Network Intrusion Detection System in a Light Bulb Liam Daly Manocchio Siamak Layeghyy Marius Portmannz School of Information Technology and Electrical Engineering

2025-05-02 0 0 2.9MB 8 页 10玖币
侵权投诉
Network Intrusion Detection System in a Light Bulb
Liam Daly Manocchio, Siamak Layeghy, Marius Portmann
School of Information Technology and Electrical Engineering
University of Queensland
Brisbane, QLD 4072, Australia
liam@riftcs.com, siamak.layeghy@uq.net.au, marius@ieee.org
Abstract—Internet of Things (IoT) devices are progressively
being utilised in a variety of edge applications to monitor and
control home and industry infrastructure. Due to the limited
compute and energy resources, active security protections are
usually minimal in many IoT devices. This has created a critical
security challenge that has attracted researchers’ attention in the
field of network security. Despite a large number of proposed
Network Intrusion Detection Systems (NIDSs), there is limited
research into practical IoT implementations, and to the best of
our knowledge, no edge-based NIDS has been demonstrated to
operate on common low-power chipsets found in the majority
of IoT devices, such as the ESP8266. This research aims to
address this gap by pushing the boundaries on low-power
Machine Learning (ML) based NIDSs. We propose and develop
an efficient and low-power ML-based NIDS, and demonstrate
its applicability for IoT edge applications by running it on a
typical smart light bulb. We also evaluate our system against
other proposed edge-based NIDSs and show that our model has
a higher detection performance, and is significantly faster and
smaller, and therefore more applicable to a wider range of IoT
edge devices.
Index Terms—Network Intrusion Detection System (NIDS),
Machine Learning (ML), Internet of Things (IoT), Edge Com-
puting, ESP32 WROOM
I. INTRODUCTION
Internet of Things (IoT) edge devices are finding increasing
use and prevalence in powerful device ecosystems, ranging
from smart homes to remote sensor networks. There are also
industrial scale IoT systems (IIoT) which have significantly
higher levels of complexity than ordinary IoT Networks. It is
estimated that there are over 14 billion IoT endpoints in 2022
[1]. Because of their widespread usage, and their applications
in commercial industrial infrastructure, they have become the
target of various cyberattacks.
Despite the fact that IoT devices are used to monitor
and control ‘things’ from home security systems, through to
medical monitoring devices and industrial infrastructure, they
often do not have the same level of protection that can be
achieved on servers and workstations. This is to a large extent
due to their limited compute and energy resources, and their
application in a diverse range of networks that make it more
difficult to implement cybersecurity controls.
While there are many documented cases of compromise
of IoT edge devices, including the incredibly damaging Mirai
botnet in 2016 that compromised over 600K edge and embed-
ded devices [2], the average consumer does not have access
to high grade network intrusion detection systems (NIDSs)
Figure 1. A photo of a typical consumer grade ‘Tuya’ compatible smart light
bulb that we use for our NIDS light bulb demonstration2
that could be used to detect and protect against these types
of attacks. An edge-based NIDS can enable a fast reaction
to attacks against IoT devices and networks, without needing
to centrally process data. This decentralised processing also
improves privacy, by allowing data to be kept local, at the
edge of the network.
This security risk has not gone unnoticed in the research
community, and there are works proposing several IoT com-
patible NIDSs, which we discuss in this paper. However, many
of these proposals are theoretical and do not evaluate their
models on actual edge hardware. Some works were also tested
on relatively high-power edge devices, such as Google’s Edge
TPU or Raspberry Pi [3], which are unlikely to be widely
deployed in typical IoT devices and smart home networks. A
number of frameworks exist with the aim of bringing machine
learning to the edge, such as TensorFlow Lite [4]. However,
NIDS models built using these frameworks are often still
inaccessible to low-power microcontrollers [5]. The models
in the literature we surveyed, based on TensorFlow Lite,
have a large memory footprint, leaving little room for other
functionality on typical low-end IoT devices.
To address this gap, this research aims to push the bounds
on what is possible in a low compute power environment, and
to demonstrate that high accuracy network intrusion detection
can be brought to the wider IoT domain. We propose, develop
and evaluate a high performance NIDS capable of running
2This is a picture of a newer model that uses the Tuya WB2L SoC, we
use an earlier version with the ESP8266 microcontroller
arXiv:2210.03254v1 [cs.CR] 6 Oct 2022
Lightbulb during normal traffic After detecting an attack
Figure 2. An example of our light bulb NIDS running on an ESP8266
microcontroller on a modified consumer smart light bulb. Green indicates
normal traffic, whereas red indicates an attack has been detected.
on the lowest power conventional edge microprocessors. We
show that the performance of this NIDS is comparable to the
existing approaches proposed in the literature, while being
significantly faster and more lightweight. To further demon-
strate the applicability of the proposed NIDS at the IoT edge,
we deploy it on a typical smart light bulb, and demonstrate
the world’s first NIDS in a light bulb. A similar smart
light bulb is shown in Figure 1. To do this, we replace the
ESP8266 microcontroller on a consumer smart light bulb, with
a transplant ESP8266 microcontroller featuring our modified
