Abstract
In today’s world, Internet technology and wireless communication technology are becoming more and more mature, which has brought massive network information resources to all sectors of society. At the same time, the phenomenon of data loss caused by illegal network intrusion is becoming more and more common. Therefore, it is necessary to identify and deal with them in combination with IDS (intrusion detection system). The problem of data processing is also very important. Enterprises can build a data management system according to their own needs, and use this system to process data. With the help of science and technology, AI (Artificial Intelligence) technology has become more mature and applied in many industries. Therefore, this paper proposed to build an AI IDS, and combined the deep RL (reinforcement learning) algorithm to analyze the performance of the system. This paper tested and analyzed the system from the aspects of precision and recall. The experimental results showed that the average precision of the five data sets was 94.76%, and the average recall rate was 91.4%. From the above data, combined with the algorithm in this paper, the precision and recall of the system have been significantly improved. This paper also conducted benchmark energy consumption comparison experiments for different cloud data management systems. The results showed that in terms of loading, the benchmark energy consumption of HBase was the lowest, which was 86KJ. In terms of query, the benchmark energy consumption of GridSQL was the lowest, which was 56KJ. It can be seen that different systems have their own advantages in the benchmark energy consumption of loading and query.
Keywords
Introduction
In the Internet era, network security issues should not be underestimated. In the face of illegal network intrusion, researchers combined intrusion detection technology to build an IDS to deal with network intrusion. However, the system has some drawbacks, especially when facing the strange pattern of intrusion, it can not be effectively identified, so the intrusion detection technology needs to be strengthened. AI technology is gradually becoming mature and has been well applied in different industries. Therefore, this technology can be integrated to build an AI IDS, which can better deal with network intrusion.
In recent years, the AI system has aroused widespread concern in the academic community, and scholars have carried out research on it one after another. Jin Cheng proposed an AI system for rapid detection of COVID-19. Through this system, he analyzed the CT of COVID-19 and evaluated the AI system in combination with the data set [1]. Shamout Farah E developed an AI system based on chest X-ray imaging, which can automatically assess the risk of deterioration by combining non imaging clinical variables [2]. Zhou Jie combined AI to evaluate the intestinal preparation, and integrated deep convolution neural network to develop an AI system, which was applied to colonoscopy [3]. In order to predict the phenomenon of explosion induced air overpressure, Nguyen Hoang developed an AI system in combination with artificial neural network and random forest, and developed new empirical technology [4]. Siddiqui Muhammad Farhan found through research that face detection combined with AI system can not only improve the punctuality rate of employee attendance, but also be applied in banks to effectively identify bank staff and bank users, thus improving security [5]. Stevenson Clark H aimed to develop an AI system to detect a variety of fundus pathology and inform clinical features. The system can upload pathological pictures to the AI system, and train and verify the classifier [6]. However, the research of these scholars on AI system is not comprehensive enough, and sensor based research on AI can play a better role.
Some scholars have also conducted corresponding research on sensors and AI. Sawyer Jennifer conducted research on medical sensor equipment, medical services based on AI, and clinical nursing in COVID-19 telemedicine. By copying a variety of data, he analyzed the improvement of the fusion of AI and sensor technology on the detection of COVID-19 [7]. Junejo F developed a multi-sensor system to monitor grinding operations. He applied AI to multi-sensor systems to automatically and continuously monitor grinding operations [8]. In general, there are not many researches on sensors and AI. In order to improve the AI detection system, it is necessary to study the AI detection system based on multi-sensor and wireless communication.
In this paper, the AI IDS was constructed based on AI technology, and the precision and recall of the system were tested and analyzed with the deep RL algorithm. The experimental results showed that the average precision of this algorithm was 94.76%, and the average precision of the traditional algorithm was 88.34%. In terms of recall rate, the average recall rate of the algorithm in this paper was 91.4%, and the average recall rate of the traditional algorithm was 85.18%. It can be seen from the above data that the algorithm in this paper can play a good optimization effect on the recall rate and precision of the system. In the benchmark energy consumption comparison experiment of different cloud data management systems, in terms of loading, the benchmark energy consumption of HBase was the lowest, which was 86KJ. In terms of query, the benchmark energy consumption of GridSQL was the lowest, which was 56KJ. It can be seen that different systems have their own advantages in the benchmark energy consumption of loading and query.
Multi sensor, wireless communication and AI IDS
Data management system
According to their actual needs, enterprises should build a matching data management system. In general, the data management system needs to have four functional modules: data input, data cleaning, data editing and data output. The following is an analysis of the requirements of each functional module:
Data input: it can input multiple pieces of data in batches, which is convenient and fast, and can effectively improve the efficiency of data input. Data cleaning: data cleaning technology can automatically detect data records. It can process duplicate, incomplete and unqualified records and delete duplicate records. Data cleaning can effectively guarantee the quality of data. Data editing: data editing is mainly the modification, query, deletion and other operations of data records. Data output: when enterprise users access data charts, data records, etc., they can access them through browsers and clients. In addition, they can also log in to their mailboxes to view them.
