面向雾计算的个性化轻量级分布式网络入侵检测系统

doi:10.11959/j.issn.2096-109x.2023035

Abstract

Abstract:

With the continuous development of Internet of Things (IoT) technology, there is a constant emergency of new IoT applications with low latency, high dynamics, and large bandwidth requirements.This has led to the widespread aggregation of massive devices and information at the network edge, promoting the emergence and deep development of fog computing architecture.However, with the widespread and in-depth application of fog computing architecture, the distributed network security architecture deployed to ensure its security is facing critical challenges brought by fog computing itself, such as the limitations of fog computing node computing and network communication resources, and the high dynamics of fog computing applications, which limit the edge deployment of complex network intrusion detection algorithms.To effectively solve the above problems, a personalized lightweight distributed network intrusion detection system (PLD-NIDS) was proposed based on the fog computing architecture.A large-scale complex network flow intrusion detection model was trained based on the convolutional neural network architecture, and furthermore the network traffic type distribution of each fog computing node was collected.The personalized model distillation algorithm and the weighted first-order Taylor approximation pruning algorithm were proposed to quickly compress the complex model, breaking through the limitation of traditional model compression algorithms that can only provide single compressed models for edge node deployment due to the high compression calculation overhead when facing a large number of personalized nodes.According to experimental results, the proposed PLD-NIDS architecture can achieve fast personalized compression of edge intrusion detection models.Compared with traditional model pruning algorithms, the proposed architecture achieves a good balance between computational loss and model accuracy.In terms of model accuracy, the proposed weighted first-order Taylor approximation pruning algorithm can achieve about 4% model compression ratio improvement under the same 0.2% model accuracy loss condition compared with the traditional first-order Taylor approximation pruning algorithm.

Key words: intrusion detection, fog computing, model compression, distributed system

CLC Number:

TP393

Tianpeng YE, Xiang LIN, Jianhua LI, Xuankai ZHANG, Liwen XU. Personalized lightweight distributed network intrusion detection system in fog computing[J]. Chinese Journal of Network and Information Security, 2023, 9(3): 28-37.

Figures/Tables 6

References 28

[1]	MANIMURUGAN S . IoT-fog-cloud model for anomaly detection using improved Na?ve Bayes and principal component analysis[J]. Journal of Ambient Intelligence and Humanized Computing, 2021: 1-10.
[2]	LIU H Y , LANG B . Machine learning and deep learning methods for intrusion detection systems:a survey[J]. Applied Sciences, 2019,9(20): 4396.
[3]	BUCZAK A L , GUVEN E . A survey of data mining and machine learning methods for cyber security intrusion detection[J]. IEEE Communications Surveys ＆ Tutorials, 2015,18(2): 1153-1176.
[4]	THANIGAIVELAN N K , NIGUSSIE E , KANTH R K ,et al. Distributed internal anomaly detection system for Internet-ofThings[C]// Proceedings of 2016 13th IEEE Annual Consumer Communications ＆ Networking Conference (CCNC). 2016: 319-320.
[5]	DIRO A , CHILAMKURTI N . Leveraging LSTM networks for attack detection in fog-to-things communications[C]// Proceedings of IEEE Communications Magazine. 2018: 124-130.
[6]	DIRO A A , CHILAMKURTI N . Distributed attack detection scheme using deep learning approach for Internet of things[J]. Future Generation Computer Systems, 2018,82: 761-768.
[7]	LAWAL M A , SHAIKH R A , HASSAN S R . An anomaly mitigation framework for IoT using fog computing[J]. Electronics, 2020,9(10): 1565.
[8]	MALEH Y , ABDELLAHEZZATI W . Lightweight intrusion detection scheme for wireless sensor networks[J]. International Journal of Computer Science, 2015,42: 1-8.
[9]	AN X S , ZHOU X W , LYU X ,et al. Sample selected extreme learning machine based intrusion detection in fog computing and MEC[J]. Wireless Communications and Mobile Computing, 2018,2018: 1-10.
[10]	DAO T N , LEE H . Stacked autoencoder-based probabilistic feature extraction for on-device network intrusion detection[J]. IEEE Internet of Things Journal, 2022,9(16): 14438-14451.
[11]	NGUYEN X H , NGUYEN X D , HUYNH H H ,et al. Realguard:a lightweight network intrusion detection system for IoT gateways[J]. Sensors (Basel,Switzerland), 2022,22(2): 432.
[12]	彭媛媛 . 基于一维卷积神经网络的轻量级物联网入侵检测方法研究[D]. 成都:电子科技大学, 2022.
	PENG Y Y . A lightweight IoT intrusion detection method based on one-dimensional convolutional neural network[D]. Chengdu:University of Electronic Science and Technology of China, 2022.
[13]	THAKKAR A , LOHIYA R . A review on machine learning and deep learning perspectives of IDS for IoT:recent updates,security issues,and challenges[J]. Archives of Computational Methods in Engineering, 2021,28(4): 3211-3243.
[14]	ZHAO R J , LI Z J , XUE Z ,et al. A novel approach based on lightweight deep neural network for network intrusion detection[C]// Proceedings of 2021 IEEE Wireless Communications and Networking Conference (WCNC). 2021: 1-6.
[15]	CHOUDHARY T , MISHRA V , GOSWAMI A ,et al. A comprehensive survey on model compression and acceleration[J]. Artificial Intelligence Review, 2020,53(7): 5113-5155.
[16]	GONG Y C , LIU L , YANG M ,et al. Compressing deep convolutional networks using vector quantization[J]. arXiv Preprint arXiv:1412.6115, 2014.
[17]	GUPTA S , AGRAWAL A , GOPALAKRISHNAN K ,et al. Deep learning with limited numerical precision[C]// Proceedings of the 32nd International Conference on Machine Learning. 2015: 1737-1746.
[18]	VANHOUCKE V , SENIOR A , MAO M . Improving the speed of neural networks on CPUs[C]// Proceedings of Deep Learning and Unsupervised Feature Learning Workshop. 2011: 1-8.
[19]	HASSIBI B , STORK D G . Second order derivatives for network pruning:optimal brain surgeon[C]// Proceedings of Advances in Neural Information Processing Systems. 1992: 164-171.
[20]	HAN S , POOL J , TRAN J ,et al. Learning both weights and connections for efficient neural networks[C]// Proceedings of the 28th International Conference on Neural Information Processing Systems. 2015: 1135-1143.
[21]	LI H , KADAV A , DURDANOVIC I ,et al. Pruning filters for efficient ConvNets[J]. arXiv Preprint arXiv:1608.08710, 2016.
[22]	IANDOLA F N , HAN Song , MOSKEWICZ M W ,et al. SqueezeNet:AlexNet-level accuracy with 50x fewer parameters and＜ 0.5 MB model size[J]. arXiv Preprint arXiv:1602.07360, 2016.
[23]	HOWARD A G , ZHU M L , CHEN B ,et al. MobileNets:efficient convolutional neural networks for mobile vision applications[J]. arXiv Preprint arXiv:1704.04861, 2017.
[24]	HINTON G , VINYALS O , DEAN J . Distilling the knowledge in a neural network[J]. arXiv Preprint arXiv:1503.02531, 2015.
[25]	ROMERO A , BALLAS N , KAHOU S E ,et al. FitNets:Hints for thin deep nets[J]. arXiv Preprint arXiv:1412.6550, 2014.
[26]	MOLCHANOV P , TYREE S , KARRAS T ,et al. Pruning convolutional neural networks for resource efficient inference[C]// Proceedings of 5th International Conference on Learning Representations (ICLR). 2019.
[27]	MOLCHANOV P , MALLYA A , TYREE S ,et al. Importance estimation for neural network pruning[C]// Proceedings of 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2020: 11256-11264.
[28]	WANG W , ZHU L Q , GUO B Q . Reliable identification of redundant kernels for convolutional neural network compression[J]. Journal of Visual Communication and Image Representation, 2019,63:102582.

Metrics

Recommended 0

No Suggested Reading articles found!

流量名称	训练样本	剪枝及测试样本	流量类型
BitTorrent	4 800	1 200.Zipf(1,20)	正常
FTP	4 800	1 200.Zipf(1,20)	正常
MySQL	4 800	1 200.Zipf(1,20)	正常
Skype	4 800	1 200.Zipf(1,20)	正常
Weibo	4 800	1 200.Zipf(1,20)	正常
Facetime	4 800	1 200.Zipf(1,20)	正常
Gmail	4 800	1 200.Zipf(1,20)	正常
Outlook	4 800	1 200.Zipf(1,20)	正常
SMB	4 800	1 200.Zipf(1,20)	正常
WOW	4 800	1 200.Zipf(1,20)	正常
P2P Cridex	4 800	1 200.Zipf(1,20)	恶意
Htbot	4 800	1 200.Zipf(1,20)	恶意
Neris	4 800	1 200.Zipf(1,20)	恶意
Chat/IM Shifu	4 800	1 200.Zipf(1,20)	恶意
Virut	4 800	1 200.Zipf(1,20)	恶意
Geodo	4 800	1 200.Zipf(1,20)	恶意
Email Miuref	4 800	1 200.Zipf(1,20)	恶意
Email Nsis-ay	4 800	1 200.Zipf(1,20)	恶意
Tinba	4 800	1 200.Zipf(1,20)	恶意
Game Zeus	4 800	1 200.Zipf(1,20)	恶意

算法名称	模型大小/MB	模型推理复杂度/MMAC 模型训练损耗/s	模型查准率P	F1值
DeneNet-50	32.34	213.5510 154.18	0.752 2	0.748 9
AlexNet-20	27.32	121.12860.85	0.640 0	0.637 3
AlexNet-50	27.44	121.242833.68	0.734 1	0.606 4
AlexNet-20-Origin	27.32	121.12249.96	0.605 9	0.602 5
AlexNet-20-20	27.32	121.1211 934.31	0.613 9	0.611 0

对照参数τ	模型查准率P	F1值
1	0.610 4	0.604 7
3	0.631 4	0.630 1
5	0.640 0	0.637 3
10	0.624 4	0.624 7
20	0.619 8	0.609 7

算法名称	模型大小/MB	模型推理复杂度/MMAC	剪枝损耗/s	模型查准率P	F1值
AlexNet-20	27.32	222.91	—	0.985 7	0.985 6
Taylor-FO-Weighted	15.87	192.1	37.21	0.891 9	0.840 7
Taylor-FO-Origin	15.87	192.1	8.72	0.822 2	0.623 5
L2 Structure	16.39	133.7	4.03	0.382 9	0.390 0
Random Structure	16.39	133.7	0.098	0.374 8	0.286 4

Personalized lightweight distributed network intrusion detection system in fog computing

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 28

Related Articles 10

Metrics

Recommended 0

[1]	Xiangdong HU, Lingling TANG. Method on intrusion detection for industrial internet based on light gradient boosting machine [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 46-55.
[2]	ANTONG P, Wen CHEN, Lifa WU. IoT intrusion detection method for unbalanced samples [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 130-139.
[3]	Yimu JI, Weidong YANG, Kui LI, Shangdong LIU, Qiang LIU, Sisi SHAO, Shuai YOU, Naijiao HUANG. Container intrusion detection method based on host system call frequency [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 18-29.
[4]	Gansen ZHAO,Zhijian XIE,Xinming WANG,Jiahao HE,Chengzhi ZHANG,Chengchuang LIN,ZHOU Ziheng,Bingchuan CHEN,RONG Chunming. ContractGuard:defend Ethereum smart contract with embedded intrusion detection [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 35-55.
[5]	Yimu JI,Zhipeng JIAO,Shangdong LIU,Fei WU,Jing SUN,Na WANG,Zhiyu CHEN,Qiang BI,Penghao TIAN. CAN bus flood attack detection based on communication characteristics [J]. Chinese Journal of Network and Information Security, 2020, 6(1): 27-37.
[6]	Bin ZHANG,Lixun LI,Shuqin DONG. Malware detection approach based on improved SOINN [J]. Chinese Journal of Network and Information Security, 2019, 5(6): 21-30.
[7]	Binghao YAN,Guodong HAN. Combinatorial intrusion detection model based on deep recurrent neural network and improved SMOTE algorithm [J]. Chinese Journal of Network and Information Security, 2018, 4(7): 48-59.
[8]	Jialin WANG, Jiqiang LIU, Di ZHAO, Yingdi WANG, Yingxiao XIANG, Tong CHEN, Endong TONG, Wenjia NIU. Intrusion detection model based on non-symmetric convolution auto-encode and support vector machine [J]. Chinese Journal of Network and Information Security, 2018, 4(11): 57-68.
[9]	Ming-xin MA,Guo-zhen SHI,Ya-qiong WANG,Hao-jie WANG,Wen-wen CHENG. Multilevel secure access control policy for distributed systems [J]. Chinese Journal of Network and Information Security, 2017, 3(8): 28-34.
[10]	Di FAN,Jing LIU,Jun-xi ZHUANG,Ying-xu LAI. Research on attack scenario reconstruction method based on causal knowledge discovery [J]. Chinese Journal of Network and Information Security, 2017, 3(4): 58-68.