On the Suitability of Intrusion Detection System for Wireless Edge Networks

Abstract

Multi-access edge computing has become a strategic concept of the Internet of Things. The edge computing market has reached USD several billion and is growing intensively. In the edge-computing paradigm, most of the data is processed close to, or at the edge of, the network. This greatly reduces the computation and communication load of the network core. Moreover, edge computing provides better support for user privacy. On the other hand, an increase in data processing locations will proportionately increase the attack surface. An edge node can be put out of service easily by being flooded with spoofed packets owing to limited capacities and resources. Furthermore, wireless edge nodes are quite vulnerable to energy exhaustion attacks. In this situation, traditional network security mechanisms cannot be used effectively. Therefore, a tradeoff between security and efficiency is needed. This study considered the requirements under which the use of an intrusion detection system (IDS) is justified. To the best of our knowledge, this is a first attempt to combine IDS quality, system performance degradation due to IDS operations, and workload specificity into a unified quantitative criterion. This paper is an extended version of a report published in the proceedings of the ICCSA 2020 and differs from it in many ways. In particular, this paper considers novel mathematical problems regarding the deployment strategies for an IDS and the corresponding inverse problems and provides closed-form solutions for a few previously unsolved problems.