A Dual Approach to Intrusion Detection in Edge Environments: Offline and Online Perspectives
摘要
The rapid growth of Internet of Things (IoT) devices and the incorporation of Edge Computing (EC) has revolutionized several industries and facilitated the formation of smart environments. Nevertheless, this transformation has introduced novel security and privacy challenges. As data processing shifts to the network’s edge, understanding these issues within the EC architecture is critical. Intrusion Detection Systems (IDSs) always play an essential role in monitoring and identifying potential security threats in network traffic. Conventional-based IDSs, however, have boundaries such as demanding prior information of attack signatures and demonstrating low processing capabilities in identifying attacks, especially in distributed EC-based networks. Furthermore, IDSs face various issues related to accuracy, low detection rates, high false positive rates (FPR), and the selection of optimal subsets of network traffic features. To address these limitations, this study proposed a lightweight IDS model to safeguard edge-computing networks from malicious attacks. The proposed approach amalgamates handcrafted and statistical feature methods (HSF) to retrieve new network traffic features, aiming to enhance the overall performance of the IDS model. For the evaluation of the proposed model, the experiment was conducted with the CIC-IDS-2017, UNSW-NB15, and IoTID20 datasets. The experimental results of the ML-based model demonstrated high accuracy and a low FPR, providing strong evidence of the model’s superior performance compared to existing studies. Additionally, Real-time IDS is designed for online edge-device deployment and supports real-time traffic analysis with low memory (299.64 MB) and CPU usage (9.64%).