Date of Submission
Fall 12-18-2020
Degree Type
Thesis
Degree Name
Master of Science in Computer Science (MSCS)
Department
Computer Science
Committee Chair/First Advisor
Dr. Reza M. Parizi
Track
Others
Thesis
Chair
Dr. Coskun Cetinkaya
Committee Member
Dr. Jose Garrido
Committee Member
Dr. Mohammad Aledhari
Committee Member
Dr. Reza M. Parizi
Abstract
Internet of Things (IoT) devices are mass-produced and rapidly released to the public in a rough state. IoT devices are produced by various companies satisfying various goals, such as monitoring the environment, senor trigger cameras, on-demand electrical switches. These IoT devices are produced by companies to meet a market demand quickly, producing a rough software solution that customers or other enterprises willingly buy with the expectation they will have software updates after production. These IoT devices are often heterogeneous in nature, only to receive updates at infrequently intervals, and can remain out of sight on a home or office network for extended periods. Security and privacy are two of the many ongoing research and operational challenges in IoT systems. Potential threats to IoT devices, such as botnets and malware-based attacks, have always been difficult for traditional detection systems. However, deep learning-based solutions have been utilized in recent years, and many challenges have yet to be addressed. In this thesis, we propose a federated-based approach, this will employ a deep autoencoder to detect botnet attacks using on-device decentralized traffic data. This suggested federated learning solution will be able to address the privacy and security of data by ensuring that the device’s data is not transferred or moved off the network edge. Instead, the machine learning computation will be brought to where living data is born (e.g. the edge layer); thus, providing the sought-after results of a traditionally centralized machine learning technique, with the added benefit of data security. We demonstrate that our proposed model has achieved up to 98% accuracy rate in anomaly detection while using features such as source IP, MAC IP, and destination IP and socket channel for training. The comparative performance analysis between our proposed approach and a traditionally centralized format demonstrates that our approach achieves a significant improvement in the accuracy rate of attack detection.
Comments
This research was funded by US SunTrust Fellow in Cybersecurity/Information Security Research Funding Program, No. ST20-01.