Resource-Aware Layered Intrusion Detection Allocation Model
For network administrators managing heterogeneous networks with limited resources, this model provides a principled way to allocate intrusion detection monitoring depth across devices, but the evaluation on only six devices limits its demonstrated applicability.
The paper proposes a resource-aware allocation model for layered intrusion detection in heterogeneous networks, formulated as an integer linear program that assigns monitoring depths to devices under resource constraints. The model is solved on a six-device network, demonstrating that it concentrates monitoring on important, high-risk devices while respecting feasibility and budget limits.
This paper proposes a resource-aware allocation model for layered intrusion detection in het erogeneous networks. Monitoring traffic at higher protocol layers improves the ability to detect sophisticated attacks, but it also increases computational and storage costs. The problem is formu lated as an integer linear program that assigns a single monitoring depth, ranging from Ethernet to the application layer, to each device, while accounting for device importance, attack probability, layer-dependent detection rates, and per-layer monitoring costs. The model further enforces a global resource budget, a minimum monitoring level for critical devices, and maximum-feasibility limits for constrained devices such as simple IoT sensors. The formulation is solved with the SCIP optimization framework on a small heterogeneous network of six devices, and the resulting allocation illustrates how the model concentrates monitoring effort on important and high-risk devices while respecting feasibility and budget constraints.