Yaguan Qian,Yankai Guo,Qiqi Shao,Jiamin Wang,Bin Wang,Zhaoquan Gu,Xiang Ling,Chunming Wu

DOI: https://doi.org/10.1145/3517806

2021-01-01

Abstract:Edge intelligence has played an important role in constructing smart cities, but the vulnerability of edge nodes to adversarial attacks becomes an urgent problem. A so-called adversarial example can fool a deep learning model on an edge node for misclassification. Due to the transferability property of adversarial examples, an adversary can easily fool a black-box model by a local substitute model. Edge nodes in general have limited resources, which cannot afford a complicated defense mechanism like that on a cloud data center. To address the challenge, we propose a dynamic defense mechanism, namely EI-MTD. The mechanism first obtains robust member models of small size through differential knowledge distillation from a complicated teacher model on a cloud data center. Then, a dynamic scheduling policy, which builds on a Bayesian Stackelberg game, is applied to the choice of a target model for service. This dynamic defense mechanism can prohibit the adversary from selecting an optimal substitute model for black-box attacks. We also conduct extensive experiments to evaluate the proposed mechanism, and results show that EI-MTD could protect edge intelligence effectively against adversarial attacks in black-box settings.

Ji-Ming Chen,Shi Chen,Xiang Wang,Lin,Li Wang

DOI: https://doi.org/10.1155/2021/2729949

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:With the rapid development of Internet of Things technology, a large amount of user information needs to be uploaded to the cloud server for computing and storage. Side-channel attacks steal the private information of other virtual machines by coresident virtual machines to bring huge security threats to edge computing. Virtual machine migration technology is currently the main way to defend against side-channel attacks. VM migration can effectively prevent attackers from realizing coresident virtual machines, thereby ensuring data security and privacy protection of edge computing based on the Internet of Things. This paper considers the relevance between application services and proposes a VM migration strategy based on service correlation. This strategy defines service relevance factors to quantify the degree of service relevance, build VM migration groups through service relevance factors, and effectively reduce communication overhead between servers during migration, design and implement the VM memory migration based on the post-copy method, effectively reduce the occurrence of page fault interruption, and improve the efficiency of VM migration.

Chenghao Rong,Jessie Hui Wang,Jilong Wang,Yipeng Zhou,Jun Zhang

DOI: https://doi.org/10.1109/tmc.2023.3246539

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:In order to schedule resources efficiently or maintain applications' continuity for mobile customers, edge platforms often need to adaptively migrate the applications on them. However, our measurement shows that existing migration solutions cannot solve the issue of migrating video analytics applications in edge computing because the memory states of video analytics applications have different characteristics from other applications. We conduct a breakdown analysis of the memory states of video analytics applications, and propose to treat three types of states separately with three different techniques, i.e. , warm-up, sync, and replay, to minimize the negative influence of migrations on application performance. Based on this idea, we implement a prototype system in which two new components, i.e. , state store and sidecar , are designed to achieve near-transparent live migration with minimal application code modifications. Evaluation experiments demonstrate that the time of application interruption caused by migrating a video analytics application with our solution is less than 405ms, and our solution does not consume much resources.

Xiaoheng Deng,Xinjun Pei,Shengwei Tian,Lan Zhang

DOI: https://doi.org/10.1109/tii.2022.3216818

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:The advent of 5G brought new opportunities to leapfrog beyond current industrial Internet of Things (IoT). However, the ever growing IoT has also attracted adversaries to develop new malware attacks against various IoT applications. Although deep learning-based methods are expected to combat the sophisticated malwares by exploring the latent attack patterns, such detection can be hardly supported by battery-powered end devices, like Andriod-based smartphones. Edge computing enables near-real-time analysis of IoT data by migrating AI-enabled computation-intensive tasks from resource-constrained IoT devices to nearby edge servers, However, due to varying channel conditions and the demanding latency requirements of malware detection, it is challenging to coordinate the computing task offloading among multiple users. By leveraging the computation capacity and the proximity benefits of edge computing, we propose a hierarchical security framework for IoT malware detection. Considering the complexity of AI-enabled malware detection task, we provide a delay-aware computational offloading strategy with minimum delay. Specifically, we construct a coordinated representation learning model, named by Two Stream Attention-Caps (TSA-Caps) to capture the latent behavioral patterns of evolving malware attacks. Experimental results show that our system consistently outperforms the state-of-the-art systems in detection performance on four benchmark datasets.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Xiaoheng Deng,Bin Chen,Xuechen Chen,Xinjun Pei,Shaohua Wan,Sotirios K. Goudos

