The IoT's vulnerability to network attacks has motivated the design of intrusion detection schemes (IDS) using Machine Learning (ML), with a low computational cost for online detection but intensive offline learning. Such IDS can have high attack detection accuracy and are easily installed on servers that communicate with IoT devices. However, they are seldom evaluated in realistic operational conditions where IDS processing may be held up by the system overload created by attacks. Thus we first present an experimental study of UDP Flood Attacks on a Local Area Network Test-Bed, where the first line of defence is an accurate IDS using an Auto-Associative Dense Random Neural Network. The experiments reveal that during severe attacks, the packet and protocol management software overloads the multi-core server, and paralyses IDS detection. We therefore propose and experimentally evaluate an IDS design where decisions are made from a very small number of incoming packets, so that attacking traffic is dropped within milli-seconds after an attack begins and the paralysing effect of congestion is avoided.

翻译：物联网易受网络攻击的特性推动了基于机器学习（ML）的入侵检测系统（IDS）设计，这类系统具备低在线检测计算成本、高离线学习强度的特点。此类IDS能够实现高精度的攻击检测，且易于部署在与物联网设备通信的服务器上。然而，这些方案很少在真实运行条件下进行评估——实际环境中攻击引发的系统过载可能导致IDS处理进程受阻。为此，我们首先在局域网测试平台上开展了UDP洪水攻击的实验研究，其中第一道防线采用基于自联想密集随机神经网络的精确IDS。实验表明，在严重攻击期间，数据包及协议管理软件会过载多核服务器，导致IDS检测功能瘫痪。因此，我们提出并实验验证了一种新型IDS设计方案：该方案仅依据极少量的传入数据包进行决策，使得攻击流量在攻击开始后毫秒级时间内被丢弃，从而避免拥塞导致的系统瘫痪效应。