by Shengjie Xu, Yi Qian, Rose Qingyang Hu
Data-driven network intelligence will offer a robust, efficient, and effective computing system for anomaly detection in cyber security applications. In this article, we first summarize the current development and challenges of network intelligence for anomaly detection. Based on the current development, we propose a data-driven intelligence system for network anomaly detection. With the support of extended computing, storage, and other resources to the network edge, fog computing is incorporated into the design of the system. The proposed system consists of three major components: fog enabled infrastructure, fog enabled artificial intelligence (AI) engine, and threat intelligence. Fog enabled infrastructure provides efficient and effective computing resources for parallel computing and data storage. The fog enabled AI engine produces optimal learning models for threat detection, and enables efficient model update both locally and globally. Threat intelligence offers real-time network monitoring and cyber threat detection. We demonstrate that the proposed data-driven network intelligence system achieves high detection accuracy and provides efficient computational performance.