Real-time Threat Detection Strategies for Resource-constrained Devices

• URL: http://arxiv.org/abs/2403.15078v1
• Date: Fri, 22 Mar 2024 10:02:54 GMT
• Title: Real-time Threat Detection Strategies for Resource-constrained Devices
• Authors: Mounia Hamidouche, Biniam Fisseha Demissie, Bilel Cherif,
• Abstract summary: We present an end-to-end process designed to effectively address DNS-tunneling attacks in a router. We demonstrate that utilizing stateless features for training the ML model, along with features chosen to be independent of the network configuration, leads to highly accurate results. The deployment of this carefully crafted model, optimized for embedded devices across diverse environments, resulted in high DNS-tunneling attack detection with minimal latency.
• Score: 1.4815508281465273
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: As more devices connect to the internet, it becomes crucial to address their limitations and basic security needs. While much research focuses on utilizing ML and DL to tackle security challenges, there is often a tendency to overlook the practicality and feasibility of implementing these methods in real-time settings. This oversight stems from the constrained processing power and memory of certain devices (IoT devices), as well as concerns about the generalizability of these approaches. Focusing on the detection of DNS-tunneling attacks in a router as a case study, we present an end-to-end process designed to effectively address these challenges. The process spans from developing a lightweight DNS-tunneling detection model to integrating it into a resource-constrained device for real-time detection. Through our experiments, we demonstrate that utilizing stateless features for training the ML model, along with features chosen to be independent of the network configuration, leads to highly accurate results. The deployment of this carefully crafted model, optimized for embedded devices across diverse environments, resulted in high DNS-tunneling attack detection with minimal latency. With this work, we aim to encourage solutions that strike a balance between theoretical advancements and the practical applicability of ML approaches in the ever-evolving landscape of device security.

Related papers

• Enhancing IoT Malware Detection through Adaptive Model Parallelism and Resource Optimization [0.6856683556201506]
  This study introduces a novel approach to malware detection tailored for IoT devices. Based on resource availability, ongoing workload, and communication costs, the malware detection task is dynamically allocated either on-device or offloaded to neighboring IoT nodes. Experimental results demonstrate that this proposed technique achieves a significant speedup of 9.8 x compared to on-device inference.
  arXiv  Detail & Related papers  (2024-04-12T20:51:25Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Overload: Latency Attacks on Object Detection for Edge Devices [47.9744734181236]
  This paper investigates latency attacks on deep learning applications. Unlike common adversarial attacks for misclassification, the goal of latency attacks is to increase the inference time. We use object detection to demonstrate how such kind of attacks work.
  arXiv  Detail & Related papers  (2023-04-11T17:24:31Z)
• Efficient Attack Detection in IoT Devices using Feature Engineering-Less Machine Learning [0.0]
  This research proposes a way to overcome the barrier by bypassing feature engineering in the deep learning pipeline and using raw packet data as input. We introduce a feature engineering-less machine learning (ML) process to perform malware detection on IoT devices. Our proposed model, "Feature engineering-less-ML (FEL-ML)," is a lighter-weight detection algorithm that expends no extra computations on "engineered" features.
  arXiv  Detail & Related papers  (2023-01-09T17:26:37Z)
• Intrusion Detection in Internet of Things using Convolutional Neural Networks [4.718295605140562]
  We propose a novel solution to the intrusion attacks against IoT devices using CNNs. The data is encoded as the convolutional operations to capture the patterns from the sensors data along time. The experimental results show significant improvement in both true positive rate and false positive rate compared to the baseline using LSTM.
  arXiv  Detail & Related papers  (2022-11-18T07:27:07Z)
• Enable Deep Learning on Mobile Devices: Methods, Systems, and Applications [46.97774949613859]
  Deep neural networks (DNNs) have achieved unprecedented success in the field of artificial intelligence (AI) However, their superior performance comes at the considerable cost of computational complexity. This paper provides an overview of efficient deep learning methods, systems and applications.
  arXiv  Detail & Related papers  (2022-04-25T16:52:48Z)
• Pervasive AI for IoT Applications: Resource-efficient Distributed Artificial Intelligence [45.076180487387575]
  Artificial intelligence (AI) has witnessed a substantial breakthrough in a variety of Internet of Things (IoT) applications and services. This is driven by the easier access to sensory data and the enormous scale of pervasive/ubiquitous devices that generate zettabytes (ZB) of real-time data streams. The confluence of pervasive computing and artificial intelligence, Pervasive AI, expanded the role of ubiquitous IoT systems.
  arXiv  Detail & Related papers  (2021-05-04T23:42:06Z)
• An Efficient One-Class SVM for Anomaly Detection in the Internet of Things [25.78558553080511]
  Insecure Internet of things (IoT) devices pose significant threats to critical infrastructure and the Internet at large. detecting anomalous behavior from these devices remains of critical importance. One-Class Support Vector Machines (OCSVM) are one of the state-of-the-art approaches for novelty detection.
  arXiv  Detail & Related papers  (2021-04-22T15:59:56Z)
• Towards AIOps in Edge Computing Environments [60.27785717687999]
  This paper describes the system design of an AIOps platform which is applicable in heterogeneous, distributed environments. It is feasible to collect metrics with a high frequency and simultaneously run specific anomaly detection algorithms directly on edge devices.
  arXiv  Detail & Related papers  (2021-02-12T09:33:00Z)
• Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
  This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs. Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
  arXiv  Detail & Related papers  (2021-01-28T16:38:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.