TY - JOUR
T1 - DAD
T2 - a Distributed Anomaly Detection system using ensemble one-class statistical learning in edge networks
AU - Moustafa, Nour
AU - Keshk, Marwa
AU - Choo, Kim-Kwang Raymond
AU - Lynar, Timothy
AU - Camtepe, Seyit
AU - Whitty, Monica
N1 - Funding Information:
Kim-Kwang Raymond Choo received the Ph.D. in Information Security in 2006 from Queensland University of Technology, Australia. He currently holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio (UTSA). He is an IEEE Computer Society Distinguished Visitor (2021 - 2023), and included in Web of Science’s Highly Cited Researcher in the field of Cross-Field - 2020. He is named the Cybersecurity Educator of the Year - APAC (Cybersecurity Excellence Awards are produced in cooperation with the Information Security Community on LinkedIn) in 2016, and in 2015 he and his team won the Digital Forensics Research Challenge organized by Germany’s University of Erlangen-Nuremberg. He is the recipient of the 2019 IEEE Technical Committee on Scalable Computing (TCSC) Award for Excellence in Scalable Computing (Middle Career Researcher), the 2018 UTSA College of Business Col. Jean Piccione and Lt. Col. Philip Piccione Endowed Research Award for Tenured Faculty, the British Computer Society’s 2019 Wilkes Award Runner-up, the 2014 Highly Commended Award by the Australia New Zealand Policing Advisory Agency, the Fulbright Scholarship in 2009, the 2008 Australia Day Achievement Medallion, and the British Computer Society’s Wilkes Award in 2008. He has also received best paper awards from the IEEE Consumer Electronics Magazine for 2020, EURASIP Journal on Wireless Communications and Networking (JWCN) in 2019, IEEE TrustCom 2018, and ESORICS 2015; the Korea Information Processing Society’s Journal of Information Processing Systems (JIPS) Survey Paper Award (Gold) 2019; the IEEE Blockchain 2019 Outstanding Paper Award; and Best Student Paper Awards from Inscrypt 2019 and ACISP 2005. His research has been funded by NASA, National Security Agency, National Science Foundation, CPS Energy, LGS Innovations, MITRE, Texas National Security Network Excellence Fund, Australian Government National Drug Law Enforcement Research Fund, Australian Government Cooperative Research Centre for Data to Decision, auDA Foundation, Government of South Australia, BAE Systems stratsec, Australasian Institute of Judicial Administration Incorporated, Australian Research Council, etc.
Publisher Copyright:
© 2021 Elsevier B.V.
PY - 2021/5
Y1 - 2021/5
N2 - There are various data management and security tools deployed at the cloud for storing and analyzing big data generated by the Internet of Things (IoT) and Industrial IoT (IIoT) systems. There is a recent trend to move such tools to edge networks (closer to the users and the IoT/IIoT systems) to address limitations, especially latency and security issues, in cloud-based solutions. However, protecting edge networks against zero-day attacks is challenging, due to the volume, variety and veracity of data collected from the large numbers of IoT devices in edge networks. In this paper, we propose a Distributed Anomaly Detection (DAD) system to discover zero-day attacks in edge networks. The proposed system uses Gaussian Mixture-based Correntropy, a novel ensemble one-class statistical learning model, which is designed to effectively monitor and recognize zero-day attacks in real-time from edge networks. We also design an IoT-edge-cloud architecture to illustrate the complexity of edge networks and how one can deploy the proposed system at network gateways. The proposed system is evaluated using both NSL-KDD and UNSW-NB15 datasets. The findings reveal that the proposed system achieves better performance, in terms of detection accuracy and processing time, compared with five anomaly detection techniques.
AB - There are various data management and security tools deployed at the cloud for storing and analyzing big data generated by the Internet of Things (IoT) and Industrial IoT (IIoT) systems. There is a recent trend to move such tools to edge networks (closer to the users and the IoT/IIoT systems) to address limitations, especially latency and security issues, in cloud-based solutions. However, protecting edge networks against zero-day attacks is challenging, due to the volume, variety and veracity of data collected from the large numbers of IoT devices in edge networks. In this paper, we propose a Distributed Anomaly Detection (DAD) system to discover zero-day attacks in edge networks. The proposed system uses Gaussian Mixture-based Correntropy, a novel ensemble one-class statistical learning model, which is designed to effectively monitor and recognize zero-day attacks in real-time from edge networks. We also design an IoT-edge-cloud architecture to illustrate the complexity of edge networks and how one can deploy the proposed system at network gateways. The proposed system is evaluated using both NSL-KDD and UNSW-NB15 datasets. The findings reveal that the proposed system achieves better performance, in terms of detection accuracy and processing time, compared with five anomaly detection techniques.
KW - Anomaly detection
KW - Correntropy technique
KW - Edge computing
KW - Edge networks
KW - Gaussian mixture model
KW - One-class learning
UR - http://www.scopus.com/inward/record.url?scp=85099514494&partnerID=8YFLogxK
U2 - 10.1016/j.future.2021.01.011
DO - 10.1016/j.future.2021.01.011
M3 - Article
AN - SCOPUS:85099514494
SN - 0167-739X
VL - 118
SP - 240
EP - 251
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -