A lightweight host-based intrusion detection system using N-gram and perceptron model for internet of things / Belal Sudqi Abed Saleh Khater

Belal Sudqi Abed , Saleh Khater (2021) A lightweight host-based intrusion detection system using N-gram and perceptron model for internet of things / Belal Sudqi Abed Saleh Khater. PhD thesis, Universiti Malaya.

	PDF (The Candidate's Agreement) Restricted to Repository staff only Download (180Kb)
	PDF (Thesis PhD) Download (4Mb)

Abstract

A Host-Based Intrusion Detection System (HIDS) is a system that monitors and analyses internal or external data to detect intrusion. It is installed in a host capable of monitoring users’ activities, which is not possible in a network-based system. In this thesis, a HIDS using Modified Vector Space Representation (MVSR) N-gram and Multilayer Perceptron (MLP) model for securing Internet of Things (IoT) devices were proposed. The HIDS utilizes fog computing paradigm to address the inherent challenges of the cloud such as latency, lack of mobility support and location-awareness. Since the fog and IoT devices are resource constraint, a lightweight HIDS is highly desirable. Therefore, detailed analysis and evaluation were conducted to fulfil the lightweight criteria. The Australian Defence Force Academy Linux Dataset (ADFA-LD), which is a new generation system that calls datasets containing exploits and attacks on various applications, was employed for the analysis. The proposed method was divided into feature extraction stage, feature selection stage and classification modelling. To maintain the lightweight criteria, feature extraction stage considered a combination of 1-gram and 2-gram for the system call encoding. In addition, Sparse Matrix was used to reduce the space by keeping only the weight of the feature that appeared in the trace, thus ignoring the zero weights. Subsequently, Linear Correlation Coefficient (LCC) was utilized to compensate any missing N-gram in the test data. In the feature selection stage, Mutual Information (MI) method and Principle Component Analysis (PCA) were utilized and then compared to reduce the number of input features. Following the feature selection stage, the modelling and performance evaluation of various Machine Learning classifiers were conducted by using a Raspberry Pi IoT device. Further analysis on the effect of MLP parameters such as number of nodes, number of features, activation, solver, regularization parameters were also conducted. From the simulation, it could be seen that, different parameters affect the accuracy and lightweight evaluation. By using a single hidden layer and four nodes, the proposed method with MI could achieve 96% accuracy, 97% recall, 96% F1-Measure, 5% False Positive Rate (FPR), highest curve of Receiver Operating Characteristic (ROC) and 96% Area Under the Curve (AUC). It also achieved low CPU time usage of 4.43 [ms] millisecond and low energy consumption of 8.87 [mJ] millijoule.

Actions (For repository staff only : Login required)