Doctoral thesis: « Deep Learning for Internet of Things (IoT) Network Security »

Doctoral School: Sciences et Technologies de l'Information et de la Communication and the Research Unit SAMOVAR (UMR 5157) - Services répartis, Architectures, Modélisation, Validation, Administration des Réseaux are presenting the "examination of a thesis" by Mr Mustafizur Rahman SHAHID, who is expected to defend his research to obtain his PhD at l'Institut Polytechnique de Paris, prepared at Telecom SudParis in : Computer science

« Deep Learning for Internet of Things (IoT) Network Security »

MONDAY, MARCH 22, 2021 at 10:00 a.m. (Defense in visio - Covid-19).

Jury members:

• M. Hervé DEBAR, Professor, Telecom SudParis - Institut Polytechnique de Paris, FRANCE - Supervisor
• M. Gregory BLANC, Associate professor, Telecom SudParis - Institut Polytechnique de Paris, FRANCE - Co-supervisor
• M. Sébastien TIXEUIL, Professor, Sorbonne Université, FRANCE - Reviewer
• M. Eric TOTEL, Professor, IMT Atlantique, FRANCE - Reviewer
• M. Youki KADOBAYASHI, Professor, Nara Institute of Science and Technology, JAPAN - Examiner
• M. Thomas CLAUSEN, Professor, École Polytechnique, FRANCE - Examiner
• Mme Cristel PELSSER, Professor, Université de Strasbourg, FRANCE - Examiner
• M. Urko ZURUTUZA, Associate professor, Mondragon University, SPAIN - Examinateur

Abstract :

The growing Internet of Things (IoT) introduces new security challenges for network activity monitoring. Most IoT devices are vulnerable because of a lack of security awareness from device manufacturers and end users. As a consequence, they have become prime targets for malware developers who want to turn them into bots.

Contrary to general-purpose devices, an IoT device is designed to perform very specific tasks. Hence, its networking behavior is very stable and predictable making it well suited for data analysis techniques. Therefore, the first part of this thesis focuses on leveraging recent advances in the field of deep learning to develop network monitoring tools for the IoT.

Two types of network monitoring tools are explored: IoT device type recognition systems and IoT network Intrusion Detection Systems (NIDS). For IoT device type recognition, supervised machine learning algorithms are trained to perform network traffic classification and determine what IoT device the traffic belongs to. The IoT NIDS consists of a set of autoencoders, each trained for a different IoT device type. The autoencoders learn the legitimate networking behavior profile and detect any deviation from it. Experiments using network traffic data produced by a smart home show that the proposed models achieve high performance.

Despite yielding promising results, training and testing machine learning based network monitoring systems requires tremendous amount of IoT network traffic data. But, very few IoT network traffic datasets are publicly available. Physically operating thousands of real IoT devices can be very costly and can rise privacy concerns. In the second part of this thesis, we propose to leverage Generative Adversarial Networks (GAN) to generate bidirectional flows that look like they were produced by a real IoT device. A bidirectional flow consists of the sequence of the sizes of individual packets along with a duration.

Hence, in addition to generating packet-level features which are the sizes of individual packets, our developed generator implicitly learns to comply with flow-level characteristics, such as the total number of packets and bytes in a bidirectional flow or the total duration of the flow. Experimental results using data produced by a smart speaker show that our method allows us to generate high quality and realistic looking synthetic bidirectional flows.