DOI: https://doi.org/10.1109/tii.2023.3245681

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:The Internet of Things (IoT) mainly consists of a large number of Internet-connected devices. The proliferation of untrusted third-party IoT applications has led to an increase in IoT-based malware attacks. In addition, it is infeasible for the IoT devices to support the sophisticated detection systems due to the restricted resources. Edge computing is considered to be promising. It provides solutions to the data security and privacy leakage brought by untrusted third-party IoT applications. In this article, an intelligent trusted and secure edge computing (ITEC) system is proposed for IoT malware detection. In this system, a signature-based preidentification mechanism is built for matching and identifying the malicious behaviors of untrusted third-party IoT applications. A delay strategy is then embedded into the risk detection engine in order to “buy time” for threat analysis and rate-limit the impact of suspicious third-party IoT applications in the system. We conduct extensive experiments to verify the effectiveness of the ITEC system and show that we can achieve accuracies of up to 98.52%.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Danni Yuan,Kaoru Ota,Mianxiong Dong,Xiaoyan Zhu,Tao Wu,Linjie Zhang,Jianfeng Ma

DOI: https://doi.org/10.1109/icc40277.2020.9148632

2020-01-01

Abstract:Smart home is an indispensable part of Internet of Things(IoT) owing to the prompt development and application of smart devices. However, the data collected from smart homes usually need to be processed by a cloud server, which means there is a risk of leaking the privacy of users during the transmission. In this situation, edge computing is considered to be an ideal platform for smart home, which enable data to be processed at edge nodes. Unfortunately, because of unsecured Wi-Fi connection and smart devices, edge nodes also have the possibility to encounter malicious attacks. Hence, in this paper, we designed an intrusion detection system (IDS) to be deployed on edge nodes. We convert network traffic to images which are applied to train a convolutional neural network (CNN) to classify the categories of network traffic. Furthermore, Auxiliary Classifier Generative Adversarial Network (AC-GAN) is adopted to generate synthesized samples to expand the intrusion detection dataset. We experiment on the UNSW-NB15 dataset which contains substantial network traffic about the normal and anomalies. The proposed scheme is effective to minor categories of which precision could be improved 12%. Besides, the precision can reach 96% in binary classification about normal and anomaly.

Congqi Shen,Geyang Xiao,Shaofeng Yao,Boyang Zhou,Zhongxia Pan,Hong Zhang

DOI: https://doi.org/10.1109/spac53836.2021.9539933

2021-01-01

Abstract:Current Industrial Internet faces serious threats where attackers propagate malicious flows, resulting in communication failures in the Industrial Internet. In this work, we propose a practical and novel method to detect malicious traffic attack in real time with high accuracy. Our primary idea is to capture network flow, extract adequate network flow features, construct a long short-term memory (LSTM) based deep learning model, and identify the property of the corresponding network flow. Whether the network suffers attack or not is then determined according to the detection results. The corresponding prototype is also implemented in the Industrial Internet which is equipped with Software Defined Networking (SDN). Experimental results validate that the proposed method is effective in defending against malicious traffic attack in real-world network.

