A novel secure mud-based real time intrusion detection and prevention mechanism for IoT network / Noman Mazhar
The Internet of things increases the world's automation pace but simultaneously multiplies the number of security challenges for the IoT industry. Conventional secure frameworks depend on Intrusion detection and prevention systems (IDPS) as a defensive mechanism against attacks. These conventio...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2023
|
| Subjects: | |
| Online Access: | http://studentsrepo.um.edu.my/15320/2/Noman_Mazhar.pdf http://studentsrepo.um.edu.my/15320/1/Noman_Mazhar.pdf http://studentsrepo.um.edu.my/15320/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.um.stud.15320 |
|---|---|
| record_format |
eprints |
| spelling |
my.um.stud.153202024-11-05T21:42:57Z A novel secure mud-based real time intrusion detection and prevention mechanism for IoT network / Noman Mazhar Noman , Mazhar QA75 Electronic computers. Computer science The Internet of things increases the world's automation pace but simultaneously multiplies the number of security challenges for the IoT industry. Conventional secure frameworks depend on Intrusion detection and prevention systems (IDPS) as a defensive mechanism against attacks. These conventional networks based IDPS are not suitable for low-power and lossy networks like IoT. Therefore, the current secure frameworks use intrusion detection and prevention systems based on state of art techniques such as software-defined network (SDN) and manufacturer usage description (MUD). By design, SDN decouples the network devices' data and control plane, thus giving centralized control and complete network transparency, boosting the efficiency of network functions like IDPS. However, there is still no standardized mechanism to profile the IoT devices, as IoT device profiling is crucial for IoT security. As a result, the new standard MUD has been introduced. MUD defines the IoT profiles so that the devices can be limited to their intended operations. Most frameworks use SDN to implement and enforce MUD policies on IoT devices. However, these frameworks cannot prevent IoT devices from DDoS attacks and the attack detection is limited. Further, the MUD registration process requires an IoT device to be online all the time, but the network connectivity can be limited in some remote installations, causing registration failure. Thus, we have proposed H-MUD registration scheme based on hash-based MUD file authentication and localized storage to minimize the need for online connectivity to the server. In addition, we also propose, a framework known as MUDLite, by combining the proposed R-IDPS (SDN-based Realtime IDPS) and H-MUD (modified hash-based MUD). The framework has been designed in a distributed architecture. The decentralized design's impact is balancing network traffic load, especially in a flood attack. Also, the framework applies to heterogeneous IoT devices. For detection, the framework uses a support vector machine to detect ICMP flood and TCP SYN flood attacks. The machine learning model is capable of real-time training. The accuracy of the proposed R-IDPS against the intrusion detection system, especially under the stress conditions of DDoS attacks, is 97% to 99% with no false positives. Also, we use SHA-256 for H-MUD authentication and localized storage of MUD files improving the overall MUD registration process by up to 80% compared to the normal process, as shown by simulation. From our results, we can conclude that using SDN technology, the proposed MUD extension called MUDLite, can comprehensively mitigate DDoS attacks. Also, expedite the MUD registration using H-MUD-based on a secure hashing technique, resulting in a better secure IoT framework as compared to the MUD alone. Keywords: 2023-08 Thesis NonPeerReviewed application/pdf http://studentsrepo.um.edu.my/15320/2/Noman_Mazhar.pdf application/pdf http://studentsrepo.um.edu.my/15320/1/Noman_Mazhar.pdf Noman , Mazhar (2023) A novel secure mud-based real time intrusion detection and prevention mechanism for IoT network / Noman Mazhar. PhD thesis, Universiti Malaya. http://studentsrepo.um.edu.my/15320/ |
| institution |
Universiti Malaya |
| building |
UM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Malaya |
| content_source |
UM Student Repository |
| url_provider |
http://studentsrepo.um.edu.my/ |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Noman , Mazhar A novel secure mud-based real time intrusion detection and prevention mechanism for IoT network / Noman Mazhar |
| description |
The Internet of things increases the world's automation pace but simultaneously multiplies the number of security challenges for the IoT industry. Conventional secure frameworks depend on Intrusion detection and prevention systems (IDPS) as a defensive mechanism against attacks. These conventional networks based IDPS are not suitable for low-power and lossy networks like IoT. Therefore, the current secure frameworks use intrusion detection and prevention systems based on state of art techniques such as software-defined network (SDN) and manufacturer usage description (MUD). By design, SDN decouples the network devices' data and control plane, thus giving centralized control and complete network transparency, boosting the efficiency of network functions like IDPS. However, there is still no standardized mechanism to profile the IoT devices, as IoT device profiling is crucial for IoT security. As a result, the new standard MUD has been introduced. MUD defines the IoT profiles so that the devices can be limited to their intended operations. Most frameworks use SDN to implement and enforce MUD policies on IoT devices. However, these frameworks cannot prevent IoT devices from DDoS attacks and the attack detection is limited. Further, the MUD registration process requires an IoT device to be online all the time, but the network connectivity can be limited in some remote installations, causing registration failure. Thus, we have proposed H-MUD registration scheme based on hash-based MUD file authentication and localized storage to minimize the need for online connectivity to the server. In addition, we also propose, a framework known as MUDLite, by combining the proposed R-IDPS (SDN-based Realtime IDPS) and H-MUD (modified hash-based MUD). The framework has been designed in a distributed architecture. The decentralized design's impact is balancing network traffic load, especially in a flood attack. Also, the framework applies to heterogeneous IoT devices. For detection, the framework uses a support vector machine to detect ICMP flood and TCP SYN flood attacks. The machine learning model is capable of real-time training. The accuracy of the proposed R-IDPS against the intrusion detection system, especially under the stress conditions of DDoS attacks, is 97% to 99% with no false positives. Also, we use SHA-256 for H-MUD authentication and localized storage of MUD files improving the overall MUD registration process by up to 80% compared to the normal process, as shown by simulation. From our results, we can conclude that using SDN technology, the proposed MUD extension called MUDLite, can comprehensively mitigate DDoS attacks. Also, expedite the MUD registration using H-MUD-based on a secure hashing technique, resulting in a better secure IoT framework as compared to the
MUD alone.
Keywords:
|
| format |
Thesis |
| author |
Noman , Mazhar |
| author_facet |
Noman , Mazhar |
| author_sort |
Noman , Mazhar |
| title |
A novel secure mud-based real time intrusion detection and prevention mechanism for IoT network / Noman Mazhar |
| title_short |
A novel secure mud-based real time intrusion detection and prevention mechanism for IoT network / Noman Mazhar |
| title_full |
A novel secure mud-based real time intrusion detection and prevention mechanism for IoT network / Noman Mazhar |
| title_fullStr |
A novel secure mud-based real time intrusion detection and prevention mechanism for IoT network / Noman Mazhar |
| title_full_unstemmed |
A novel secure mud-based real time intrusion detection and prevention mechanism for IoT network / Noman Mazhar |
| title_sort |
novel secure mud-based real time intrusion detection and prevention mechanism for iot network / noman mazhar |
| publishDate |
2023 |
| url |
http://studentsrepo.um.edu.my/15320/2/Noman_Mazhar.pdf http://studentsrepo.um.edu.my/15320/1/Noman_Mazhar.pdf http://studentsrepo.um.edu.my/15320/ |
| _version_ |
1816130798650130432 |
| score |
13.223943 |