Behaviour-based security with machine learning on IoT networks

Abstract

The proliferation of Internet of Things (IoT) devices has transformed various aspects of human life, yet has brought forth significant security challenges due to device heterogeneity and limited resources. Addressing this, the thesis focuses on reliable and reproducible IoT security measures, specifically device identification (DI) and attack detection (AD). With over 10 billion devices currently connected and a projected 80 billion by 2026, securing IoT devices is critical. Traditional security approaches face hurdles due to device diversity, while IoT devices are prone to rapid attacks. Behaviour-based methods, particularly utilising machine learning, offer potential solutions for both DI and AD. However, existing studies suffer from limitations in addressing IoT heterogene ity, analysing information leakage features, understanding machine learning insights, and ensuring reproducibility. This research aims to bridge these gaps by developing robust, transparent, and generalizable solutions for IoT DI and AD. For DI, a novel aggregation algorithm addresses IP and non-IP device challenges, significantly improving accuracy. Comprehensive feature selection results in an optimal feature set, validated across diverse datasets. In AD, a packet-level expanding and rolling windows method detects attacks earlier, outperforming conventional flow methods. The models are evaluated on isolated first-time-seen attack datasets, showcasing their adaptability to novel attacks. Furthermore, machine learning models and features are analysed for deeper attack insights. The thesis underscores the interdependence of device identification and attack detection within IoT security, emphasising their mutual reinforcement for network safety. By offering reproducible methodologies, transparent analyses, and adaptable models, this work contributes to enhancing the security of IoT devices and networks. Ultimately, this research paves the way for a more secure IoT ecosystem by addressing the unique challenges posed by IoT heterogeneity, resource limitations, and dynamic attack patterns.