NIDS firmware. Then as a fun way to demonstrate our NIDS
running on the smart bulb, we control the colour of the light
emitted by the bulb, i.e. green during normal operation, and
red when an attack is detected, shown in Figure 2.
The key contribution of this paper is the proposal, imple-
mentation, and evaluation of an extremely lightweight NIDS,
capable of functioning on the lowest-power IoT devices. We
have made the code publicly available here 3. Based on our
experimental evaluation, our system outperforms the state-of-
the-art IoT NIDS proposals on IoT hardware both in terms of
detection accuracy, detection speed and resource requirements.
II. RELATED WORKS
There have been several efforts to develop lightweight and
scalable machine learning systems for use in IoT devices
and networks. There are many previous works that adopt a
signature-based approach for intrusion detection. However,
signature based detection suffers from the limitation that
signatures must be manually updated. Since this paper focuses
on ML-based NIDSs, these works have not been included in
our discussion.
In terms of machine learning based NIDS, these can be
grouped into shallow learning and deep learning. The authors
in [6] and [7] surveyed several approaches to NIDSs in IoT
devices, and found a variety of works that used shallow learn-
ing to great success. For example, [8] evaluated five classifiers
following feature selection, PCA based anomaly detection, a
local deep SVM, a logistic regression and a boosted decision
tree. Across three benchmark datasets, the authors showed
100% accuracy for all approaches other than PCA. There are
also several proposed approaches in the literature that utilise
3Code available at https://rft.io/lightbulb
deep learning models. For instance, [9] uses a multi-layer
perceptron (MLP) model, which is a fully connected dense
artificial neural network, to achieve 99.4% accuracy. There
are also several deep unsupervised approaches, such as [10],
which showed that using an autoencoder, a sufficiently low
reconstruction loss could be achieved for networking data, to
facilitate an IoT compatible anomaly detection system. More
advanced forms of neural networks, such as graph neural
networks, have also been proposed for IoT devices [11], and
these have achieved F1 scores of 0.81 on two IoT benchmark
datasets. However, these systems discussed here that have
achieved 99%+ accuracy were not tested on real IoT hardware.
There has been a limited number of works that have tested
proposed NIDSs on real IoT hardware. The use of Google’s
Edge TPU platform has been explored for use with NIDS
models [3]. Here, the authors compared the performance of
a convolutional neural network (CNN) running on a Google
Edge TPU with that of a Raspberry Pi (Cortex-A53), and
demonstrated fast performance as well as 0.98+ F1 scores.
However, both Edge TPU and Raspberry Pi have significantly
more processing power than the average IoT smart device.
[5] is the most relevant to our work, since it implements a
deep learning based NIDS on several lower power hardware
platforms [5], including ESP32-WROOM-32, ESP8266 and
ATmega328p. The authors used TensorFlow Lite for their
approach, which allowed them to bring a pre-trained neural
network model to various microcontrollers [4]. They were able
to achieve 96.7% detection accuracy on the ESP32-WROOM-
32. However, the proposed model was too large to be deployed
on low-end devices such as ATMega328p. Furthermore, the
authors’ ESP8266 implementation used nearly 100% of the
device’s memory, making it impractical for parallel deploy-
ment to an existing low-end IoT device, where a significant
amount of memory is likely required for the code and data of
the devices’ core functionality.
There exist several solutions, outside of TensorFlow Lite,
that allow machine learning models to be brought to mi-
crocontrollers. Of particular interest here are solutions that
can convert models developed in scikit-learn [12], another
widely used machine learning framework, to microcontroller
compatible code. These tools, which include sklearn-porter,
and EmbML [13], are capable of porting pre-trained scikit-
learn models to microcontrollers. However, unlike Tensorflow
Lite which is primarily focused on deep learning models,
scikit-learn features many shallow learning approaches. To
the best of our knowledge, no previous work has used these
techniques to take pre-trained NIDS models and run them on
IoT hardware.
In summary, although there are many works that demon-
strate high accuracy for IoT NIDSs when tested on benchmark
data, there has been relatively limited experimental research
into the practical implementation and deployment of NIDSs
on IoT edge hardware. The research that has been conducted
to date delivers NIDSs that either require too much processing
power to operate, or would utilise too much of device re-
sources to be applicable as part of a smart device with inbuilt
摘要:

NetworkIntrusionDetectionSysteminaLightBulbLiamDalyManocchio,SiamakLayeghyy,MariusPortmannzSchoolofInformationTechnologyandElectricalEngineeringUniversityofQueenslandBrisbane,QLD4072,Australialiam@riftcs.com,ysiamak.layeghy@uq.net.au,zmarius@ieee.orgAbstract—InternetofThings(IoT)devicesareprogress...

展开>> 收起<<
Network Intrusion Detection System in a Light Bulb Liam Daly Manocchio Siamak Layeghyy Marius Portmannz School of Information Technology and Electrical Engineering.pdf

共8页,预览2页

还剩页未读, 继续阅读

声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!

相关推荐

更多
立即下载
分类:图书资源 价格:10玖币 属性:8 页 大小:2.9MB 格式:PDF 时间:2025-05-02

开通VIP享超值会员特权

  • 多端同步记录
  • 高速下载文档
  • 免费文档工具
  • 分享文档赚钱
  • 每日登录抽奖
  • 优质衍生服务

作者详情

相关内容

更多

热门标签

人际关系 动力学连接体 力的合成 配电装置 高考理综 全宋诗作者索引 公务员考试
/ 8
评分 收藏
分享
立即下载
客服
关注