Resource-Aware Deployment Optimization for Collaborative Intrusion Detection in Layered Networks

TL;DR

This paper introduces a resource-aware, adaptable CIDS framework for layered networks that optimizes detector deployment dynamically, enabling efficient intrusion detection in heterogeneous, evolving environments like drones with minimal computational overhead.

Contribution

It presents a novel, flexible CIDS architecture that automatically reconfigures detectors based on resource availability and data types, suitable for diverse distributed environments.

Findings

Achieves adaptive intrusion detection with minimal computational overhead.

Successfully tested on real-world datasets including a drone cyberattack scenario.

Demonstrates effective detector reconfiguration in edge device settings.

Abstract

Collaborative Intrusion Detection Systems (CIDS) are increasingly adopted to counter cyberattacks, as their collaborative nature enables them to adapt to diverse scenarios across heterogeneous environments. As distributed critical infrastructure operates in rapidly evolving environments, such as drones in both civil and military domains, there is a growing need for CIDS architectures that can flexibly accommodate these dynamic changes. In this study, we propose a novel CIDS framework designed for easy deployment across diverse distributed environments. The framework dynamically optimizes detector allocation per node based on available resources and data types, enabling rapid adaptation to new operational scenarios with minimal computational overhead. We first conducted a comprehensive literature review to identify key characteristics of existing CIDS architectures. Based on these insights and real-world use cases, we developed our CIDS framework, which we evaluated using several distributed datasets that feature different attack chains and network topologies. Notably, we introduce a public dataset based on a realistic cyberattack targeting a ground drone aimed at sabotaging critical infrastructure. Experimental results demonstrate that the proposed CIDS framework can achieve adaptive, efficient intrusion detection in distributed settings, automatically reconfiguring detectors to maintain an optimal configuration, without requiring heavy computation, since all experiments were conducted on edge devices.