Personalized lightweight distributed network intrusion detection system in fog computing
With the continuous development of Internet of Things (IoT) technology, there is a constant emergency of new IoT applications with low latency, high dynamics, and large bandwidth requirements.This has led to the widespread aggregation of massive devices and information at the network edge, promoting...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2023-06-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023035 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529608301707264 |
|---|---|
| author | Tianpeng YE Xiang LIN Jianhua LI Xuankai ZHANG Liwen XU |
| author_facet | Tianpeng YE Xiang LIN Jianhua LI Xuankai ZHANG Liwen XU |
| author_sort | Tianpeng YE |
| collection | DOAJ |
| description | With the continuous development of Internet of Things (IoT) technology, there is a constant emergency of new IoT applications with low latency, high dynamics, and large bandwidth requirements.This has led to the widespread aggregation of massive devices and information at the network edge, promoting the emergence and deep development of fog computing architecture.However, with the widespread and in-depth application of fog computing architecture, the distributed network security architecture deployed to ensure its security is facing critical challenges brought by fog computing itself, such as the limitations of fog computing node computing and network communication resources, and the high dynamics of fog computing applications, which limit the edge deployment of complex network intrusion detection algorithms.To effectively solve the above problems, a personalized lightweight distributed network intrusion detection system (PLD-NIDS) was proposed based on the fog computing architecture.A large-scale complex network flow intrusion detection model was trained based on the convolutional neural network architecture, and furthermore the network traffic type distribution of each fog computing node was collected.The personalized model distillation algorithm and the weighted first-order Taylor approximation pruning algorithm were proposed to quickly compress the complex model, breaking through the limitation of traditional model compression algorithms that can only provide single compressed models for edge node deployment due to the high compression calculation overhead when facing a large number of personalized nodes.According to experimental results, the proposed PLD-NIDS architecture can achieve fast personalized compression of edge intrusion detection models.Compared with traditional model pruning algorithms, the proposed architecture achieves a good balance between computational loss and model accuracy.In terms of model accuracy, the proposed weighted first-order Taylor approximation pruning algorithm can achieve about 4% model compression ratio improvement under the same 0.2% model accuracy loss condition compared with the traditional first-order Taylor approximation pruning algorithm. |
| format | Article |
| id | doaj-art-58e76def3f1143bbb78bd93a37a7c66e |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2023-06-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-58e76def3f1143bbb78bd93a37a7c66e2025-01-15T03:16:34ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2023-06-019283759577790Personalized lightweight distributed network intrusion detection system in fog computingTianpeng YEXiang LINJianhua LIXuankai ZHANGLiwen XUWith the continuous development of Internet of Things (IoT) technology, there is a constant emergency of new IoT applications with low latency, high dynamics, and large bandwidth requirements.This has led to the widespread aggregation of massive devices and information at the network edge, promoting the emergence and deep development of fog computing architecture.However, with the widespread and in-depth application of fog computing architecture, the distributed network security architecture deployed to ensure its security is facing critical challenges brought by fog computing itself, such as the limitations of fog computing node computing and network communication resources, and the high dynamics of fog computing applications, which limit the edge deployment of complex network intrusion detection algorithms.To effectively solve the above problems, a personalized lightweight distributed network intrusion detection system (PLD-NIDS) was proposed based on the fog computing architecture.A large-scale complex network flow intrusion detection model was trained based on the convolutional neural network architecture, and furthermore the network traffic type distribution of each fog computing node was collected.The personalized model distillation algorithm and the weighted first-order Taylor approximation pruning algorithm were proposed to quickly compress the complex model, breaking through the limitation of traditional model compression algorithms that can only provide single compressed models for edge node deployment due to the high compression calculation overhead when facing a large number of personalized nodes.According to experimental results, the proposed PLD-NIDS architecture can achieve fast personalized compression of edge intrusion detection models.Compared with traditional model pruning algorithms, the proposed architecture achieves a good balance between computational loss and model accuracy.In terms of model accuracy, the proposed weighted first-order Taylor approximation pruning algorithm can achieve about 4% model compression ratio improvement under the same 0.2% model accuracy loss condition compared with the traditional first-order Taylor approximation pruning algorithm.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023035intrusion detectionfog computingmodel compressiondistributed system |
| spellingShingle | Tianpeng YE Xiang LIN Jianhua LI Xuankai ZHANG Liwen XU Personalized lightweight distributed network intrusion detection system in fog computing 网络与信息安全学报 intrusion detection fog computing model compression distributed system |
| title | Personalized lightweight distributed network intrusion detection system in fog computing |
| title_full | Personalized lightweight distributed network intrusion detection system in fog computing |
| title_fullStr | Personalized lightweight distributed network intrusion detection system in fog computing |
| title_full_unstemmed | Personalized lightweight distributed network intrusion detection system in fog computing |
| title_short | Personalized lightweight distributed network intrusion detection system in fog computing |
| title_sort | personalized lightweight distributed network intrusion detection system in fog computing |
| topic | intrusion detection fog computing model compression distributed system |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023035 |
| work_keys_str_mv | AT tianpengye personalizedlightweightdistributednetworkintrusiondetectionsysteminfogcomputing AT xianglin personalizedlightweightdistributednetworkintrusiondetectionsysteminfogcomputing AT jianhuali personalizedlightweightdistributednetworkintrusiondetectionsysteminfogcomputing AT xuankaizhang personalizedlightweightdistributednetworkintrusiondetectionsysteminfogcomputing AT liwenxu personalizedlightweightdistributednetworkintrusiondetectionsysteminfogcomputing |