On-device context-aware misuse detection framework for heterogeneous IoT edge

Traditional AI techniques for offline misuse network intrusion detection have performed well, assuming that the traffic from the datasets is sufficiently large for generalization, balanced, independently and identically distributed-exhibiting homogeneous behavior with little to no context change. However, the rapidly expanding IoT network is an ensemble of proliferating internet-connected devices catering to the growing need for handling highly distributed, heterogeneous, and time-critical workloads that conform to none of the above assumptions. Moreover, the evolving Botnet-based attack vectors exploit the non-standardized and poorly scrutinized architectural vulnerabilities of such devices-leading to compounding threat intensity, rapidly rendering the network defenseless. Furthermore, the memory, processor, and energy resource constraints of the IoT devices necessitate lightweight device-specific intrusion detection policies for effective and updated rule learning in real-time through the edge infrastructures. However, the existing methods proposed to solve such issues are either centralized, data and resource-intensive, context-unaware, or inefficient for online rule learning with smaller and imbalanced data samples. Thus, this paper addresses such issues through a context-aware expert system-based feature subset framework with minimal processing overhead and a decentralized on-device misuse detection scheme for IoT-called HetIoT-NIDS, capable of efficiently inferring over smaller data samples, tolerant to class imbalance, and deployable on the low-memory and low-power edge of IoT devices. Furthermore, HetIoT-NIDS facilitates threat localization within the deployed device, preventing threat progression and intensity compounding. The experiments and analyses of the propounded algorithms and the resulting training times and model sizes prove that the proposed approach is efficient and adaptable to online and offline misuse intrusion detection, especially on smaller data sample sizes.