Optimising IDS configurations for IoT Networks Using AI approaches
Saudi Digital Library
The number of internet-connected smart objects, known as the Internet of Things (IoT), has increased significantly in recent years. The low cost of manufacturing has enabled a proliferation of smart devices across many tasks and domains. Such devices, however, are typically resource constrained. This has led to the emergence of Low-Power and Lossy Networks (LLNs) which require efficient communication protocols. The Routing Protocol for Low-Power and Lossy Networks (RPL) has been designed for such a purpose. The RPL is the de-facto standard routing protocol for the IoT. Nevertheless, RPL-enabled networks are susceptible to many attacks as these devices are unattended, resource-constrained, and connected via unreliable networks. Deploying Intrusion Detection Systems (IDSs) in such a large and resource-constrained environment is a challenging task. The resource-constrained nature of many devices and nodes restricts what tasks those nodes can realistically expect to perform. There may be a great many choices as to what detection functionality is allocated and where. There are cost/benefit trade-offs between them and inappropriately favouring one over the another may cause an ineffective IDS deployment. In this research, we investigate the use of a metaheuristic- based optimisation method, namely a Genetic Algorithm (GA), to discover optimal IDS placements and configurations for the Low Power and Lossy Networks (LLNs). To the best of our knowledge, this is the first attempt to optimise IDS configurations for emerging and constrained networks while incorporating a wider set of aspects than currently considered. Our approach seeks to optimise and balance detection performance (either detection rate or F1 score), coverage (nodes are monitored by an appropriate number of probes), feasibility cost (nodes host detection functionality within their capability), and deployment cost (seeking to reduce the number of probes deployed). We propose a framework that makes trades-offs between these functional and non-functional constraints. A genetic algorithm-based optimisation approach is developed to address the IDS optimisation task. However, the fitness function is evaluated in part via a computationally expensive simulation. We show how a neural network can be used as a surrogate fitness function evaluation, providing better results more cheaply. Experimental results show that the proposed function approximation is more computationally efficient. Our approximation-based GA system is 1.6 times faster than the corresponding simulation-based GA system. It also gives better results. Furthermore, when used repeatedly to generate candidate placements and configurations the resource costs per generation reduce drastically. The surrogate model is valuable as it significantly reduces the evaluation time and computation. However, generality is still a limitation. Therefore, we propose a transfer-learning Deep Neural Networks (DNNs) approach, that harnesses the experience of previously trained neural networks, to develop a general proxy model for evaluating IDS configurations of variant newly-presented networks more accurately.
Intrusion Detection System, Optimisation, Genetic Algorithm, Neural Networks, Transfer Learning