面向雾计算的个性化轻量级分布式网络入侵检测系统

doi:10.11959/j.issn.2096-109x.2023035

网络与信息安全学报 ›› 2023, Vol. 9 ›› Issue (3): 28-37.doi: 10.11959/j.issn.2096-109x.2023035

面向雾计算的个性化轻量级分布式网络入侵检测系统

叶天鹏, 林祥, 李建华, 张轩凯, 许力文

上海交通大学网络空间安全研究院，上海 200240

修回日期:2023-02-16 出版日期:2023-06-25 发布日期:2023-06-01
作者简介:叶天鹏（1993- ），男，江苏无锡人，上海交通大学博士生，主要研究方向为车辆云计算、人工智能技术在网络安全领域的应用、自然语言处理
林祥（1979- ），男，福建闽侯人，上海交通大学工程师，主要研究方向为网络空间安全、自然语言处理、网络安全大数据挖掘
李建华（1965- ），男，江西九江人，上海交通大学教授、博士生导师，主要研究方向为网络空间、个人隐私保护、数据安全
张轩凯（1999- ），男，四川广安人，上海交通大学硕士生，主要研究方向为二进制代码分析、物联网安全设备漏洞挖掘以及人工智能与安全
许力文（1999- ），男，山东泰安人，上海交通大学硕士生，主要研究方向为网络安全态势感知
基金资助:
中央高校基本科研业务费专项资金(23X010200978);信息网络安全公安部重点实验室（公安部第三研究所）开放课题(C20608)

Personalized lightweight distributed network intrusion detection system in fog computing

Tianpeng YE, Xiang LIN, Jianhua LI, Xuankai ZHANG, Liwen XU

Institute of Cyber Science and Technology in Shanghai Jiao Tong University, Shanghai 200240, China

Revised:2023-02-16 Online:2023-06-25 Published:2023-06-01
Supported by:
The Fundamental Research Funds for the Central Universities”(23X010200978);Open Subject of the Ministry of Public Security Key Laboratory of Information Network Security (The Third Re-search Institute of the Ministry of Public Security)(C20608)

摘要/Abstract

摘要：

随着物联网技术不断发展，低时延高动态大带宽的新型物联网应用不断出现。这些需求导致海量设备和信息广泛聚集在网络边缘，因而推动了雾计算架构的出现和深入发展。而随着雾计算架构的广泛深入应用，为了保障其安全所部署的分布式网络安全架构也面临着雾计算本身所带来的挑战，如雾计算节点计算和网络通信资源的局限性以及雾计算应用的高动态性限制了复杂网络入侵检测算法的边缘化部署。为了有效解决上述问题，提出了一个面向雾计算架构的个性化轻量级分布式网络入侵检测系统（PLD-NIDS）。该系统基于卷积神经网络架构训练大规模复杂网络流入侵检测模型，同时进一步采集各雾计算节点的网络流量类型分布情况，提出个性化模型蒸馏算法和基于加权一阶泰勒近似剪枝算法对复杂模型进行快速个性化压缩，突破了传统模型压缩算法在面对大量个性化节点时由于压缩计算开销过大而只能提供单一压缩模型用于边缘节点部署的局限性。根据实验结果，所提的PLD-NIDS架构能够实现边缘入侵检测模型的快速个性化压缩。与传统模型剪枝算法相比，所提出的架构在计算损耗和模型精度上取得了较好平衡。在模型精度上，所提的加权一阶泰勒近似剪枝算法与传统一阶泰勒近似剪枝算法相比，在同样的 0.2%模型精度损失条件下能够提升约4%的模型压缩比。

关键词: 入侵检测, 雾计算, 模型压缩, 分布式系统

Abstract:

