Abstract
In this paper, a network intrusion detection system is proposed using Bayesian topic model latent Dirichlet allocation (LDA) for mobile edge computing (MEC). The method employs tcpdump packets and extracts multiple features from the packet headers. The tcpdump packets are transferred into documents based on the features. A topic model is trained using only attack-free traffic in order to learn the behavior patterns of normal traffic. Then, the test traffic is analyzed against the learned behavior patterns to measure the extent to which the test traffic resembles the normal traffic. A threshold is defined in the training phase as the minimum likelihood of a host. In the test phase, when a host’s test traffic has a likelihood lower than the host’s threshold, the traffic is labeled as an intrusion. The intrusion detection system is validated using DARPA 1999 dataset. Experiment shows that our method is suitable to protect the security of MEC.
Highlights
Mobile edge computing (MEC) has become the main feature of 5G communications [1]
Dataset Description. e network traffic used in this session is DARPA 1999 dataset of MIT Lincoln Laboratory which was prepared for 1999 DARPA intrusion detection evaluation program [52]
It is one of the most popular experimental datasets for network intrusion detection systems. It has many limitations such as the simplicity of the attacks, inaccuracy in the information, and so on, it is still used as the benchmark of many Intrusion detection systems (IDSs) and provides a baseline to compare the performance of different IDSs
Summary
Mobile edge computing (MEC) has become the main feature of 5G communications [1]. During the development of MEC, researchers have always been keeping a focus on security issues. e security issues in MEC include application layer security, network layer security, data security, and node security. E signature-based method predefines the patterns of intrusions and matches the network traffic against the patterns to raise detection alarms. Intrusion detection systems (IDSs) protect the network layer security for MEC and have been an important component in it [2]. Ere are two methods to detect intrusions in general, i.e., signature-based method and anomaly-based method. E anomaly-based method establishes the normal behavior patterns for network traffic and if the pattern is accurate and extensive enough, any behavior different from the former would be regarded as an intrusion. E main challenge of anomaly-based detection is how to establish an accurate and efficient behavior pattern using the normal network traffic. Different hosts usually devote to different tasks, such as e-mail delivery and web page proxy, and they have different behavior patterns
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
