AI classrooms and other Internet-of-Things (IoT) networks have been challenged by vast emerging security threats. The increasing number of connected devices on an IoT network may encounter potential attacks while relaying messages over the public Internet. Security methods in traditional wireless networks are often specific to single architectures and are therefore ineffective in solving security issues that may suffice on hybrid IoT networks. In this paper, we propose a software defined end-edge-cloud network architecture for smart IoT applications. We apply a deep-learning (DL) based intrusion detection system (IDS) to secure this architecture. We implement this system based on the Caffe framework and train several popular convolutional neural networks (CNNs) including LeNet, AlexNet, and ResNet50. We evaluate the performance of this system in terms of accuracy, precision, recall, and F1 score. We then investigate the FPGA-based acceleration technique to reduce the training and runtime of CNNs. We implement the FPGA acceleration based on a Xilinx KU115 board which achieves efficient performance per watt while training and deploying the IDS. For accelerating CNNs on the FPGA, we investigate a Winograd convolution engine in the Xilinx SDAccel development environment which offers automation schemes for accelerating computations. Our preliminary study may provide some insights into the experi- mental support for advancing IoT research and development for securing various smart applications.
Security is one of the major aspects on Internet devices since security measures are only realized after launching a new technology. The physical objects in IoT are more sensitive to security, and contain embedded systems to communicate be- tween machine-to-machine and machine-to-people. IoT poses potential risks to the traditional wireless network devices such as advanced encryption standard (AES) public/private key exchange methods, unprotected transmission control protocol (TCP)/Internet protocol (IP) networks from intrusion through devices, and unprotected pre-shared keys from reverse engi- neering through a micro-controller unit (MCU) debugger. Software defined networking (SDN) offers various benefits to IoT; however, several studies have revealed security holes in SDNs which may result in security threats such as:
- Selfish attacks which generate more flows and consume larger bandwidth
- Flow-table overloading which mount DDoS attacks
- An SDN switch can be compromised and behave like robot
- An SDN network being unable to mitigate and detect advanced persistent threats
- Match-action algorithm failures to reveal matching entries for invoking deep packet inspection
Security risks in software defined networks (SDN) are largely due to lacking of integration of existing security mechanisms and SDN’s inability to provide deep packet inspection. This leads to demands for external mechanisms to introduce packet risk analysis before routing to the next levels of wireless networking. SDN security requires support for authentication and authorization classes of the network administrators at every plane, but the proceeding results may prevent access to flow management policies. This also de- mands constructing novel security mechanisms specific to the SDN protocol. Although SDN security is still at an early stage for integration into IoT, we envision that comprehensive studies will be necessary, which brings forth the motivation of our study on deep-learning based security methods.
A network intrusion detection system analyzes and gathers information on multiple levels of a computer or network and identifies security breaches including “intrusions”, attacks outside the network area and “misuse”, attacks from within the network. A vulnerability assessment is normally conducted to examine the security. Data have been considered the most im- portant aspect to protect in organizations and operations are only carried out once the data are secured. Data are however under constant threats from malicious attacks as hackers and crackers develop new ways to breach organizational networks. SDN offers control knobs for fast reaction to security threats, granular traffic filtering, dynamic security policy deployment, and flexible traffic management. In this paper, we propose a software defined end-edge-cloud network architecture for smart IoT applications. In particular, we apply a deep-learning (DL) based intrusion detection system (IDS) to secure this architecture and conduct a performance evaluation of the IDS system.
A model representation of our deep learning system is illustrated in the figure We consider a semi-supervised deep learning system with multiple hidden layers where each layer computes a non-linear evolution of the previous layer. When a new packet arrives at the switches, the packet headers are extracted from OpenFlow (OF) packets by an SDN controller which forwards them to the deep learning IDS for analysis. The proposed deep learning FPGA framework can also analyze the network performance when packets are classified at the controller to specific ports on a switch and then generate a weight matrix to assist the controller in determining optimal destination routes.
SDN security risks are largely due to its inability to provide deep packet inspection, attacks can occur at either the data plane or the control plane. An optimal solution can also be realized through training the algorithm to monitor multiple vectors on packet_in messages arriving at the controller as a result of flow-misses from unknown sources which will always forward all subsequent packets to the controller for computa- tions. If packets arrive from a classified malicious user, the system may automatically block all subsequent requests and quarantine the host. To avoid false-alarms in the algorithm, our IDS depends on every packet to classify attacks and for evolving the system. Once an attack is classified, IDS may alert the controller.
Our deep learning algorithm intelligently gathers network statistics on all activities between two node pairs; source and destination. Whenever a new device joins the network or sends a flow to the system for the first time, the controller starts building a trust table between nodes on the internal and external network deeply analyzing the activity of nodes on different layers of the network based on a number of parameters such as the frequency of message exchanges and interactions, this will allow us to train a deep learning system with sufficient data to determine the purpose of each packet and assist the controller with efficient, and secure operations as shown in Fig. 1.
In this paper, we propose a software defined end-edge-cloud network architecture for smart IoT applications. We apply a deep-learning (DL) based intrusion detection system (IDS) to secure this architecture by implementing this system based on the Caffe framework and training several popular Convo- lutional Neural Networks (CNNs) including LeNet, AlexNet, and ResNet-50 to examine the performance issues. We also investigate the FPGA-based acceleration technique to reduce the training and runtime of CNNs based on a Xilinx KU115 board and the Xilinx SDAccel development environment. Our preliminary results demonstrate the technical feasibility of the software tool chain and the hardware platform for accelerating secure programmable edge network system for emerging smart applications.
This artitle is a summary of the work published in the IEEE International Symposium on Smart City and Informatization (iSCI 2018) by a group in ITEC-G 2018. It is an extension of project Lion hence the name Lion 4th Generation. Newer concepts blooming from this project have be published in other articles. More details are available at the end of the article.
