Given a scale expansion of Internet of Things for sustainable resource management in smart cities, proper design of an intrusion detection system (IDS) is critical to safeguard the future network infrastructure from intruders. With the growth of connected things, the most-widely used centralized (cloud-based) IDS often suffers from high latency and network overhead, thereby resulting in unresponsiveness to attacks and slow detection of malicious users. In this paper, we address the limitation of centralized IDS for resource-constrained devices by proposing two methods, namely semi-distributed and distributed, that combine well-performing feature extraction and selection and exploit potential fog-edge coordinated analytics. In order to distribute the computational tasks, we individually develop parallel machine-learning models corresponding to a partitioned attack dataset. In the semi-distributed case, the parallel models, running on the edge side, are applied for side-by-side feature selections, which are then followed by a single multi-layer perceptron classification running on the fog side. In the distributed case, the parallel models individually perform both the feature selection and multi-layer perceptron classification after which the outputs are combined by a coordinating edge or fog for final decision making. Based on the comparative study of existing works, the numerical results demonstrate the promise of the proposed methods, giving a comparable detection accuracy to the superior centralized IDS as well as exemplify their inherent trade-offs between the accuracy and building time performance.

考虑到物联网的规模扩展，以实现智慧城市中的可持续资源管理，入侵检测系统（IDS）的正确设计对于保护未来的网络基础设施不受入侵者至关重要。随着互联事物的增长，使用最广泛的集中式（基于云）IDS经常遭受高延迟和网络开销的困扰，从而导致对攻击的响应能力下降以及对恶意用户的缓慢检测。在本文中，我们通过提出两种方法来解决资源受限设备的集中式IDS的局限性，即半分布式和分布式，这两种方法结合了性能良好的特征提取和选择功能，并利用了潜在的模糊边缘协同分析技术。为了分配计算任务，我们分别开发与分区攻击数据集对应的并行机器学习模型。在半分布式情况下，将在边缘侧运行的并行模型用于并排特征选择，然后在雾侧运行单个多层感知器分类。在分布式情况下，并行模型分别执行特征选择和多层感知器分类，然后通过协调边缘或模糊将输出组合在一起，以进行最终决策。在对现有工作进行比较研究的基础上，数值结果证明了所提出方法的前景，与优越的集中式IDS具有可比的检测精度，并举例说明了其在精度和构建时间性能之间的固有取舍。