Evaluating machine learning-driven intrusion detection systems in IoT: Performance and energy consumption

IF 6.7 1区工程技术 Q1 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS

Computers & Industrial Engineering Pub Date : 2025-04-15 DOI:10.1016/j.cie.2025.111103

Saeid Jamshidi , Kawser Wazed Nafi , Amin Nikanjam , Foutse Khomh

{"title":"Evaluating machine learning-driven intrusion detection systems in IoT: Performance and energy consumption","authors":"Saeid Jamshidi , Kawser Wazed Nafi , Amin Nikanjam , Foutse Khomh","doi":"10.1016/j.cie.2025.111103","DOIUrl":null,"url":null,"abstract":"<div><div>In the landscape of network security, the integration of Machine Learning (ML)-based Intrusion Detection System (IDS) represents a significant leap forward, especially in the domain of the Internet of Things (IoT) and Software-Defined Networking (SDN). Such ML-based IDS are crucial for improving security infrastructures, and their importance is increasingly pronounced in IoT systems. However, despite the rapid advancement of ML-based IDS, there remains a gap in understanding their impact on critical performance metrics (e.g., CPU load, energy consumption, and CPU usage) in resource-constrained IoT devices. This becomes especially crucial in scenarios involving real-time cyber threats that challenge IoT devices in a public/private network.</div><div>To address this gap, this article presents an empirical study that evaluates the impact of state-of-the-art ML-based IDSs on performance metrics such as CPU usage, energy consumption, and CPU load in the absence and presence of real-time cyber threats, with a specific focus on their deployment at the edge of IoT infrastructures. We also incorporate SDN to evaluate the comparative performance of ML-based IDSs with and without SDN. To do so, we focus on the impact of both SDN’s centralized control and dynamic resource management on the performance metrics of an IoT system. Finally, we analyze our findings using statistical analysis using the Analysis of Variance (ANOVA) analysis. Our findings demonstrate that traditional ML-based IDS, when implemented at the edge gateway with and without SDN architecture, significantly affects performance metrics against cyber threats compared to DL-based ones. Also, we observed substantial increases in energy consumption, CPU usage, and CPU load during real-time cyber threat scenarios at the edge, underscoring the resource-intensive nature of these systems. This research fills the existing knowledge void and delivers essential insights into the operational dynamics of ML-based IDS at edge gateway in IoT systems.</div></div>","PeriodicalId":55220,"journal":{"name":"Computers & Industrial Engineering","volume":"204 ","pages":"Article 111103"},"PeriodicalIF":6.7000,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Industrial Engineering","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0360835225002499","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

In the landscape of network security, the integration of Machine Learning (ML)-based Intrusion Detection System (IDS) represents a significant leap forward, especially in the domain of the Internet of Things (IoT) and Software-Defined Networking (SDN). Such ML-based IDS are crucial for improving security infrastructures, and their importance is increasingly pronounced in IoT systems. However, despite the rapid advancement of ML-based IDS, there remains a gap in understanding their impact on critical performance metrics (e.g., CPU load, energy consumption, and CPU usage) in resource-constrained IoT devices. This becomes especially crucial in scenarios involving real-time cyber threats that challenge IoT devices in a public/private network.

To address this gap, this article presents an empirical study that evaluates the impact of state-of-the-art ML-based IDSs on performance metrics such as CPU usage, energy consumption, and CPU load in the absence and presence of real-time cyber threats, with a specific focus on their deployment at the edge of IoT infrastructures. We also incorporate SDN to evaluate the comparative performance of ML-based IDSs with and without SDN. To do so, we focus on the impact of both SDN’s centralized control and dynamic resource management on the performance metrics of an IoT system. Finally, we analyze our findings using statistical analysis using the Analysis of Variance (ANOVA) analysis. Our findings demonstrate that traditional ML-based IDS, when implemented at the edge gateway with and without SDN architecture, significantly affects performance metrics against cyber threats compared to DL-based ones. Also, we observed substantial increases in energy consumption, CPU usage, and CPU load during real-time cyber threat scenarios at the edge, underscoring the resource-intensive nature of these systems. This research fills the existing knowledge void and delivers essential insights into the operational dynamics of ML-based IDS at edge gateway in IoT systems.

查看原文本刊更多论文

评估物联网中机器学习驱动的入侵检测系统：性能和能耗

在网络安全领域，基于机器学习（ML）的入侵检测系统（IDS）的集成代表了一个重大的飞跃，特别是在物联网（IoT）和软件定义网络（SDN）领域。这种基于机器学习的入侵检测对于改善安全基础设施至关重要，它们在物联网系统中的重要性越来越明显。然而，尽管基于机器学习的IDS发展迅速，但在理解它们对资源受限物联网设备中关键性能指标（例如CPU负载、能耗和CPU使用率）的影响方面仍存在差距。这在涉及实时网络威胁的场景中尤其重要，这些威胁挑战了公共/专用网络中的物联网设备。为了解决这一差距，本文提出了一项实证研究，评估了在没有和存在实时网络威胁的情况下，最先进的基于ml的ids对CPU使用率、能耗和CPU负载等性能指标的影响，并特别关注了它们在物联网基础设施边缘的部署。我们还结合SDN来评估有SDN和没有SDN的基于ml的ids的比较性能。为此，我们将重点关注SDN的集中控制和动态资源管理对物联网系统性能指标的影响。最后，我们使用方差分析（ANOVA）分析的统计分析来分析我们的发现。我们的研究结果表明，与基于dl的IDS相比，传统的基于ml的IDS在有或没有SDN架构的边缘网关上实施时，会显著影响针对网络威胁的性能指标。此外，我们还观察到，在边缘实时网络威胁场景中，能耗、CPU使用率和CPU负载大幅增加，这突显了这些系统的资源密集型性质。这项研究填补了现有的知识空白，并为物联网系统边缘网关中基于ml的IDS的操作动态提供了重要见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Industrial Engineering 工程技术-工程：工业

CiteScore

12.70

自引率

12.70%

发文量

794

审稿时长

10.6 months

期刊介绍： Computers & Industrial Engineering (CAIE) is dedicated to researchers, educators, and practitioners in industrial engineering and related fields. Pioneering the integration of computers in research, education, and practice, industrial engineering has evolved to make computers and electronic communication integral to its domain. CAIE publishes original contributions focusing on the development of novel computerized methodologies to address industrial engineering problems. It also highlights the applications of these methodologies to issues within the broader industrial engineering and associated communities. The journal actively encourages submissions that push the boundaries of fundamental theories and concepts in industrial engineering techniques.