A Novel Intrusion Detection System Architecture for Internet of Things Networks

The Internet of Things (IoT) is rapidly becoming ubiquitous and applied in different domains such as human health, building automation, industrial control and environmental monitoring, introducing new security and privacy challenges. Thus, the security of data, devices and communications of IoT networks are a concern due to the sensitivity of the data used, legal and privacy issues, and the diversity of devices and protocols used. In addition, traditional security mechanisms cannot always be feasible and adequate because of the number, heterogeneity, and resource limitations of IoT devices. In this work, we are concerned with the design of an Intrusion Detection System (IDS) to protect IoT networks from external and internal threats in real time. To do this, after studying the various traditional IDS solutions, as well as new IDS proposals designed specifically for IoT networks, we conclude that there are still several improvements to be made to this type of 2nd line defense mechanism. The design proposed will consider the specific architecture of an IoT network, the scalability and heterogeneity of this type of environment, the minimization of the use of resources, and the maximization of the efficiency in the detection of intrusions. To do so, we consider the various detection methods available and the various types of attacks to which this type of network is exposed. The proposed IDS is network-based and relies on a hybrid architecture (centralized / distributed). As methods of detection, the signature / anomaly-based methods will be used simultaneously. Finally, it is emphasized that this proposal does not require the modification of the IoT software, nor does it influence the performance of the applications in the IoT devices.