東華大學圖書館 |

A Methodology to Design Intrusion Detection Systems (IDS) for IoT/Networking Protocols.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	A Methodology to Design Intrusion Detection Systems (IDS) for IoT/Networking Protocols./
作者:	Satam, Pratik.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2019,
面頁冊數:	182 p.
附註:	Source: Dissertations Abstracts International, Volume: 80-12, Section: B.
Contained By:	Dissertations Abstracts International80-12B.
標題:	Computer Engineering. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=13878131
ISBN:	9781392243367

A Methodology to Design Intrusion Detection Systems (IDS) for IoT/Networking Protocols.
Satam, Pratik.

A Methodology to Design Intrusion Detection Systems (IDS) for IoT/Networking Protocols. - Ann Arbor : ProQuest Dissertations & Theses, 2019 - 182 p.

Source: Dissertations Abstracts International, Volume: 80-12, Section: B.

Thesis (Ph.D.)--The University of Arizona, 2019.

This item must not be sold to any third party vendors.

Over the last few decades, the Internet has grown from a network that connected two research Universities to a juggernaut that encompasses the whole world with over 4.1 billion users as of July 2018, with a growth rate of 1052% from 2000-2018. Modern internet supports a wide variety of features and services like cloud computing and storage, social networking, content services, blogs and social interactions, Online banking and shopping, etc. Alongside the development of the internet, technologies relating to sensors, wireless communications, and mobile computing have seen an unprecedented growth, which has contributed to the development of a new paradigm: Internet of Things (IoT). The core concept of IoT involves forming connected devices that can be accessed ubiquitously from anywhere. These IoT devices have sensors and some processing and programming capabilities to support smart or Intelligent operations. Smart devices include wearables like smart watches, shoes, glasses, smart phones, smart refrigerators, smart cars, etc. This fast-paced growth of the internet and IoT infrastructures and services has introduce a challenging security problem due to the exponential growth in vulnerabilities and potential exploitations by cyber attackers. There is a dire need for an effective means to secure the cyber space against any type of threats that are known or unknown. This research presents a methodology to design Anomaly Behavior based Intrusion Detection Systems (AB-IDS) to secure networking and IoT protocols.An AB-IDS has a complete understanding of the semantics of the normal behavior of its target system, consequently allowing it to detect any malicious attacks on the system that forces it to operate abnormally. This approach of monitoring and accurately characterizing the normal behavior instead of looking for specific attack signatures (as done by signature-based IDS') allows the AB-IDS to detect new and modified attacks. Since each protocol has its own specification, it is hard to develop one AB-IDS that is able to secure all the protocols. Instead, we adopt a more granular approach that involves developing multiple micro AB-IDS' where each one is specialized in detecting anomalous behavior in its protocol, and the results from each of these micro AB-IDS' are aggregated to present a wholistic picture of the current operational state of the complete system. Designing of these micro intrusion detection systems is a time-consuming task that requires an in depth understanding of the protocols. To aid this research approach, in this dissertation we develop a methodology to design the micro AB-IDS' using machine learning models.The approach methodology involves following steps: 1. Threat modelling analysis; 2. Feature selection and protocol foot printing to characterize the behavior of the protocol; and 3. Use the protocol foot printing data structures to develop machine learning models that characterize accurately the normal behavior of the protocol to be protected by the micro AB-IDS. The threat modelling provides a formal approach to model the behavior of the protocol, identify potential attack vectors that target the protocols and develop mechanisms to protect protocol operations against these attack vectors. The feature selection step involves selection of correct features that helps characterize the behavior of the protocol. This step also involves designing and using different innovative data structures that help capture/represent the behavior of the protocol. In our research we concluded that Observation flows (OF) and n-grams are powerful data structures that can be used to characterize the behavior of the protocols. The last step involves developing machine learning models using the features obtained in Step 2 to differentiate the normal behavior of the machine learning model from the abnormal. We have evaluated our approach by designing micro intrusion detect systems to detect attacks on the Wi-Fi protocol, the DNS protocol and the HTML protocol. The experimental results show that the IDS' designed using this approach have a very high accuracy with very low false positives and false negatives for new and modified attacks.

