Abstract
With the outbreaks of recent cyber-attacks, a network intrusion detection system (NIDS) which can detect and classify abnormal traffic data has drawn a lot of attention. Although detection time and accuracy are important factors, there is no work considering both contrastive objectives in an NIDS. In order to quickly and accurately respond to network threats, intrusion detection algorithms should be implemented on both fog and cloud devices, which have different levels of computing capacity and detection time, in a collaborative manner. Therefore, this work proposes a packet assignment algorithm that assigns detection and classification tasks for appropriate processing devices. Specifically, we formulate a novel optimization problem that minimizes detection time while achieving accuracy performance and computational constraints. Then, an optimal packet assignment algorithm that allocates as many packets as possible to fog devices in order to shorten the detection time is proposed. The experimental results on a state-of-the-art network dataset (UNSW-NB15) show that the proposed packet assignment algorithm produces similar performance to the optimal solution with regard to the detection time and accuracy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Cao, V.L., Nicolau, M., McDermott, J.: Learning neural representations for network anomaly detection. IEEE Trans. Cybern. 49(8), 3074–3087 (2019)
Clark, M., Dutta, P.: The haunted house: Networking smart homes to enable casual long-distance social interactions. In: IoT-App 2015 (2015)
Doffman, Z.: Cyberattacks on IOT devices surge 300% in 2019, ‘measured in billions’, report claims (2019). https://bit.ly/35uPCI7. Accessed 04 May 2020
Hosseini, S., Azizi, M.: The hybrid technique for DDoS detection with supervised learning algorithms. Comput. Netw. 158, 35–45 (2019)
Khan, F.A., Gumaei, A., Derhab, A., Hussain, A.: A novel two-stage deep learning model for efficient network intrusion detection. IEEE Access 7, 30373–30385 (2019)
Lapolli, A.C., Marques, J.A., Gaspary, L.P.: Offloading real-time DDoS attack detection to programmable data planes. In: 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 19–27 (2019)
Morais, C., Sadok, D., Kelner, J.: An IoT sensor and scenario survey for data researchers. J. Braz. Comput. Soc. 25, 4 (2019)
Moustafa, N., Turnbull, B., Choo, K.R.: An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet Things J. 6(3), 4815–4830 (2019)
Carvalho, R.N., Bordim, J.L., Alchieri, E.A.P: Entropy-based dos attack identification in SDN. In: 2019 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW), pp. 627–634 (2019)
Nguyen, T.G., Phan, T.V., Nguyen, B.T., So-In, C., Baig, Z.A., Sanguanpong, S.: Search: a collaborative and intelligent NIDS architecture for SDN-based cloud IoT networks. IEEE Access 7, 107678–107694 (2019)
Systems, C.: Cisco Annual Internet Report (2018–2023) White Paper. Technical Report Cisco Systems (2020)
Vu, L., Cao, V.L., Uy, N.Q., Nguyen, D.N., Hoang, D.T., Dutkiewicz, E.: Learning latent distribution for distinguishing network traffic in intrusion detection system, pp. 1–6 (2019)
Xilinx: Xilinx Virtex-7 FPGA VC707 Evaluation Kit. Tech. rep., Xilinx
Yan, Q., Huang, W., Luo, X., Gong, Q., Yu, F.R.: A multi-level DDos mitigation framework for the industrial internet of things. IEEE Commun. Mag. 56(2), 30–36 (2018)
Yang, Y., Zheng, K., Wu, C., Yang, Y.: Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network. Sensors 19(11), 2528 (2019)
Acknowledgment
This work is funded by the Le Quy Don Technical University.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Thi-Nga, D., Ta, C.H., Vu, V.S., Le, D.V. (2020). An Optimal Packet Assignment Algorithm for Multi-level Network Intrusion Detection Systems. In: Vo, NS., Hoang, VP. (eds) Industrial Networks and Intelligent Systems. INISCOM 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 334. Springer, Cham. https://doi.org/10.1007/978-3-030-63083-6_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-63083-6_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63082-9
Online ISBN: 978-3-030-63083-6
eBook Packages: Computer ScienceComputer Science (R0)