Pi-IDS: evaluation of open-source intrusion detection systems on Raspberry Pi 2

Kyaw, Ar Kar; Chen, Yuzhu; Joseph, Justin

doi:10.1109/infosec.2015.7435523

Cited by 18 publications

(11 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The IDS studies [5,[19][20][21][22][23][24][25][26][27] also have proposed attack detection based on Raspberry Pi. In the work of [18], the anomaly-based detection method was proposed by capturing the previous traffic patterns asbenign data for attack detection system construction.…”

Section: Raspberry Pi-based Idsmentioning

confidence: 99%

“…The work of [21] has implemented a real-time DDoS detection architecture using the complex event processing (CEP) algorithm, and it allowed for real-time analysis of continuous data-streams. Some other studies [14,20,23] have used public IDSs, such as Snort and Bro, to implement the detection system on Raspberry Pi. The study [14] proposed an IDS solution on Raspberry Pi, but its results showed that the number of rules had to be limited owing to their implementation environment, Raspberry Pi.…”

Section: Raspberry Pi-based Idsmentioning

confidence: 99%

See 1 more Smart Citation

Towards a Lightweight Detection System for Cyber Attacks in the IoT Environment Using Corresponding Features

et al. 2020

View full text Add to dashboard Cite

The application of a large number of Internet of Things (IoT) devices makes our life more convenient and industries more efficient. However, it also makes cyber-attacks much easier to occur because so many IoT devices are deployed and most of them do not have enough resources (i.e., computation and storage capacity) to carry out ordinary intrusion detection systems (IDSs). In this study, a lightweight machine learning-based IDS using a new feature selection algorithm is designed and implemented on Raspberry Pi, and its performance is verified using a public dataset collected from an IoT environment. To make the system lightweight, we propose a new algorithm for feature selection, called the correlated-set thresholding on gain-ratio (CST-GR) algorithm, to select really necessary features. Because the feature selection is conducted on three specific kinds of cyber-attacks, the number of selected features can be significantly reduced, which makes the classifiers very small and fast. Thus, our detection system is lightweight enough to be implemented and carried out in a Raspberry Pi system. More importantly, as the really necessary features corresponding to each kind of attack are exploited, good detection performance can be expected. The performance of our proposal is examined in detail with different machine learning algorithms, in order to learn which of them is the best option for our system. The experiment results indicate that the new feature selection algorithm can select only very few features for each kind of attack. Thus, the detection system is lightweight enough to be implemented in the Raspberry Pi environment with almost no sacrifice on detection performance.

show abstract

Section: Raspberry Pi-based Idsmentioning

confidence: 99%

Section: Raspberry Pi-based Idsmentioning

confidence: 99%

Towards a Lightweight Detection System for Cyber Attacks in the IoT Environment Using Corresponding Features

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Due to the limited computing power of early models of the Raspberry Pi, several researchers also began creating Raspberry Pi clusters [7,23,40]. Researchers also use Raspberry Pi clusters to create inexpensive test-beds for various applications, including IDS [26], controls education [21], and software-defined networking [24].…”

Section: Background and Related Workmentioning

confidence: 99%

Teaching Web-Attacks on a Raspberry Pi Cyber Range

Stickney

Hawthorne

et al. 2020

Proceedings of the 21st Annual Conference on Information Technology Education

View full text Add to dashboard Cite

Cyber ranges are an important tool for teaching cyber security techniques. However, setting up a cyber range for classroom use can be costly. Prior work on lowering the cost of cyber ranges focuses on open source solutions and virtual machines. Yet, these solutions do not reduce the cost of physical components-namely, the underlying hardware used to build the range. In this paper, we describe a prototype cyber range built out of Raspberry Pis, a type of inexpensive single board computer. To illustrate the functionality of the range, we use Docker and Docker Swarm to deploy a vulnerable web server across four Raspberry Pi nodes and assess it in an undergraduate classroom. Our cyber range costs under $250.00 to build and consumes less than 25 Watts of power. We open-source our materials and provide pre-built Docker images on Docker Hub to enable others to use our work. Our results suggest that cyber ranges built using Raspberry Pi clusters can lower cost and enhance cyber security education. CCS CONCEPTS • Applied computing → Education; • Security and privacy → Vulnerability management; • Computer systems organization → Embedded and cyber-physical systems.

show abstract

“…Similarly, in [14], the authors also argued about the infeasibility of deploying Snort in WMNs and proposed a distributed solution called PRactical Intrusion DEtection in resource constrained wireless mesh network (PRIDE). Kyaw et al [17] compared Snort and Bro IDS running on a Raspberry Pi 2, and showed that a Raspberry Pi 2 has enough resources to run open-source IDSs such as Snort or Bro sufficiently fast to detect DoS attacks and port scans. In addition the authors concluded that Snort performed better than Bro on the Raspberry Pi.…”

Section: Related Workmentioning

confidence: 99%

UIDS: Unikernel-based Intrusion Detection System for the Internet of Things

Cozzolino¹,

Schwellnus²,

Ott³

et al. 2020

Proceedings 2020 Workshop on Decentralized IoT Systems and Security

View full text Add to dashboard Cite

The advent of the Internet of Things promises to interconnect all type of devices, including the most common electrical appliances such as ovens and light bulbs. One of the greatest risks of the uncontrolled proliferation of resource constrained devices are the security and privacy implications. Most manufacturers' top priority is getting their product into the market quickly, rather than taking the necessary steps to build security from the start, due to high competitiveness of the field. Moreover, standard security tools are tailored to server-class machines and not directly applicable in the IoT domain. To address these problems, we propose a lightweight, signature-based intrusion detection system for IoT to be able to run on resource-constrained devices. Our prototype is based on the IncludeOS unikernel, ensuring low resource utilization, high modularity, and a minimalist code surface. In particular, we evaluate the performance of our solution on x86 and ARM devices and compare it against Snort, a widely known network intrusion detection system. The experimental results show that our prototype effectively detects all attack patterns while using up to 2-3x less CPU and 8x less RAM than our baseline.

show abstract

Pi-IDS: evaluation of open-source intrusion detection systems on Raspberry Pi 2

Cited by 18 publications

References 5 publications

Towards a Lightweight Detection System for Cyber Attacks in the IoT Environment Using Corresponding Features

Towards a Lightweight Detection System for Cyber Attacks in the IoT Environment Using Corresponding Features

Teaching Web-Attacks on a Raspberry Pi Cyber Range

UIDS: Unikernel-based Intrusion Detection System for the Internet of Things

Contact Info

Product

Resources

About