Saved in:
Bibliographic Details
Main Authors: Hamidouche, Mounia, Demissie, Biniam Fisseha, Cherif, Bilel
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2403.15078
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910378600955904
author Hamidouche, Mounia
Demissie, Biniam Fisseha
Cherif, Bilel
author_facet Hamidouche, Mounia
Demissie, Biniam Fisseha
Cherif, Bilel
contents As more devices connect to the internet, it becomes crucial to address their limitations and basic security needs. While much research focuses on utilizing ML and DL to tackle security challenges, there is often a tendency to overlook the practicality and feasibility of implementing these methods in real-time settings. This oversight stems from the constrained processing power and memory of certain devices (IoT devices), as well as concerns about the generalizability of these approaches. Focusing on the detection of DNS-tunneling attacks in a router as a case study, we present an end-to-end process designed to effectively address these challenges. The process spans from developing a lightweight DNS-tunneling detection model to integrating it into a resource-constrained device for real-time detection. Through our experiments, we demonstrate that utilizing stateless features for training the ML model, along with features chosen to be independent of the network configuration, leads to highly accurate results. The deployment of this carefully crafted model, optimized for embedded devices across diverse environments, resulted in high DNS-tunneling attack detection with minimal latency. With this work, we aim to encourage solutions that strike a balance between theoretical advancements and the practical applicability of ML approaches in the ever-evolving landscape of device security.
format Preprint
id arxiv_https___arxiv_org_abs_2403_15078
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Real-time Threat Detection Strategies for Resource-constrained Devices
Hamidouche, Mounia
Demissie, Biniam Fisseha
Cherif, Bilel
Cryptography and Security
As more devices connect to the internet, it becomes crucial to address their limitations and basic security needs. While much research focuses on utilizing ML and DL to tackle security challenges, there is often a tendency to overlook the practicality and feasibility of implementing these methods in real-time settings. This oversight stems from the constrained processing power and memory of certain devices (IoT devices), as well as concerns about the generalizability of these approaches. Focusing on the detection of DNS-tunneling attacks in a router as a case study, we present an end-to-end process designed to effectively address these challenges. The process spans from developing a lightweight DNS-tunneling detection model to integrating it into a resource-constrained device for real-time detection. Through our experiments, we demonstrate that utilizing stateless features for training the ML model, along with features chosen to be independent of the network configuration, leads to highly accurate results. The deployment of this carefully crafted model, optimized for embedded devices across diverse environments, resulted in high DNS-tunneling attack detection with minimal latency. With this work, we aim to encourage solutions that strike a balance between theoretical advancements and the practical applicability of ML approaches in the ever-evolving landscape of device security.
title Real-time Threat Detection Strategies for Resource-constrained Devices
topic Cryptography and Security
url https://arxiv.org/abs/2403.15078