Multi sensor information fusion technology
The sensor is a detection device, which can obtain a variety of information. The sensor senses and detects the information, and then converts the information into different types for output according to human needs. Under the guidance of specific rules, multi-sensor information fusion technology combines computer technology to observe and analyze multi-sensor data, and integrate and complement redundant information, so as to estimate targets more accurately. For the problem of incomplete computer perception, this technology uses the information of multiple sensors to improve the perception information. The multi-sensor information fusion technology can be divided into three types: pixel level fusion, feature level fusion and decision level fusion. The pixel level fusion is shown in Fig. 1.
Pixel layer fusion.
The development status of wireless communication technology is mainly shown in the following aspects:
(1) 5G communication technology
The emergence of 5G communication technology represents the end of the 4G era. Although the standard of 5G communication technology has not been unified yet, at present, 5G communication technology has brought many conveniences to human society.
(2) Satellite communication technology
Satellite communication technology can enable wireless communication. Even in remote mountainous areas, electronic equipment can communicate wirelessly using satellite communication technology. Access to wired networks would improve communication efficiency and security.
(3) Wireless broadband technology
With the help of science and technology, the access methods of wireless broadband have become rich and diverse, such as microwave broadband access technology, but this technology would have certain requirements for the frequency band.
AI IDS
Intrusion detection technology
Intrusion refers to all the behaviors that want to destroy the integrity, security and usability of network resources. Intrusion detection is to judge and deal with illegal network intrusion. An IDS is a system that identifies and processes intrusion detection tasks [9]. When conducting intrusion detection, it is necessary to collect the original data and ensure the timeliness and sufficiency of the collection, so as to maximize the role of intrusion detection technology. The intrusion detection process is shown in Fig. 2.
Intrusion detection process.
AI is a comprehensive interdisciplinary subject with certain complexity [10]. In the actual operation process, the intrusion detection problem has a strong complexity. With the continuous improvement of hacker technology, the traditional intrusion detection technology is difficult to identify the intrusion behavior. Therefore, the intrusion detection engine needs to be intelligent to meet the needs of the system.
The scope of AI technology research is relatively broad, including artificial neural network, expert system, fuzzy recognition, etc., which just match the key technologies of IDS [11]. With the continuous improvement of AI technology, many advanced technologies have been applied to today’s IDS, such as data mining technology, artificial immune technology, agent technology, etc. [12, 13]. The application of these technologies can greatly optimize the performance of IDS.
Classification and composition of AI IDS
System classification
According to the detection target of the system, it is divided into main model and network-type; according to the detection technology, it is divided into abnormal behavior detection system and misuse detection system. The classification of AI IDS is shown in Fig. 3.
Classification of AI IDS.
(1) Anomaly detection model
The anomaly detection model includes Denning intrusion detection model, quantitative analysis model and statistical analysis model. Among them, Denning intrusion detection model is to monitor the behavior of network users by describing their behavior and building a network feature library. Statistical analysis model is mainly used to detect network intrusion behavior through statistical theory, and is mostly used to analyze huge network data.
(2) Misuse detection model
Most of the previous IDSs were built using expert systems. The expert system structure is shown in Fig. 4. The expert system is built with the help of expert experience, so the expert experience would be particularly relied on. With expert experience, the inference rules would be defined in advance to form a corresponding rule set. Under the expert system, the IDS is extremely dependent on it, so whether the IDS is effective depends on the expert knowledge base. Only when the expert knowledge base is sufficiently perfect, the IDS can better resist foreign intrusion [14, 15].
Structure of expert system.
(3) Other detection models
Other detection models mainly include neural network model, model based on data mining, intrusion detection model based on genetic algorithm, etc. In the neural network model, adaptive learning is the core technology of the model.
Intensive learning
In deep RL, both the perception ability of deep learning and the decision-making ability of RL are integrated. This method mainly simulates the human brain, so it is very similar to the human brain in perception. Deep RL uses the perceptual ability of deep learning to transform the original input data to form a higher level abstract expression, so that the potential laws of data can be explored. The principle framework of deep RL is shown in Fig. 5.
Principle framework of deep RL.
The AI IDS consists of 3 modules: data processing module, intrusion detection intelligent body construction module, intrusion detection intelligent body training module. The system construction is shown in Fig. 6.
The data processing module includes feature selection, normalization, etc. The construction module of intrusion detection agent includes environment state model, training strategy and value function. In the environment state model, there are some reward and punishment mechanisms, but these mechanisms are not open to intrusion detection agents. The training strategy is mainly to evaluate the value function. Through evaluation, the action strategy of this module can be improved, and combined with the reward and punishment mechanism of this model, the strategy parameters can be updated.
Overall construction of AI IDS.
