| Edge computing mode can store and calculate the data generated by terminal devices on the edge side of the network,which reduces the interaction between data occurrence end and cloud,and can respond faster than cloud computing mode.However,the special network structure of edge computing makes edge network nodes near edge devices face many intrusion threats.Once the edge network node is captured,it will no longer provide high-quality and efficient services,and even endanger the information security of other users.Therefore,it is necessary to detect the intrusion behavior existing in the edge network node in time.However,there are some difficulties in intrusion detection in edge computing environment.First of all,the computing and storage resources of edge network nodes are relatively insufficient,which leads to the traditional intrusion detection model is not suitable for edge computing environment.And then,due to the dynamic nature of the network connection data in the edge network nodes,the distribution of network connection data may change at different times,resulting in concept drift,which will lead to the decline of the detection performance of the trained intrusion detection model,and it is difficult to continue to effectively detect the intrusion.In order to solve the above problems,this thesis proposes an intrusion detection model and algorithm for edge network nodes based on the theory of extreme learning machine.The main contributions and innovations of this thesis are as follows:(1)Aiming at the problem of intrusion detection in edge network nodes with resource constraints,an improved combination kernel extreme learning machine intrusion detection model was proposed.The model takes advantage of the lightweight feature of the kernel extreme learning machine,and combines Gaussian kernel and Sigmoid kernel to construct a combination kernel function to replace the single kernel function in the kernel extreme learning machine,so as to enhance its classification performance.Then,the control parameters of the differential evolution algorithm was adjusted adaptively,and the algorithm is used to optimize the combination kernel extreme learning machine to further improve its detection ability.Finally,the optimized combination kernel extreme learning machine is used to train the intrusion detection model,which will be integrated into the intrusion detection system,and then deployed to the edge network nodes to perform intrusion detection.The experimental results show that the optimized intrusion detection model of combination kernel extreme learning machine can detect network intrusion effectively.(2)Aiming at the problem that the detection performance of intrusion detection model decreases due to the concept drift in the network connection data of edge network nodes,an incremental learning algorithm based on concept drift detection was proposed.Firstly,the algorithm measures the distribution difference between data to judge whether concept drift occurs or not.Then,a hierarchical decrement oversampling strategy based on synthetic minority classes was proposed to deal with the problem of sample imbalance caused by the small number of data samples in concept drift.Finally,in the sequential learning phase of online sequence extreme learning machine,the information of learning concept drift data is used to update the output weights of the intrusion detection model so that the updated intrusion detection model can adapt to the recurrence of concept drift.The experimental results show that the detection performance of the updated intrusion detection model is improved compared with that before the update.(3)An edge computing intrusion detection system was designed and implemented based on the proposed model and algorithm.By building the edge computing environment,the intrusion detection model and relevant algorithms are integrated into the intrusion detection system,and then deployed to the edge network node to perform intrusion detection,and the relevant detection information is summarized and displayed in the foreground page after statistics. |
PDF Full Text Request