Efficient Memory Optimization for IoT Intrusion Detection

ABSTRACT

Intrusion detection is an approach to security that also emerges in the networked environments. Formerly, Intrusion detection began as a technique for detecting masqueraders and misfeasors in standalone systems, but in the few years the focus of intrusion detection has moved to towards networks. Wireless-oriented Intrusion Detection Systems (WIDSs) is a source of events for the analysis on distributed system composed of many hosts and network links. WID Systems are also capable of comparing signatures for similar packets to link and drop harmful detected packets which have a signature matching the records in the WIDS.  The goal of WIDS is to detect attacks that involve the network and may span different hosts. For maximum effectiveness, WIDSs should be able to interoperate with host- based IDSs so that misuse patterns include both network events and  operating system events. So, the main function of an intrusion detection system is to perform string pattern matching. Memory architecture is a main part of  hardware approaches. Through the memory architecture memory pattern is reduced and fast matching is achieved in Network Intrusion Detection System. In this memory architecture, the string patterns are taken as input which is compiled by finite state machine. As a result substrings that match to string patterns are detected. In order to achieve high security as of the networking domain are considered in current scenarios, various methods have been proposed based on the software for pattern matching. But approaches based on software do not provide  adequate  scalability and reconfigurability to today’s level of security provisioning. In order to give enough security in Wireless Intrusion Detection System, this project work moves towards the hardware-based approaches. It provides a high level of security. Hardware based approaches mainly concentrate on memory efficiency in pattern matching. The second phase of this work provides a novel proposed technique, a new algorithm which offers an effectual memory for pattern matching.  Already State traversal pattern matching algorithm affords a substantial drop in the memory used on comparing other conventional algorithms. This new algorithm provides reduction in memory over a new design method that constructs the state traversal

machine having a size of 1280 bytes. The basic ASCII characters number is 128 which were employed as a standard. The memory architecture is designed with the use of Binary Search Tree (BST) structure. Each node needs memory  space  of about 10 bytes. Therefore, it needs very small size of memory space like 128(ASCII character) X10 which is 1280 bytes. In 1280 bytes, the users can be capable of storing huge string patterns size in the pattern database which can retrieve easily from the record by means of state traversal machine over path vector.

The existing processes need a vast sum of memory on comparing conventional bit split algorithm and Aho–Corasick algorithm. The proposed system rates the input strings address and entirely merges the input strings common address and reduces the size of memory by means of consuming bits split algorithms and state traversal machine. The string reduced can be provided to IoT for transferring information through network. The combined input strings addresses are encrypted and decrypted through Enhanced Blowfish algorithm for the purpose of allowing packets that are valid or to discard the ones that were invalid with the use of Wireless Intrusion and Detection Systems (WIDS) for the security purpose. This influential IoT platform could be capable of recognizing the identity in an exact manner at which the information is valuable and how it could be ignored in a safe manner. This information might be employed for the identification of patterns, to make the recommendations, and for the detection of possible strings before their occurrence. A novel system of pattern matching is offered in this work that has effectual computational difficulty and needs a small memory amount so as to keep objects of IoT alongside security lops. The projected system depends on the conventional algorithm of pattern-detection that is usually employed for the application of computer security. It is found that the target data could be skipped devoid of any assessment function more directly than they were in the conventional algorithm for security. The information  that could be skipped is pre-computed in  this projected system as combined FSM. Moreover, the memory usage limit of the conventional algorithm makes it appropriate for resource-constrained smart things. So, to avoid the performance deprivation provided by this restriction, the projected

algorithm reduces the necessary number of additional operations on matching in the course of multi-list algorithm on the operations of character matching. By the variation of pattern numbers taken, the memory reduction is altered and  the proposed novel algorithm offers the value of about 87% and 89% which can be considered as 88% in average.

TABLE NO. TITLE PAGE NO.

