Essop, Ismael Ahmad ORCID: 0000-0002-5583-0306 (2021) Generating datasets for anomaly-based intrusion detection systems in IoT networks. PhD thesis, University of Greenwich.

Preview

PDF Ismael Essop 2021.pdf - Published Version Available under License Creative Commons Attribution. Download (15MB) | Preview

Abstract

Over the past few years, we have witnessed the emergence of Internet of Things (IoT) networks that bring significant benefits to citizens, society, and industry. However, their heterogeneous and resource-constrained nature makes them vulnerable to a wide range of threats and an attractive target to attackers with a wide spectrum of motivations ranging from criminal intents, aimed at financial gain, to industrial espionage and cyber-sabotage. Consequently, security solutions protecting IoT networks from attackers are critical for the acceptance and wide adoption of such networks in the coming years. Nevertheless, the high resource requirements of conventional security mechanisms cannot be afforded by (i) the resource-constrained IoT nodes and/or (ii) the constrained environment in which the IoT nodes are deployed. Therefore, there is an urgent need for developing novel security mechanisms to address the pressing security challenges of IoT networks in an effective and efficient manner, taking into consideration their resource-constrained inherent limitations, before they gain the trust of all involved stakeholders and reach their full potential in the IoT market. Toward this direction, considerable research efforts have recently been put into the design and development of novel Anomaly-based Intrusion Detection Systems (AIDSs), tailored to the resource-constrained characteristics of IoT networks, because of their ability to detect not only known but also new, zero-day attacks, in IoT networks. However, although the concept of IoT AIDSs is promising, it cannot be materialised before the significant gap of the scarcity of benchmark datasets for training and evaluating Machine Learning (ML) models for IoT AIDSs is addressed. In fact, the current scarcity of benchmark IoT datasets constitutes a significant research gap that should be addressed in order to enable the development of more accurate and efficient IoT AIDSs whose effectiveness is evaluated based on their performance to successfully detect IoT attacks that is a process reliant on up-to-date, representative and well-structured IoT-specific benchmark datasets that until now have been missing. Therefore, contribution to filling this research gap is the main target of this thesis. In particular, the focus of this thesis is on the generation of new labelled IoT datasets that will be publicly available to the research community and include the following required information so as to be considered as benchmark IoT datasets for training and evaluating ML models for IoT AIDSs: (a) information reflecting multiple benign and attack scenarios from current IoT network environments, (b) sensor measurement data, (c) network-related information (e.g., packet-level information) from IoT networks, and (d) information related to the behaviour of the IoT devices deployed within IoT networks.

Item Type:	Thesis (PhD)
Uncontrolled Keywords:	IoT networks, Anomaly-based Intrusion Detection Systems (AIDSs),
Subjects:	Q Science > Q Science (General)
Faculty / School / Research Centre / Research Group:	Faculty of Engineering & Science Faculty of Engineering & Science > School of Engineering (ENG)
Last Modified:	11 Sep 2023 08:22
URI:	http://gala.gre.ac.uk/id/eprint/44076

Actions (login required)

View Item

Downloads