TY - GEN
T1 - Lumen
T2 - 18th ACM Conference on Emerging Networking Experiment and Technologies, CoNEXT 2022
AU - Sharma, Rahul Anand
AU - Sabane, Ishan
AU - Apostolaki, Maria
AU - Rowe, Anthony
AU - Sekar, Vyas
N1 - Publisher Copyright:
© 2022 Owner/Author.
PY - 2022/11/30
Y1 - 2022/11/30
N2 - The rise of IoT devices brings a lot of security risks. To mitigate them, researchers have introduced various promising network-based anomaly detection algorithms, which oftentimes leverage machine learning. Unfortunately, though, their deployment and further improvement by network operators and the research community are hampered. We believe this is due to three key reasons. First, known ML-based anomaly detection algorithms are evaluated -in the best case- on a couple of publicly available datasets, making it hard to compare across algorithms. Second, each ML-based IoT anomaly-detection algorithm makes assumptions about attacker practices/classification granularity, which reduce their applicability. Finally, the implementation of those algorithms is often monolithic, prohibiting code reuse. To ease deployment and promote research in this area, we present Lumen. Lumen is a modular framework paired with a benchmarking suite that allows users to efficiently develop, evaluate, and compare IoT ML-based anomaly detection algorithms. We demonstrate the utility of Lumen by implementing state-of-the-art anomaly detection algorithms and faithfully evaluating them on various datasets. Among other interesting insights that could inform real-world deployments and future research, using Lumen, we were able to identify what algorithms are most suitable to detect particular types of attacks. Lumen can also be used to construct new algorithms with better performance by combining the building blocks of competing efforts and improving the training setup.
AB - The rise of IoT devices brings a lot of security risks. To mitigate them, researchers have introduced various promising network-based anomaly detection algorithms, which oftentimes leverage machine learning. Unfortunately, though, their deployment and further improvement by network operators and the research community are hampered. We believe this is due to three key reasons. First, known ML-based anomaly detection algorithms are evaluated -in the best case- on a couple of publicly available datasets, making it hard to compare across algorithms. Second, each ML-based IoT anomaly-detection algorithm makes assumptions about attacker practices/classification granularity, which reduce their applicability. Finally, the implementation of those algorithms is often monolithic, prohibiting code reuse. To ease deployment and promote research in this area, we present Lumen. Lumen is a modular framework paired with a benchmarking suite that allows users to efficiently develop, evaluate, and compare IoT ML-based anomaly detection algorithms. We demonstrate the utility of Lumen by implementing state-of-the-art anomaly detection algorithms and faithfully evaluating them on various datasets. Among other interesting insights that could inform real-world deployments and future research, using Lumen, we were able to identify what algorithms are most suitable to detect particular types of attacks. Lumen can also be used to construct new algorithms with better performance by combining the building blocks of competing efforts and improving the training setup.
UR - http://www.scopus.com/inward/record.url?scp=85144823384&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85144823384&partnerID=8YFLogxK
U2 - 10.1145/3555050.3569129
DO - 10.1145/3555050.3569129
M3 - Conference contribution
AN - SCOPUS:85144823384
T3 - CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies
SP - 59
EP - 71
BT - CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies
PB - Association for Computing Machinery, Inc
Y2 - 6 December 2022 through 9 December 2022
ER -