Edge computing introduces unique security challenges due to limited resources and stringent power constraints, often making traditional network intrusion detection systems (NIDS) impractical. We present HERMES, a hybrid AI/ML NIDS specifically tailored for ARM-based edge clusters. HERMES integrates a lightweight, rule-based filter with a compact deep neural network (DNN) model, both optimized for ARMv8-A inference using TensorFlow Lite and ONNX Runtime. The system is deployed on a two-node Raspberry Pi 5 cluster managed by K3s, a lightweight Kubernetes distribution. We simulated realistic network scenarios using the CIC-IDS2017 and UNSW-NB15 datasets, injecting ARP spoofing, port scans, SSH brute-force, DNS tunneling attacks, and synthetic zero-day variants. Experimental results demonstrate that HERMES outperforms state-of-the-art signature-based and ML-only NIDS, achieving 94.7% accuracy, a 0.926 F1-score, and a ROC AUC of 0.99, with a low false positive rate of 0.9%. The system sustains a 15,000 packets per second (pps) throughput at an average latency of 2.4 ms, while drawing only 4.2 W per node–67% less than typical x86 solutions. We analyze the system’s security robustness, including its adversarial resilience, and discuss the practical trade-offs between accuracy and efficiency. HERMES represents a practical and scalable NIDS solution for resource-constrained edge networks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

HERMES: Design and Deployment of a Hybrid AI/ML Network Security System on ARM Clusters for Edge Environments

  • Arpankumar G. Raval,
  • Devgna Vyas

摘要

Edge computing introduces unique security challenges due to limited resources and stringent power constraints, often making traditional network intrusion detection systems (NIDS) impractical. We present HERMES, a hybrid AI/ML NIDS specifically tailored for ARM-based edge clusters. HERMES integrates a lightweight, rule-based filter with a compact deep neural network (DNN) model, both optimized for ARMv8-A inference using TensorFlow Lite and ONNX Runtime. The system is deployed on a two-node Raspberry Pi 5 cluster managed by K3s, a lightweight Kubernetes distribution. We simulated realistic network scenarios using the CIC-IDS2017 and UNSW-NB15 datasets, injecting ARP spoofing, port scans, SSH brute-force, DNS tunneling attacks, and synthetic zero-day variants. Experimental results demonstrate that HERMES outperforms state-of-the-art signature-based and ML-only NIDS, achieving 94.7% accuracy, a 0.926 F1-score, and a ROC AUC of 0.99, with a low false positive rate of 0.9%. The system sustains a 15,000 packets per second (pps) throughput at an average latency of 2.4 ms, while drawing only 4.2 W per node–67% less than typical x86 solutions. We analyze the system’s security robustness, including its adversarial resilience, and discuss the practical trade-offs between accuracy and efficiency. HERMES represents a practical and scalable NIDS solution for resource-constrained edge networks.