近年來，由於物聯網(Internet of Things, IoT)結合人工智慧(Artificial Intelligence, AI)應用的普及，眾多的運算裝置被部署在各個場域中，使用「邊緣運算」來分散處理資料中心的運算，是解決未來應用需求的方法。然而許多企業組織可能因為成本上的考量，忽略了IoT運算節點上資訊安全的重要性，使得有心人士有可趁之機，導致發生重大資安事件且須承受其所帶來的經濟損失。
在本篇論文中，我們提出了一種能用純軟體的方式，在現有的邊緣運算裝置上實現入侵測系統 (Intrusion Detection System, IDS)，且不須額外花費硬體建置成本，除此之外，透過整合開源的安全事件管理軟體 (Security information and event management，SIEM)，讓使用者能更容易的統一管理安全威脅事件。本研究在整合設計的過程中，模擬了各種不同的網路環境狀況，來測試系統中的(Network Intrusion Detection System, NIDS)的表現，並優化了現有開源NIDS (Suricata)的運作方式，使其在IoT運算裝置中能有更好的資源使用量表現，同時，我們也自行設計了一種能切換NIDS系統參數組態的調節器，能夠使NIDS在IoT運算裝置上更穩定地執行。

In recent years, with the widespread of Internet of Things (IoT) and Artificial Intelligence (AI) applications, many computing devices are deployed in various fields. To prevent from being overwhelmed with bunch of data sent from these devices, "Edge Computing" is a solution to decentralize the burden of data centers for the rising demand for such applications in the near future. However, many enterprises and organizations may ignore the importance of information security on the IoT computing nodes because of cost considerations. This instead poses threats to their system security and leads to potential economic loss.
In this paper, we propose a solution by implementing intrusion detection system (IDS) on an existing edge computing device in a pure software manner without the requirements for additional hardware construction costs. In addition, by integrating open source SIEM (Security Information and Event Management) in our system, users can manage the security threat events easily. In the process of integrating design, we simulated various network conditions to test the resource usage performance of NIDS (Network Intrusion Detection System) which is an open source software "Suricata" in our system and optimize the performance of that in computing devices. At the same time, we have also designed a regulator that can switch the configuration of Suricata, which enables the Suricata to operate more stably on the IoT computing device.

[1] TechNews, "AI, 5G rely on it, what is the edge computing ?": https://technews.tw/2018/05/16/edge-computing/
[2] Constantinos Kolias, Georgios Kambourakis, Angelos Stavrou and Jeffrey Voas,"DDoS in the IoT: Mirai and Other Botnets", vol.50, pp.80-84, 2017 IEEE Computer Society
[3] Asmaa Shaker Ashoor, Prof. Sharad Gore, "Importance of Intrusion Detection System (IDS)", International Journal of Scientific & Engineering Research, Volume 2, Issue 1, January-2011
[4] Eric Hamilton, "What is Edge Computing: The Network Edge Explained ?" , Dec. 27, 2018: https://www.cloudwards.net/what-is-edge-computing/
[5] iThome, "Will edge computing subvert cloud computing ?": https://www.ithome.com.tw/news/114625
[6] Mary K. Pratt, "What is an intrusion detection system? How an IDS spots threats", Feb 19, 2018: https://www.csoonline.com/article/3255632/what-is-an-intrusion-detection-system-how-an-ids-spots-threats.html
[7] Danny Rozenblum ,"Understanding Intrusion Detection Systems", SANS Institute Information Security Reading Room
[8] NETQNA, "Host-based Intrusion Detection System，HIDS": http://www.netqna.com/2014/04/host-based-intrusion-detection-system.html
[9] Hung-Jen Liao, Chun-Hung Richard Lin, Ying-Chih Lin, Kuang-Yuan Tung, " Intrusion detection system: A comprehensive review ", Journal of Network and Computer Applications 36, 2013
[10] Social Learning Space at FJU CSIE, "IDS (Intrusion Detection System)": https://sls.weco.net/node/10693
[11] NIST, "Intrusion Detection and Prevention Systems": https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=901146
[12] Axelsson S, Intrusion detection systems: a survey and taxonomy, Chalmers University of Technology, Sweden, Technical Report 99-15 (2000), pp. 1–27.
[13] Digital Guardian, "WHAT IS AN INTRUSION PREVENTION SYSTEM ?": https://digitalguardian.com/dskb/intrusion-prevention-system
[14] Cyberpedi, "WHAT IS AN INTRUSION PREVENTION SYSTEM?": https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips
[15] Mark Nicolett , Kelly Kavanagh, "Magic Quadrant for Security Information and Event Management", Gartner Research, June 2014
[16] TIM KEARY, "8 Best SIEM Tools: A Guide to Security Information and Event Management", May 7, 2019: https://www.comparitech.com/net-admin/siem-tools/
[17] JEFF PETTERS, "What is SIEM ? A Beginner’s Guide", April 6,2019: https://www.varonis.com/blog/what-is-siem/
[18] Evan Klein, "Top 5 open-source HIDS systems", Mar 25th, 2019: https://logz.io/blog/open-source-hids/
[19] Razan Abdulhammed, Miad Faezipour and Khaled M. Elleithy, "Network Intrusion Detection Using Hardware Techniques: A Review", 2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT)
[20] Waleed Bul’ajoul, Anne James, Mandeep Pannu, "Network Intrusion Detection Systems in High-Speed Traffic in Computer Networks", 2013 IEEE 10th International Conference on e-Business Engineering (ICEBE)
[21] Public malware network traffic: https://www.malware-traffic-analysis.net/
Publicly available PCAP files: https://www.netresec.com/?page=PcapFiles
[22] Alessandro Sforzin, Mauro Conti, Jens-Matthias Bohli, "RPiDS: Raspberry Pi IDS A Fruitful Intrusion Detection System for IoT", 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress
[23] Packet size distribution comparison between Internet links in 1998 and 2008: https://www.caida.org/research/traffic-analysis/pkt_size_distribution/graphs.xml
[24] Schroeder Phil, "Emerging Threats FAQ": https://docs.emergingthreats.net/bin/view/Main/EmergingFAQ