Cloud computing environments,characterized by dynamic scaling,distributed architectures,and complex work-loads,are increasingly targeted by malicious actors.These threats encompass unauthorized access,data breaches,de...Cloud computing environments,characterized by dynamic scaling,distributed architectures,and complex work-loads,are increasingly targeted by malicious actors.These threats encompass unauthorized access,data breaches,denial-of-service attacks,and evolving malware variants.Traditional security solutions often struggle with the dynamic nature of cloud environments,highlighting the need for robust Adaptive Cloud Intrusion Detection Systems(CIDS).Existing adaptive CIDS solutions,while offering improved detection capabilities,often face limitations such as reliance on approximations for change point detection,hindering their precision in identifying anomalies.This can lead to missed attacks or an abundance of false alarms,impacting overall security effectiveness.To address these challenges,we propose ACIDS(Adaptive Cloud Intrusion Detection System)-PELT.This novel Adaptive CIDS framework leverages the Pruned Exact Linear Time(PELT)algorithm and a Support Vector Machine(SVM)for enhanced accuracy and efficiency.ACIDS-PELT comprises four key components:(1)Feature Selection:Utilizing a hybrid harmony search algorithm and the symmetrical uncertainty filter(HSO-SU)to identify the most relevant features that effectively differentiate between normal and anomalous network traffic in the cloud environment.(2)Surveillance:Employing the PELT algorithm to detect change points within the network traffic data,enabling the identification of anomalies and potential security threats with improved precision compared to existing approaches.(3)Training Set:Labeled network traffic data forms the training set used to train the SVM classifier to distinguish between normal and anomalous behaviour patterns.(4)Testing Set:The testing set evaluates ACIDS-PELT’s performance by measuring its accuracy,precision,and recall in detecting security threats within the cloud environment.We evaluate the performance of ACIDS-PELT using the NSL-KDD benchmark dataset.The results demonstrate that ACIDS-PELT outperforms existing cloud intrusion detection techniques in terms of accuracy,precision,and recall.This superiority stems from ACIDS-PELT’s ability to overcome limitations associated with approximation and imprecision in change point detection while offering a more accurate and precise approach to detecting security threats in dynamic cloud environments.展开更多
With an increasing number of services connected to the internet,including cloud computing and Internet of Things(IoT)systems,the prevention of cyberattacks has become more challenging due to the high dimensionality of...With an increasing number of services connected to the internet,including cloud computing and Internet of Things(IoT)systems,the prevention of cyberattacks has become more challenging due to the high dimensionality of the network traffic data and access points.Recently,researchers have suggested deep learning(DL)algorithms to define intrusion features through training empirical data and learning anomaly patterns of attacks.However,due to the high dynamics and imbalanced nature of the data,the existing DL classifiers are not completely effective at distinguishing between abnormal and normal behavior line connections for modern networks.Therefore,it is important to design a self-adaptive model for an intrusion detection system(IDS)to improve the detection of attacks.Consequently,in this paper,a novel hybrid weighted deep belief network(HW-DBN)algorithm is proposed for building an efficient and reliable IDS(DeepIoT.IDS)model to detect existing and novel cyberattacks.The HW-DBN algorithm integrates an improved Gaussian–Bernoulli restricted Boltzmann machine(Deep GB-RBM)feature learning operator with a weighted deep neural networks(WDNN)classifier.The CICIDS2017 dataset is selected to evaluate the DeepIoT.IDS model as it contains multiple types of attacks,complex data patterns,noise values,and imbalanced classes.We have compared the performance of the DeepIoT.IDS model with three recent models.The results show the DeepIoT.IDS model outperforms the three other models by achieving a higher detection accuracy of 99.38%and 99.99%for web attack and bot attack scenarios,respectively.Furthermore,it can detect the occurrence of low-frequency attacks that are undetectable by other models.展开更多
基金funded by the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University(IMSIU)through Research Partnership Program No.RP-21-07-09.
