There are various data management and security tools deployed at the cloud for storing and analyzing big data generated by the Internet of Things (IoT) and Industrial IoT (IIoT) systems. There is a recent trend to move such tools to edge networks (closer to the users and the IoT/IIoT systems) to address limitations, especially latency and security issues, in cloud-based solutions. However, protecting edge networks against zero-day attacks is challenging, due to the volume, variety and veracity of data collected from the large numbers of IoT devices in edge networks. In this paper, we propose a Distributed Anomaly Detection (DAD) system to discover zero-day attacks in edge networks. The proposed system uses Gaussian Mixture-based Correntropy, a novel ensemble one-class statistical learning model, which is designed to effectively monitor and recognize zero-day attacks in real-time from edge networks. We also design an IoT-edge-cloud architecture to illustrate the complexity of edge networks and how one can deploy the proposed system at network gateways. The proposed system is evaluated using both NSL-KDD and UNSW-NB15 datasets. The findings reveal that the proposed system achieves better performance, in terms of detection accuracy and processing time, compared with five anomaly detection techniques.

在云上部署了各种数据管理和安全工具，用于存储和分析由物联网（IoT）和工业IoT（IIoT）系统生成的大数据。最近有一种趋势是将此类工具移至边缘网络（更靠近用户和IoT / IIoT系统），以解决基于云的解决方案中的局限性，尤其是延迟和安全性问题。但是，由于从边缘网络中大量IoT设备收集的数据的数量，种类和准确性，保护边缘网络不受零日攻击的挑战。在本文中，我们提出了一种分布式异常检测（DAD）系统来发现边缘网络中的零日攻击。拟议的系统使用基于高斯混合的Correntropy，这是一种新颖的整体一类统计学习模型，它旨在有效监控和识别来自边缘网络的实时零日攻击。我们还设计了一种IoT-edge-cloud架构，以说明边缘网络的复杂性以及如何将建议的系统部署在网络网关上。建议的系统使用NSL-KDD和UNSW-NB15数据集进行评估。研究结果表明，与五种异常检测技术相比，该系统在检测准确度和处理时间方面都具有更好的性能。