Optimising IDS configurations for IoT Networks Using AI approaches
Date
2023
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Saudi Digital Library
Abstract
The number of internet-connected smart objects, known as the Internet of Things (IoT),
has increased significantly in recent years. The low cost of manufacturing has enabled a
proliferation of smart devices across many tasks and domains. Such devices, however, are
typically resource constrained. This has led to the emergence of Low-Power and Lossy Networks
(LLNs) which require efficient communication protocols. The Routing Protocol for
Low-Power and Lossy Networks (RPL) has been designed for such a purpose. The RPL
is the de-facto standard routing protocol for the IoT. Nevertheless, RPL-enabled networks
are susceptible to many attacks as these devices are unattended, resource-constrained, and
connected via unreliable networks.
Deploying Intrusion Detection Systems (IDSs) in such a large and resource-constrained
environment is a challenging task. The resource-constrained nature of many devices and
nodes restricts what tasks those nodes can realistically expect to perform. There may be
a great many choices as to what detection functionality is allocated and where. There are
cost/benefit trade-offs between them and inappropriately favouring one over the another
may cause an ineffective IDS deployment. In this research, we investigate the use of a metaheuristic-
based optimisation method, namely a Genetic Algorithm (GA), to discover optimal
IDS placements and configurations for the Low Power and Lossy Networks (LLNs). To the
best of our knowledge, this is the first attempt to optimise IDS configurations for emerging
and constrained networks while incorporating a wider set of aspects than currently considered.
Our approach seeks to optimise and balance detection performance (either detection rate or
F1 score), coverage (nodes are monitored by an appropriate number of probes), feasibility
cost (nodes host detection functionality within their capability), and deployment cost (seeking
to reduce the number of probes deployed). We propose a framework that makes trades-offs
between these functional and non-functional constraints.
A genetic algorithm-based optimisation approach is developed to address the IDS optimisation
task. However, the fitness function is evaluated in part via a computationally expensive
simulation. We show how a neural network can be used as a surrogate fitness function evaluation,
providing better results more cheaply. Experimental results show that the proposed
function approximation is more computationally efficient. Our approximation-based GA system
is 1.6 times faster than the corresponding simulation-based GA system. It also gives
better results. Furthermore, when used repeatedly to generate candidate placements and
configurations the resource costs per generation reduce drastically.
The surrogate model is valuable as it significantly reduces the evaluation time and computation.
However, generality is still a limitation. Therefore, we propose a transfer-learning
Deep Neural Networks (DNNs) approach, that harnesses the experience of previously trained
neural networks, to develop a general proxy model for evaluating IDS configurations of variant
newly-presented networks more accurately.
Description
Keywords
Intrusion Detection System, Optimisation, Genetic Algorithm, Neural Networks, Transfer Learning