PH.D Dissertation on "Securing Internet of Things (IoT) Infrastructure Using Cooperative, Hybrid & Intelligent Intrusion Detection & Prevention System (IDPS)"
A PH.D dissertation was discussed in Department of Computer Engineering / College of Engineering at University of Mosul entitled "Securing Internet of Things (IoT) Infrastructure Using Cooperative, Hybrid & Intelligent Intrusion Detection & Prevention System (IDPS)" submitted by (Sahar Lazim Qaddoori) on Monday, Sep.12, 2022.
The thesis proposes a security paradigm for edge devices to protect them against various internal and external threats. Initially, the thesis proposes a Machine Learning (ML) model to identify the Message Queuing Telemetry Transport (MQTT)-based threats utilizing Intrusion Detection and Prevention System (IDPS)-based security for edge nodes to guard the network between edge node and IoT sensors. Also, it proposes two ML models to detect the abnormality in periodic and daily data metering, respectively. Because the ML model can't be trained directly on low-performance devices (like edge devices), so, a new methodology for updating ML models is proposed, which involves training the model on a high-performance computing platform (such as the fog server) and then installing the trained model as a detection engine on low-performance platforms (such as the edge node of the edge layer) to detect new attacks and abnormalities.
In this context, multiple ML algorithms have been used to find the suitable algorithm for each of the three anomaly detection models. These models have been evaluated and tested using real data sets regarding resources usage and detection performance to demonstrate the efficiency and effectiveness of using ML algorithms in the built anomaly detection models.
Consequently, the Random Forest classifier has been used to eliminate the unrelated features from the MQTTset dataset to reduce the preprocessing time and the complexity of the model based on the MQTT packet level, where, the preprocessing time has been decreased to more than a quarter. In addition, the evaluation metrics and processing times used in the comparison of performance between multiple ML algorithms prove that Decision Tree (DT) performs comparatively better to detect attacks at the MQTT packet level, Density-based Spatial Clustering of Applications with Noise (DBSCAN) is suitable for clustering metering dataset, and DT performs well for detecting anomalies in daily power consumption. While One Class Support Vector Machine algorithm (OCSVM) is good to detect abnormalities in periodic power consumption.
Then, multiple security techniques has been employed in this thesis to verify that the trained model and data files exchanged are valid and undiscoverable. Based on the results of network performance and resources usage, the structure of proposed edge device is lightweight and saves power but it is still powerful enough to handle multiple devices at once. Finally, the proposed security paradigm for edge device is simply applied on a low-cost
single-board computer (SBC) like the Raspberry Pi and is effective against a variety of internal and external threats. Where, it provides a balance between good performance and high security.