DAD: A Distributed Anomaly Detection system using ensemble one-class statistical learning in edge networks

摘要

There are various data management and security tools deployed at the cloud for storing and analyzing big data generated by the Internet of Things (IoT) and Industrial IoT (IIoT) systems. There is a recent trend to move such tools to edge networks (closer to the users and the IoT/IIoT systems) to address limitations, especially latency and security issues, in cloud-based solutions. However, protecting edge networks against zero-day attacks is challenging, due to the volume, variety and veracity of data collected from the large numbers of IoT devices in edge networks. In this paper, we propose a Distributed Anomaly Detection (DAD) system to discover zero-day attacks in edge networks. The proposed system uses Gaussian Mixture-based Correntropy, a novel ensemble one-class statistical learning model, which is designed to effectively monitor and recognize zero-day attacks in real-time from edge networks. We also design an IoT-edge-doud architecture to illustrate the complexity of edge networks and how one can deploy the proposed system at network gateways. The proposed system is evaluated using both NSL-KDD and UNSW-NB15 datasets. The findings reveal that the proposed system achieves better performance, in terms of detection accuracy and processing time, compared with five anomaly detection techniques.