A framework for anomalous activity analysis for intrusion detection with applications to IoT networks

Abstract

Computer systems have become an integral part of our daily lives. The Internet of Things (IoT) has recently attracted considerable attention in the information technology industry due to its various benefits. IoT activities increase the quantity of information shared. It produces new services through the Internet due to advancements in information and communication technology. The growing development of IoT devices creates a large attack surface for cybercriminals to conduct potentially more destructive cyberattacks; as a result, the security industry has seen an exponential increase in cyber-attacks. These attacks have effectively accomplished malicious goals because intruders use novel and innovative techniques to conduct cyber-attacks. The security of IoT networks is becoming increasingly challenging, and anomaly detection for IoT networks is a critical technique for addressing this issue. The security challenge is to develop techniques to identify malicious activity correctly, mitigate the impact of such activity, and utilize them to implement enhanced Intrusion Detection Systems (IDS) to detect novel trends of cyber-attacks. Anomaly-based IDSs that use machine learning methods can detect and classify anomalies in IoT networks. This thesis design a framework for anomalous activity analysis for intrusion detection with applications to IoT networks. Anomaly detection frameworks based on nonparametric machine learning methods, feed-forward neural networks, convolutional neural networks, recurrent neural networks, and generative adversarial networks have been designed. A technique for creating a new dataset from existing pcap files has been described. The proposed technique created five IoT network intrusion datasets from existing pcap files. A method for identifying IoT devices connected to a network using machine learning has been proposed. Two datasets were generated for IoT device identification utilizing preexisting pcap files. The generated datasets are publicly available. The performance of anomalous activity analysis frameworks was evaluated and tested in binary and multiclass classification environments using four network intrusion datasets and five IoT network intrusion datasets. In each evaluative situation, the frameworks in this thesis improve the benchmark techniques in terms of accuracy, precision, recall, and F1 score.