Professional Documents
Culture Documents
2021 A - Lightweight - Optimized - Deep - Learning - Ba
2021 A - Lightweight - Optimized - Deep - Learning - Ba
2021 A - Lightweight - Optimized - Deep - Learning - Ba
ISSN (2210-142X)
Int. J. Com. Dig. Sys. 11, No.1 (Jan-2022)
https://dx.doi.org/10.12785/ijcds/110117
Received 18 Apr. 2021, Revised 19 Jun. 2021, Accepted 8 Jul. 2021, Published 9 Jan. 2022
Abstract: The Internet of Things (IoT) is now present in every domain from applications in smart homes, Smart Cities, Industrial
Internet of Things (IIoT), such as e-Health, and beyond. The wide use of Internet of Things is making its security a real concern.
Techniques based on artificial intelligence (AI) and its subsets machine learning (ML) and deep learning (DL) are commonly
used to develop a secure Intrusion Detection System (IDS) for IoT. Researchers and industrialists are commonly using commercial
Internet of Things devices, broadly available on the market. In this paper, we present an analysis of the possibility to deploy a
Deep Learning-Based Host-Intrusion Detection System (DL-HIDS) on some specific commercial IoT devices. We performed multiple
optimizations regarding the types of our used devices to meet their limited hardware specifications. In our conducted analysis,
we consider such criteria, as memory consumption and inference timing (attacks prediction timing), to conclude which model fits
better to our proposed lightweight DL-HIDS for each studied device, and to anticipate about which IDS we must generate and
expectedly deploy based on the characteristics of the devices we possess. The paper also discusses the proposed methodology
for such deployment in a real IoT environment. The obtained results about the implementation of our DL-HIDS on different
considered devices (up to 99.74% in accuracy and an inference of not more of 1µs for attacks prediction) are promising and prove
that we can manage to install a suited IDS for each device, but it should be minutiously supported by a central IDS in fog or cloud layers.
http:// journals.uob.edu.bh
Int. J. Com. Dig. Sys. 11, No.1, 209-216 (Jan-2022) 211
Figure 3. DL-IDS proposed deployment in real IoT environment (Fog node scenario)
computation power than classical servers or firewalls. It is The deployment of the DL-HIDS was made on five
planned to be placed in a real IoT environment at the edge different steps using a trial-and-error cycle, by repeated,
on enabled-AI chips and preferably connected directly to multiple attempts beginning with the best accurate model
a power source like cameras. At the Edge node, our DL- then optimized it once more until getting the best wanted
HIDS can have a faster inference regardless of the network results for the tested IoT board (see Figure 4).
connectivity, as the reasons are made on the Edge device,
a data traffic transferred from and to the cloud server will
be eliminated, making inferences faster, and in the security
side of our DL-HIDS, there is no data leakage of any
sort. The deployed model needs to take the minimum space
possible, and runs on just a little memory to make a faster
inference though improves the latency, but the outdraw of
optimization is that there is a balance between the model
size and its accuracy.
Our proposed DL-HIDS will analyze only inbound
traffic, where we are assuming that this device is legit
and trustworthy, otherwise, a second Network IDS “DL-
NIDS” needs to be deployed on the fog node to reinforce
the security on a device with more computation power
preferably connected to a lightweight hardware accelerator
for deep neural networks (like the Intel Neural Compute
Stick 2 [25], Google Coral edge TPU [26], or Nvidia
jetson nano [27]), where it can analyze the inbound traffic
to/from and especially when the network is compromised
from the devices both inside and outside the network in
real time, inside by a lurking zombie device inside the
network (see Figure 3).
Figure 4. DL-IDS preparation and deployment steps
http:// journals.uob.edu.bh
212 Idriss Idrissi, et al.: A Lightweight Optimized Deep Learning-based Host-Intrusion Detection System
Deployed on the Edge for IoT
A. First step (Pre-processing) C. Third step (Model conversion)
First of all, we need to alter the raw data on the dataset After getting a trained model, we will convert it to a
by encoding the data, and normalize its values; meaning TensorFlow Lite version. TensorFlow lite model is on a
scaling the vectors separately to unit form, and converting special format model called Lite flat buffer file (.tflite); an
the normalized output data into image data shape. Then efficient one in the accuracy, and a light-weight one with
we split the resulting data randomly into a training subset less space. The “tflite” model contains the architecture of
(60%), validation subset (20%), and a testing subset (20%). the original model with its weights and biases, and the
training configuration (see Figure 6) [29];
Afterward, in a pre-optimization context (when needed
for some devices) we make a future selection in order to
decrease the number of features even though deep learning
doesn’t need this process but to produce a lightweight model
it is a needed process, where we decreased the number of
features from 16 to only 7.