Yizhi Liu,Chaoqun Zhu,Yadi Wu,Heng Xu,Jun Song

DOI: https://doi.org/10.1002/cpe.6191

2021-01-19

Concurrency and Computation: Practice and Experience

Abstract:<p>In recent years, with the rapid development of mobile social networks and services, the research of mobile malicious webpage detection has become a hot topic. Most of the existing malicious webpage detection systems are deployed on desktop systems and servers. Due to the limitation of network transmission delay and computing resources, these existing solutions fail to provide the real‐time and lightweight properties for mobile webpage detection. In this paper, we propose an advanced mobile malicious webpage detection framework based on deep learning and edge cloud. Inspired by the idea of edge computing, a multidevice load optimization approach is first introduced to improve detection efficiency. Second, an automatic extraction approach based on deep learning model features is presented to enhance detection accuracy. Furthermore, detection systems can be flexibly deployed on edge nodes and servers, thus providing the properties of resource optimization deployment and real‐time detection. Finally, comparative analysis and performance evaluation are presented to show the detection efficiency and accuracy of the proposed framework.</p>

Toshihiro Uchibayashi,Bernady Apduhan,Takuo Suganuma,Masahiro Hiji

DOI: https://doi.org/10.3390/computers12020027

2023-01-27

Computers

Abstract:With the proliferation of IoT sensors and devices, storing collected data in the cloud has become common. A wide variety of data with different purposes and forms are not directly stored in the cloud but are sent to the cloud via edge servers. At the edge server, applications are running in containers and virtual machines to collect data. However, the current deployment and movement mechanisms for containers and virtual machines do not consider any conventions or regulations for the applications and the data it contains. Therefore, it is easy to deploy and migrate containers and virtual machines. However, the problem arises when it is deployed or migrated, which may violate the licensing terms of the contained applications, the rules of the organization, or the laws and regulations of the concerned country. We have already proposed a data-audit control mechanism for the migration of virtual machines. The proposed mechanism successfully controls the unintentional and malicious migration of virtual machines. We expect similar problems with containers to occur as the number of edge servers increases. Therefore, we propose a policy-based data-audit control system for container migration. The proposed system was verified in the implemented edge computing environment and the results showed that adding the proposed data-audit control mechanism had a minimal impact on migration time and that the system was practical enough. In the future, we intend to conduct verification not in a very compact and short-range environment such as this one but on an existing wide-area network.

Yuming Feng,Weizhe Zhang,Shujun Yin,Hao Tang,Yang Xiang,Yu Zhang

DOI: https://doi.org/10.1109/jiot.2023.3279615

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The weaknesses of IoT devices leads to vulnerabilities easily, which can be exploited by criminals to launch distributed denial of service (DDoS) attacks, becoming a major security hazard. Nowadays, the rapid development of the Internet of Things (IoT) makes the IoT-based DDoS attacks have the characteristics of wide distribution, large scale and more stealthy that brings greater challenges for the DDoS detection. In this paper, we conduct our research based on the edge-side of IoT for providing earlier detection capability and more efficient resource utilization. We propose a novel reinforcement learning-based collaborative DDoS detection method and design a lightweight unsupervised classifier based on statistics. We deploy the classifiers in IoT edge gateways to detect anomalies by analyzing network traffic features in time. In order to deal with the dynamic changes of the IoT environment, we use the Soft Actor-Critic (SAC) reinforcement learning model deployed on the edge server to adjust the parameter configuration of the underlying unsupervised classifier dynamically, which can ensure excellent detection effect for different types of IoT devices. In addition, a collaborative aggregation module is designed in the edge server to share the observation state and historical experience, which has a unique collaborative reward mechanism for the reinforcement learning model to fully mobilize the collaborative work capability. The experiments on public dataset and constructed real-world testbed demonstrate that our proposed method has excellent detection performance and especially it can also discover stealthy IoT-based DDoS attacks accurately.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaoqian Li,Siyu Chen,Yakun Zhou,Jienan Chen,Gang Feng

DOI: https://doi.org/10.1109/tccn.2021.3103511

IF: 6.359

2022-03-01

IEEE Transactions on Cognitive Communications and Networking

Abstract:Mobile edge computing, enabling cloud computing capabilities at edge servers, is shown to be an effective way to enhance network performance as well as user experience. However, due to user mobility and limited coverage of a single edge server, service migration is inevitable to guarantee the quality of service (QoS). The service migration problem is to decide when, where and how to migrate the ongoing service from an edge server to another. In this paper, we formulate the problem as a partially observable markov decision process (POMDP) based on the fact that an edge server can obtain only partial user’s information. A learning based intelligent service migration algorithm, named iSMA, is proposed to minimize the long-term average service delay of all users. iSMA consists of two function modules, a latent space model and a cross-entropy planning algorithm. The latent space model is used to infer the full state of the environment based on the partial information observed, and the cross-entropy planning algorithm is used to search the best service migration strategy. Numerical results show that our proposed iSMA reduces the service delay by about 28% and 24% when compared with two well-known deep learning based solutions.

