Domain Adaptation of Deep Learning (D)DoS Attack Detection Models in Resource-Constrained Cyber Physical Systems Environments

Simple item page
aut.embargoNo
aut.thirdpc.containsNo
dc.contributor.advisorSinha, Roopak
dc.contributor.advisorMohaghegh, Mahsa
dc.contributor.advisorLevchenko, Kirill
dc.contributor.authorNgo, Vicky
dc.date.accessioned2023-06-07T03:39:24Z
dc.date.available2023-06-07T03:39:24Z
dc.date.issued2023
dc.description.abstractCyber-Physical systems (CPS) can broadly be defined as the integration of communication, control, and software components into physical processes. When such a system applies to industrial process control, this system is referred to as an industrial control system (ICS), whose purpose is to monitor and control physical industrial processes. Due to the high availability requirements present in Industrial Control Systems (ICS), any cyberattacks that can interrupt its processes are unacceptable. (Distributed) denial-of-service ((D)DoS) attacks are examples of such attacks. With the advancement of cyber-integration and network communication in ICS and CPS, investment is needed to protect systems against (D)DoS. In recent years, there has been research on using machine learning and deep learning algorithms for (D)DoS attacks in ICS, as well as in CPS and IoT. However, existing studies do not sufficiently address the different existing types of (D)DoS attacks while also maintaining low computational overhead in resource-constrained environments. This research investigates the adaptability and flexibility of existing detection algorithms for different attack types in multiple domains, particularly ICS, IoT, and CPS. Our hypothesis is that it is theoretically possible to adapt a detection model to the CPS and IoT domain, and vice versa, based on the datasets it trained on within some constraints. Using a controlled experiment research methodology, we trained each of the three different detection models on three datasets: CICIDS2017, CICIDDoS2019, and the SWaT. The models were then evaluated on a Raspberry PI to measure their computational overhead. We found that a model's capability for domain adaptation is largely dependent on the model's architecture. Particularly, the model's architecture must be sufficiently flexible to extract and learn from relevant features in an unfamiliar detection domain. Additionally, we also identify various impacts that domain adaptation might have on a model, which include detection performance and computational overhead. This inherently affects the model's applicability for deployment into a resource-constrained system in the real world.
dc.identifier.urihttps://hdl.handle.net/10292/16228
dc.language.isoen
dc.publisherAuckland University of Technology
dc.rights.accessrightsOpenAccess
dc.titleDomain Adaptation of Deep Learning (D)DoS Attack Detection Models in Resource-Constrained Cyber Physical Systems Environments
dc.typeThesis
thesis.degree.grantorAuckland University of Technology
thesis.degree.nameMaster of Philosophy
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
Tuwhera_MPhil_Thesis___Domain_Adaptation_of_Deep_Learning__D_DoS_Attack_Detection_Algorithms_for_IoT_in_CPS_Nosignature.pdf
Size:
5.38 MB
Format:
Adobe Portable Document Format
Description:
Thesis
Download
License bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
license.txt
Size:
897 B
Format:
Item-specific license agreed upon to submission
Description:
Download
Collections
Masters Theses