ETD EMBARGOED

An Adaptive Deep-Ensemble Anomaly-Based Intrusion Detection System-of-Systems for the Internet-of-Things

Embargoed until 2025-01-24.
Citation

Albulayhi, Khalid. (2022-12). An Adaptive Deep-Ensemble Anomaly-Based Intrusion Detection System-of-Systems for the Internet-of-Things. Theses and Dissertations Collection, University of Idaho Library Digital Collections. https://www.lib.uidaho.edu/digital/etd/items/albulayhi_idaho_0089e_12332.html

Title:
An Adaptive Deep-Ensemble Anomaly-Based Intrusion Detection System-of-Systems for the Internet-of-Things
Author:
Albulayhi, Khalid
ORCID:
0000-0001-6084-2283
Date:
2022-12
Embargo Remove Date:
2025-01-24
Program:
Computer Science
Subject Category:
Computer science
Abstract:

Internet of Things (IoT) is an enabling technology that many applications in industrial and living sectors rely upon. Data is the cornerstone for those applications as more intelligence can be integrated into both operations and decision making. Therefore, IoT becomes more popular nowadays. Nevertheless, such popularity comes at the cost of many security concerns that threaten data privacy and diminish IoT utilization momentum in critical applications such as the smart grid and intelligent transportation systems. To address this challenge, several approaches have been proposed to detect and prevent IoT cyberthreats from materializing. Anomaly detection is one of these approaches that defines the boundaries of legitimate (normal) behavior. Any behavior that falls outside these boundaries is considered anomalous. However, these solutions should have the capability to adapt and adjust to environmental changes that prompt IoT nodal behavioral aberrations, except they only assume that these nodes show the same behavior. This assumption does not hold due to the heterogeneity of IoT nodes and the dynamic nature of an IoT network topology. Furthermore, existing adaptive solutions rely on static (pre-defined) thresholds to control the moment for retraining updates. The cost is heavy for highly dynamic environments like IoT as it leads to an unnecessary higher frequency of retraining. Consequently, the model becomes unstable and adversely affects its accuracy and robustness. This dissertation addresses these problems by proposing an improved Adaptive Anomaly Detection (AAD) model that addresses the heterogeneity issues by building local profiles that define normal behavior at each IoT node. The model starts with selecting the discriminative features using a new Minimized Redundancy Discriminative Feature Selection (MRD-FS) technique to resolve the issue of redundant features. The One Class Support Vector Machines (OC-SVM) have then been used to build these profiles. Then, K-Means clustering have been used to build a global profile that represents all network nodes. A Local-Global Ratio-Based (LGR) anomaly detection scheme has been defined to control the adaptation process by adjusting the threshold of adaptive functionality dynamically based on the “current” situation to prevent unnecessary retraining. An Ensemble of Deep Belief Networks (EDBN) have been developed and used to train the anomaly detection model. The proposed model can be used for various IoT applications such as smart grids, smart homes, smart cities, and intelligent transportation systems. This is the first new method proposed in the dissertation. Another method is proposed to improve the feature selection approaches and the accuracy performance called a hybrid feature selection and extraction approach for anomaly-based IDS. The approach begins with using two entropy-based approaches (i.e., information gain (IG) and gain ratio (GR)) to select and extract relevant features in various ratios. Then, mathematical set theory (union and intersection) is used to extract the best features. This hybrid approach has resulted in 11 and 28 relevant features (out of 86) using the intersection and union, respectively. The model framework is trained and tested on the IoT intrusion dataset 2020 (IoTID20) using four machine learning algorithms: Bagging, Multilayer Perception, J48, and IBk. We have further compared all our approaches with other state-of-the-art studies.

Description:
doctoral, Ph.D., Computer Science -- University of Idaho - College of Graduate Studies, 2022-12
Major Professor:
Sheldon, Frederick T
Committee:
Haney, Michael; Chakhchoukh, Yacine; Song, Jia; Soule, Terence; Ashrafuzzaman, Mohammad
Defense Date:
2022-12
Identifier:
Albulayhi_idaho_0089E_12332
Type:
Text
Format Original:
PDF
Format:
record

Contact us about this record

Rights
Rights:
In Copyright - Educational Use Permitted. For more information, please contact University of Idaho Library Special Collections and Archives Department at libspec@uidaho.edu.
Standardized Rights:
http://rightsstatements.org/vocab/InC-EDU/1.0/