文摘Cloud computing environments,characterized by dynamic scaling,distributed architectures,and complex work-loads,are increasingly targeted by malicious actors.These threats encompass unauthorized access,data breaches,denial-of-service attacks,and evolving malware variants.Traditional security solutions often struggle with the dynamic nature of cloud environments,highlighting the need for robust Adaptive Cloud Intrusion Detection Systems(CIDS).Existing adaptive CIDS solutions,while offering improved detection capabilities,often face limitations such as reliance on approximations for change point detection,hindering their precision in identifying anomalies.This can lead to missed attacks or an abundance of false alarms,impacting overall security effectiveness.To address these challenges,we propose ACIDS(Adaptive Cloud Intrusion Detection System)-PELT.This novel Adaptive CIDS framework leverages the Pruned Exact Linear Time(PELT)algorithm and a Support Vector Machine(SVM)for enhanced accuracy and efficiency.ACIDS-PELT comprises four key components:(1)Feature Selection:Utilizing a hybrid harmony search algorithm and the symmetrical uncertainty filter(HSO-SU)to identify the most relevant features that effectively differentiate between normal and anomalous network traffic in the cloud environment.(2)Surveillance:Employing the PELT algorithm to detect change points within the network traffic data,enabling the identification of anomalies and potential security threats with improved precision compared to existing approaches.(3)Training Set:Labeled network traffic data forms the training set used to train the SVM classifier to distinguish between normal and anomalous behaviour patterns.(4)Testing Set:The testing set evaluates ACIDS-PELT’s performance by measuring its accuracy,precision,and recall in detecting security threats within the cloud environment.We evaluate the performance of ACIDS-PELT using the NSL-KDD benchmark dataset.The results demonstrate that ACIDS-PELT outperforms existing cloud intrusion detection techniques in terms of accuracy,precision,and recall.This superiority stems from ACIDS-PELT’s ability to overcome limitations associated with approximation and imprecision in change point detection while offering a more accurate and precise approach to detecting security threats in dynamic cloud environments.
基金This work was partially funded by the Industry Grant Scheme from Jaycorp Berhad in cooperation with UNITAR International University.The authors would like to thank INSFORNET,the Center for Advanced Computing Technology(C-ACT)at Universiti Teknikal Malaysia Melaka(UTeM),and the Center of Intelligent and Autonomous Systems(CIAS)at Universiti Tun Hussein Onn Malaysia(UTHM)for supporting this work.
文摘With an increasing number of services connected to the internet,including cloud computing and Internet of Things(IoT)systems,the prevention of cyberattacks has become more challenging due to the high dimensionality of the network traffic data and access points.Recently,researchers have suggested deep learning(DL)algorithms to define intrusion features through training empirical data and learning anomaly patterns of attacks.However,due to the high dynamics and imbalanced nature of the data,the existing DL classifiers are not completely effective at distinguishing between abnormal and normal behavior line connections for modern networks.Therefore,it is important to design a self-adaptive model for an intrusion detection system(IDS)to improve the detection of attacks.Consequently,in this paper,a novel hybrid weighted deep belief network(HW-DBN)algorithm is proposed for building an efficient and reliable IDS(DeepIoT.IDS)model to detect existing and novel cyberattacks.The HW-DBN algorithm integrates an improved Gaussian–Bernoulli restricted Boltzmann machine(Deep GB-RBM)feature learning operator with a weighted deep neural networks(WDNN)classifier.The CICIDS2017 dataset is selected to evaluate the DeepIoT.IDS model as it contains multiple types of attacks,complex data patterns,noise values,and imbalanced classes.We have compared the performance of the DeepIoT.IDS model with three recent models.The results show the DeepIoT.IDS model outperforms the three other models by achieving a higher detection accuracy of 99.38%and 99.99%for web attack and bot attack scenarios,respectively.Furthermore,it can detect the occurrence of low-frequency attacks that are undetectable by other models.