Panop: Mimicry-Resistant ANN-Based Distributed NIDS for IoT Networks

Abstract

Recently, using artificial neural networks (ANNs) for network intrusion detection systems (NIDSs) has drawn much attention from security researchers. The capability of ANNs to learn patterns from numerous data helps detect attacks on networked systems. Moreover, to effectively monitor a newly emerging networked system consisting of distributed subsystems, such as edge, Internet of Things (IoT), and fog, recent studies have proposed an ANN-based distributed NIDS, where multiple ANNs are deployed to local gateways. To meet the incessant demand for high accuracy, ANN-based NIDSs have become complicated and heavy. With local gateways being small and low-end, such ANNs cannot be executed. Some researchers have proposed optimized algorithms to balance detection accuracy and runtime performance to solve this problem. For example, Kitsune empirically proved its efficiency, but a recent study reveals that Kitsune has limitations. In particular, Kitsune fails at identifying host-oriented attacks, which pretend to be benign during packet delivery but incur malicious behavior on destination devices. Panop is a novel ANN-based NIDS for a distributed network system that aims to detect malicious packets, including host-oriented attacks, while remaining sufficiently lightweight to be executed by low-end devices. Thus, the Panop ANN is designed to comprehensively learn network and device behaviors related to packet transactions in an IoT network. According to the experiments, Panop can detect host-oriented and other attacks with reasonably high accuracy with little degradation in runtime performance compared to the state-of-the-art NIDS for distributed network environments.