Network Intrusion Detection System for Industrial IoT based on Edge Computing and Machine Learning

The advancement of Internet of Things (IoT) applications and networks has witnessed tremendous cyber-security threats. Due to this, the network intrusion detection system (NIDS) has emerged as a flexible solution to detect and prevent network attacks in IoT systems. Network attacks have increased exponentially, disrupting the services between the host and the legitimate users exchanging data in the IoT ecosystem. The rise in network attacks on industrial IoT (IIoT) is not exceptional. Meanwhile, most IIoT devices face resource constraints such as computational power, low memory, and low energy storage. Hence, IIoT devices cannot accommodate traditional security applications. Multi-access edge computing (MEC) has emerged as a new paradigm that allows for high computations at the networks' edge, closer to the IoT device, to alleviate the resource constraint problem. In MEC, IoT devices connected to a network can offload their computational tasks to the MEC server. The MEC server provides a technology service platform to execute sophisticated security applications to protect the IoT system. Several IDS methods introduced in the literature are ineffective in real-time applications due to the stochastic nature of the IoT network attacks, the datasets used, and the challenges in evaluating the proposed models. Moreover, the most challenging aspect of machine learning-based (ML-based) NIDS design to secure the IIoT is the continuous need for up-to-date definitions of attack datasets. Cyber-attackers' approaches are in a dynamic state with changing trends and techniques. Hence, conventional signature-based NIDS are unsuitable since they cannot update obsolete detection models. This thesis proposes a distributed ML-based NIDS as a security solution for IoT systems that utilise the MEC to detect and prevent intrusions. To adopt the emerging change in network attack trends and online learning ML techniques, an online incremental support vector data description (OI-SVDD) is used to design a lightweight anomaly detector on the IoT device. An adaptive sequential extreme learning machine (AS-ELM) is also used on the MEC server to perform deep intrusion analysis on the anomalies detected by the OI-SVDD model. The lightweight OI-SVDD was achieved by reducing the dataset using feature selection methods. This research experimented with the principal component analysis and the Pearson correlation feature selection methods. Since the operation of the proposed NIDS system depends on the network connectivity between the IoT devices and the MEC server, the tradeoff between the limited computing capacity and high cloud computing latency is explored. This thesis presents an adaptive security task offloading (ASTO) where the MEC server and IoT can collaborate to provide optimised network connectivity to enhance the high performance of the NIDS. In the proposed system, the security task offloading and synchronisation problem is converted into an equivalent mathematical model, which can be solved by applying Markov transition probability and clock offset estimation using maximum likelihood. Finally, an IoT-MEC testbed was created using the industrial IoT architecture and deployed the OI-SVDD model to different IoT devices, the AS-ELM model on two MEC servers, and a border router connecting them. Extensive experiments performed using public datasets and the self-generated dataset show that the proposed NIDS provides robust security for the IoT network with low latency, high attack detection accuracy, and energy efficiency.