Back to projects

Neural Network-based Approach Towards Port Scan Attack Detection in Linux-based IoT Systems

Project by Polygence alum William

Neural Network-based Approach Towards Port Scan Attack Detection in Linux-based IoT Systems

Project's result

The project successfully evaluated six neural network models, revealing the RNN and ANN models as particularly effective in detecting port scanning attacks with a set 1% False Positive Rate (FPR), thereby providing a pathway for developing proficient intrusion detection systems. Utilizing the ToN_IoT dataset, the research offered a detailed analysis of its structure and features, serving as a comprehensive guide for future researchers and practitioners in IoT network security. The study illuminated critical insights into the trade-off between True Positive Rate (TPR) and FPR in network attack detection systems, offering strategies to maintain system credibility while ensuring effective attack detection. A robust methodological framework for implementing and evaluating neural network models was developed, providing a systematic and replicable approach for future research. Furthermore, the research enriched existing literature, offered practical insights for network security professionals, identified avenues for future research, and validated the practical application of various neural network models in real-world scenarios.

They started it from zero. Are you ready to level up with us?

Summary

In the era of a rapidly evolving technology space, the Internet of Things (IoT) has transformed our interaction with technology through lightweight devices. As the number of IoT devices grows, their security and privacy have become crucial. Port scanning attacks, a common and harmful network attack on IoT systems, are used by malicious actors to find network vulnerabilities and often serve as precursors to cyberattacks. This paper discusses the various neural network techniques evaluated for detecting port scanning attacks and also describes the methodology and results achieved. This paper uses the public ToN_IoT Linux datasets, a recent collection of data from various IoT network attacks, to train and evaluate neural network models for accurate port scanning attack detection. Two datasets were analyzed, including data from Linux disk audit traces and snapshots of Linux system processes recorded alongside the attacks. Various neural network techniques are investigated, showing results of varied performance across models evaluated using True Positive Rate (TPR) and False Positive Rate (FPR). The evaluated models demonstrated both high TPRs and FPRs, indicating a tradeoff. To maintain system credibility and avoid false alarms, a 1% FPR was set. Under this rule, RNN achieved the highest TPR (72.63%) for Linux disk activities, and ANN had the highest accuracy (63.78%) for Linux system processes. This research contributes valuable insights for network security professionals and researchers seeking to develop effective intrusion detection systems and further enhance network security.

Noah

Noah

Polygence mentor

PhD Doctor of Philosophy candidate

Subjects

Engineering, Computer Science

Expertise

vehicle security, vehicle reliability, cybersecurity, applied machine learning, Computer Science, Operating System Security

Review of mentor

Helped me fix gaps in my Research paper & methodology to work towards finding my results

William

William

Student

Hello, I'm William, and my polygence project was a network packet analysis application. I am interested in cyber security and computer science, and am applying to do another project in this field.

School

Irvington High School

Graduation Year

2025