Lumen: A Framework for Developing and Evaluating ML-Based IoT Network Anomaly Detection

Rahul Anand Sharma; Ishan Sabane; Maria Apostolaki; Anthony Rowe; Vyas Sekar

doi:10.1145/3555050.3569129

Lumen: A Framework for Developing and Evaluating ML-Based IoT Network Anomaly Detection

Rahul Anand Sharma, Ishan Sabane, Maria Apostolaki, Anthony Rowe, Vyas Sekar

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

The rise of IoT devices brings a lot of security risks. To mitigate them, researchers have introduced various promising network-based anomaly detection algorithms, which oftentimes leverage machine learning. Unfortunately, though, their deployment and further improvement by network operators and the research community are hampered. We believe this is due to three key reasons. First, known ML-based anomaly detection algorithms are evaluated -in the best case- on a couple of publicly available datasets, making it hard to compare across algorithms. Second, each ML-based IoT anomaly-detection algorithm makes assumptions about attacker practices/classification granularity, which reduce their applicability. Finally, the implementation of those algorithms is often monolithic, prohibiting code reuse. To ease deployment and promote research in this area, we present Lumen. Lumen is a modular framework paired with a benchmarking suite that allows users to efficiently develop, evaluate, and compare IoT ML-based anomaly detection algorithms. We demonstrate the utility of Lumen by implementing state-of-the-art anomaly detection algorithms and faithfully evaluating them on various datasets. Among other interesting insights that could inform real-world deployments and future research, using Lumen, we were able to identify what algorithms are most suitable to detect particular types of attacks. Lumen can also be used to construct new algorithms with better performance by combining the building blocks of competing efforts and improving the training setup.

Original language	English (US)
Title of host publication	CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies
Publisher	Association for Computing Machinery, Inc
Pages	59-71
Number of pages	13
ISBN (Electronic)	9781450395083
DOIs	https://doi.org/10.1145/3555050.3569129
State	Published - Nov 30 2022
Event	18th ACM Conference on Emerging Networking Experiment and Technologies, CoNEXT 2022 - Rome, Italy Duration: Dec 6 2022 → Dec 9 2022

Publication series

Name	CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies

Conference

Conference	18th ACM Conference on Emerging Networking Experiment and Technologies, CoNEXT 2022
Country/Territory	Italy
City	Rome
Period	12/6/22 → 12/9/22

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Computer Science Applications
Hardware and Architecture

Access to Document

10.1145/3555050.3569129

Cite this

Sharma, R. A., Sabane, I., Apostolaki, M., Rowe, A., & Sekar, V. (2022). Lumen: A Framework for Developing and Evaluating ML-Based IoT Network Anomaly Detection. In CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies (pp. 59-71). (CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies). Association for Computing Machinery, Inc. https://doi.org/10.1145/3555050.3569129

Sharma, Rahul Anand ; Sabane, Ishan ; Apostolaki, Maria et al. / Lumen : A Framework for Developing and Evaluating ML-Based IoT Network Anomaly Detection. CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies. Association for Computing Machinery, Inc, 2022. pp. 59-71 (CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies).

@inproceedings{c355031bc5294810a38e68e8ba0380b9,

title = "Lumen: A Framework for Developing and Evaluating ML-Based IoT Network Anomaly Detection",

abstract = "The rise of IoT devices brings a lot of security risks. To mitigate them, researchers have introduced various promising network-based anomaly detection algorithms, which oftentimes leverage machine learning. Unfortunately, though, their deployment and further improvement by network operators and the research community are hampered. We believe this is due to three key reasons. First, known ML-based anomaly detection algorithms are evaluated -in the best case- on a couple of publicly available datasets, making it hard to compare across algorithms. Second, each ML-based IoT anomaly-detection algorithm makes assumptions about attacker practices/classification granularity, which reduce their applicability. Finally, the implementation of those algorithms is often monolithic, prohibiting code reuse. To ease deployment and promote research in this area, we present Lumen. Lumen is a modular framework paired with a benchmarking suite that allows users to efficiently develop, evaluate, and compare IoT ML-based anomaly detection algorithms. We demonstrate the utility of Lumen by implementing state-of-the-art anomaly detection algorithms and faithfully evaluating them on various datasets. Among other interesting insights that could inform real-world deployments and future research, using Lumen, we were able to identify what algorithms are most suitable to detect particular types of attacks. Lumen can also be used to construct new algorithms with better performance by combining the building blocks of competing efforts and improving the training setup.",

author = "Sharma, {Rahul Anand} and Ishan Sabane and Maria Apostolaki and Anthony Rowe and Vyas Sekar",

note = "Funding Information: We thank our shepherd, Zahaib Akhtar, for his help with the final version of this paper, as well as the anonymous reviewers for their detailed comments. This work was supported in part by NSF award CNS-1564009 and C3.ai DTI research award; the CONIX Research Center, one of six centers in JUMP, a Semiconductor Research Corporation (SRC) program sponsored by DARPA; and by the U.S. Army Research Office and the U.S. Army Futures Command under Contract No. W911NF-20-D-0002. The content of the information does not necessarily reflect the position or the policy of the government and no official endorsement should be inferred. We acknowledge the support of C3.ai and Microsoft for our research. Publisher Copyright: {\textcopyright} 2022 Owner/Author.; 18th ACM Conference on Emerging Networking Experiment and Technologies, CoNEXT 2022 ; Conference date: 06-12-2022 Through 09-12-2022",

