Research On Intrusion Detection Strategy With Limited Resource Of Edge Computing Nodes

In recent years,the Internet has been extended to various terminal devices,gradually realizing the interconnection between people and people,people and things,and things and things.The emergence and application of edge computing technology has accelerated this process since edge computing servers can provide computing services nearby edge networks close to terminal devices.In addition to the advantages of real-time and scalability,the security of edge computing is also of great concern.Because edge nodes own limited available resources,they can not provide as much computing power as cloud servers to perform security defense activities such as network intrusion detection or access control,nor can they effectively identify diverse and new types of network attacks.Therefore,there is a need to study an intrusion detection strategy which is compliant with timely,lightweight,and highly adaptable to provide a secure operating environment for Io T applications under edge computing architecture.In this paper,we propose two corresponding intrusion detection strategies from two directions,namely,reducing detection data and autonomous learning tagging capability,combined with deep reinforcement learning algorithms.The main research work of this paper is as follows.First,we introduce the current state of research in related directions,analyze the technical methods and evaluation criteria,including recurrent neural networks,deep reinforcement learning,active learning and other technical methods,as well as accuracy,recall,and other evaluation criteria.Second,under the circumstance of detecting substantial data,the computational complicacy can be reduced by decreasing the characteristic space dimensionality of network traffic.However,we propose an intrusion detection system that can reduce the resource consumption by detecting the most relevant data instead of completely detecting all.Accordingly,we propose the RLl-DL algorithm,which draws on the autonomous decision-making behavior using reinforcement learning,and allows the intrusion detection system to decide specific detecting data by itself.The Gated Recurrent Unit is introduced into the classification network to process network traffic using its feature of keeping long-term information;a pair of actor-critic neural networks is also set up to determine the specific network traffic data for the next detection.Based on this,GRUAC IDS is designed,and experiments show that the model can maintain good classification performance while detecting partial data.Third,under the circumstance of facing diverse and new types of cyber attacks,similar active learning research methods have been used,which introduces expert experience into the training of the model.Based on this,we combine the autonomous decision-making feature of reinforcement learning and propose the intrusion detection system train neural network models heuristically through expert-assisted tagging as well as their own resource load,etc.to eventually achieve IDS recognition capability and reduce the reliance on manual tagging.Accordingly,we propose the DQN-AL algorithm,which heuristically allows the intrusion detection system to learn the classification of the predecessor classifier and combine it with the auxiliary markers identified by the markers to make appropriate decisions for network traffic.We designed the DRL-h IDS model and it is designed to consume less storage space considering the limited resources of edge nodes.The experimental results show that the model does not need to occupy too much system load,while the classification function is achieved with good classification performance by expert assistance and learning the experience of the predecessor classifier.