The growing proliferation of Internet of Things (IoT) and edge devices has increased the demand for lightweight and adaptive intrusion detection systems capable of operating in resource-constrained environments. In this paper, we present a testbed called Edge-IDS, which is built on five Raspberry Pi devices interconnected via a central switch. Two Raspberry Pis are configured as attackers (scanner and flooder), two generate benign client–server traffic, and one device functions as the central orchestrator and IDS. A Fuzzy-based Intrusion Detection System (FIDS) is implemented on the orchestrator, using three traffic-derived parameters: Packet Rate (PR), Failed-Connection Ratio (FCR), and Destination-Port Entropy (DPE) to compute an Attack Possibility Level (APL). Before deployment on the testbed, the system was evaluated through simulations, and the results demonstrate that the fuzzy approach can effectively differentiate between benign and malicious traffic patterns. For example, when the packet rate is overloaded (PR = 0.9), with unstable connections (FCR = 0.9) and higher entropy or DPE is more than 0.5, the system outputs an APL value that is more than 0.7, showing that the system identifies high-rate, unstable, and widely distributed traffic as malicious. \(\ldots \)

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Edge-IDS: A Fuzzy-Based Simulation System and Design of a Testbed for Detecting Cyber Attacks

  • Phudit Ampririt,
  • Paboth Kraikritayakul,
  • Yi Liu,
  • Makoto Ikeda,
  • Keita Matsuo,
  • Leonard Barolli

摘要

The growing proliferation of Internet of Things (IoT) and edge devices has increased the demand for lightweight and adaptive intrusion detection systems capable of operating in resource-constrained environments. In this paper, we present a testbed called Edge-IDS, which is built on five Raspberry Pi devices interconnected via a central switch. Two Raspberry Pis are configured as attackers (scanner and flooder), two generate benign client–server traffic, and one device functions as the central orchestrator and IDS. A Fuzzy-based Intrusion Detection System (FIDS) is implemented on the orchestrator, using three traffic-derived parameters: Packet Rate (PR), Failed-Connection Ratio (FCR), and Destination-Port Entropy (DPE) to compute an Attack Possibility Level (APL). Before deployment on the testbed, the system was evaluated through simulations, and the results demonstrate that the fuzzy approach can effectively differentiate between benign and malicious traffic patterns. For example, when the packet rate is overloaded (PR = 0.9), with unstable connections (FCR = 0.9) and higher entropy or DPE is more than 0.5, the system outputs an APL value that is more than 0.7, showing that the system identifies high-rate, unstable, and widely distributed traffic as malicious. \(\ldots \)