Neural Network-based Approach Towards Port Scan Attack Detection in Linux-based IoT Systems
Project by Polygence alum William
The project successfully evaluated six neural network models, revealing the RNN and ANN models as particularly effective in detecting port scanning attacks with a set 1% False Positive Rate (FPR), thereby providing a pathway for developing proficient intrusion detection systems. Utilizing the ToN_IoT dataset, the research offered a detailed analysis of its structure and features, serving as a comprehensive guide for future researchers and practitioners in IoT network security. The study illuminated critical insights into the trade-off between True Positive Rate (TPR) and FPR in network attack detection systems, offering strategies to maintain system credibility while ensuring effective attack detection. A robust methodological framework for implementing and evaluating neural network models was developed, providing a systematic and replicable approach for future research. Furthermore, the research enriched existing literature, offered practical insights for network security professionals, identified avenues for future research, and validated the practical application of various neural network models in real-world scenarios.
They started it from zero. Are you ready to level up with us?
In the era of a rapidly evolving technology space, the Internet of Things (IoT) has transformed our interaction with technology through lightweight devices. As the number of IoT devices grows, their security and privacy have become crucial. Port scanning attacks, a common and harmful network attack on IoT systems, are used by malicious actors to find network vulnerabilities and often serve as precursors to cyberattacks. This paper discusses the various neural network techniques evaluated for detecting port scanning attacks and also describes the methodology and results achieved. This paper uses the public ToN_IoT Linux datasets, a recent collection of data from various IoT network attacks, to train and evaluate neural network models for accurate port scanning attack detection. Two datasets were analyzed, including data from Linux disk audit traces and snapshots of Linux system processes recorded alongside the attacks. Various neural network techniques are investigated, showing results of varied performance across models evaluated using True Positive Rate (TPR) and False Positive Rate (FPR). The evaluated models demonstrated both high TPRs and FPRs, indicating a tradeoff. To maintain system credibility and avoid false alarms, a 1% FPR was set. Under this rule, RNN achieved the highest TPR (72.63%) for Linux disk activities, and ANN had the highest accuracy (63.78%) for Linux system processes. This research contributes valuable insights for network security professionals and researchers seeking to develop effective intrusion detection systems and further enhance network security.
PhD Doctor of Philosophy candidate
Engineering, Computer Science
vehicle security, vehicle reliability, cybersecurity, applied machine learning, Computer Science, Operating System Security
Review of mentor
Helped me fix gaps in my Research paper & methodology to work towards finding my results