Análise de uma implementação distribuída do algoritmo de detecção de novidade em fluxos de Dados MINAS para detecção de intrusão em um ambiente de névoa

Abstract

The ongoing implementation of the Internet of Things (IoT) is sharply increasing the number and variety of small devices on edge networks. Likewise, the attack opportunities for hostile agents also grows, requiring more effort from network administrators and strategies to detect and react to those threats. For a network security system to operate in the context of fog and IoT, it has to comply with processing, storage, and energy requirements alongside traditional requirements for stream and network analysis like accuracy and scalability. Using a previously defined architecture (IDSA-IoT), we address the construction and evaluation of a support mechanism for distributed Network Intrusion Detection Systems (NIDS) based on the MINAS Data Stream Novelty Detection algorithm. We discuss the algorithm steps, how it can be deployed in a distributed environment, the impacts on the accuracy, and evaluate performance and scalability using a cluster of constrained devices commonly found in IoT scenarios. The obtained results show equivalent metrics in the distributed version but also a reduction in the execution time using low-profile devices. Although not efficient, the parallel version showed to be viable as the proposed granularity provides equivalent accuracy and the same response times.