An Optimal Packet Assignment Algorithm for Multi-level Network Intrusion Detection Systems

With the outbreaks of recent cyber-attacks, a network intrusion detection system (NIDS) which can detect and classify abnormal traffic data has drawn a lot of attention. Although detection time and accuracy are important factors, there is no work considering both contrastive objectives in an NIDS. In order to quickly and accurately respond to network threats, intrusion detection algorithms should be implemented on both fog and cloud devices, which have different levels of computing capacity and detection time, in a collaborative manner. Therefore, this work proposes a packet assignment algorithm that assigns detection and classification tasks for appropriate processing devices. Specifically, we formulate a novel optimization problem that minimizes detection time while achieving accuracy performance and computational constraints. Then, an optimal packet assignment algorithm that allocates as many packets as possible to fog devices in order to shorten the detection time is proposed. The experimental results on a state-of-the-art network dataset (UNSW-NB15) show that the proposed packet assignment algorithm produces similar performance to the optimal solution with regard to the detection time and accuracy.