With the development of internet of things (IoT), capabilities of computing, networking infrastructure, storage of data and management have come very close to the edge of networks. This has accelerated the necessity of Fog computing paradigm. Due to availability of Internet, most of our business operations are integrated with IoT platform. Fog computing has enhanced the strategy of collecting and processing, huge amount of data. On the other hand, attacks and malicious activities has adverse consequences on the development of IoT, Fog, and cloud computing. This has led to development of many security models using fog computing to protect IoT network. Therefore, for dynamic and highly scalable IoT environment, a distributed architecture based intrusion detection system (IDS) is required that can distribute the existing centralized computing to local fog nodes and can efficiently detect modern IoT attacks. This paper proposes a novel distributed ensemble design based IDS using Fog computing, which combines k-nearest neighbors, XGBoost, and Gaussian naive Bayes as first-level individual learners. At second-level, the prediction results obtained from first level is used by Random Forest for final classification. Most of the existing proposals are tested using KDD99 or NSL-KDD dataset. However, these datasets are obsolete and lack modern IoT-based attacks. In this paper, UNSW-NB15 and actual IoT-based dataset namely, DS2OS are used for verifying the effectiveness of the proposed system. The experimental result revealed that the proposed distributed IDS with UNSW-NB15 can achieve higher detection rate upto 71.18% for Backdoor, 68.98% for Analysis, 92.25% for Reconnaissance and 85.42% for DoS attacks. Similarly, with DS2OS dataset, detection rate is upto 99.99% for most of the attack vectors.

随着物联网（IoT）的发展，计算，网络基础架构，数据存储和管理功能已经非常接近网络边缘。这加快了雾计算范式的必要性。由于Internet的可用性，我们的大部分业务运营都与IoT平台集成在一起。雾计算增强了收集和处理大量数据的策略。另一方面，攻击和恶意活动会对物联网，雾和云计算的发展产生不利影响。这导致使用雾计算来保护物联网网络的许多安全模型的开发。因此，对于动态且高度可扩展的物联网环境，需要基于分布式体系结构的入侵检测系统（IDS），该系统可以将现有的集中式计算分布到本地雾节点，并可以有效地检测现代IoT攻击。本文提出了一种新的基于Fos计算的基于IDS的分布式集成设计，它结合了k最近邻，XGBoost和高斯朴素贝叶斯作为一级个体学习者。在第二级，从第一级获得的预测结果由随机森林用于最终分类。现有的大多数建议书都使用KDD99或NSL-KDD数据集进行了测试。但是，这些数据集已过时并且缺乏基于IoT的现代攻击。在本文中，使用UNSW-NB15和基于IoT的实际数据集DS2OS来验证所提出系统的有效性。实验结果表明，提出的带有UNSW-NB15的分布式IDS可以实现更高的检测率，后门检测率高达71.18％，分析检测率达到68.98％，侦察检测率达到92.25％，DoS攻击检测率达到85.42％。同样，对于DS2OS数据集，大多数攻击媒介的检测率高达99.99％。