Real-Time Zero-Day Threat Detection in Fog Environments

The increasing deployment of Internet of Things (IoT) devices in fog computing environments has amplified the need for efficient and scalable network threat detection. Traditional rule-based intrusion detection systems (IDSs), such as Suricata, struggle to keep pace with modern attack techniques and high-throughput network conditions, especially when facing unknown or zero-day threats. This paper presents a real-time anomaly detection architecture that leverages semi-supervised machine learning and GPU-accelerated inference using NVIDIA's Morpheus and Triton frameworks. Our approach operates at the fog level, enabling fast, localized detection without the need for labeled attack data. We conduct a performance comparison with Suricata, showing that the proposed system can sustain traffic analysis at nearly 19 Gbps—far surpassing the capabilities of traditional IDSs—while maintaining effective detection accuracy. Experimental evaluation using the CTU-IoT-23 dataset demonstrates the system's robustness and suitability for real-world fog-based deployments.