Abstract
The ongoing implementation of the Internet of Things (IoT) is sharply increasing the number and variety of small devices on edge networks. Likewise, the attack opportunities for hostile agents also increases, requiring more effort from network administrators and strategies to detect and react to those threats. For a network security system to operate in the context of edge and IoT, it has to comply with processing, storage, and energy requirements alongside traditional requirements for stream and network analysis like accuracy and scalability. Using a previously defined architecture (IDSA-IoT), we address the construction and evaluation of a support mechanism for distributed Network Intrusion Detection Systems based on the MINAS Data Stream Novelty Detection algorithm. We discuss the algorithm steps, how it can be deployed in a distributed environment, the impacts on the accuracy and evaluate performance and scalability using a cluster of constrained devices commonly found in IoT scenarios. The obtained results show a negligible accuracy loss in the distributed version but also a small reduction in the execution time using low profile devices. Although not efficient, the parallel version showed to be viable as the proposed granularity provides equivalent accuracy and viable response times.
The authors would like to thank Brazilian funding agencies FAPESP and CNPq for the financial support.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Available at http://www.facom.ufu.br/~elaine/MINAS.
- 2.
Available at https://github.com/luis-puhl/minas-flink.
- 3.
Available at http://www.takakura.com/Kyoto_data/.
References
Abane, A., Muhlethaler, P., Bouzefrane, S., Battou, A.: Modeling and improving named data networking over IEEE 802.15.4. In: 2019 8th International Conference on Performance Evaluation and Modeling in Wired and Wireless Networks (PEMWN), pp. 1–6 (2019). https://doi.org/10.23919/PEMWN47208.2019.8986906
Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2016)
Cassales, G.W., Senger, H., De Faria, E.R., Bifet, A.: IDSA-IoT: an intrusion detection system architecture for IoT networks. In: 2019 IEEE Symposium on Computers and Communications (ISCC), pp. 1–7, June 2019. https://doi.org/10.1109/ISCC47284.2019.8969609. https://ieeexplore.ieee.org/document/8969609/
da Costa, K.A., Papa, J.P., Lisboa, C.O., Munoz, R., de Albuquerque, V.H.C.: Internet of things: a survey on machine learning-based intrusion detection approaches. Comput. Netw. 151, 147–157 (2019). https://doi.org/10.1016/j.comnet.2019.01.023
Faria, E.R., Gama, J.A., Carvalho, A.C.P.L.F.: Novelty detection algorithm for data streams multi-class problems. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC 2013, pp. 795–800. Association for Computing Machinery, New York (2013). https://doi.org/10.1145/2480362.2480515. https://doi.org/10.1145/2480362.2480515
de Faria, E.R., Gonçaalves, I.R., Gama, J., Carvalho, A.C.P.D.L.F.: Evaluation of multiclass novelty detection algorithms for data streams. IEEE Trans. Knowl. Data Eng. 27(11), 2961–2973 (2015). https://doi.org/10.1109/TKDE.2015.2441713. http://ieeexplore.ieee.org/document/7118190/
de Faria, E.R., de Leon Ferreira Carvalho, A.C.P., Gama, J.: MINAS: multiclass learning algorithm for novelty detection in data streams. Data Min. Knowl. Discov. 30(3), 640–680 (2016). https://doi.org/10.1007/s10618-015-0433-y
HaddadPajouh, H., Dehghantanha, A., Parizi, R.M., Aledhari, M., Karimipour, H.: A survey on internet of things security: requirements, challenges, and solutions. Internet Things 100129 (2019)
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)
Lopez, M.A., Duarte, O.C.M.B., Pujolle, G.: A monitoring and threat detection system using stream processing as a virtual function for big data. In: Anais Estendidos do XXXVII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuódos, pp. 209–216. SBC, Porto Alegre (2019). https://sol.sbc.org.br/index.php/sbrc_estendido/article/view/7789
Mitchell, R., Chen, I.R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. (CSUR) 46(4), 55 (2014)
Sengupta, J., Ruj, S., Bit, S.D.: A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT. J. Netw. Comput. Appl. 149, 102481 (2020)
Shanbhag, R., Shankarmani, R.: Architecture for internet of things to minimize human intervention. In: 2015 International Conference on Advances in Computing, Communications and Informatics, ICACCI 2015, pp. 2348–2353 (2015). https://doi.org/10.1109/ICACCI.2015.7275969
Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. In: Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011, pp. 29–36 (2011). https://doi.org/10.1145/1978672.1978676
Tahsien, S.M., Karimipour, H., Spachos, P.: Machine learning based solutions for security of internet of things (IoT): a survey. J. Netw. Comput. Appl. 161(November 2019) (2020). https://doi.org/10.1016/j.jnca.2020.102630
Viegas, E., Santin, A., Bessani, A., Neves, N.: BigFlow: real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Gener. Comput. Syst. 93, 473–485 (2019)
Zhou, J., Cao, Z., Dong, X., Vasilakos, A.V.: Security and privacy for cloud-based IoT: challenges. IEEE Commun. Mag. 55(1), 26–33 (2017). https://doi.org/10.1109/MCOM.2017.1600363CM
Acknowledgment
This study was financed in part by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - Brasil (CAPES) - Finance Code 001, and Programa Institucional de Internacionalização – CAPES-PrInt UFSCar (Contract 88887.373234/2019-00). Authors also thank Stic AMSUD (project 20-STIC-09), FAPESP (contract numbers 2018/22979-2, and 2015/24461-2) and CNPq (Contract 167345/2018-4) for their support.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Puhl, L., Cassales, G.W., Guardia, H.C., Senger, H. (2021). Distributed Novelty Detection at the Edge for IoT Network Security. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2021. ICCSA 2021. Lecture Notes in Computer Science(), vol 12951. Springer, Cham. https://doi.org/10.1007/978-3-030-86970-0_33
Download citation
DOI: https://doi.org/10.1007/978-3-030-86970-0_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86969-4
Online ISBN: 978-3-030-86970-0
eBook Packages: Computer ScienceComputer Science (R0)