1.1 Pattern matching FA scheme 8

2.1 Various existing approches 48

AC state table 52

Memory gain table 71

Properties of pattern sets 88

Snort rules - preprocessing times of pattern-

matching algorithms 98

Clam AV preprocessing times of pattern-matching

algorithms 99

Memory gain table 105

Performance analysis of proposed system 107

Performance analysis of proposed system 109

Snort rules - Preprocessing times of pattern-

matching algorithms 111

Clam AV preprocessing times of pattern-matching

algorithms 112

Performance analysis of encryption time 112

Performance analysis of encryption time 114

FIGURE NO. TITLE PAGE NO.

––––––––

IDS architecture 4

Signature matching scheme 5

Pattern matching scheme 6

FA scheme of pattern matching 7

Suffix tree based pattern matching 11

Suffix tree representation 12

Suffix tree for given text 13

Depiction of suffix tree function 14

Searching process 15

FSM representation 18

State diagram of an AC machine 52

A state traversal pattern matching algorithm 53

The alphabetical order of memory address

generator 56

State traversal machine 58

Merged state traversal machine 58

Transition function of string wxyz 60

Transition function of String pxyq. 61

Merging the similar states 62

String merge using loop back problem 65

Experimental results for memory reduction

algorithm 69

Memory gain graph 72

Performance analysis of proposed encryption time 74

Performance analysis of proposed decryption time 75

Performance analysis of execution time 76

Architecture of intrusion detection systems 80

FIGURE NO. TITLE PAGE NO.

Secured IoT device architecture 84

IoT network consisting of smart physical objects 85

FSM structure 88

Merged FSM and Multi-list 89

Pattern matching algorithm 90

Encryption and decryption using EBA 93

Performance analysis of proposed mechanism in

terms of encryption time 100

Performance analysis of decryption time 101

Memory gain graph 106

Performance analysis of proposed encryption time 108

Performance analysis of proposed decryption time 109

Performance analysis of proposed mechanism in

terms of encryption time 113

Performance analysis of decryption time 114

Performance analysis of decryption time 115

LIST OF SYMBOLS AND ABBREVIATIONS

AC - Aho–Corasick

AGT - Address Generator Tree as binary search tree BST -  Binary Search Tree

CLT - CAM-based Lookup Table

CM - Character Matching

COP - Common Operating Picture

DFA - Deterministic Finite Automata

DMA - Direct Matching Algorithm

EBA - Enhanced Blowfish Algorithm

EDFA - Extended deterministic finite automaton FA - Finite Automata

FPGA - Field Programmable Gate Array architectures FSM -  Finite State Machine

GPPs - General-Purpose Processors

HBFA - Head Body Finite Automaton

HBM - Head Body Matching

HIDS - Host based Intrusion Detection System

HT - Hilbert transform

IDS - Intrusion Detection System

IoT - Internet of Things

IP - Internet Protocol

KMP - Knuth-Morris-Pratt algorithm

LCS - Longest Common Subsequence

LPM - Logo Pattern Matching

LTT - Label Translation Table

MAR - Memory Address Register

MASM - Memory-efficient Architecture for large-scale String

Matching

MFSM - Merged FSM

NFA - Nondeterministic Finite Automaton

NIDS - Network based Intrusion Detection System PM - Prefix Matching

PMCCC - Pattern Matching Algorithm Using Changing Consecutive Characters

QMM - Quasi-Multiple Medium

QWM - Quick search improved WM

SQLIA - SQL Injection Attack

WEMA - Weighted Exact Matching Algorithm

WIDSs - Wireless-oriented Intrusion Detection Systems WSN -  Wireless Sensor Network

CHAPTER 1 INTRODUCTION

INTRODUCTION

The Internet of Things (IoT) has bring extensive of the web usage, by communicating through customer strategy for connecting physical  objects.  In this time, several objects on a daily basis employed will be functioned in smart sensors and resources of computation that were connected to the networks in one or another form. Thetechnology of Wireless