Lightweight Collaborative Inferencing for Real-Time Intrusion Detection in IoT Networks

IF 0.9 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Scalable Computing-Practice and Experience Pub Date : 2022-12-01 DOI:10.1109/SmartWorld-UIC-ATC-ScalCom-DigitalTwin-PriComp-Metaverse56740.2022.00076

Gabriel A. Morales, Jingye Xu, Dakai Zhu, Rocky Slavin

{"title":"Lightweight Collaborative Inferencing for Real-Time Intrusion Detection in IoT Networks","authors":"Gabriel A. Morales, Jingye Xu, Dakai Zhu, Rocky Slavin","doi":"10.1109/SmartWorld-UIC-ATC-ScalCom-DigitalTwin-PriComp-Metaverse56740.2022.00076","DOIUrl":null,"url":null,"abstract":"The security in Internet-of-Things (IoT) networks becomes increasingly important with the growing popularity of IoT devices and their wide applications (e.g., critical infrastructure monitoring). However, traditional intrusion detection systems (IDS) are not suitable for IoT networks due to their large resource requirements. Moreover, IoT networks tend to have multiple access points for IoT devices and thus benefit from a distributed framework to enable collaborative prevention of potential attacks. To this end, we propose a lightweight collaborative distributed network IDS (NIDS) based on widely-utilized machine learning (ML) models, which are trained through a federated learning framework with two known datasets. We evaluate the distributed NIDS using the trained ML models on an IoT network testbed under seven types of attacks in comparison with Snort (a state-of-the-art IDS) and a centralized implementation of our proposed NIDS. An offline benchmark is also designed to measure the system’s performance with regard to resource usage and response time. Our results show that the proposed distributed NIDS outperforms Snort in identifying malicious traffic and achieves a much lower false positive rate compared to the centralized version in real-time for all seven types of network attacks tested.","PeriodicalId":43791,"journal":{"name":"Scalable Computing-Practice and Experience","volume":"20 1","pages":"392-400"},"PeriodicalIF":0.9000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Scalable Computing-Practice and Experience","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SmartWorld-UIC-ATC-ScalCom-DigitalTwin-PriComp-Metaverse56740.2022.00076","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

The security in Internet-of-Things (IoT) networks becomes increasingly important with the growing popularity of IoT devices and their wide applications (e.g., critical infrastructure monitoring). However, traditional intrusion detection systems (IDS) are not suitable for IoT networks due to their large resource requirements. Moreover, IoT networks tend to have multiple access points for IoT devices and thus benefit from a distributed framework to enable collaborative prevention of potential attacks. To this end, we propose a lightweight collaborative distributed network IDS (NIDS) based on widely-utilized machine learning (ML) models, which are trained through a federated learning framework with two known datasets. We evaluate the distributed NIDS using the trained ML models on an IoT network testbed under seven types of attacks in comparison with Snort (a state-of-the-art IDS) and a centralized implementation of our proposed NIDS. An offline benchmark is also designed to measure the system’s performance with regard to resource usage and response time. Our results show that the proposed distributed NIDS outperforms Snort in identifying malicious traffic and achieves a much lower false positive rate compared to the centralized version in real-time for all seven types of network attacks tested.

查看原文本刊更多论文

面向物联网网络实时入侵检测的轻量级协同推理

随着物联网设备的日益普及及其广泛应用(例如，关键基础设施监控)，物联网(IoT)网络中的安全性变得越来越重要。然而，传统的入侵检测系统(IDS)由于需要大量的资源，因此不适合物联网网络。此外，物联网网络倾向于为物联网设备提供多个接入点，从而受益于分布式框架，从而能够协同预防潜在的攻击。为此，我们提出了一种基于广泛使用的机器学习(ML)模型的轻量级协作分布式网络IDS (NIDS)，该模型通过具有两个已知数据集的联邦学习框架进行训练。与Snort(最先进的IDS)和我们提出的NIDS的集中实现相比，我们在物联网网络测试台上使用经过训练的ML模型评估了七种攻击类型下的分布式NIDS。还设计了离线基准测试来衡量系统在资源使用和响应时间方面的性能。我们的结果表明，对于所有七种类型的网络攻击，所提出的分布式NIDS在识别恶意流量方面优于Snort，并且与集中式版本相比，在实时测试中实现了更低的误报率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Scalable Computing-Practice and Experience COMPUTER SCIENCE, SOFTWARE ENGINEERING-

CiteScore

2.00

自引率

0.00%

发文量

期刊介绍： The area of scalable computing has matured and reached a point where new issues and trends require a professional forum. SCPE will provide this avenue by publishing original refereed papers that address the present as well as the future of parallel and distributed computing. The journal will focus on algorithm development, implementation and execution on real-world parallel architectures, and application of parallel and distributed computing to the solution of real-life problems.