FYP Logbook 2 (16/11/2021)
The Internet of Things (IoT) is a term that combines a wide range of applications based on the convergence of smart things and the Internet, creating a link between the physical and virtual worlds. These applications might be anything from a basic smart home gadget to complex industrial equipment. Despite the fact that IoT applications have a wide range of goals, they nonetheless share certain basic qualities. In general, IoT activities are divided into three phases: data collection, transmission, and processing, management, and usage. IoT devices are often connected through wireless networks and are used in an unsupervised manner. An attacker might easily get physical or logical access to these devices in this sort of setting. An attacker with a presumption of malice may certainly have life-threatening implications. A simple IDS need to be use in order to protect the IoT network. IoT network will be connected and handling various IoT device to make sure the IoT device can works properly. If a complicated and complex IDS being added to the IoT network, the IDS will give more workload to the network as it need to handle a lot of things. This will affect the performance of the IoT device and the network server might crash.
Some of the type of IDS that I found were Network Intrusion Detection System, Host-Based Intrusion Detection System, Signature-Based and Anomaly-Based. Network Intrusion Detection System (NIDS) is a monitoring mechanism for incoming network traffic. To capture network traffic and analyse individual packets for malicious content, NIDS link to network hubs or network taps and are frequently installed near data chokepoints that commonly in a demilitarised zone (DMZ) or network border. Because it does not add to the traffic volume, it has no effect on network availability or performance. A Host-Based Intrusion Detection System (HIDS) is a system that keeps an eye on critical operating system files. a host-based agent that detects malicious activity via system calls, application logs, and file system alterations. For example, it examines password log attempts and compares them to known brute force attack patterns to determine whether or not there are efforts at a breach. HIDS can identify assaults that NIDS would miss since they monitor events local to hosts. HIDS may also be used to identify and prevent software integrity breaches such as Trojan horses. Anomaly-Based is a detection approach use machine learning to establish a specified model of trustworthy behaviour, which is then compared against new actions. While this method allows for the identification of previously undiscovered assaults, it is susceptible to false positives, in which previously unknown acceptable behaviour is mistakenly categorised as harmful. Lastly, Signature-based IDS looks for certain patterns in network data, such as byte sequences, or known dangerous instruction sequences used by malware, to identify attacks. The term "signature" comes from anti-virus software, which refers to the patterns that are recognised as signatures. Although signature-based IDS may quickly detect known attacks, new assaults for which no pattern exists are more difficult to detect. Choosing the suitable IDS for IoT is very important in order to give best performance to the IoT network.
IDS also need to be place to a strategic place. IDS placement can be categorized into few terms which are Distributed IDS placement, Centralized IDS placement and Hybrid IDS placement. In Distributed IDS placement, IDS are placed in every physical object of the Lowpower and Lossy Networks (LLN). The IDS deployed in each node must be optimized since these nodes are resource constrained while for Centralized IDS placement the IDS is placed in a centralised component, such as a border router or a dedicated server. All data collected by LLN nodes and transmitted to the Internet, as well as requests from Internet clients, pass via the border router. As a result, an IDS installed in a border router may examine all traffic flowing between the LLN and the Internet. For Hybrid IDS placement, it combines concepts of centralized and distributed placement to take advantage of their strong points and avoid their drawbacks. For the uses of dataset of this project, the common datasets used in the implementation of IoT-IDS are NSL-KDD, the Bot-IoT, the Botnet and the Android malware datasets.