In order to select the best features to build the model,
we utilize the chi-square test, a statistical test that allows us
to detect the relationship between the features. Chi-Square
estimate whether the class label is independent of a feature.
Chi-square score with ”c” class and ”r” values [28], as
exposed in the formulas (1) and (2):
X r X c
(ni j − µi j )
X2 = − (1)
(i=1) ( j=1)
µi j
(n∗ j ni∗ )
Where µi j = (2)
n
ni j : is the number of samples value with the ith value of
the feature;
ni∗ : is the number of samples with the ith the feature value;
n∗ j : is the number of samples in class j;
n : is the number for samples. Figure 6. TensorFlow Lite converter [29]
http:// journals.uob.edu.bh
Int. J. Com. Dig. Sys. 11, No.1, 209-216 (Jan-2022) 213
activation outputs into only 8-bit integer data, because it has Arduino UNO [36] is the most known, easiest, and
the compatibility with the integer only hardware devices or most economical microcontroller board based on the AT-
accelerators such as microcontrollers. mega328P, it is equipped with both analog and digital
inputs/outputs that can be interfaced with various expansion
3) Weight clustering boards and other circuitry.
Also called “weight sharing”, it is an optimization tech-
nique that decreases a model’s quantity of unique weight Arduino Portenta H7 [37] is a high-performance dual-
values, which benefits the model deployment. It works core development board, it instantaneously runs high-level
by clustering the weights of each layer into N clusters, code (MicroPython / JavaScript) and Artificial Intelligence
afterwards it shares the cluster’s centroid value for all the (TensorFlow™ Lite) while performing low-latency opera-
cluster’s weights. The weight clustering advantage resides tions on its customizable hardware.
in the compression of the model, which is vital for the
deployment on IoT objects with limited resources. But it can In our experiments, we worked with TensorFlow Lite
have some decrease in the performance for the convolution (2.3.0) [24] Google’s open source deep learning framework
and dense layers. for IoT devices and mobiles (on-device inference).
http:// journals.uob.edu.bh
214 Idriss Idrissi, et al.: A Lightweight Optimized Deep Learning-based Host-Intrusion Detection System
Deployed on the Edge for IoT
http:// journals.uob.edu.bh
Int. J. Com. Dig. Sys. 11, No.1, 209-216 (Jan-2022) 215
able and accurate model for a device based on its hardware [6] I. Idrissi, M. Azizi, and O. Moussaoui, “IoT security with Deep
resources. For example, if we have a device with a close Learning-based Intrusion Detection Systems: A systematic literature
resource to the NodeMCU or better, we suggest to choose review,” in 4th International Conference on Intelligent Computing
in Data Sciences, ICDS 2020. Institute of Electrical and Electronics
the “tflite Model Optimized and Pre-Optimized”; if we get Engineers (IEEE), nov 2020, pp. 1–10.
better resources than the ESP32, the best model is “tflite
Model Optimized”, but if we have resources close to the [7] M. Boukabous and M. Azizi, “Review of Learning-Based Tech-
Arduino Portenta H7 or even higher like the Raspberry Pi niques of Sentiment Analysis for Security Purposes,” in Innovations
3/4; the “tflite” or the original model will work sufficiently. in Smart Cities Applications Volume 4. Springer, Cham, 2021, pp.
96–109.
The used optimization techniques were effective to
[8] S. Axelsson, “Intrusion Detection Systems: A Survey and Taxon-
achieve the right lightweight DL-HIDS model for each omy,” Tech. Rep., 2000.
studied device based on its resources.
5. Conclusions [9] M. Boukabous and M. Azizi, “Crime prediction using a hybrid
sentiment analysis approach based on the bidirectional encoder
This paper presents a resourceful methodology to how representations from transformers,” Indonesian Journal of Electrical
prepare an appropriate lightweight DL-HIDS model speci- Engineering and Computer Science, vol. 25, no. 2, feb 2022.
fied by the resources of an IoT device using optimization
methods, and deployed it in a real IoT environment. Indeed, [10] I. Idrissi, M. Azizi, and O. Moussaoui, “An Unsupervised Gener-
each device has its specific architecture and we cannot ative Adversarial Network Based-Host Intrusion Detection System
for IoT Devices,” Indonesian Journal of Electrical Engineering and
generalize an IDS to all of them. The solution of this issue Computer Science, vol. 25, no. 2, 2022.
is to design a customized IDS for each class of similar
devices. So our findings recommend to choose a suitable [11] A. Kherraki and R. E. Ouazzani, “Deep convolutional neural net-
DL-HIDS for each typical device regarding its hardware works architecture for an efficient emergency vehicle classification
capabilities. in real-time traffic monitoring,” IAES International Journal of Arti-
ficial Intelligence (IJ-AI), vol. 11, no. 1, pp. 110–120, mar 2022.
