A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets

While there has been a significant interest in understanding the cyber threat landscape of Internet of Things (IoT) networks, and the design of Artificial Intelligence (AI)-based security approaches, there is a lack of distributed architecture led to generating heterogeneous datasets that contain the actual behaviors of real-world IoT networks and complex cyber threat scenarios to evaluate the credibility of the new systems. This paper presents a novel testbed architecture of IoT network which can be used to evaluate Artificial Intelligence (AI)-based security applications. The platform NSX vCloud NFV was employed to facilitate the execution of Software-Defined Network (SDN), Network Function Virtualization (NFV) and Service Orchestration (SO) to offer dynamic testbed networks, which allow the interaction of edge, fog and cloud tiers. While deploying the architecture, realworld normal and attack scenarios are executed to collect labeled datasets. The generated datasets are named 'TON_IoT', as they comprise heterogeneous data sources collected from telemetry datasets of IoT services, Windows and Linux-based datasets, and datasets of network traffic. The TON_IoT network dataset is validated using four machine learning-based intrusion detection algorithms of Gradient Boosting Machine, Random Forest, Naive Bayes, and Deep Neural Networks, revealing a high performance of detection accuracy using the set of training and testing. A comparative summary of the TON_IoT network dataset and other competing network datasets demonstrates its diverse legitimate and anomalous patterns that can be used to better validate new AIbased security solutions. The architecture and datasets can be publicly accessed from TON_IOT Datasets (2020).

Automated summary

This paper introduces a novel testbed architecture of IoT network utilizing NSX vCloud NFV platform to execute SDN, NFV, and SO, offering dynamic testbed networks. By deploying real-world scenarios, the 'TON_IoT' dataset is generated and validated using four machine learning-based intrusion detection algorithms, showing high detection accuracy. The diverse patterns in TON_IoT dataset can be used to better validate new AI-based security solutions.