The first step of this module is feature selection. The system combines feature selection method to select features and normalize variables. After that,
The initial value is represented by
(1) Environmental state model
The intrusion detection agent can perceive the state of the environment, and can also learn according to the feedback signal
The discount factor is
(2) Value function structure
The value function is mostly used to evaluate the quality of the state. In the selection of agent actions, the value function plays a leading role. The evaluation of intrusion detection agent can be realized by value function. It is assumed that the action value function is
It is assumed the number of state values is
(3) Training strategy definition
Essentially, the training policies of intrusion detection intelligences are a representation of state to action. The strategy gradient method can be used to calculate the strategy gradient. Firstly, the strategy parameter
Among them,
The deep RL algorithm also introduces the objective function, so the proportion of new and old strategies is shown as:
The iterative loss formula of conservative policy is:
If there is no limit on the proportion of new and old strategies, the gradient would explode when the iteration loss reaches the maximum.
When the intrusion detection agent is trained, the process is as follows: first, the agent obtains the strategy and generates the environment state model after learning. Secondly, the value function is evaluated according to the strategy, and then the action of the state is judged according to the value function. Finally, the return value is calculated by combining the advantage function, and the strategy is deeply improved until the training reaches a certain convergence effect.
Experimental evaluation of AI IDS based on deep RL
This paper collected the relevant data of the electric power transportation network in a certain area from the Internet, and generated five sets of data. Through the combination of deep RL algorithm, the performance of AI IDS was tested. This experiment mainly tested and analyzed the precision and recall rate, and compared with the traditional algorithm.
Precision test
This experiment combined two algorithms to test and analyze the system in terms of precision. The experimental results are shown in Fig. 7.
Precision comparison of different algorithms.
It can be seen from Fig. 7 that the precision of the IDS was different under the two algorithms. In this algorithm, the precision of each data set was more than 90%; the precision of Dataset 1 was the lowest, which was 93.7%; the precision of Dataset 5 was the highest, which was 95.4%; the average precision of five data sets could be calculated to be 94.76%. Under the traditional algorithm, the precision of each data set was below 90%; the precision of Dataset 5 was the lowest, which was 87.2%; the precision of Dataset 2 was the highest, which was 89.3%; therefore, the average precision of the five data sets was 88.34%. In contrast, the precision of this algorithm was higher, and the detection performance was better in the face of foreign network intrusion.
In order to further highlight the advantages of the algorithm in this paper, the system was tested and analyzed from the aspect of recall rate. The test results of the two algorithms are shown in Fig. 8.
Comparison of recall rates of different algorithms.
Comparison of benchmark energy consumption of different cloud data management systems.
It can be seen from Fig. 8 that there were obvious differences between the recall rate tests of the two algorithms. In this algorithm, the recall rate of each data set was relatively high; the recall rate of Dataset 3 was the lowest, which was 90.4%; the recall rate of Dataset 1 was the highest, which was 92.6%; from this, it can be calculated that the average recall rate of five data sets was 91.4%. Under the traditional algorithm, the recall rate of each data set was slightly lower; the recall rate of Dataset 2 was the lowest, which was 84.1%; the recall rate of Dataset 3 was the highest, which was 86.3%; the average recall rate of five data sets was 85.18%. From the above data. The algorithm in this paper would have a higher recall rate and more obvious advantages, which can play a good role in optimizing the IDS.
This experiment was mainly to compare the differences in benchmark energy consumption between different cloud data management systems. Three cloud data management systems HBase, Cassandra, and GridSQL were selected for the benchmark energy consumption experiment, which was mainly tested from two aspects: loading and querying. The test results are shown in Fig. 9.
It can be seen from Fig. 9 that the benchmark energy consumption of the three cloud data management systems in terms of loading and querying were different. In terms of loading, the benchmark energy consumption of HBase was the lowest, which was 86KJ. The benchmark energy consumption of GridSQL was the highest, which was 158KJ. In terms of query, the benchmark energy consumption of GridSQL was the lowest, which was 56KJ. Cassandra has the highest benchmark energy consumption of 362KJ. To sum up, the above three cloud data management systems have their own advantages in loading and querying.
Conclusions
The advent of the Internet era and the increasingly perfect wireless communication technology have brought sufficient network information resources for the production and business activities of all walks of life. At the same time, network intrusion also happens frequently, so it is necessary to establish an IDS to effectively judge and deal with network intrusion. At the same time, effective data management is also required. Multiple functional modules can be set up according to the actual needs of enterprises to build a data management system. In order to better deal with network intrusion, this paper proposed an AI IDS based on multi-sensor and wireless communication. The system was tested and analyzed based on the deep RL algorithm, which mainly calculated and analyzed the precision and recall rate. Under this algorithm, the precision and recall rate of the IDS have been greatly improved. This paper also tested the benchmark energy consumption of different cloud data management systems, and found that different systems have their own advantages in the benchmark energy consumption of loading and querying. In the future research work, the deep RL algorithm also needs to constantly adapt to the relevant requirements of the IDS, and improve the performance of all aspects, so as to achieve the overall optimization of the system.
