Edge-Based Intrusion Detection for IoT devices

As the Internet of Things (IoT) is estimated to grow to 25 billion by 2021, there is a need for an effective and efficient Intrusion Detection System (IDS) for IoT devices. Traditional network-based IDSs are unable to efficiently detect IoT malware and new evolving forms of attacks like file-less attacks. In this article, we present a system level Device-Edge split IDS for IoT devices. Our IDS profiles IoT devices according to their "behavior" using system-level information like running process parameters and their system calls in an autonomous, efficient, and scalable manner and then detects anomalous behavior indicative of intrusions. The modular design of our IDS along with a unique device-edge split architecture allows for effective attack detection with minimal overhead on the IoT devices. We have extensively evaluated our system using a dataset of 3,973 traditional IoT malware samples and 8 types of sophisticated file-less attacks recently observed against IoT devices in our testbed. We report the evaluation results in terms of detection efficiency and computational.