Resource-Aware Layered Intrusion Detection Allocation Model

TL;DR

This paper introduces a resource-aware model for allocating layered intrusion detection in heterogeneous networks, optimizing monitoring levels based on device importance, attack risk, and resource constraints.

Contribution

It formulates an integer linear program that balances detection effectiveness with resource costs, considering device importance and network constraints.

Findings

The model effectively concentrates monitoring on critical, high-risk devices.

Optimization respects resource budgets and device constraints.

Demonstrated on a small network, the model shows practical allocation strategies.

Abstract

This paper proposes a resource-aware allocation model for layered intrusion detection in het erogeneous networks. Monitoring traffic at higher protocol layers improves the ability to detect sophisticated attacks, but it also increases computational and storage costs. The problem is formu lated as an integer linear program that assigns a single monitoring depth, ranging from Ethernet to the application layer, to each device, while accounting for device importance, attack probability, layer-dependent detection rates, and per-layer monitoring costs. The model further enforces a global resource budget, a minimum monitoring level for critical devices, and maximum-feasibility limits for constrained devices such as simple IoT sensors. The formulation is solved with the SCIP optimization framework on a small heterogeneous network of six devices, and the resulting allocation illustrates how the model concentrates monitoring effort on important and high-risk devices while respecting feasibility and budget constraints.