Skip to main navigation menu Skip to main content Skip to site footer

Vol. 4 No. 2 (2024)
Internet of Things and Edge Computing Journal

Articles

Advanced Machine Learning Techniques for Anomaly Detection in Edge Computing Security: A Framework for Real-Time Threat Mitigation

Published 08-11-2024

  • Sandeep Kampa

Sandeep Kampa
Senior DevOps Engineer, Splunk-Cisco, Livermore, California, USA

Cover

Abstract

The rapid proliferation of edge computing, coupled with the expansion of IoT devices, 5G infrastructure, and decentralized computing systems, has significantly transformed the landscape of cybersecurity. Edge computing environments, which bring computation closer to the data source, have introduced new challenges related to security and anomaly detection. As traditional security paradigms struggle to address the unique characteristics of edge-based systems, the integration of advanced machine learning (ML) techniques for real-time threat mitigation has become crucial. This paper investigates the potential of advanced ML methods, including unsupervised clustering, autoencoders, and graph-based models, for anomaly detection in edge computing security. These techniques offer robust solutions for identifying subtle and sophisticated threats in dynamic, resource-constrained environments, where real-time response is essential.

Edge computing networks, particularly those in IoT and 5G ecosystems, face distinctive security threats that necessitate novel approaches for intrusion detection and prevention. Traditional security measures, which often rely on centralized models, are ill-suited to address the distributed nature of edge computing and its inherent limitations, such as bandwidth constraints, computational power limitations, and high-volume data streams. Anomaly detection, which involves identifying patterns that deviate from expected behavior, is a pivotal component of security frameworks in edge environments. This research focuses on the development of a comprehensive framework that leverages advanced ML models for anomaly detection, designed to operate within the specific constraints and operational characteristics of edge computing systems.

The first part of the paper explores unsupervised clustering techniques, which do not require labeled data and are well-suited to dynamic environments where labeled data is scarce or non-existent. Techniques such as K-means, DBSCAN, and hierarchical clustering are examined for their ability to partition data into distinct groups, facilitating the identification of outliers that may indicate potential security incidents. These clustering models excel in identifying unusual patterns that deviate from normal operational behavior in environments where real-time analysis is crucial. In edge computing, where data may be fragmented across distributed devices, these unsupervised methods offer a scalable and effective approach to anomaly detection.

Next, the paper investigates the application of autoencoders, a type of artificial neural network used for dimensionality reduction and anomaly detection. Autoencoders are particularly well-suited to detecting anomalies in high-dimensional data streams, a common feature of edge computing systems. By learning a compressed representation of normal system behavior, autoencoders can effectively identify data points that deviate from this learned pattern, signaling potential security breaches. The paper highlights the use of both simple and deep autoencoders, examining their performance in detecting anomalous behavior across diverse edge devices and IoT networks.

The paper also delves into graph-based models, which have gained prominence due to their ability to represent complex relationships between entities in a system. In edge computing environments, especially in 5G and IoT networks, the interaction between devices and their dynamic behavior can be captured using graph representations. These models are particularly effective in identifying anomalies related to connectivity patterns, data flow irregularities, and device interactions, which are typical indicators of security breaches. Graph-based anomaly detection methods, such as community detection and graph neural networks, are evaluated for their effectiveness in detecting subtle changes in network topology or device communication that could indicate potential threats.

Real-time anomaly detection is of paramount importance in edge computing security, as threats must be mitigated immediately to prevent escalation and minimize potential damage. To address this, the study investigates the integration of these advanced ML models with observability platforms and real-time data streaming tools. Observability platforms provide critical insights into system performance and behavior, enabling security teams to monitor and detect anomalous activities in real time. When coupled with streaming data tools, such as Apache Kafka and Apache Flink, these platforms facilitate the continuous flow of data from edge devices, allowing for instantaneous analysis and prompt identification of security threats.

Furthermore, the paper discusses the challenges of implementing machine learning-based anomaly detection systems in edge computing environments. These challenges include the need for efficient model training and adaptation to continuously changing network conditions, as well as the computational limitations of edge devices. Techniques for model optimization, transfer learning, and federated learning are explored as potential solutions to these challenges, enabling models to learn from decentralized data sources while maintaining privacy and reducing the need for high computational resources. The paper also emphasizes the importance of collaborative and adaptive security mechanisms, which can adjust to evolving threats without requiring constant manual intervention.

