A novel secure mud-based real time intrusion detection and prevention mechanism for IoT network / Noman Mazhar

Noman , Mazhar (2023) A novel secure mud-based real time intrusion detection and prevention mechanism for IoT network / Noman Mazhar. PhD thesis, Universiti Malaya.

	PDF (The Candidate's Agreement) Restricted to Repository staff only Download (233Kb)
	PDF (Thesis PhD) Download (4Mb)

Abstract

The Internet of things increases the world's automation pace but simultaneously multiplies the number of security challenges for the IoT industry. Conventional secure frameworks depend on Intrusion detection and prevention systems (IDPS) as a defensive mechanism against attacks. These conventional networks based IDPS are not suitable for low-power and lossy networks like IoT. Therefore, the current secure frameworks use intrusion detection and prevention systems based on state of art techniques such as software-defined network (SDN) and manufacturer usage description (MUD). By design, SDN decouples the network devices' data and control plane, thus giving centralized control and complete network transparency, boosting the efficiency of network functions like IDPS. However, there is still no standardized mechanism to profile the IoT devices, as IoT device profiling is crucial for IoT security. As a result, the new standard MUD has been introduced. MUD defines the IoT profiles so that the devices can be limited to their intended operations. Most frameworks use SDN to implement and enforce MUD policies on IoT devices. However, these frameworks cannot prevent IoT devices from DDoS attacks and the attack detection is limited. Further, the MUD registration process requires an IoT device to be online all the time, but the network connectivity can be limited in some remote installations, causing registration failure. Thus, we have proposed H-MUD registration scheme based on hash-based MUD file authentication and localized storage to minimize the need for online connectivity to the server. In addition, we also propose, a framework known as MUDLite, by combining the proposed R-IDPS (SDN-based Realtime IDPS) and H-MUD (modified hash-based MUD). The framework has been designed in a distributed architecture. The decentralized design's impact is balancing network traffic load, especially in a flood attack. Also, the framework applies to heterogeneous IoT devices. For detection, the framework uses a support vector machine to detect ICMP flood and TCP SYN flood attacks. The machine learning model is capable of real-time training. The accuracy of the proposed R-IDPS against the intrusion detection system, especially under the stress conditions of DDoS attacks, is 97% to 99% with no false positives. Also, we use SHA-256 for H-MUD authentication and localized storage of MUD files improving the overall MUD registration process by up to 80% compared to the normal process, as shown by simulation. From our results, we can conclude that using SDN technology, the proposed MUD extension called MUDLite, can comprehensively mitigate DDoS attacks. Also, expedite the MUD registration using H-MUD-based on a secure hashing technique, resulting in a better secure IoT framework as compared to the MUD alone. Keywords:

Actions (For repository staff only : Login required)