telecommunications

Yi Li,Zhangbing Zhou,Xiao Xue,Deng Zhao,Patrick C. K. Hung

DOI: https://doi.org/10.1109/jiot.2023.3273542

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:With the applicability of edge intelligence in various domains, anomaly detection, which aims to identify unusual and infrequent circumstances, is regarded as a regularly performed task to guarantee the health of the Internet of Things (IoT) applications. Generally, sensory data are gathered at the network edge and completely transmitted to the cloud, where computational-heavy algorithms are mostly adopted to determine the locations of anomaly. Considering the occurrence infrequency of anomalies, this strategy may transmit relatively huge-volume of sensory data, which may reflect a healthy situation indeed, to the cloud. To mitigate this problem, this paper proposes an accurate anomaly detection mechanism with energy efficiency in three-Tier IoT-Edge-Cloud collaborative networks. Specifically, after gathering sensory data provided by IoT nodes in certain edge networks, the edge node applies the Marching Squares algorithm to generate isopleths, where an isopleth may capture the boundary of anomaly. A sensory data filtering mechanism is conducted at the edge tier, such that anomaly-relevant sensory data are transmitted to the cloud, and thus, the network traffic is decreased significantly. Thereafter, the boundary of anomaly is obtained, and the locations of candidate boundary nodes are determined by adopting the Kriging spatial interpolation algorithm at the cloud tier. These locations are traversed by mobile sensing nodes at edge networks, and their sensory data are gathered for boundary refinement. Extensive experiments are conducted on an air quality hazardous gas dataset from Towards Data Science, and evaluation results show that our technique outperforms the state-of-the-art counterparts in boundary accuracy and energy consumption.

computer science, information systems,telecommunications,engineering, electrical & electronic

Aidong Xu,Minggui Cao,Runfa Liao,Yunan Zhang,Yixin Jiang,Yi Chen,Hong Wen,Jinran Du

DOI: https://doi.org/10.1088/1755-1315/428/1/012019

2020-01-01

IOP Conference Series Earth and Environmental Science

Abstract:Edge computing can meet the needs of many industries in real-time business control, security and privacy protection. In the process of massive heterogeneous terminals accessing the network through edge devices, it is very challenging to achieve fast and reliable authentication. The physical layer authentication technology authenticates through the channel characteristics, which has the characteristics of lightweight, and can well adapt to the authentication scenario of massive heterogeneous terminal access. In order to identify malicious nodes, this paper proposes an attack identification scheme of malicious nodes under edge computing. The new channel response information vector is constructed by using the correlation between the channel information of consecutive frames. Two or more time slot channel frequency response vectors are averaged to obtain a new channel response vector. It has the advantages of low computational complexity and high recognition accuracy. And combined with the channel frequency response based on the deep neural network to identify malicious nodes, the data set in the factory environment is simulated.

Ruoyu Li,Qing Li,Jianer Zhou,Yong Jiang

DOI: https://doi.org/10.1109/jiot.2021.3122148

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) has entered a stage of rapid development and increasing deployment. Meanwhile, these low-power devices typically cannot support complex security mechanisms and, thus, are highly susceptible to malware. This article proposes ADRIoT, an anomaly detection framework for IoT networks, which leverages edge computing to uncover potential threats. An edge is empowered with an anomaly detection module, which consists of a traffic capturer, a traffic preprocessor, and a collection of anomaly detectors dedicated to each type of device. Each detector is constructed by an LSTM autoencoder in an unsupervised manner that requires no labeled attack data and is able to handle emerging zero-day attacks. When a device connects to the edge, the edge will fetch the corresponding detector from the cloud and execute it locally. Another problem is the resource constraint of a single edge device like a home router hinders the deployment of such a detection module. To mitigate this problem, we design a multiedge collaborative mechanism that integrates the resource of multiple edges in a local network to increase the overall load capacity. The evaluation demonstrates that ADRIoT can detect various IoT-based attacks effectively and efficiently, showing that ADRIoT can feasibly help build a more secure IoT environment.

