• Login
    View Item 
    •   Mak IR Home
    • College of Computing and Information Sciences (CoCIS)
    • School of Computing and Informatics Technology (CIT)
    • School of Computing and Informatics Technology (CIT) Collection
    • View Item
    •   Mak IR Home
    • College of Computing and Information Sciences (CoCIS)
    • School of Computing and Informatics Technology (CIT)
    • School of Computing and Informatics Technology (CIT) Collection
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Deep learning model for the detection of universal plug and play (UPNP) based attacks in UPNP devices

    Thumbnail
    View/Open
    Master's dissertation (2.595Mb)
    Date
    2021-02
    Author
    Ntambi, John
    Metadata
    Show full item record
    Abstract
    The Universal Plug and Play (UPnP) protocol is used by several devices to discover and advertise services to other devices in order to establish connections for data sharing transparently. Its simplicity and zero-configuration requirement have made it popular with many manufacturers who expose it to the WAN to achieve rapid scalability and interconnectivity among devices, this has led to its wide adaption in several applications on the internet over the years. The problem is that UPnP was designed with no security, such as authentication, authorization, or verification. This design flaw raises serious security concerns among users over the confidentiality of data and integrity of communications over UPnP networks. Existing studies have shown that when UPnP is exposed to the WAN, this can result in attacks that are not easily detected by the victim, such as an SSDP reflection DDoS, which may be undetected by the reflecting victim, and NAT injection attacks, which can enable an attacker to remotely expose valuable resources on the LAN to the WAN. Current mitigation and detection studies have mostly focused on UPnP attacks within LAN environments, with suggested solutions that are impractical in WAN environments. Therefore, this study proposes deep learning models based on LSTM and RNN to achieve multi-class classification using a dataset containing current UPnP traffic characteristics captured during an experiment. Although both proposed models achieve an accuracy of more than 98%, the LSTM model outperforms the RNN in multiclass classification and is therefore the ideal model. The study has three key contributions: a labeled network traffic dataset containing current UPnP traffic trends that can be used to solve future classification problems, as well as two deep learning models, LSTM and RNN, used for classification of UPnP attacks and a detailed performance evaluation of both models. Furthermore, the study proposes future research directions.
    URI
    http://hdl.handle.net/10570/9423
    Collections
    • School of Computing and Informatics Technology (CIT) Collection

    DSpace 5.8 copyright © Makerere University 
    Contact Us | Send Feedback
    Theme by 
    Atmire NV
     

     

    Browse

    All of Mak IRCommunities & CollectionsTitlesAuthorsBy AdvisorBy Issue DateSubjectsBy TypeThis CollectionTitlesAuthorsBy AdvisorBy Issue DateSubjectsBy Type

    My Account

    LoginRegister

    Statistics

    Most Popular ItemsStatistics by CountryMost Popular Authors

    DSpace 5.8 copyright © Makerere University 
    Contact Us | Send Feedback
    Theme by 
    Atmire NV