LEE- Bilgi Güvenliği Mühendisliği ve Kriptografi-Yüksek Lisans

Bu koleksiyon için kalıcı URI

http://hdl.handle.net/11527/19196

Gözat

Konu "Anomaliler" ile LEE- Bilgi Güvenliği Mühendisliği ve Kriptografi-Yüksek Lisans'a göz atma
  • Öge
    Distributed anomaly-based intrusion detection system for IoT environment using Blockchain technology
    (Graduate School, 2022-02-04) Hejazi, Nouha ; Özdemir, Enver ; 707191006 ; Cybersecurity Engineering and Cryptography
    The IoT world is growing rapidly. One of the most important challenges facing the commercialization of IoT-related innovations is preserving system security and privacy of users' information as well as achieving high acceptance levels. Unfortunately, IoT inherits security threats from its enabling technologies and adds many constraints on any applicable security solution because of the special characteristics of IoT systems which make preserving the system's security more challenging. This increases the landscape of threats and makes the system vulnerable to inside as well as outside attacks. However, IoT networks are usually implemented on a vast scale which makes them produce a huge amount of data during communication. This fact makes machine learning a promising solution for securing IoT systems. This huge data can be analyzed and used to detect abnormal behavior or anomalies. Nevertheless, according to resource and power constraints that IoT devices operate in, it is vital to reduce the needed storage and processing power needed for the detection algorithm or to propose an architecture that distributes the load over network nodes. Instead of implementing the Intrusion Detection System in a centralized way and handling data from the whole IoT system - which makes the system exposed to attacks and create single point failure or puts it at risk if the central server is compromised - distributed collaborative architecture could be used to take advantage of the massive deployment of IoT devices. The collaborative intrusion detection systems have better knowledge of their protected environments and provide a solution for the applications that are sensitive to user privacy. In this work, we are going to introduce a new security solution for intrusion detection in IoT systems. Our proposed solution utilizes distributed collaborative architecture trying to take advantage of IoT structure and overcome its limitations. A federated learning method is proposed in this thesis. Using the private dataset, the local model gets trained by each node. Then, the parameters of its local model are shared with other nodes for the sake of generating a better global model. This thesis proposes utilizing a Generative Adversarial Network (GAN) for the purpose of detecting anomalies. The model will be trained on the normal system behavior and let the generator mimic attacks while the discriminator detects anomalies based on their difference from the normal behavior. This technique could offer a solution for the problem of limited data points that represents malicious behavior. Additionally, this paper suggests employing an autoencoder for feature extraction. There are four main purposes for doing so. The first is to improve the efficiency of the GAN training process by lowering system congestion. The second is minimizing the sample size required. Similarly, the third purpose is to make the training and classification process lighter and easier. Finally, it can also conceal the data for scenarios where the device shares its data along with its model's parameters to gain trustworthiness. On the other hand, our solution will employ data sharing and mutual trust between system devices using blockchain technology. The collaborated devices share their model's parameters over the blockchain. In this way, they can compute the general global model by averaging all shared models or they can check their results using their neighbors' models. Furthermore, in distributed peer-to-peer IDS network alert exchange between the different IDS nodes is vital to detect anomalies and determine the trustworthiness of the nodes of the network. Additionally, system devices might share an encoded version of their data over the blockchain along with their models' parameters to enable other devices to verify the detected intrusion. To determine the trustworthiness of a node, a calculation can be initiated based on the fulfillment of received alert-related information. Then, the blockchain registry would include the alerts generated by each IDS node. Consequently, the collaborating nodes would depend on the consensus protocol to judge the validity of the alerts before inserting them on the blockchain. However, since each IoT system might have a different structure and characteristics according to its functionality and the circumstances it is implemented in, different IoT systems might apply our suggested solution with different settings. Also, according to the limitations that faced our research in terms of time and research equipment we are going to present a general structure for the proposed system and discuss it from security aspects that govern collaborative distributed IDSs.