With the continuous development of Internet of Things (IoT) technology, there is a constant emergency of new IoT applications with low latency, high dynamics, and large bandwidth requirements.This has led to the widespread aggregation of massive devices and information at the network edge, promoting the emergence and deep development of fog computing architecture.However, with the widespread and in-depth application of fog computing architecture, the distributed network security architecture deployed to ensure its security is facing critical challenges brought by fog computing itself, such as the limitations of fog computing node computing and network communication resources, and the high dynamics of fog computing applications, which limit the edge deployment of complex network intrusion detection algorithms.To effectively solve the above problems, a personalized lightweight distributed network intrusion detection system (PLD-NIDS) was proposed based on the fog computing architecture.A large-scale complex network flow intrusion detection model was trained based on the convolutional neural network architecture, and furthermore the network traffic type distribution of each fog computing node was collected.The personalized model distillation algorithm and the weighted first-order Taylor approximation pruning algorithm were proposed to quickly compress the complex model, breaking through the limitation of traditional model compression algorithms that can only provide single compressed models for edge node deployment due to the high compression calculation overhead when facing a large number of personalized nodes.According to experimental results, the proposed PLD-NIDS architecture can achieve fast personalized compression of edge intrusion detection models.Compared with traditional model pruning algorithms, the proposed architecture achieves a good balance between computational loss and model accuracy.In terms of model accuracy, the proposed weighted first-order Taylor approximation pruning algorithm can achieve about 4% model compression ratio improvement under the same 0.2% model accuracy loss condition compared with the traditional first-order Taylor approximation pruning algorithm.

Key words: intrusion detection, fog computing, model compression, distributed system

中图分类号:

TP393

叶天鹏, 林祥, 李建华, 张轩凯, 许力文. 面向雾计算的个性化轻量级分布式网络入侵检测系统[J]. 网络与信息安全学报, 2023, 9(3): 28-37.

Tianpeng YE, Xiang LIN, Jianhua LI, Xuankai ZHANG, Liwen XU. Personalized lightweight distributed network intrusion detection system in fog computing[J]. Chinese Journal of Network and Information Security, 2023, 9(3): 28-37.

