HERMES: Design and Deployment of a Hybrid AI/ML Network Security System on ARM Clusters for Edge Environments
摘要
Edge computing introduces unique security challenges due to limited resources and stringent power constraints, often making traditional network intrusion detection systems (NIDS) impractical. We present HERMES, a hybrid AI/ML NIDS specifically tailored for ARM-based edge clusters. HERMES integrates a lightweight, rule-based filter with a compact deep neural network (DNN) model, both optimized for ARMv8-A inference using TensorFlow Lite and ONNX Runtime. The system is deployed on a two-node Raspberry Pi 5 cluster managed by K3s, a lightweight Kubernetes distribution. We simulated realistic network scenarios using the CIC-IDS2017 and UNSW-NB15 datasets, injecting ARP spoofing, port scans, SSH brute-force, DNS tunneling attacks, and synthetic zero-day variants. Experimental results demonstrate that HERMES outperforms state-of-the-art signature-based and ML-only NIDS, achieving 94.7% accuracy, a 0.926 F1-score, and a ROC AUC of 0.99, with a low false positive rate of 0.9%. The system sustains a 15,000 packets per second (pps) throughput at an average latency of 2.4 ms, while drawing only 4.2 W per node–67% less than typical x86 solutions. We analyze the system’s security robustness, including its adversarial resilience, and discuss the practical trade-offs between accuracy and efficiency. HERMES represents a practical and scalable NIDS solution for resource-constrained edge networks.