DAD: A Distributed Anomaly Detection system using ensemble one-class statistical learning in edge networks
Copyright policy )DAD: A Distributed Anomaly Detection system using ensemble one-class statistical learning in edge networks
Abstract There are various data management and security tools deployed at the cloud for storing and analyzing big data generated by the Internet of Things (IoT) and Industrial IoT (IIoT) systems. There is a recent trend to move such tools to edge networks (closer to the users and the IoT/IIoT systems) to address limitations, especially latency and security issues, in cloud-based solutions. However, protecting edge networks against zero-day attacks is challenging, due to the volume, variety and veracity of data collected from the large numbers of IoT devices in edge networks. In this paper, we propose a Distributed Anomaly Detection (DAD) system to discover zero-day attacks in edge networks. The proposed system uses Gaussian Mixture-based Correntropy, a novel ensemble one-class statistical learning model, which is designed to effectively monitor and recognize zero-day attacks in real-time from edge networks. We also design an IoT-edge-cloud architecture to illustrate the complexity of edge networks and how one can deploy the proposed system at network gateways. The proposed system is evaluated using both NSL-KDD and UNSW-NB15 datasets. The findings reveal that the proposed system achieves better performance, in terms of detection accuracy and processing time, compared with five anomaly detection techniques.
- Commonwealth Scientific and Industrial Research Organisation Australia
- Data61 Australia
- The University of Texas at San Antonio United States
- The University of Texas System United States
- UNSW Sydney Australia
anzsrc-for: 0805 Distributed Computing, anzsrc-for: 4605 Data Management and Data Science, anzsrc-for: 46 Information and Computing Sciences, anzsrc-for: 0803 Computer Software, anzsrc-for: 0806 Information Systems, 004, 4605 Data Management and Data Science, Innovation and Infrastructure, 4606 Distributed Computing and Systems Software, 46 Information and Computing Sciences, Networking and Information Technology R&D (NITRD), anzsrc-for: 4604 Cybersecurity and Privacy, 4604 Cybersecurity and Privacy, anzsrc-for: 4609 Information systems, Generic health relevance, 9 Industry, anzsrc-for: 4606 Distributed Computing and Systems Software
anzsrc-for: 0805 Distributed Computing, anzsrc-for: 4605 Data Management and Data Science, anzsrc-for: 46 Information and Computing Sciences, anzsrc-for: 0803 Computer Software, anzsrc-for: 0806 Information Systems, 004, 4605 Data Management and Data Science, Innovation and Infrastructure, 4606 Distributed Computing and Systems Software, 46 Information and Computing Sciences, Networking and Information Technology R&D (NITRD), anzsrc-for: 4604 Cybersecurity and Privacy, 4604 Cybersecurity and Privacy, anzsrc-for: 4609 Information systems, Generic health relevance, 9 Industry, anzsrc-for: 4606 Distributed Computing and Systems Software
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).42 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Top 1% influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Top 10% impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Top 1%
Citations provided by BIP!Popularity provided by BIP!