The IoT's vulnerability to network attacks has motivated the design of intrusion detection schemes (IDS) using Machine Learning (ML), with a low computational cost for online detection but intensive offline learning. Such IDS can have high attack detection accuracy and are easily installed on servers that communicate with IoT devices. However, they are seldom evaluated in realistic operational conditions where IDS processing may be held up by the system overload created by attacks. Thus we first present an experimental study of UDP Flood Attacks on a Local Area Network Test-Bed, where the first line of defence is an accurate IDS using an Auto-Associative Dense Random Neural Network. The experiments reveal that during severe attacks, the packet and protocol management software overloads the multi-core server, and paralyses IDS detection. We therefore propose and experimentally evaluate an IDS design where decisions are made from a very small number of incoming packets, so that attacking traffic is dropped within milli-seconds after an attack begins and the paralysing effect of congestion is avoided.

翻译：物联网易受网络攻击的特性推动了基于机器学习的入侵检测方案设计，这类方案虽具备低计算开销的在线检测能力，但离线训练强度较大。此类入侵检测系统（IDS）能实现高攻击检测准确率，且易于部署在物联网设备通信的服务器上。然而，这些系统鲜少在真实运行条件下被评估——当攻击导致系统过载时，IDS处理过程可能受阻。为此，我们首先针对局域网测试床上的UDP洪泛攻击开展实验研究，其首道防线为采用自动联想密集随机神经网络的精确IDS。实验表明，在强攻击期间，数据包和协议管理软件会使多核服务器过载，并导致IDS检测瘫痪。因此，我们提出并实验评估了一种IDS设计方案，该方案仅基于极少量入站数据包进行决策，从而使攻击流量在开始后数毫秒内被丢弃，避免拥塞导致的检测瘫痪效应。