From our research investigations, we conclude that de-
ploying a generalized single DL-HIDS on any IoT device [12] S. Vieira, W. H. Pinaya, and A. Mechelli, “Using deep learning to
investigate the neuroimaging correlates of psychiatric and neurolog-
is not practical. Due to the differences between available ical disorders: Methods and applications,” pp. 58–75, mar 2017.
devices on the market, ranging from small sensors to high-
definition cameras, we cannot make a generalization, but [13] M. Berrahal and M. Azizi, “Review of DL-Based Generation Tech-
we can customize this model to fit a specific device. Surely, niques of Augmented Images using Portraits Specification,” in 4th
the reduction of the customized IDS could lightly decrease International Conference on Intelligent Computing in Data Sciences,
ICDS 2020. Institute of Electrical and Electronics Engineers
some of its functionalities, but this will be balanced by the (IEEE), nov 2020, pp. 1–8.
remote available fog/cloud IDS.
Acknowledgment [14] M. Boukabous and M. Azizi, “A comparative study of deep learning
based language representation learning models,” Indonesian Journal
This work is supported by the Mohammed First Univer- of Electrical Engineering and Computer Science, vol. 22, no. 2, pp.
sity under the PARA1 Program. 1032–1040, 2021.
References [15] M. Berrahal and M. Azizi, “Augmented Binary Multi-Labeled CNN
[1] I. Idrissi, M. Boukabous, M. Azizi, O. Moussaoui, and H. E. Fadili, for Practical Facial Attribute Classification,” Indonesian Journal of
“Toward a deep learning-based intrusion detection system for IoT Electrical Engineering and Computer Science, vol. 23, no. 2, pp.
against botnet attacks,” IAES International Journal of Artificial 973–979, aug 2021.
Intelligence (IJ-AI), vol. 10, no. 1, pp. 110–120, mar 2021.
[16] M. Erza Aminanto and K. Kim, “Deep Learning in Intrusion
[2] “The 10 most popular Internet of Things applications Detection System: An Overview,” Tech. Rep., 2016.
right now.” [Online]. Available: https://iot-analytics.com/
10-internet-of-things-applications/
[17] M. Berrahal and M. Azizi, “Optimal text-to-image synthesis model
for generating portrait images using generative adversarial network
[3] M. S. Rahman, N. C. Peeri, N. Shrestha, R. Zaki, U. Haque, techniques,” Indonesian Journal of Electrical Engineering and Com-
and S. H. A. Hamid, “Defending against the Novel Coronavirus puter Science, vol. 25, no. 2, feb 2022.
(COVID-19) outbreak: How can the Internet of Things (IoT) help
to save the world?” Health Policy and Technology, vol. 9, no. 2, pp.
[18] I. Idrissi, M. Azizi, and O. Moussaoui, “Accelerating the update of
136–138, jun 2020.
a DL-based IDS for IoT using deep transfer learning,” Indonesian
Journal of Electrical Engineering and Computer Science, vol. 23,
[4] “Internet of Things Market Size — IoT no. 2, pp. 1059–1067, aug 2021.
Market Analysis, Trends, ans Forecast.” [On-
line]. Available: https://www.verifiedmarketresearch.com/product/
[19] R. Mahmud, R. Kotagiri, and R. Buyya, “Fog Computing: A
global-internet-of-things-iot-market-size-and-forecast-to-2026/
taxonomy, survey and future directions,” in Internet of Things.
Springer International Publishing, 2018, vol. 0, pp. 103–130.
[5] “IoT Security Market Report 2020-2025 — IoT Plat-
forms/Software.” [Online]. Available: https://iot-analytics.com/
[20] “Fog Computing and the Internet of Things: Extend the Cloud to
product/iot-security-market-report-2020-2025/
http:// journals.uob.edu.bh
216 Idriss Idrissi, et al.: A Lightweight Optimized Deep Learning-based Host-Intrusion Detection System
Deployed on the Edge for IoT
Where the Things Are What You Will Learn,” Tech. Rep., 2015. [37] “Arduino Pro.” [Online]. Available: https://www.arduino.cc/pro/
hardware/product/portenta-h7
[21] W. Shi and S. Dustdar, “The Promise of Edge Computing,” Com- Idriss Idrissi is a Ph.D. candidate in Com-
puter, vol. 49, no. 5, pp. 78–81, may 2016.
