Lumen: A Framework for Developing and Evaluating ML-Based IoT Network Anomaly Detection

Rahul Anand Sharma, Ishan Sabane, Maria Apostolaki, Anthony Rowe, Vyas Sekar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The rise of IoT devices brings a lot of security risks. To mitigate them, researchers have introduced various promising network-based anomaly detection algorithms, which oftentimes leverage machine learning. Unfortunately, though, their deployment and further improvement by network operators and the research community are hampered. We believe this is due to three key reasons. First, known ML-based anomaly detection algorithms are evaluated -in the best case- on a couple of publicly available datasets, making it hard to compare across algorithms. Second, each ML-based IoT anomaly-detection algorithm makes assumptions about attacker practices/classification granularity, which reduce their applicability. Finally, the implementation of those algorithms is often monolithic, prohibiting code reuse. To ease deployment and promote research in this area, we present Lumen. Lumen is a modular framework paired with a benchmarking suite that allows users to efficiently develop, evaluate, and compare IoT ML-based anomaly detection algorithms. We demonstrate the utility of Lumen by implementing state-of-the-art anomaly detection algorithms and faithfully evaluating them on various datasets. Among other interesting insights that could inform real-world deployments and future research, using Lumen, we were able to identify what algorithms are most suitable to detect particular types of attacks. Lumen can also be used to construct new algorithms with better performance by combining the building blocks of competing efforts and improving the training setup.

Original languageEnglish (US)
Title of host publicationCoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies
PublisherAssociation for Computing Machinery, Inc
Pages59-71
Number of pages13
ISBN (Electronic)9781450395083
DOIs
StatePublished - Nov 30 2022
Event18th ACM Conference on Emerging Networking Experiment and Technologies, CoNEXT 2022 - Rome, Italy
Duration: Dec 6 2022Dec 9 2022

Publication series

NameCoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies

Conference

Conference18th ACM Conference on Emerging Networking Experiment and Technologies, CoNEXT 2022
Country/TerritoryItaly
CityRome
Period12/6/2212/9/22

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Lumen: A Framework for Developing and Evaluating ML-Based IoT Network Anomaly Detection'. Together they form a unique fingerprint.

Cite this