Description
Date depot: 6 décembre 2023
Titre: Applying Federated Learning and Cyber Threat Intelligence to secure IoT Networks
Directrice de thèse:
Lina MROUEH (LISITE)
Encadrant :
Idowu AJAYI (LISITE)
Encadrant :
Saad EL JAOUHARI (LISITE)
Domaine scientifique: Sciences et technologies de l'information et de la communication
Thématique CNRS : Systèmes et réseaux
Resumé: The Internet of Things (IoT) refers to a vast network of interconnected devices that are capable of collecting, exchanging, and analyzing data over the Internet. IoT technology has gained significant attention and adoption in recent years, transforming various industries and aspects of daily life. Its proliferation offers numerous benefits and possibilities such as real-time monitoring, automation, remote control, and optimization of processes and systems. However, IoT threats are a major concern in the field of cybersecurity due to the multiplication of internet-connected devices and their inherent vulnerabilities. Such threats include data breaches, malware attacks, and unauthorized access to sensitive information. IoT devices often lack built-in security features, making them easy targets for hackers. Moreover, the large scale and heterogeneity of the IoT network make it difficult to implement centralized security measures. Attackers can exploit vulnerabilities in IoT devices to gain control over them and use them as bots in a botnet to carry out large-scale attacks. This highlights the importance of having effective intrusion detection systems and machine learning techniques to detect and prevent security threats in IoT networks while preserving data privacy. Thus, it is important to implement proper cybersecurity measures to predict, detect and protect against such threats. One possible solution is to gather enough information from different Cyber Threat Intelligence (CTI) sources to improve the security of existing systems and to predict the next move of hackers, such as lateral movement.
In this context, Federated Learning (FL), which is a machine learning approach that enables the training of models on decentralized data without the need to transfer the data to a centralized server, can be used to serve such a purpose. In this paradigm, each federated system shares its local model parameters with the other systems instead of sharing the whole dataset used to train it. This approach is especially useful in the context of IoT systems, where data is generated at the edge and privacy concerns are paramount (user's health data for instance).
Thus, the objective of this thesis is to use FL to train machine learning models on CTI and IoT data generated at the edge of the IoT network, without exposing sensitive data to third-party entities. This approach enables the creation of more accurate and efficient anomaly detection models, which can identify potential threats in real-time. Moreover, such an approach will be used to share knowledge across different IoT networks, thus improving the overall security posture of the IoT ecosystem. By sharing models and insights, organizations can gain a better understanding of the threat landscape and
develop more effective cybersecurity strategies. To the extent of our knowledge, this is the first work that proposes to use FL on public CTI information, IoT, and known attack datasets for cyberattack detection in collaborative IoT environments.
Doctorant.e: Abubakar Shehu