puter Engineering at Mohammed First Uni-
[22] H. Hindy, C. Tachtatzis, R. Atkinson, E. Bayne, and X. Bellekens, versity in Oujda, Morocco, where he is re-
“Mqtt-iot-ids2020: Mqtt internet of things intrusion detection searching internet of things security using
dataset,” 2020. Deep Learning. He has an M.Sc. degree
in internet of things from Sidi Mohamed
[23] H. Hindy, E. Bayne, M. Bures, R. Atkinson, C. Tachtatzis, and Ben Abdellah University in Fez, Morocco
X. Bellekens, “Machine learning based iot intrusion detection sys- (2019), a B.Sc. degree in Computer Engi-
tem: an mqtt case study (mqtt-iot-ids2020 dataset),” in International
Networking Conference. Springer, 2020, pp. 73–84.
neering from Mohammed First University
(2016). Additionally, he holds several cer-
[24] “TensorFlow Lite — ML for Mobile and Edge Devices.” [Online]. tifications in networking, artificial intelligence, cybersecurity, and
Available: https://www.tensorflow.org/lite programming. Also, he was a reviewer for various international
conferences and journals. And is currently employed as an ad-
[25] Intel, “Intel® Neural Compute Stick 2 — Product Sheet,” Tech. ministrative at Mohammed First University.
Rep., 2019. [Online]. Available: www.intel.com/bench-
[26] “Coral.” [Online]. Available: https://coral.ai/ Mostafa Azizi received a State Engineer
degree in Automation and Industrial Com-
[27] “NVIDIA Jetson Nano Developer Kit — NVIDIA puting from the Engineering School EMI
Developer.” [Online]. Available: https://developer.nvidia.com/ of Rabat, Morocco in 1993, then a Master
embedded/jetson-nano-developer-kit degree in Automation and Industrial Com-
puting from the Faculty of Sciences of Ou-
[28] N. Rachburee and W. Punlumjeak, “A comparison of feature selec-
jda, Morocco in 1995, and a Ph.D. degree
tion approach between greedy, IG-ratio, Chi-square, and mRMR
in educational mining,” in Proceedings - 2015 7th International in Computer Science from the University of
Conference on Information Technology and Electrical Engineering: Montreal, Canada in 2001. He earned also
Envisioning the Trend of Computer, Information and Engineering, tens of online certifications in Programming,
ICITEE 2015. Institute of Electrical and Electronics Engineers Inc., Networking, AI, Computer Security . . . He is currently a Professor
2015, pp. 420–424.
at the ESTO, University Mohammed First of Oujda. His research
interests include Security and Networking, AI, Software Engineer-
[29] “TensorFlow Lite converter.” [Online]. Available: https://www.
tensorflow.org/lite/convert/index ing, IoT, and Embedded Systems. His research findings with his
team are published in over 100 peer-reviewed communications
[30] “TensorFlow model optimization — TensorFlow Model and papers. He also served as PC member and reviewer in several
Optimization.” [Online]. Available: https://www.tensorflow.org/ international conferences and journals.
model optimization/guide
[31] R. David, J. Duke, A. Jain, V. J. Reddi, N. Jeffries, J. Li, N. Kreeger, Omar Moussaoui is an Associate Professor
I. Nappier, M. Natraj, S. Regev, R. Rhodes, T. Wang, and P. Warden, at the Higher School of Technology (ESTO)
“TensorFlow Lite Micro: Embedded Machine Learning on TinyML of Mohammed First University, Oujda – Mo-
Systems,” oct 2020. rocco. He has been a member of the Com-
puter Science Department of ESTO since
[32] “Raspberry Pi 4 Model B specifications – Raspberry
2013. He is currently director of the MATSI
Pi.” [Online]. Available: https://www.raspberrypi.org/products/
raspberry-pi-4-model-b/specifications/ research laboratory. Omar completed his Ph.
D. in computer science at the University of
[33] “Espressif Systems,” Tech. Rep., 2021. [Online]. Available: Cergy-Pontoise France in 2006. His research
https://www.espressif.com/en/support/download/documents. interests lie in the fields of IoT, wireless net-
works and security. He has actively collaborated with researchers
[34] “NodeMcu – An open-source firmware based on ESP8266 wifi-soc.” in several other computer science disciplines. He participated
[Online]. Available: https://www.nodemcu.com/index en.html in several scientific & organizing committees of national and
international conferences. He served as reviewer for numerous
[35] “ESP8266 Wi-Fi MCU I Espressif Systems.” [Online]. Available:
https://www.espressif.com/en/products/socs/esp8266 international journals. He has more than 20 publications in inter-
national journals and conferences and he has co-authored 2 book
[36] “Arduino Uno Rev3 — Arduino Official Store.” [Online]. Available: chapters. Omar is an instructor for CISCO Networking Academy
https://store.arduino.cc/arduino-uno-rev3 on CCNA Routing & Switching and CCNA Security.
http:// journals.uob.edu.bh