DETONAR-Light: An IoT Network Intrusion Detection Using DETONAR without a Sniffer Network

Abstract

The Internet of Things is expanding and since IoT devices and IoT networks are used in many crucial areas in modern societies, ranging from security and military applications to healthcare monitoring and production efficiency, the need to secure these devices is of great importance. Intrusion detection systems (IDS) play a significant role in securing IoT networks as their goal is to detect intruders that have gained access to one or several IoT nodes. While most IDS have been designed to detect a specific or at most a few attacks, the DETONAR framework detects multiple attacks. However, it is run on a designated sniffer network which adds additional cost in terms of hardware and maintenance. In this paper, we propose DETONAR-Light, adapting DETONAR to run using data collected at a border router rather than on sniffer logs. Our experiments show that this is possible almost without any decrease of detection and attack classification rate for many attacks.