Toward an Intrusion Detection System for a Virtualization Framework in Edge Computing

TL;DR

This paper presents the deployment of a deep learning-based anomaly detection system within a virtualization framework for edge computing, demonstrating high accuracy and low overhead in detecting network threats on resource-constrained devices.

Contribution

It introduces LDPI, a deep learning intrusion detection system integrated into virtualization for edge security, with strong performance and practical deployment insights.

Findings

LDPI achieved an AUC of 0.999 in detection accuracy.

LDPI has lower overhead compared to signature-based IDSes.

Effective in detecting network flooding attacks.

Abstract

Edge computing pushes computation closer to data sources, but it also expands the attack surface on resource-constrained devices. This work explores the deployment of the Lightweight Deep Anomaly Detection for Network Traffic (LDPI) integrated as an isolated service within a virtualization framework that provides security by separation. LDPI, adopting a Deep Learning approach, achieved strong training performance, reaching AUC 0.999 (5-fold mean) across the evaluated packet-window settings (n, l), with high F1 at conservative operating points. We deploy LDPI on a laptop-class edge node and evaluate its overhead and performance in two scenarios: (i) comparing it with representative signature-based IDSes (Suricata and Snort) deployed on the same framework under identical workloads, and (ii) while detecting network flooding attacks.