在本文中,我們提出了一種網絡入侵檢測系統,該系統將霧層中的串流式機器學習模型和雲層中的在線標記模型相結合。串流學習模型基於自適應極限梯度提升(Adaptive XGBoost)機器學習算法,旨在檢測異常網絡流量。在線標註模型是基於隨機森林算法的批次機器學習模型,同時還負責標註未知流量,並為霧層中的串流學習模型提供更新。所提出的解決方案可以有效檢測與物聯網設備連接的霧層中的異常流量。與基於批次處理的方法相比,串流學習模型可以以較低的成本更新模型。為了評估所提出的系統,使用現代數據集來測試模型的準確性。實驗結果表明,在雲層對霧層提供更新的情況下,所提出的方案可以有效地實現比基礎方法更好的分類準確度。並且基於串流學習的方法可以提供比基於批次處理的方法更高的性能輸出。
In this paper, we proposed a network intrusion detection system that combines a streaming machine learning model in the fog layer and an on-line labeling model in the cloud layer. The streaming learning model is based on the Adaptive XGBoost machine learning algorithm and is aiming to detect anonymous network traffic. The on-line labeling model is a batch-based machine learning model based on the Random Forest algorithm and is also responsible to label unknown traffic and provide updates to the streaming learning model in the fog layer. The proposed solution can effectively detect abnormal traffic in the fog layer that is connected with IoT devices. The streaming learning model can update the model at a lower cost as compared to the batch-based approach. To evaluate the proposed system, modern datasets are used to test the accuracy of the model. The experiment results show that with the cloud layer provides updates to the fog layer, the proposed scheme can effectively achieve better classification accuracy than the baseline method. And the stream learning-based approach can provide higher throughput than the batch-based approach.