Xuguang Liu

DOI: https://doi.org/10.1155/2021/6655346

IF: 1.43

2021-02-28

Mathematical Problems in Engineering

Abstract:Aiming at the anomaly detection problem in sensor data, traditional algorithms usually only focus on the continuity of single-source data and ignore the spatiotemporal correlation between multisource data, which reduces detection accuracy to a certain extent. Besides, due to the rapid growth of sensor data, centralized cloud computing platforms cannot meet the real-time detection needs of large-scale abnormal data. In order to solve this problem, a real-time detection method for abnormal data of IoT sensors based on edge computing is proposed. Firstly, sensor data is represented as time series; K-nearest neighbor (KNN) algorithm is further used to detect outliers and isolated groups of the data stream in time series. Secondly, an improved DBSCAN (Density Based Spatial Clustering of Applications with Noise) algorithm is proposed by considering spatiotemporal correlation between multisource data. It can be set according to sample characteristics in the window and overcomes the slow convergence problem using global parameters and large samples, then makes full use of data correlation to complete anomaly detection. Moreover, this paper proposes a distributed anomaly detection model for sensor data based on edge computing. It performs data processing on computing resources close to the data source as much as possible, which improves the overall efficiency of data processing. Finally, simulation results show that the proposed method has higher computational efficiency and detection accuracy than traditional methods and has certain feasibility.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Ibbad Hafeez,Markku Antikainen,Aaron Yi Ding,Sasu Tarkoma

DOI: https://doi.org/10.1109/tnsm.2020.2966951

2020-03-01

IEEE Transactions on Network and Service Management

Abstract:IoT devices are notoriously vulnerable even to trivial attacks and can be easily compromised. In addition, resource constraints and heterogeneity of IoT devices make it impractical to secure IoT installations using traditional endpoint and network security solutions. To address this problem, we present IoT-Keeper, a lightweight system which secures the communication of IoT. IoT-Keeper uses our proposed anomaly detection technique to perform traffic analysis at edge gateways. It uses a combination of fuzzy C-means clustering and fuzzy interpolation scheme to analyze network traffic and detect malicious network activity. Once malicious activity is detected, IoT-Keeper automatically enforces network access restrictions against IoT device generating this activity, and prevents it from attacking other devices or services. We have evaluated IoT-Keeper using a comprehensive dataset, collected from a real-world testbed, containing popular IoT devices. Using this dataset, our proposed technique achieved high accuracy (≈0.98) and low false positive rate (≈0.02) for detecting malicious network activity. Our evaluation also shows that IoT-Keeper has low resource footprint, and it can detect and mitigate various network attacks—without requiring explicit attack signatures or sophisticated hardware.

Xikang Zhu,Wenbin Yao,Wenhao Wang

DOI: https://doi.org/10.1016/j.future.2024.03.014

IF: 7.307

2024-03-07

Future Generation Computer Systems

Abstract:The rapid advancement of the Internet of Things (IoT) is leading to more and more devices joining the network to interact with information, which requires improving the performance of IoT applications to accommodate more data, faster response times, and more complex tasks. Edge computing, as a new computing paradigm, brings resource contention and load imbalance while reducing communication overhead and task latency. This paper addresses the workload distribution challenge in edge networks, aiming to optimize resource utilization and thereby enhance IoT application performance. To achieve this goal, we present the Load-aware Task Migration (LATM) algorithm. Firstly, we present a load state detection model that captures edge nodes' workloads and dynamically classifies them according to their resource requirements. We then propose an innovative optimization problem, transforming task migration into a weighted tripartite graph matching problem. This problem leverages the Kuhn-Munkres(KM) task migration algorithm to attain the optimal matching between tasks and nodes. Finally, we assess the algorithm's performance through experimental simulation. The experimental results underscore the algorithm's substantial potential in reducing task response times, task execution times, load balance, and enhancing resource utilization.

