Vehicular networks are vulnerable to Distributed Denial of Service (DDoS), an extension of a Denial of Service (DoS) attack. The existing solutions for DDoS detection in vehicular networks use various Machine Learning (ML) algorithms. However, these algorithms are applicable only in a single layer in a vehicular network environment and are incapable of detecting DDoS dynamics for different layers of the network infrastructure. The recently reported attacks on transport networks reveal the fact that a research gap exists between the existing solutions and the multi-layer DDoS detection strategy requirements. Additionally, the majority of the current detection methods fail in the consideration of traffic heterogeneity and are not rate-adaptive, where both the mentioned parameters are important for an effective detection system.
In this paper, we introduce a comprehensive ML-based Network Intrusion Detection System (NIDS) against DDoS attacks in vehicular networks. Our proposed NIDS combines a three-tier security model, traffic adaptivity, and heterogeneity traffic provisions. We call our model Vehicular Adaptive Intrusion Detection And Novel System for Heterogeneous Hosts (VAIDANSHH). As mentioned earlier, VAIDANSHH has a three-tier security system: at RSU's hardware, communication channel, and RSU application level. VAIDANSHH combines the Adaptive Alarming Module (AAM) and the Detection Module (DM) for data generation, collection of generated data, flow monitoring, pre-processing, and classification. We use the NS3 simulation tool for our experiments to generate synthetic data and apply ML with WEKA. We run a thorough set of experiments, which show that VAIDANSHH detects UDP flooding, a form of DDoS attack, with 99.9% accuracy within a very short time. We compare VAIDANSHH with other state-of-the-art models; the comparative analysis shows that VAIDANSHH is superior in terms of accuracy and its multi-tier workflow.