Research on lightweight anomaly detection of multimedia traffic in edge computing

With the rapid development of the multimedia Internet of Things, a large amount of multimedia data is generated at the edge of the network. These multimedia data occupies most of the network traffic, and they have higher real-time transmission requirements, so they bring higher detection requirements to network security equipment. However, due to the limited processing capabilities of edge nodes, the high-performance distributed intrusion detection system (DIDS) in cloud computing cannot be used directly at the edge of the network. To solve this problem, a DIDS identification and detection method for multimedia traffic in an edge computing (EC) environment is proposed. Firstly, according to the characteristics of multimedia sensors, a multimedia traffic identification scheme combining protocol analysis and session analysis is established. Then, the improved and pruned C4.5 decision tree algorithm is used to identify the traffic which is not easily identified by the previous method. Finally, a special rule base and rule linked list are established in DIDS for targeted detection of multimedia traffic to achieve the goal of low calculation and high accuracy of the system. In addition, a DIDS multimedia detection optimization algorithm based on the M/M/n/m model is also proposed, which enables DIDS to automatically adjust the detection intensity of multimedia packets according to the length of the waiting queue. Firstly, the state flow diagram is established according to the Markov chain and birth-death process. Then, the multimedia detection method is improved by establishing the service dependent model. Finally, the operating cost is minimized by calculating the optimal number of detection engines in the DIDS. Experimental results show that the proposed scheme can help DIDS to identify and pertinently detect multimedia traffic with the lowest operating cost in a resource-constrained edge computing environment, while the safety of DIDS has not been reduced.