Simulation and Performance Analysis of an Anomaly Detection System
Merinen, Antti (2018-07-10)
Simulation and Performance Analysis of an Anomaly Detection System
Merinen, Antti
(10.07.2018)
Tätä artikkelia/julkaisua ei ole tallennettu UTUPubiin. Julkaisun tiedoissa voi kuitenkin olla linkki toisaalle tallennettuun artikkeliin / julkaisuun.
Turun yliopisto
Tiivistelmä
In recent years, Internet-of-Things has established its role among technologies of the modern world. These systems have limitations in key areas like power, computational and memory capacities. This highly impacts the design of tasks and programs that the devices are executing. The nodes and routers inside a network needs to be protected with systems, which prevents possible attacks. In this thesis, an Anomaly Detection System is analyzed to determine its performance against internal attacks in sensor networks. The detection systems methodology is based on neighboring node rating.
The experimental part of the thesis consists of analyzing the Anomaly Detection System’s actions by simulating IPv6 network behavior using Instant Contiki OS. The goal is to determine the False Positive Rate and the Detection Rate of the system. These factors are the most common indicators of performance when it comes to analyzing different detection systems.
System’s functionality was evaluated through simulations with different number of nodes and topologies. Some of the simulations contained a node which executed a Denial of Service attack.
The study shows that the system has an acceptable low False Positive Rate which was approximately 2.8 %. The Detection Rate was too low which was approximately 12.5 %. The analyzed detection system needs improvement in order to achieve higher detection rate.
The experimental part of the thesis consists of analyzing the Anomaly Detection System’s actions by simulating IPv6 network behavior using Instant Contiki OS. The goal is to determine the False Positive Rate and the Detection Rate of the system. These factors are the most common indicators of performance when it comes to analyzing different detection systems.
System’s functionality was evaluated through simulations with different number of nodes and topologies. Some of the simulations contained a node which executed a Denial of Service attack.
The study shows that the system has an acceptable low False Positive Rate which was approximately 2.8 %. The Detection Rate was too low which was approximately 12.5 %. The analyzed detection system needs improvement in order to achieve higher detection rate.