Hindawi Wireless Communications and Mobile Computing Volume 2020, Article ID 8811035, 15 pages https://doi.org/10.1155/2020/8811035 Research Article An Edge IDS Based on Biological Immune Principles for Dynamic Threat Detection Yajing Zhang ,1 Jia Wei ,2 and Kai Wang 3,4 1School of Computer and Control Engineering, Yantai University, Yantai 264005, China 2Department of Economics and Management, Weifang University of Science and Technology, Weifang 262700, China 3School of Computer Science and Technology, Harbin Institute of Technology, Weihai 264209, China 4Research Institute of Cyberspace Security, Harbin Institute of Technology, Weihai 264209, China Correspondence should be addressed to Kai Wang; [email protected] Received 22 April 2020; Revised 19 July 2020; Accepted 3 August 2020; Published 17 August 2020 Academic Editor: Fuhong Lin Copyright © 2020 Yajing Zhang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Edge computing solves such questions as the massive multisource data and resource consuming computing tasks in edge devices. Some new security problems especially the data security and privacy issues have been introduced into the edge computing scenario. Through analyzing the biological immune principles, a novel idea for the problem of intrusion detection in edge computing is provided. Specifically, an edge intrusion detection system (Edge IDS) with a distributed structure, which has the characteristics of an imprecise model, self-learning, and strong interactivity, is constructed in a systematic way inspired by the biological immune principles. Moreover, a newly proposed gene immune detection algorithm (GIDA) is designed. In order that Edge IDS can deal with the dynamic data problem efficiently, the key functional components such as the remaining gene, niching strategy, and extracting vaccine are embedded into the GIDA algorithm. Furthermore, extensive simulation experiments are conducted, and the results show that the proposed Edge IDS can be adapted to the domain of edge computing with comparative performance advantages. 1. Introduction (1) Due to the need for computing at the edge, privacy data needs to be transmitted to third parties (e.g., Nowadays, the Internet is dramatically growing with the pro- the edge servers operated by certain commercial liferation of a wide variety of network-connected devices companies). In this case, it is easy to lose data, have data leakage, or operate illegal data. Thus, it everywhere. As increasing numbers of applications are contin- is difficult to guarantee data confidentiality and uously migrated from these devices to the cloud [1], current integrity [7] cloud infrastructure has become too overwhelmed to provide guaranteed services. For instance, the massive multisource (2) Users’ data shows characteristics like multiple trust data and resource-consuming computing tasks generated domains and variety structure, which increase the from these devices go far beyond the ability of cloud comput- uncertainty and difficulty of data detection ing technologies [2]. To address these challenges, the edge (3) The edge and cloud services can be accessed by all the computing paradigm (e.g., cloud-aware mobile fog computing authorized parties at any situation as per users’ [3]) is emerging and attracting increasing attentions, which requirements, which increases the risk of malicious enables the use of networked resources from remote cloud exploitation on certain data datacenters to the edge closer to the data source [4]. In edge computing, such special features as real-time (4) It will be relatively easy to lose protection and control computation and parallel processing [5] have also brought of all the privacy information, for example, personal new security problems which can be summarized as fol- identification or location information, due to some lows [6]. outsourced or external computing issues 2 Wireless Communications and Mobile Computing As an original barrier, the intrusion detection system The main contribution of this paper can be concluded as (IDS) plays a critical role in the problem of security protec- follows: tion. In this paper, the IDS that is implemented in the tradi- tional cloud servers is classified as Cloud IDS and the one (1) The characteristics and types of intrusion detection implemented in the edge servers is classified as Edge IDS. in edge computing are analyzed and described in Compared with the Cloud IDS relying on remote servers, detail. An Edge IDS is constructed with the idea of the Edge IDS can perform nearly real-time computing tasks AIS exactly at the edge of the network and thus can effectively (2) The Edge IDS lies in the second layer of the whole protect the security of the edge computing scene. However, system which has a distributed system structure with the concepts and methods of traditional intrusion detection three layers. The first one is the monitor layer (e.g., are difficult to be directly applied to the security protection Cloud IDS), the second one is the control layer (e.g., scenarios of edge computing architecture. For example, it is Edge IDS), and the third one is the device layer difficult for the Edge IDS to establish a precise detection (e.g., host firewall). It also has dynamic detection model as the Cloud IDS, since the amount of data that can and adaptive functions because of the use of a distrib- be obtained by the edge networks is much smaller than uted structure. For example, Edge IDS can dynami- that of the cloud central servers. Furthermore, the variety cally determine whether to distribute some tasks to of data sources and mobile devices existing in the edge Cloud IDS based on the self-assessed network load. also increases the difficulty of edge intrusion detection. On the other hand, Edge IDS can adaptively improve In addition, traditional intrusion detection mechanisms its security ability by acquiring security knowledge work independently in each edge domain without cooper- from Cloud IDS with continuous convergence of ation or lack of interactivity; thus, they cannot be entirely fragmented security data scattered throughout the and directly applied as the Edge IDS without modification. network Thus, it is necessary to design an Edge IDS to solve the above problems timely and effectively. (3) An algorithm named GIDA is proposed. It proposes Although edge computing reduces the scale of data in the way of the remaining gene, niching strategy, and cloud computing, it is difficult to solve the problem of multi- abstracting vaccine, so as to deal with dynamic data source data in edge computing in many IDSs. Traditional efficiently and own the function of self-learning IDSs often establish a detection mechanism by extracting data characteristics, where an exact model is often required. The rest of this article is organized as follows. Section 2 Fortunately, biological immune principles provide a new introduces the background knowledge of biological immune way for designing a more dynamic and effective Edge IDS system and briefly summarizes related works on IDS in without the help of such exact models. The biological edge/fog/cloud computing. Section 3 illustrates the theoreti- immune system can identify foreign invasions primarily by cal preliminaries of the immune process. Section 4 presents distinguishing self and nonself. In addition, the immune the design of the proposed Edge IDS as well as the details response is carried out individually and does not require a of the GIDA algorithm. In Section 5, experiments are con- central controller. ducted to verify and evaluate the system. Finally, Section 6 Obviously, in the edge computing environment, the concludes our work. problem of multisource data can effectively be solved through nonspecific immunity in biological immune princi- 2. Background and Related Work ples. The distributed structure makes the Edge IDS not only facilitate the operation and reduce the amount of data but 2.1. Security Threats for Edge Computing. One of the impor- also increase the real-time interaction with the Cloud IDS. tant problems for edge computing is how to ensure the secu- At the same time, an immune system also has a self- rity of the data transmission process [8]. During message learning function and can adapt to dynamic detection. transmission, some attacks may be generated to disable some In this paper, the basic idea of building Edge IDS based certain network connections by congesting the network on biological immune principles is presented. The character- bandwidth resources or could monitor some details of the istics of Edge IDS and an artificial immune system (AIS) targeted network data flow. The threats for the edge comput- inspired by biological immune principles are analyzed. And ing, including Forgery Attack, Tampering Attack, Spam the theory of AIS is used to construct a dynamic Edge IDS Attack, Sybil Attack, Jamming Attack, Eavesdropping Attack, from the system’s point of view. This system is placed in Denial of Service Attack, and Collusion Attack, are shown in the distributed system associated with the Cloud IDS. Figure 1 [9–11]. In a network or a system, intrusions mean Because of the distributed structure, there is an interaction any unauthorized or unapproved activities. Thus, any attacks between Edge IDS and Cloud IDS. The Edge IDS in the are intrusions from the outside. control layer transmits the detection information to the Cloud