Edge Intrusion Detection Systems

Problem

Edge and IoT devices face increasing security threats, but deploying intrusion detection on resource-constrained hardware requires careful balancing of detection accuracy against computational cost. Existing research often overlooks real-world deployment constraints — latency, CPU, memory, and energy budgets on devices like the Raspberry Pi.

Approach

This project develops a budget-aware gateway IDS that combines signature-based detection (Snort) with lightweight ML models in a selective escalation architecture:

• Hybrid Detection: Snort handles known signatures with low overhead; ML models are selectively invoked only when the expected detection gain justifies the resource cost.
• Budget-Aware Escalation: A decision policy determines when additional ML analysis is worth its latency, CPU, memory, and energy cost.
• Real-World Deployment: All experiments run on Raspberry Pi 5 hardware with external USB power measurement for accurate energy profiling.

Evaluation

Tested against CIC-IDS2017, CIC-IDS2018, and CICIoT2023 datasets with four baseline comparisons: Snort-only, ML-only, always-on hybrid, and budget-aware hybrid. Metrics include detection rate, false positive rate, latency, CPU/memory utilization, and power consumption.