Bachelor and Master Theses

Background

Modern industrial and critical infrastructures increasingly rely on communication networks, distributed sensors, IoT devices, and edge computing platforms. While intrusion detection systems (IDSs) have become an important component of cybersecurity, most existing solutions focus primarily on attack detection and alarm generation. In practice, detecting an attack is only the first step. Operational continuity depends on the ability of the system to respond, mitigate the impact of disruptions, recover services, and maintain acceptable performance.

Recent advances in edge computing enable security functions to be deployed closer to where data are generated. This creates opportunities for faster reaction times and more localized decision-making. However, it also raises new challenges regarding mitigation strategies, recovery mechanisms, and the evaluation of network resilience.

This thesis investigates how intrusion detection capabilities can be integrated with automated mitigation and recovery mechanisms to improve the resilience of industrial IoT and edge-based communication infrastructures.

Problem Description

Many IDS solutions are evaluated primarily using machine learning metrics such as accuracy, precision, recall, and F1-score. While these metrics are important, they provide limited insight into the operational resilience of the system.

After a threat is detected, important questions remain:

1. Which mitigation action should be selected?
2. How quickly can the system react?
3. How can services recover from disruptions?
4. What is the impact on operational continuity?
5. How should resilience be measured?

The gap between intrusion detection and resilience-oriented response remains largely unexplored in industrial IoT environments.

Aim

The aim of this thesis is to investigate how IDS outputs can be transformed into mitigation and recovery actions at the network edge and to evaluate their impact on network resilience.

Research Questions

1. Which intrusion detection solutions are suitable for deployment on edge devices in industrial IoT environments?
2. What mitigation actions can be automatically triggered after intrusion detection events?
3. How can recovery mechanisms improve service continuity after network disruptions?
4. How do different mitigation and recovery strategies affect network resilience metrics?

Methodology

The student will:

1. Select and deploy multiple IDS solutions on an edge computing platform.
2. Create representative attack and disruption scenarios.
3. Design and implement mitigation mechanisms such as traffic filtering, rate limiting, traffic isolation, access control updates.
4. Design recovery mechanisms such as: service restart, path rerouting, gateway failover, configuration rollback.
5. Evaluate the effectiveness of the proposed mechanisms using resilience-oriented metrics.

Evaluation Metrics

The evaluation should consider:

Detection Metrics

• Precision
• Recall
• F1-score
• False Positive Rate

Network Performance Metrics

• Latency
• Throughput
• Packet Loss
• Availability

Resilience Metrics

• Time to Detect (TTD)
• Time to Mitigate (TTM)
• Time to Recover (TTR)
• Service Availability
• Recovery Ratio
• Degradation Depth

Expected Outcomes

The thesis is expected to:

• Compare IDS solutions for edge deployment.
• Develop intrusion-aware mitigation mechanisms.
• Investigate recovery strategies for industrial IoT networks.
• Establish a resilience-oriented evaluation framework.
• Provide recommendations for resilient edge-network architectures.

Knowledge of Linux, networking, cybersecurity, and basic machine learning is beneficial.

Johan Åkerberg

https://www.es.mdu.se/staff/196-Johan_Akerberg 

https://wires.se