Artificial Immune System Approach for an Intrusion Detection System for the Internet of Things
Data
2022-08-16
Autores
Almeida, Maíra Baptista de 
Orientadores
Rosset, Valerio
Tipo
Dissertação de mestrado
Título da Revista
ISSN da Revista
Título de Volume
Resumo
A Internet das Coisas ou IoT (Internet of Things) é um dos paradigmas tecnológicos com rápido crescimento nos últimos anos. No entanto, os esforços para tornar e manter esse ambiente seguro não avançam da mesma forma. Conforme o número de nós de dispositivos de IoT cresce novas ameaças aparecem. Sistemas de Detecção de Intrusão, ou SDIs, são um mecanismo clássico de segurança de redes, porém não são facilmente aplicáveis no contexto de IoT devido aos recursos limitados que esse paradigma dispõe. Baseado nos preceitos clássicos dos SDIs esta dissertação busca introduzir uma arquitetura de segurança capaz de proteger a rede de IoT. A arquitetura em questão é inspirada na teoria de Sistemas Imunológicos Artificiais devido a sua natureza distribuída. A arquitetura de segurança proposta inclui módulos com tarefas especializada , distribuídos através das diferentes camadas da rede (Nuvem, Névoa e Borda). Esses módulos possuem diferentes objetivos, como monitoramento de regiões da rede, agregação de informações, treinamento e armazenamento de modelos de classificação automática, assim como controle de recursos. O módulo de monitoramento, nomeado nesta dissertação como Célula Monitora, classifica o tráfego da rede de IoT, agindo como um detector de anomalias. Usando um conjunto de dados próprio para tarefa de desenvolvimento de SDIs, um detector de intrusão foi implementado baseado numa abordagem distinta combinando Aprendizado Federado e Aprendizado Ativo. Para lidar com um grande número de características no conjunto de dados, o número de características foi reduzido em um passo de seleção de características. Diferentes algoritmos de classificação foram utilizados, e sua eficiência foi avaliada através de métricas estatísticas. O método combinado, chamado de Aprendizado Fed-Active, obteve uma porcentagem de acurácia balanceada de 97,6%.
The Internet of Things (IoT) is one of the fastest growing technology paradigms to date. However, efforts in securing this environment do not advance as fast. Intrusion Detection Systems, or IDS, are a classical type of network security mechanism, but are not trivially applicable to IoT devices, due to their limited resources. Based on the tenets of classical IDSs and in order to leverage a secure environment for IoT devices, this project introduces a security architecture capable of protecting an IoT network. The architecture was inspired by the theory of Artificial Immune Systems, which was selected because of its successful use in security applications and anomaly detection, and its distributed nature. The security architecture proposed includes modules with well defined tasks, distributed across the different network layers (Cloud, Fog and Edge). These modules are tasked with monitoring network regions, information aggregation, training and storage of traffic classification models, as well as resource control. The monitoring module, named in this dissertation Monitor Cell, classifies the IoT network’s traffic, acting as an Anomaly Detector. Using a dataset tailored for the task of training Intrusion Detectors, an Intrusion Detector model based on a distinct approach combining Federated and Active Learning was implemented. In order to deal with a high amount of dataset features, a feature selection step was done to reduce the number of features. The combined method, named Fed-Active Learning, achieved an balanced accuracy score of 0.976.
The Internet of Things (IoT) is one of the fastest growing technology paradigms to date. However, efforts in securing this environment do not advance as fast. Intrusion Detection Systems, or IDS, are a classical type of network security mechanism, but are not trivially applicable to IoT devices, due to their limited resources. Based on the tenets of classical IDSs and in order to leverage a secure environment for IoT devices, this project introduces a security architecture capable of protecting an IoT network. The architecture was inspired by the theory of Artificial Immune Systems, which was selected because of its successful use in security applications and anomaly detection, and its distributed nature. The security architecture proposed includes modules with well defined tasks, distributed across the different network layers (Cloud, Fog and Edge). These modules are tasked with monitoring network regions, information aggregation, training and storage of traffic classification models, as well as resource control. The monitoring module, named in this dissertation Monitor Cell, classifies the IoT network’s traffic, acting as an Anomaly Detector. Using a dataset tailored for the task of training Intrusion Detectors, an Intrusion Detector model based on a distinct approach combining Federated and Active Learning was implemented. In order to deal with a high amount of dataset features, a feature selection step was done to reduce the number of features. The combined method, named Fed-Active Learning, achieved an balanced accuracy score of 0.976.