Self-adaptive cyber defense for sustainable IoT: A DRL-based IDS optimizing security and energy efficiency

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2025-03-25 DOI:10.1016/j.jnca.2025.104176

Saeid Jamshidi , Ashkan Amirnia , Amin Nikanjam , Kawser Wazed Nafi , Foutse Khomh , Samira Keivanpour

{"title":"Self-adaptive cyber defense for sustainable IoT: A DRL-based IDS optimizing security and energy efficiency","authors":"Saeid Jamshidi , Ashkan Amirnia , Amin Nikanjam , Kawser Wazed Nafi , Foutse Khomh , Samira Keivanpour","doi":"10.1016/j.jnca.2025.104176","DOIUrl":null,"url":null,"abstract":"<div><div>The Internet of Things (IoT) has revolutionized industries by creating a vast, interconnected ecosystem. Still, the rapid deployment of IoT devices has introduced severe security risks, including DDoS, DoS GoldenEye, DoS Hulk attacks, and Port scanning. Traditional Machine Learning (ML)-based Intrusion Detection Systems (IDS) often operate passively, detecting threats without taking action, and are rarely evaluated under real-time attacks. This limits our understanding of their performance within the resource constraints typical of IoT systems—an essential factor for stable, resilient systems. This paper proposes a Security Edge with Deep Reinforcement Learning (SecuEdge-DRL) specifically designed for the IoT edge, aiming to enhance security while maintaining energy efficiency, contributing to sustainable IoT operations. Our IDS integrates DRL with the MAPE-K (Monitor, Analyze, Plan, Execute, Knowledge) control loop, enabling real-time detection and adaptive response without relying on predefined data models. DRL allows continuous learning, while MAPE-K provides structured self-adaptation, ensuring the system remains effective against evolving threats. We also implemented four targeted security policies tailored to a specific attack type to enhance the IDS’s threat mitigation capabilities. Experimental findings indicate that the proposed SecuEdge-DRL achieves an average detection accuracy of 92% across diverse real-world cyber threats (e.g., DoS Hulk, DoS GoldenEyes, DDoS, and Port scanning). Statistical analysis further validates that these security policies enhance IoT systems’ defense without compromising performance, establishing our approach as a resilient, resource-efficient security solution for the IoT ecosystem.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"239 ","pages":"Article 104176"},"PeriodicalIF":7.7000,"publicationDate":"2025-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804525000736","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Things (IoT) has revolutionized industries by creating a vast, interconnected ecosystem. Still, the rapid deployment of IoT devices has introduced severe security risks, including DDoS, DoS GoldenEye, DoS Hulk attacks, and Port scanning. Traditional Machine Learning (ML)-based Intrusion Detection Systems (IDS) often operate passively, detecting threats without taking action, and are rarely evaluated under real-time attacks. This limits our understanding of their performance within the resource constraints typical of IoT systems—an essential factor for stable, resilient systems. This paper proposes a Security Edge with Deep Reinforcement Learning (SecuEdge-DRL) specifically designed for the IoT edge, aiming to enhance security while maintaining energy efficiency, contributing to sustainable IoT operations. Our IDS integrates DRL with the MAPE-K (Monitor, Analyze, Plan, Execute, Knowledge) control loop, enabling real-time detection and adaptive response without relying on predefined data models. DRL allows continuous learning, while MAPE-K provides structured self-adaptation, ensuring the system remains effective against evolving threats. We also implemented four targeted security policies tailored to a specific attack type to enhance the IDS’s threat mitigation capabilities. Experimental findings indicate that the proposed SecuEdge-DRL achieves an average detection accuracy of 92% across diverse real-world cyber threats (e.g., DoS Hulk, DoS GoldenEyes, DDoS, and Port scanning). Statistical analysis further validates that these security policies enhance IoT systems’ defense without compromising performance, establishing our approach as a resilient, resource-efficient security solution for the IoT ecosystem.

查看原文本刊更多论文

可持续物联网的自适应网络防御：基于drl的IDS优化安全和能源效率

物联网（IoT）通过创建一个庞大的互联生态系统，彻底改变了行业。然而，物联网设备的快速部署也带来了严重的安全风险，包括DDoS、DoS GoldenEye、DoS Hulk攻击和端口扫描。传统的基于机器学习（ML）的入侵检测系统（IDS）通常被动运行，检测威胁而不采取行动，并且很少在实时攻击下进行评估。这限制了我们在物联网系统典型资源约束下对其性能的理解，而资源约束是稳定、有弹性系统的重要因素。本文提出了一种专门为物联网边缘设计的具有深度强化学习（SecuEdge-DRL）的安全边缘，旨在提高安全性，同时保持能源效率，为物联网的可持续运营做出贡献。我们的IDS集成了DRL和MAPE-K（监控，分析，计划，执行，知识）控制回路，实现实时检测和自适应响应，而不依赖于预定义的数据模型。DRL允许持续学习，而MAPE-K提供结构化的自适应，确保系统对不断变化的威胁保持有效。我们还实现了针对特定攻击类型定制的四个有针对性的安全策略，以增强IDS的威胁缓解能力。实验结果表明，提出的SecuEdge-DRL在不同的现实世界网络威胁（例如，DoS Hulk, DoS GoldenEyes， DDoS和端口扫描）中实现了92%的平均检测准确率。统计分析进一步验证了这些安全策略在不影响性能的情况下增强了物联网系统的防御，将我们的方法建立为物联网生态系统的弹性，资源高效的安全解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.