Alhowaide, Alaa Zaid Mohammad (2021) Towards autonomous IoT IDSs using ensemble learning and feature selection methods. Doctoral (PhD) thesis, Memorial University of Newfoundland.
[English]
PDF
- Accepted Version
Available under License - The author retains copyright ownership and moral rights in this thesis. Neither the thesis nor substantial extracts from it may be printed or otherwise reproduced without the author's permission. Download (7MB) |
Abstract
Intrusion Detection Systems (IDSs) are an efficient and effective solution against polymorphic and zero-day cyberattacks in IoT networks. Many IDSs have failed in practice due to a considerable number of false alarms, high False Positive Rates (FPR), and low Detection Rates (DR). Furthermore, with the rapidly growing number of connected devices in IoT networks and the wide variety of traffic types, it becomes challenging to develop a fast, light, and accurate IDS. This research provides substantial contributions to cybersecurity research on developing a scalable, adaptive, and lightweight IDS framework for IoT networks. It considers two main aspects, a novel ensemble feature selection method and a new ensemble detection model approach to achieve a reliable IDS architecture. The first contribution is developing a novel ensemble evaluation method for Feature Selection Methods (FSMs) to automatically construct an Ensemble Feature Selection Method (ENFSM). The proposed methodology combined five evaluation measurements. One of them is a new evaluation measurement that integrated the reduction rate with method speed and two new measurements that scored the whole feature set quality. Also, a novel cutoff mechanism for filter-based FSMs is proposed. The second contribution is developing a novel ensemble Model Selection Method (MSM) to automatically construct an ensemble detection model. The proposed method used three new integrated efficiency measurements and combined the recommendations in a novel way to increase the method’s reliability. Notably, the proposed ENFSM achieved a reduction percentage ranging from 51% to 79% over the four datasets without compromising the accuracy of the detection models. Furthermore, the proposed cutoff mechanism showed a noticeable improvement in the feature selection methods’ efficiency. The proposed ENFSM F and ROC-AUC scores ranged from 0.9 to 1 using most detection models. Furthermore, the generated feature set suited a vast range of models. The proposed ensemble models showed 0.99, 0.95, 1, and 0.99 F scores and 1, 0.98, 1, and 1 ROC-AUC scores on NSL-KDD, UNSW-NB15, BotNetIoT, and BoTIoT dataset, respectively. The proposed models overcame most models in terms of efficiency and showed a stable performance using a vast range of feature sets.
Item Type: | Thesis (Doctoral (PhD)) |
---|---|
URI: | http://research.library.mun.ca/id/eprint/15550 |
Item ID: | 15550 |
Additional Information: | Includes bibliographical references (pages 127-134). |
Keywords: | cybersecurity, ensemble learning, feature selection, internet of things, intrusion detection, efficiency measurements |
Department(s): | Science, Faculty of > Computer Science |
Date: | April 2021 |
Date Type: | Submission |
Digital Object Identifier (DOI): | https://doi.org/10.48336/MY0E-G918 |
Library of Congress Subject Heading: | Computer security; Intrusion detection systems (Computer security); Internet of things; Cooperating objects (Computer systems); Ensemble learning (Machine learning); Computer networks—Security measures. |
Actions (login required)
View Item |