-
PhD Dissertation Defense - Arvin Hekmati
Thu, Mar 21, 2024 @ 02:30 PM - 04:30 PM
Thomas Lord Department of Computer Science
University Calendar
PhD Dissertation Defense - Arvin Hekmati
Committee: Prof. Bhaskar Krishnamachari (Chair), Prof. Cauligi Raghavendra, and Prof. Aiichiro Nakano
Title: AI-Enabled DDoS Attack Detection in IoT Systems
Abstract:
"In this thesis, we develop AI-enabled mechanisms for detecting Distributed Denial of Service (DDoS) attacks in Internet of Things (IoT) systems. We introduce a novel, tunable DDoS attack model that emulates benign IoT device behavior using a truncated Cauchy distribution. We investigate these futuristic DDoS attacks that use large numbers of IoT devices and camouflage their attack by having each node transmit at a volume typical of benign traffic. We propose innovative correlation-aware, learning-based frameworks that leverage IoT node correlation data for enhanced detection accuracy. We extensively analyze the proposed architectures by evaluating five different neural network models trained on a dataset derived from a 4060-node real-world IoT system. We observe that long short-term memory (LSTM) and a transformer-based model, in conjunction with the architectures that use correlation information of the IoT nodes, provide higher detection performance than the other models and architectures, especially when the attacker camouflages itself by following benign traffic distribution on each IoT node. We evaluated our findings through practical implementation on a Raspberry Pi-based testbed. In order to address the challenge of leveraging massive IoT device arrays for DDoS attacks, we introduce heuristic solutions for selective correlation information sharing among IoT devices. To overcome the challenge of fixed input limitations in conventional machine learning, we propose a model based on the Graph Convolutional Network (GCN) to manage incomplete data in IoT devices caused by network losses. We introduce various IoT device graph topologies, including Network, Peer-to-Peer, and Hybrid topologies with scenarios of both directed and undirected edges. Our simulations reveal that the Hybrid topology, employing correlation-based peer-to-peer undirected edges, achieves the highest detection performance with at most 2% drop in the performance despite a 50% network connection loss, highlighting the proposed GCN-based model's effectiveness in detecting DDoS attacks under lossy network conditions. Finally, we explore the application of Large Language Models (LLMs) for detecting DDoS attacks and explaining the detection rationale, demonstrating the potential of fine-tuning and few-shot prompt engineering methods to achieve high accuracy and provide insightful detection reasoning."Location: Hughes Aircraft Electrical Engineering Center (EEB) - 132
Audiences: Everyone Is Invited
Contact: Ellecia Williams
Event Link: https://usc.zoom.us/j/4677088430