• Artificial Neural Networks-Based Intrusion Detection System for Internet of Things Fog Nodes

      Pacheco, Jesus; Benitez, Victor H.; Félix-Herrán, Luis C.; Satam, Pratik; Univ Arizona, Dept Elect & Comp Engn (IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2020-04-15)
      The Internet of Things (IoT) represents a mean to share resources (memory, storage computational power, data, etc.) between computers and mobile devices, as well as buildings, wearable devices, electrical grids, and automobiles, just to name few. The IoT is leading to the development of advanced information services that will require large storage and computational power, as well as real-time processing capabilities. The integration of IoT with emerging technologies such as Fog Computing can complement these requirements with pervasive and cost-effective services capable of processing large-scale geo-distributed information. In any IoT application, communication availability is essential to deliver accurate and useful information, for instance, to take actions during dangerous situations, or to manage critical infrastructures. IoT components like gateways, also called Fog Nodes, face outstanding security challenges as the attack surface grows with the number of connected devices requesting communication services. These Fog nodes can be targeted by an attacker, preventing the nodes from delivering important information to the final users or to perform accurate automated actions. This paper introduces an Anomaly Behavior Analysis Methodology based on Artificial Neural Networks, to implement an adaptive Intrusion Detection System (IDS) capable of detecting when a Fog node has been compromised, and then take the required actions to ensure communication availability. The experimental results reveal that the proposed approach has the capability for characterizing the normal behavior of Fog Nodes despite its complexity due to the adaptive scheme, and also has the capability of detecting anomalies due to any kind of sources such as misuses, cyber-attacks or system glitches, with high detection rate and low false alarms.