Scheduling to the Rescue; Improving ML-Based Intrusion Detection for IoT

Abstract

With their inherent convenience factor, Internet of Things (IoT) devices have exploded in numbers during the last decade, but at the cost of security. Machine learning (ML) based intrusion detection systems (IDS) are increasingly proving necessary tools for attack detection, but requirements such as extensive data collection and model training make these systems computationally heavy for resource-limited IoT hardware. This paper's main contribution to the cyber security research field is a demonstration of how a dynamic user-level scheduler can improve the performance of IDS suited for lightweight and data-driven ML algorithms towards IoT. The dynamic user-level scheduler allows for more advanced computations, not intended to be executed on resource-limited IoT units, by enabling parallel model retraining locally on the IoT device without halting the IDS. It eliminates the need for any cloud resources as computations are kept locally at the edge. The experiments showed that the dynamic user-level scheduler provides several advantages compared to a previously developed baseline system. Mainly by substantially increasing the system's throughput, which reduces the time until attacks are detected, as well as dynamically allocating resources based on attack suspicion.