computer science, theory & methods

Maoli Wang,Bowen Zhang,Xiaodong Zang,Kang Wang,Xu Ma

DOI: https://doi.org/10.3390/math11183951

IF: 2.4

2023-09-18

Mathematics

Abstract:The proliferation of smart devices in the 5G era of industrial IoT (IIoT) produces significant traffic data, some of which is encrypted malicious traffic, creating a significant problem for malicious traffic detection. Malicious traffic classification is one of the most efficient techniques for detecting malicious traffic. Although it is a labor-intensive and time-consuming process to gather large labeled datasets, the majority of prior studies on the classification of malicious traffic use supervised learning approaches and provide decent classification results when a substantial quantity of labeled data is available. This paper proposes a semi-supervised learning approach for classifying malicious IIoT traffic. The approach utilizes the encoder–decoder model framework to classify the traffic, even with a limited amount of labeled data available. We sample and normalize the data during the data-processing stage. In the semi-supervised model-building stage, we first pre-train a model on a large unlabeled dataset. Subsequently, we transfer the learned weights to a new model, which is then retrained using a small labeled dataset. We also offer an edge intelligence model that considers aspects such as computation latency, transmission latency, and privacy protection to improve the model's performance. To achieve the lowest total latency and to reduce the risk of privacy leakage, we first create latency and privacy-protection models for each local, edge, and cloud. Then, we optimize the total latency and overall privacy level. In the study of IIoT malicious traffic classification, experimental results demonstrate that our method reduces the model training and classification time with 97.55% accuracy; moreover, our approach boosts the privacy-protection factor.

mathematics

Kongyang Chen,Yi Lin,Hui Luo,Bing Mi,Yatie Xiao,Chao Ma,Jorge Sá Silva

2024-03-08

Abstract:In contemporary edge computing systems, decentralized edge nodes aggregate unprocessed data and facilitate data analytics to uphold low transmission latency and real-time data processing capabilities. Recently, these edge nodes have evolved to facilitate the implementation of distributed machine learning models, utilizing their computational resources to enable intelligent decision-making, thereby giving rise to an emerging domain referred to as edge intelligence. However, within the realm of edge intelligence, susceptibility to numerous security and privacy threats against machine learning models becomes evident. This paper addresses the issue of membership inference leakage in distributed edge intelligence systems. Specifically, our focus is on an autonomous scenario wherein edge nodes collaboratively generate a global model. The utilization of membership inference attacks serves to elucidate the potential data leakage in this particular context. Furthermore, we delve into the examination of several defense mechanisms aimed at mitigating the aforementioned data leakage problem. Experimental results affirm that our approach is effective in detecting data leakage within edge intelligence systems, and the implementation of our defense methods proves instrumental in alleviating this security threat. Consequently, our findings contribute to safeguarding data privacy in the context of edge intelligence systems.

Cryptography and Security

Vassilis Tsakanikas,Tasos Dagiuklas,Muddesar Iqbal,Xinheng Wang,Shahid Mumtaz

DOI: https://doi.org/10.1038/s41598-023-27674-5

IF: 4.6

2023-01-20

Scientific Reports

Abstract:The developments on next generation IoT sensing devices, with the advances on their low power computational capabilities and high speed networking has led to the introduction of the edge computing paradigm. Within an edge cloud environment, services may generate and consume data locally, without involving cloud computing infrastructures. Aiming to tackle the low computational resources of the IoT nodes, Virtual-Function-Chain has been proposed as an intelligent distribution model for exploiting the maximum of the computational power at the edge, thus enabling the support of demanding services. An intelligent migration model with the capacity to support Virtual-Function-Chains is introduced in this work. According to this model, migration at the edge can support individual features of a Virtual-Function-Chain. First, auto-healing can be implemented with cold migrations, if a Virtual Function fails unexpectedly. Second, a Quality of Service monitoring model can trigger live migrations, aiming to avoid edge devices overload. The evaluation studies of the proposed model revealed that it has the capacity to increase the robustness of an edge-based service on low-powered IoT devices. Finally, comparison with similar frameworks, like Kubernetes, showed that the migration model can effectively react on edge network fluctuations.

multidisciplinary sciences