图/表 6

图1

表1

表2

表3

图2

表4

参考文献 28

[1]	MANIMURUGAN S . IoT-fog-cloud model for anomaly detection using improved Na?ve Bayes and principal component analysis[J]. Journal of Ambient Intelligence and Humanized Computing, 2021: 1-10.
[2]	LIU H Y , LANG B . Machine learning and deep learning methods for intrusion detection systems:a survey[J]. Applied Sciences, 2019,9(20): 4396.
[3]	BUCZAK A L , GUVEN E . A survey of data mining and machine learning methods for cyber security intrusion detection[J]. IEEE Communications Surveys ＆ Tutorials, 2015,18(2): 1153-1176.
[4]	THANIGAIVELAN N K , NIGUSSIE E , KANTH R K ,et al. Distributed internal anomaly detection system for Internet-ofThings[C]// Proceedings of 2016 13th IEEE Annual Consumer Communications ＆ Networking Conference (CCNC). 2016: 319-320.
[5]	DIRO A , CHILAMKURTI N . Leveraging LSTM networks for attack detection in fog-to-things communications[C]// Proceedings of IEEE Communications Magazine. 2018: 124-130.
[6]	DIRO A A , CHILAMKURTI N . Distributed attack detection scheme using deep learning approach for Internet of things[J]. Future Generation Computer Systems, 2018,82: 761-768.
[7]	LAWAL M A , SHAIKH R A , HASSAN S R . An anomaly mitigation framework for IoT using fog computing[J]. Electronics, 2020,9(10): 1565.
[8]	MALEH Y , ABDELLAHEZZATI W . Lightweight intrusion detection scheme for wireless sensor networks[J]. International Journal of Computer Science, 2015,42: 1-8.
[9]	AN X S , ZHOU X W , LYU X ,et al. Sample selected extreme learning machine based intrusion detection in fog computing and MEC[J]. Wireless Communications and Mobile Computing, 2018,2018: 1-10.
[10]	DAO T N , LEE H . Stacked autoencoder-based probabilistic feature extraction for on-device network intrusion detection[J]. IEEE Internet of Things Journal, 2022,9(16): 14438-14451.
[11]	NGUYEN X H , NGUYEN X D , HUYNH H H ,et al. Realguard:a lightweight network intrusion detection system for IoT gateways[J]. Sensors (Basel,Switzerland), 2022,22(2): 432.
[12]	彭媛媛 . 基于一维卷积神经网络的轻量级物联网入侵检测方法研究[D]. 成都:电子科技大学, 2022.
	PENG Y Y . A lightweight IoT intrusion detection method based on one-dimensional convolutional neural network[D]. Chengdu:University of Electronic Science and Technology of China, 2022.
[13]	THAKKAR A , LOHIYA R . A review on machine learning and deep learning perspectives of IDS for IoT:recent updates,security issues,and challenges[J]. Archives of Computational Methods in Engineering, 2021,28(4): 3211-3243.
[14]	ZHAO R J , LI Z J , XUE Z ,et al. A novel approach based on lightweight deep neural network for network intrusion detection[C]// Proceedings of 2021 IEEE Wireless Communications and Networking Conference (WCNC). 2021: 1-6.
[15]	CHOUDHARY T , MISHRA V , GOSWAMI A ,et al. A comprehensive survey on model compression and acceleration[J]. Artificial Intelligence Review, 2020,53(7): 5113-5155.
[16]	GONG Y C , LIU L , YANG M ,et al. Compressing deep convolutional networks using vector quantization[J]. arXiv Preprint arXiv:1412.6115, 2014.
[17]	GUPTA S , AGRAWAL A , GOPALAKRISHNAN K ,et al. Deep learning with limited numerical precision[C]// Proceedings of the 32nd International Conference on Machine Learning. 2015: 1737-1746.
[18]	VANHOUCKE V , SENIOR A , MAO M . Improving the speed of neural networks on CPUs[C]// Proceedings of Deep Learning and Unsupervised Feature Learning Workshop. 2011: 1-8.
[19]	HASSIBI B , STORK D G . Second order derivatives for network pruning:optimal brain surgeon[C]// Proceedings of Advances in Neural Information Processing Systems. 1992: 164-171.
[20]	HAN S , POOL J , TRAN J ,et al. Learning both weights and connections for efficient neural networks[C]// Proceedings of the 28th International Conference on Neural Information Processing Systems. 2015: 1135-1143.
[21]	LI H , KADAV A , DURDANOVIC I ,et al. Pruning filters for efficient ConvNets[J]. arXiv Preprint arXiv:1608.08710, 2016.
[22]	IANDOLA F N , HAN Song , MOSKEWICZ M W ,et al. SqueezeNet:AlexNet-level accuracy with 50x fewer parameters and＜ 0.5 MB model size[J]. arXiv Preprint arXiv:1602.07360, 2016.
[23]	HOWARD A G , ZHU M L , CHEN B ,et al. MobileNets:efficient convolutional neural networks for mobile vision applications[J]. arXiv Preprint arXiv:1704.04861, 2017.
[24]	HINTON G , VINYALS O , DEAN J . Distilling the knowledge in a neural network[J]. arXiv Preprint arXiv:1503.02531, 2015.
[25]	ROMERO A , BALLAS N , KAHOU S E ,et al. FitNets:Hints for thin deep nets[J]. arXiv Preprint arXiv:1412.6550, 2014.
[26]	MOLCHANOV P , TYREE S , KARRAS T ,et al. Pruning convolutional neural networks for resource efficient inference[C]// Proceedings of 5th International Conference on Learning Representations (ICLR). 2019.
[27]	MOLCHANOV P , MALLYA A , TYREE S ,et al. Importance estimation for neural network pruning[C]// Proceedings of 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2020: 11256-11264.
[28]	WANG W , ZHU L Q , GUO B Q . Reliable identification of redundant kernels for convolutional neural network compression[J]. Journal of Visual Communication and Image Representation, 2019,63:102582.

流量名称	训练样本	剪枝及测试样本	流量类型
BitTorrent	4 800	1 200.Zipf(1,20)	正常
FTP	4 800	1 200.Zipf(1,20)	正常
MySQL	4 800	1 200.Zipf(1,20)	正常
Skype	4 800	1 200.Zipf(1,20)	正常
Weibo	4 800	1 200.Zipf(1,20)	正常
Facetime	4 800	1 200.Zipf(1,20)	正常
Gmail	4 800	1 200.Zipf(1,20)	正常
Outlook	4 800	1 200.Zipf(1,20)	正常
SMB	4 800	1 200.Zipf(1,20)	正常
WOW	4 800	1 200.Zipf(1,20)	正常
P2P Cridex	4 800	1 200.Zipf(1,20)	恶意
Htbot	4 800	1 200.Zipf(1,20)	恶意
Neris	4 800	1 200.Zipf(1,20)	恶意
Chat/IM Shifu	4 800	1 200.Zipf(1,20)	恶意
Virut	4 800	1 200.Zipf(1,20)	恶意
Geodo	4 800	1 200.Zipf(1,20)	恶意
Email Miuref	4 800	1 200.Zipf(1,20)	恶意
Email Nsis-ay	4 800	1 200.Zipf(1,20)	恶意
Tinba	4 800	1 200.Zipf(1,20)	恶意
Game Zeus	4 800	1 200.Zipf(1,20)	恶意