Keywords

Edge computing, anomaly detection, machine learning, unsupervised clustering

PDF

References

  1. Z. Zhang, Y. Xiang, H. Shen, and L. Zhang, "A survey of machine learning for big data analytics in edge computing," IEEE Access, vol. 8, pp. 93172-93188, 2020.
  2. Y. Liu, L. Xiao, Y. Yang, and J. Zhang, "Machine learning-based anomaly detection in edge computing systems," IEEE Internet of Things Journal, vol. 7, no. 9, pp. 8699-8708, 2020.
  3. M. Ghaffari and M. Shafie, "Security challenges in edge computing: A survey," IEEE Access, vol. 8, pp. 56073-56090, 2020.
  4. X. Yang, M. B. Yassein, L. D. Xu, and S. K. S. Gupta, "The role of artificial intelligence in edge computing: A survey," IEEE Transactions on Industrial Informatics, vol. 16, no. 1, pp. 115-125, 2020.
  5. H. Wang, X. Liu, and J. L. Zhou, "Graph-based anomaly detection in the edge computing environment," IEEE Transactions on Network and Service Management, vol. 18, no. 2, pp. 1923-1936, 2021.
  6. D. Liu, Z. Zhang, J. Li, and H. Yang, "Clustering-based anomaly detection for edge computing systems," IEEE Transactions on Parallel and Distributed Systems, vol. 31, no. 6, pp. 1352-1365, 2020.
  7. C. Zhang, L. D. Xu, and H. Yang, "Anomaly detection for IoT-based edge computing systems: A survey," IEEE Internet of Things Journal, vol. 9, no. 3, pp. 1359-1370, 2022.
  8. S. Gupta, A. Singh, and P. K. Ghosh, "Autoencoder-based anomaly detection for edge computing environments," IEEE Transactions on Emerging Topics in Computing, vol. 10, no. 3, pp. 530-542, 2022.
  9. S. M. E. Raza, A. Y. Zomaya, and M. Shafique, "Security and privacy challenges in edge computing," IEEE Transactions on Cloud Computing, vol. 8, no. 2, pp. 369-381, 2020.
  10. C. M. L. da Silva, M. N. D. S. Nogueira, and M. A. I. de Lima, "Machine learning for anomaly detection in distributed edge computing systems," IEEE Access, vol. 9, pp. 3450-3462, 2021.
  11. H. Li, Z. Liu, and L. Hu, "Real-time anomaly detection in IoT-enabled edge computing environments," IEEE Transactions on Industrial Informatics, vol. 16, no. 11, pp. 7341-7351, 2020.
  12. Z. Cheng, L. Yu, and Y. Yang, "Federated learning for privacy-preserving anomaly detection in edge computing," IEEE Transactions on Network and Service Management, vol. 18, no. 3, pp. 2452-2463, 2021.
  13. F. Zhang, Z. Chen, and W. Xu, "Anomaly detection in IoT and edge computing: A survey," IEEE Access, vol. 8, pp. 126247-126261, 2020.
  14. M. Hossain, L. Li, M. A. H. Hossain, and D. P. A. S. Gupta, "Challenges in implementing machine learning for real-time anomaly detection in edge computing," IEEE Internet of Things Journal, vol. 8, no. 4, pp. 2619-2628, 2021.
  15. L. Zhang, S. Y. Ko, and D. Xie, "Performance analysis of machine learning techniques for anomaly detection in edge computing environments," IEEE Transactions on Computational Social Systems, vol. 9, no. 4, pp. 752-764, 2022.
  16. X. Liu, Y. Gao, and Q. Zhao, "Collaborative anomaly detection in edge computing systems using deep learning," IEEE Transactions on Cloud Computing, vol. 10, no. 2, pp. 451-463, 2021.
  17. M. T. C. Santos, M. A. Casanova, and M. S. K. M. R. Chidambaram, "Explainable AI (XAI) for anomaly detection in edge computing systems," IEEE Transactions on Emerging Topics in Computing, vol. 11, no. 1, pp. 104-114, 2023.
  18. A. K. L. Kim and T. K. Sharma, "Real-time streaming anomaly detection in edge computing using Apache Kafka," IEEE Transactions on Cloud Computing, vol. 11, no. 5, pp. 1292-1304, 2021.
  19. Y. K. Joshi and S. A. R. N. Rao, "Automated anomaly detection in IoT-based edge computing systems with graph theory," IEEE Access, vol. 9, pp. 111450-111461, 2021.
  20. J. Zhang, X. Wu, and Y. Li, "Edge computing security framework with machine learning-based anomaly detection and mitigation," IEEE Transactions on Industrial Informatics, vol. 17, no. 4, pp. 752-764, 2021.