Investigating Dynamic User-Level Scheduling to Improve AI-Based Intrusion Detection Systems on IoT
Typ
Examensarbete för masterexamen
Master's Thesis
Master's Thesis
Program
High-performance computer systems (MPHPC), MSc
Publicerad
2022
Författare
Coban, Ali Zulfukar
Mirzai, Aria
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Internet of things devices with their inherent convenience factor have exploded in
numbers during the latest decade, however at the cost of rising security concerns.
This is largely due to their incapability of solving complex and computationally
heavy numerical problems especially when dealing with large data-sets, a key component
for computers in today’s world for fending off attacks.
The main contribution of this thesis is investigating how a dynamic user-level scheduler
can improve the detection capabilities of AI-based intrusion detection systems
and to enable retraining of an AI algorithm on an IoT device. The models are assumed
to be made of lightweight and data-driven machine learning algorithms, such
as ”PASAD” which we chose to utilize for this work. The scheduler was created
after having initially developed a basic framework for allowing the PASAD models
to detect attacks, denoted as our ”baseline” system.
The experiments that followed proved that the dynamic user-level scheduler provides
several additional advantages compared to the baseline, mainly a substantial
throughput increase which reduces the time until attacks are detected, a critical
factor from the security aspect. Additionally, a model prioritization feature was
built to allow the scheduler to allocate more processing resources towards nodes it
is suspecting to be under attack. Both of these variables play an important role in
pawing the way to having our IoT devices being protected by more robust security
schemes, even for those devices considered too resource limited today.
With our scheduler implemented on an Nvidia Jetson Nano, is it possible to calculate
approximately 57,000 anomaly scores per second, which are used in the attack
monitoring process, for roughly 97 detection models while simultaneous retraining
is taking place (results are for when PASAD is the utilized detection algorithm).
Furthermore, with 75 PASAD models the scheduler is able reach ≈1.46 times the
performance of the baseline with retraining enabled and with retraining disabled it
reaches ≈2.15 times the performance of the baseline.
Beskrivning
Ämne/nyckelord
Internet of things , Anomaly-based intrusion detection system , User-level scheduling , model training