算法名称	模型大小/MB	模型推理复杂度/MMAC 模型训练损耗/s	模型查准率P	F1值
DeneNet-50	32.34	213.5510 154.18	0.752 2	0.748 9
AlexNet-20	27.32	121.12860.85	0.640 0	0.637 3
AlexNet-50	27.44	121.242833.68	0.734 1	0.606 4
AlexNet-20-Origin	27.32	121.12249.96	0.605 9	0.602 5
AlexNet-20-20	27.32	121.1211 934.31	0.613 9	0.611 0

对照参数τ	模型查准率P	F1值
1	0.610 4	0.604 7
3	0.631 4	0.630 1
5	0.640 0	0.637 3
10	0.624 4	0.624 7
20	0.619 8	0.609 7

算法名称	模型大小/MB	模型推理复杂度/MMAC	剪枝损耗/s	模型查准率P	F1值
AlexNet-20	27.32	222.91	—	0.985 7	0.985 6
Taylor-FO-Weighted	15.87	192.1	37.21	0.891 9	0.840 7
Taylor-FO-Origin	15.87	192.1	8.72	0.822 2	0.623 5
L2 Structure	16.39	133.7	4.03	0.382 9	0.390 0
Random Structure	16.39	133.7	0.098	0.374 8	0.286 4

面向雾计算的个性化轻量级分布式网络入侵检测系统

Personalized lightweight distributed network intrusion detection system in fog computing

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 28

相关文章 10

Metrics

推荐阅读 0

[1]	胡向东, 唐玲玲. 基于轻量级梯度提升机优化的工业互联网入侵检测方法[J]. 网络与信息安全学报, 2023, 9(2): 46-55.
[2]	潘桐, 陈伟, 吴礼发. 面向不平衡样本的物联网入侵检测方法[J]. 网络与信息安全学报, 2023, 9(1): 130-139.
[3]	季一木, 杨卫东, 李奎, 刘尚东, 刘强, 邵思思, 尤帅, 黄乃娇. 基于主机系统调用频率的容器入侵检测方法[J]. 网络与信息安全学报, 2021, 7(4): 18-29.
[4]	赵淦森,谢智健,王欣明,何嘉浩,张成志,林成创,ZihengZhou,陈冰川,ChunmingRong. ContractGuard：面向以太坊区块链智能合约的入侵检测系统[J]. 网络与信息安全学报, 2020, 6(2): 35-55.
[5]	季一木,焦志鹏,刘尚东,吴飞,孙静,王娜,陈治宇,毕强,田鹏浩. 基于通信特征的CAN总线泛洪攻击检测方法[J]. 网络与信息安全学报, 2020, 6(1): 27-37.
[6]	张斌,李立勋,董书琴. 基于改进SOINN算法的恶意软件增量检测方法[J]. 网络与信息安全学报, 2019, 5(6): 21-30.
[7]	燕昺昊,韩国栋. 基于深度循环神经网络和改进SMOTE算法的组合式入侵检测模型[J]. 网络与信息安全学报, 2018, 4(7): 48-59.
[8]	王佳林, 刘吉强, 赵迪, 王盈地, 相迎宵, 陈彤, 童恩栋, 牛温佳. 基于非对称卷积自编码器和支持向量机的入侵检测模型[J]. 网络与信息安全学报, 2018, 4(11): 57-68.
[9]	马铭鑫,史国振,王亚琼,王豪杰,成文文. 适用于分布式系统的多级安全访问控制策略[J]. 网络与信息安全学报, 2017, 3(8): 28-34.
[10]	樊迪,刘静,庄俊玺,赖英旭. 基于因果知识发现的攻击场景重构研究[J]. 网络与信息安全学报, 2017, 3(4): 58-68.