On-device context-aware misuse detection framework for heterogeneous IoT edge

Nitish, A. and Hanumanthappa, J. and Prakash, Shiva S. P. and Krinkin, Kirill (2023) On-device context-aware misuse detection framework for heterogeneous IoT edge. Applied Intelligence, 53 (12). pp. 14792-14818. ISSN 1573-7497

[img] Text (Full Text)
On-device context-aware.pdf - Published Version

Download (5MB)
Official URL: https://doi.org/10.1007/s10489-022-04039-5

Abstract

Traditional AI techniques for offline misuse network intrusion detection have performed well, assuming that the traffic from the datasets is sufficiently large for generalization, balanced, independently and identically distributed-exhibiting homogeneous behavior with little to no context change. However, the rapidly expanding IoT network is an ensemble of proliferating internet-connected devices catering to the growing need for handling highly distributed, heterogeneous, and time-critical workloads that conform to none of the above assumptions. Moreover, the evolving Botnet-based attack vectors exploit the non-standardized and poorly scrutinized architectural vulnerabilities of such devices-leading to compounding threat intensity, rapidly rendering the network defenseless. Furthermore, the memory, processor, and energy resource constraints of the IoT devices necessitate lightweight device-specific intrusion detection policies for effective and updated rule learning in real-time through the edge infrastructures. However, the existing methods proposed to solve such issues are either centralized, data and resource-intensive, context-unaware, or inefficient for online rule learning with smaller and imbalanced data samples. Thus, this paper addresses such issues through a context-aware expert system-based feature subset framework with minimal processing overhead and a decentralized on-device misuse detection scheme for IoT-called HetIoT-NIDS, capable of efficiently inferring over smaller data samples, tolerant to class imbalance, and deployable on the low-memory and low-power edge of IoT devices. Furthermore, HetIoT-NIDS facilitates threat localization within the deployed device, preventing threat progression and intensity compounding. The experiments and analyses of the propounded algorithms and the resulting training times and model sizes prove that the proposed approach is efficient and adaptable to online and offline misuse intrusion detection, especially on smaller data sample sizes.

Item Type: Article
Uncontrolled Keywords: Botnet-based attacks; Context-awareness; Expert knowledge correlation; Heterogeneous IoT edge; On-device misuse intrusion detection; Root cause analysis; Threat intensity compounding; Threat localization
Subjects: D Physical Science > Computer Science
Divisions: Department of > Computer Science
Depositing User: C Swapna Library Assistant
Date Deposited: 06 Sep 2023 06:41
Last Modified: 06 Sep 2023 06:41
URI: http://eprints.uni-mysore.ac.in/id/eprint/17734

Actions (login required)

View Item View Item