ISBN: 9781392243367Subjects--Topical Terms:

1567821
Computer Engineering.

A Methodology to Design Intrusion Detection Systems (IDS) for IoT/Networking Protocols.
LDR:05288nmm a2200325 4500 001 2208900
005 20191025102438.5
008 201008s2019 ||||||||||||||||| ||eng d
020 $a 9781392243367
035 $a (MiAaPQ)AAI13878131
035 $a (MiAaPQ)arizona:17114
035 $a AAI13878131
040 $a MiAaPQ $c MiAaPQ
100 1 $a Satam, Pratik. $3 3435967
245 1 0 $a A Methodology to Design Intrusion Detection Systems (IDS) for IoT/Networking Protocols.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2019
300 $a 182 p.
500 $a Source: Dissertations Abstracts International, Volume: 80-12, Section: B.
500 $a Publisher info.: Dissertation/Thesis.
500 $a Advisor: Hariri, Salim.
502 $a Thesis (Ph.D.)--The University of Arizona, 2019.
506 $a This item must not be sold to any third party vendors.
520 $a Over the last few decades, the Internet has grown from a network that connected two research Universities to a juggernaut that encompasses the whole world with over 4.1 billion users as of July 2018, with a growth rate of 1052% from 2000-2018. Modern internet supports a wide variety of features and services like cloud computing and storage, social networking, content services, blogs and social interactions, Online banking and shopping, etc. Alongside the development of the internet, technologies relating to sensors, wireless communications, and mobile computing have seen an unprecedented growth, which has contributed to the development of a new paradigm: Internet of Things (IoT). The core concept of IoT involves forming connected devices that can be accessed ubiquitously from anywhere. These IoT devices have sensors and some processing and programming capabilities to support smart or Intelligent operations. Smart devices include wearables like smart watches, shoes, glasses, smart phones, smart refrigerators, smart cars, etc. This fast-paced growth of the internet and IoT infrastructures and services has introduce a challenging security problem due to the exponential growth in vulnerabilities and potential exploitations by cyber attackers. There is a dire need for an effective means to secure the cyber space against any type of threats that are known or unknown. This research presents a methodology to design Anomaly Behavior based Intrusion Detection Systems (AB-IDS) to secure networking and IoT protocols.An AB-IDS has a complete understanding of the semantics of the normal behavior of its target system, consequently allowing it to detect any malicious attacks on the system that forces it to operate abnormally. This approach of monitoring and accurately characterizing the normal behavior instead of looking for specific attack signatures (as done by signature-based IDS') allows the AB-IDS to detect new and modified attacks. Since each protocol has its own specification, it is hard to develop one AB-IDS that is able to secure all the protocols. Instead, we adopt a more granular approach that involves developing multiple micro AB-IDS' where each one is specialized in detecting anomalous behavior in its protocol, and the results from each of these micro AB-IDS' are aggregated to present a wholistic picture of the current operational state of the complete system. Designing of these micro intrusion detection systems is a time-consuming task that requires an in depth understanding of the protocols. To aid this research approach, in this dissertation we develop a methodology to design the micro AB-IDS' using machine learning models.The approach methodology involves following steps: 1. Threat modelling analysis; 2. Feature selection and protocol foot printing to characterize the behavior of the protocol; and 3. Use the protocol foot printing data structures to develop machine learning models that characterize accurately the normal behavior of the protocol to be protected by the micro AB-IDS. The threat modelling provides a formal approach to model the behavior of the protocol, identify potential attack vectors that target the protocols and develop mechanisms to protect protocol operations against these attack vectors. The feature selection step involves selection of correct features that helps characterize the behavior of the protocol. This step also involves designing and using different innovative data structures that help capture/represent the behavior of the protocol. In our research we concluded that Observation flows (OF) and n-grams are powerful data structures that can be used to characterize the behavior of the protocols. The last step involves developing machine learning models using the features obtained in Step 2 to differentiate the normal behavior of the machine learning model from the abnormal. We have evaluated our approach by designing micro intrusion detect systems to detect attacks on the Wi-Fi protocol, the DNS protocol and the HTML protocol. The experimental results show that the IDS' designed using this approach have a very high accuracy with very low false positives and false negatives for new and modified attacks.
590 $a School code: 0009.
650 4 $a Computer Engineering. $3 1567821
650 4 $a Computer science. $3 523869
690 $a 0464
690 $a 0984
710 2 $a The University of Arizona. $b Electrical & Computer Engineering. $3 1018545
773 0 $t Dissertations Abstracts International $g 80-12B.
790 $a 0009
791 $a Ph.D.
792 $a 2019
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=13878131