부산대학교 도서관

To reduce network intrusion detection latency in a high volume of data traffic, on-device detection with neuron pruning has been widely adopted by eliminating ineffective connections from a densely connected neural network. However, neuron pruning has a serious problem called output separation in which some parts of neurons can easily be pruned in the middle and become isolated from the rest of the network. To this end, we introduce a solution called the conservation of output links (COOL) pruning method that iteratively preserves a set of effective connections to avoid neuron isolation. We first evaluate COOL on MNIST and CIFAR-10 data sets as well as programmable networking devices, such as P4-supported switches. The experimental results show that COOL outperforms existing methods in terms of both detection time and classification accuracy, especially in extremely sparse networks. Compared to three representative pruning methods, our COOL-based classification model performs at least 25% more accurately with the upper bound for the pruning probability. To further display the effectiveness of COOL-based intrusion detection, we formulate a novel detection time minimization problem by assigning suitable detection models for switches in Internet of Things (IoT) under performance requirements and resource limitations. The experimental results demonstrate that our COOL algorithm is particularly useful for delay-critical and high-traffic applications.