COLIDE: a collaborative intrusion detection framework for Internet of Things

Internet of Things (IoT) represent a network of resource‐constrained sensor devices connected through the open Internet, susceptible to misuse by intruders. Traditional standalone intrusion detection systems (IDS) are tasked with monitoring device behaviours to identify malicious activities. These systems not only require extensive network and system resources but also cause delays in detecting a malicious actor due to unavailability of a comprehensive view of the intruder's activities. Collaboration among IoT devices enables considering knowledge from a collection of host and network devices to achieve improved detection accuracy in a timely manner. However, collaboration introduces the challenge of energy efficiency and event processing which is particularly significant for resource‐constrained devices. In this paper, we present a collaborative intrusion detection framework (COLIDE) for IoT leveraging collaboration among resource‐constrained sensor and border nodes for effective and timely detection of intruders. The paper presents a detailed formal description of the proposed framework along with analysis to assess its effectiveness for a typical IoT system. We implemented the COLIDE framework with Contiki OS and conducted thorough experimentation to evaluate its performance. The evaluation demonstrates efficiency of COLIDE framework with respect to energy and processing overheads achieving effectiveness within an IoT system.