面向雾计算的个性化轻量级分布式网络入侵检测系统

Personalized lightweight distributed network intrusion detection system in fog computing

随着物联网技术不断发展,低时延高动态大带宽的新型物联网应用不断出现。这些需求导致海量设备和信息广泛聚集在网络边缘,因而推动了雾计算架构的出现和深入发展。而随着雾计算架构的广泛深入应用,为了保障其安全所部署的分布式网络安全架构也面临着雾计算本身所带来的挑战,如雾计算节点计算和网络通信资源的局限性以及雾计算应用的高动态性限制了复杂网络入侵检测算法的边缘化部署。为了有效解决上述问题,提出了一个面向雾计算架构的个性化轻量级分布式网络入侵检测系统(PLD-NIDS)。该系统基于卷积神经网络架构训练大规模复杂网络流入侵检测模型,同时进一步采集各雾计算节点的网络流量类型分布情况,提出个性化模型蒸馏算法和基于加权一阶泰勒近似剪枝算法对复杂模型进行快速个性化压缩,突破了传统模型压缩算法在面对大量个性化节点时由于压缩计算开销过大而只能提供单一压缩模型用于边缘节点部署的局限性。根据实验结果,所提的PLD-NIDS架构能够实现边缘入侵检测模型的快速个性化压缩。与传统模型剪枝算法相比,所提出的架构在计算损耗和模型精度上取得了较好平衡。在模型精度上,所提的加权一阶泰勒近似剪枝算法与传统一阶泰勒近似剪枝算法相比,在同样的0.2%模型精度损失条件下能够提升约4%的模型压缩比。

With the continuous development of Internet of Things(IoT) technology,there is a constant emergency of new IoT applications with low latency,high dynamics,and large bandwidth requirements.This has led to the widespread aggregation of massive devices and information at the network edge,promoting the emergence and deep development of fog computing architecture.However,with the widespread and in-depth application of fog computing architecture,the distributed network security architecture deployed to ensure its security is facing critical challenges brought by fog computing itself,such as the limitations of fog computing node computing and network communication resources,and the high dynamics of fog computing applications,which limit the edge deployment of complex network intrusion detection algorithms.To effectively solve the above problems,a personalized lightweight distributed network intrusion detection system(PLD-NIDS) was proposed based on the fog computing architecture.A large-scale complex network flow intrusion detection model was trained based on the convolutional neural network architecture,and furthermore the network traffic type distribution of each fog computing node was collected.The personalized model distillation algorithm and the weighted first-order Taylor approximation pruning algorithm were proposed to quickly compress the complex model,breaking through the limitation of traditional model compression algorithms that can only provide single compressed models for edge node deployment due to the high compression calculation overhead when facing a large number of personalized nodes.According to experimental results,the proposed PLD-NIDS architecture can achieve fast personalized compression of edge intrusion detection models.Compared with traditional model pruning algorithms,the proposed architecture achieves a good balance between computational loss and model accuracy.In terms of model accuracy,the proposed weighted first-order Taylor approximation pruning algorithm can achieve about 4% model compression ratio improvement under the same 0.2% model accuracy loss condition compared with the traditional first-order Taylor approximation pruning algorithm.