year = "2022",

month = nov,

day = "30",

doi = "10.1145/3555050.3569129",

language = "English (US)",

series = "CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies",

publisher = "Association for Computing Machinery, Inc",

pages = "59--71",

booktitle = "CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies",

}

Sharma, RA, Sabane, I, Apostolaki, M, Rowe, A & Sekar, V 2022, Lumen: A Framework for Developing and Evaluating ML-Based IoT Network Anomaly Detection. in CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies. CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies, Association for Computing Machinery, Inc, pp. 59-71, 18th ACM Conference on Emerging Networking Experiment and Technologies, CoNEXT 2022, Rome, Italy, 12/6/22. https://doi.org/10.1145/3555050.3569129

Lumen: A Framework for Developing and Evaluating ML-Based IoT Network Anomaly Detection. / Sharma, Rahul Anand; Sabane, Ishan; Apostolaki, Maria et al.
CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies. Association for Computing Machinery, Inc, 2022. p. 59-71 (CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Lumen

T2 - 18th ACM Conference on Emerging Networking Experiment and Technologies, CoNEXT 2022

AU - Sharma, Rahul Anand

AU - Sabane, Ishan

AU - Apostolaki, Maria

AU - Rowe, Anthony

AU - Sekar, Vyas

N1 - Funding Information: We thank our shepherd, Zahaib Akhtar, for his help with the final version of this paper, as well as the anonymous reviewers for their detailed comments. This work was supported in part by NSF award CNS-1564009 and C3.ai DTI research award; the CONIX Research Center, one of six centers in JUMP, a Semiconductor Research Corporation (SRC) program sponsored by DARPA; and by the U.S. Army Research Office and the U.S. Army Futures Command under Contract No. W911NF-20-D-0002. The content of the information does not necessarily reflect the position or the policy of the government and no official endorsement should be inferred. We acknowledge the support of C3.ai and Microsoft for our research. Publisher Copyright: © 2022 Owner/Author.

PY - 2022/11/30

Y1 - 2022/11/30

N2 - The rise of IoT devices brings a lot of security risks. To mitigate them, researchers have introduced various promising network-based anomaly detection algorithms, which oftentimes leverage machine learning. Unfortunately, though, their deployment and further improvement by network operators and the research community are hampered. We believe this is due to three key reasons. First, known ML-based anomaly detection algorithms are evaluated -in the best case- on a couple of publicly available datasets, making it hard to compare across algorithms. Second, each ML-based IoT anomaly-detection algorithm makes assumptions about attacker practices/classification granularity, which reduce their applicability. Finally, the implementation of those algorithms is often monolithic, prohibiting code reuse. To ease deployment and promote research in this area, we present Lumen. Lumen is a modular framework paired with a benchmarking suite that allows users to efficiently develop, evaluate, and compare IoT ML-based anomaly detection algorithms. We demonstrate the utility of Lumen by implementing state-of-the-art anomaly detection algorithms and faithfully evaluating them on various datasets. Among other interesting insights that could inform real-world deployments and future research, using Lumen, we were able to identify what algorithms are most suitable to detect particular types of attacks. Lumen can also be used to construct new algorithms with better performance by combining the building blocks of competing efforts and improving the training setup.

AB - The rise of IoT devices brings a lot of security risks. To mitigate them, researchers have introduced various promising network-based anomaly detection algorithms, which oftentimes leverage machine learning. Unfortunately, though, their deployment and further improvement by network operators and the research community are hampered. We believe this is due to three key reasons. First, known ML-based anomaly detection algorithms are evaluated -in the best case- on a couple of publicly available datasets, making it hard to compare across algorithms. Second, each ML-based IoT anomaly-detection algorithm makes assumptions about attacker practices/classification granularity, which reduce their applicability. Finally, the implementation of those algorithms is often monolithic, prohibiting code reuse. To ease deployment and promote research in this area, we present Lumen. Lumen is a modular framework paired with a benchmarking suite that allows users to efficiently develop, evaluate, and compare IoT ML-based anomaly detection algorithms. We demonstrate the utility of Lumen by implementing state-of-the-art anomaly detection algorithms and faithfully evaluating them on various datasets. Among other interesting insights that could inform real-world deployments and future research, using Lumen, we were able to identify what algorithms are most suitable to detect particular types of attacks. Lumen can also be used to construct new algorithms with better performance by combining the building blocks of competing efforts and improving the training setup.

UR - http://www.scopus.com/inward/record.url?scp=85144823384&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85144823384&partnerID=8YFLogxK

U2 - 10.1145/3555050.3569129

DO - 10.1145/3555050.3569129

M3 - Conference contribution

AN - SCOPUS:85144823384

T3 - CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies

SP - 59

EP - 71

BT - CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies

PB - Association for Computing Machinery, Inc

Y2 - 6 December 2022 through 9 December 2022

ER -

Sharma RA, Sabane I, Apostolaki M, Rowe A, Sekar V. Lumen: A Framework for Developing and Evaluating ML-Based IoT Network Anomaly Detection. In CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies. Association for Computing Machinery, Inc. 2022. p. 59-71. (CoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies). doi: 10.1145/3555050.3569129

Lumen: A Framework for Developing and Evaluating ML-Based IoT Network Anomaly Detection

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this