remarkable to detect DDoS attack. Artificial neural network on simulated data has been applied in multiple research (Ahanger, 2018;Aljumah and Ahamad, 2016;Alrajeh and Lloret, 2013;Saied et al., 2016). ANN was capable of detecting DDoS attack with 99.98% accuracy rate. Table 3 also represents the accuracy rate of detection of DDoS attacks.

Discussion
ANNs are artificial intellect approaches wherein the biological traits of nerve cells have imitated the use of scientific models from the strategies that permit machines to make deductions and verdicts like an individual (Nelson and Wang, 2003). An SVM is a scientific element, an algorithm for augmenting a specific mathematical function regarding a given variety of data (Noble, 2006).
The objective of this research is to find the most capable and effective techniques to detect DDoS attack in the wireless sensor network. Researchers used many techniques to detect DDoS attack in recent years. From this systematic literature review, it is found that the accuracy rate of DDoS detection using the ANN technique was 99.98% in multiple research (Ahanger, 2018;Khan et al., 2016). In addition, 98.0% and 95.0% accuracy were founded by Saied et al. (2016;Aljumah and Ahamad, 2016;Saied et al., 2016). Apart from ANN, the performance of SVM is remarkable which is also more than 95.0% (Al-Issa et al., 2019; Mohd and Singh, 2019;Sharma and Parihar, 2013;Wang and Lin, 2016). DDoS detection using Other techniques like Naive Bayes, decision tree or fuzzy Qlearning etc. varied in different researches. Meti et al. (2017) conducted research to test the accuracy of machine learning algorithms like Naive Bayes, support vector machine and neural network. In that research, they identified that both ANN and SVM provide superior accuracy (approx. 80%) to detect DDoS attack. In addition, researchers calculate precision values where the precision value for ANN was 100%, SVM was 80%, and NB was 75% (Meti et al., 2017).
Another research was conducted on utilisation of AI in WSN in 2017 by. Authors worked DDoS attack, quality of service, to monitor energy efficiency etc. From their findings, AI techniques can be used to improve performance and reliably for detection attacks in WSN (Matlou and Abu-Mahfouz, 2017 (Mao et al., 2018). In the wireless sensor network, Artificial neural network and support vector machine techniques can be used instead of other techniques.

Conclusion
WSNs are getting progressively popular currently due to their vast territory of utilisation. Since WSNs are different from other networks, it required innovation solution for security. The corresponding designs and method of arrangement of WSNs exposed to many different types of attacks. Distributed Denial of Service (DDoS) attacks are rising in frequency and becoming more complicated since it can take place in a different layer in the network. This SLR identifies that artificial intelligence techniques are most capable and effective techniques to identify and shield against the DDoS assaults in WSNs. Because of the accuracy rate of AI techniques to detect DDoS attack, artificial intelligence can be used to detect and safeguard against DDoS attacks in WSNs. In a future study, we will propose an intrusion detection system using AI and make a comparison with other existing detection systems for DDoS in WSNs. Further studies will continue to propose a novel AI-based algorithm to detect DDoS attack in WSN.