Research On Intrusion Detection And Response Methods In Fog Computing Environment

As a new computing model in the era of Internet of Everything,fog computing distributes computing,communication,control and storage resources and services to users or on devices and systems close to users,thus extending the cloud computing model to the network edge and providing network users with low latency,more flexible access and more secure network communication services.However,the characteristics of widely distributed geographic location of fog nodes,more lightweight,and limited resource storage capacity also bring great challenges to the security and privacy protection of fog computing environment.First,intrusion detection,as the second security barrier after the firewall,can quickly detect security risks in the network.The traditional intrusion detection methods have problems such as slow detection speed and low accuracy rate.Second,intrusion response is the final link of the whole intrusion prevention system,which is the measures and actions taken against the intrusion after it is discovered or detected by the fog node,and an effective intrusion response strategy is the key to guarantee the security of fog computing.In order to solve the above two problems,this paper makes the following research.1.Aiming at the problem that fog nodes are closer to user devices,nodes are heterogeneous,resource storage capacity is limited,and more vulnerable to intrusion,a lightweight IDS called Cloud-Fog-Collaborative support vector machine is proposed.Because of the high dimension of network data,firstly,principal component analysis is used to reduce the dimension of data,eliminate the correlation between attributes,improve the training and detection rate,then in the cloud server,support vector machine algorithm is used to complete the training of data set,save the model,send it to the fog node,and carry out attack detection in the fog node.It greatly shortens the training time and improves the detection accuracy.Using the classic KDD cup1999 data set evaluation model,after comparing with other algorithms,it is proved that this method is superior to other algorithms in response time,detection rate,accuracy and other aspects,and can effectively solve the problem of intrusion detection in the edge computing environment.2.For the problem of poor adaptation of intrusion response decision in fog computing environment,an intrusion response decision algorithm combining game theory and deep reinforcement learning is proposed.First,the intrusion response decision model in the fog computing environment is constructed with a random game as the standard.Second,the behaviors of the attacker and the fog computing IDS are defined as random variables,and the continuous state space formed by the game between the two sides is processed using deep Q networks,and finally the Minimax algorithm is used to solve the optimal value function in a specific state,and the best intrusion response strategy is obtained after the training is completed.Comparing the game results of the proposed Minimax-DQN,DQN and random strategy shows that the proposed algorithm can greatly improve the probability of winning for fog computing IDS,thus solving the intrusion response decision problem in fog environment.