Protocol-agnostic and packet-based intrusion detection using a multi-layer deep-learning architecture at the network edge

Intrusion Detection (ID) faces multiple challenges, including the diversity of intrusion types and the risk of false positives and negatives. In an edge computing context, resource constraints further complicate the process, particularly during the training phase, which is computationally intensive. This paper presents a novel approach to ID in network traffic within edge computing environments using a Neural Network (NN) model. The proposed model is designed to align with the layered structure of network packets and has been trained and evaluated on the widely used CIC-IDS2017 cybersecurity dataset. Its protocol-agnostic design and customized preprocessing method enable it to efficiently detect network attacks across multiple protocols while preserving the original packet structure. Unlike existing approaches that transform packets into alternative representations such as images or NLP-based techniques, which introduce additional overhead, our method processes packets directly, eliminating the need for complex components like Recurrent Neural Networks (RNNs) or convolutional layers. Our model is optimized for edge computing by employing a centralized training approach that minimizes resource consumption while allowing flexible deployment on edge devices. Experimental results demonstrate that our approach outperforms existing methods in terms of accuracy, F1-score, recall, and precision when evaluated on a real-world dataset. This work highlights the potential of deep learning in enhancing network security while respecting edge computing constraints.

Mots clés

• Intrusion detection
• edge computing
• neural network
• preprocessing
• deep-learning