TY - JOUR
T1 - Adaptive cloud intrusion detection system based on pruned exact linear time technique
AU - Elbakri, Widad
AU - Siraj, Maheyzah Md
AU - Al-Rimy, Bander Ali Saleh
AU - Qasem, Sultan Noman
AU - Al-Hadhrami, Tawfik
N1 - Publisher Copyright:
© 2024 Tech Science Press. All rights reserved.
PY - 2024/6/20
Y1 - 2024/6/20
N2 - Cloud computing environments, characterized by dynamic scaling, distributed architectures, and complex workloads, are increasingly targeted by malicious actors. These threats encompass unauthorized access, data breaches, denial-of-service attacks, and evolving malware variants. Traditional security solutions often struggle with the dynamic nature of cloud environments, highlighting the need for robust Adaptive Cloud Intrusion Detection Systems (CIDS). Existing adaptive CIDS solutions, while offering improved detection capabilities, often face limitations such as reliance on approximations for change point detection, hindering their precision in identifying anomalies. This can lead to missed attacks or an abundance of false alarms, impacting overall security effectiveness. To address these challenges, we propose ACIDS (Adaptive Cloud Intrusion Detection System)-PELT. This novel Adaptive CIDS framework leverages the Pruned Exact Linear Time (PELT) algorithm and a Support Vector Machine (SVM) for enhanced accuracy and efficiency. ACIDS-PELT comprises four key components: (1) Feature Selection: Utilizing a hybrid harmony search algorithm and the symmetrical uncertainty filter (HSO-SU) to identify the most relevant features that effectively differentiate between normal and anomalous network traffic in the cloud environment. (2) Surveillance: Employing the PELT algorithm to detect change points within the network traffic data, enabling the identification of anomalies and potential security threats with improved precision compared to existing approaches. (3) Training Set: Labeled network traffic data forms the training set used to train the SVM classifier to distinguish between normal and anomalous behaviour patterns. (4) Testing Set: The testing set evaluates ACIDS-PELT’s performance by measuring its accuracy, precision, and recall in detecting security threats within the cloud environment. We evaluate the performance of ACIDS-PELT using the NSL-KDD benchmark dataset. The results demonstrate that ACIDS-PELT outperforms existing cloud intrusion detection techniques in terms of accuracy, precision, and recall. This superiority stems from ACIDS-PELT’s ability to overcome limitations associated with approximation and imprecision in change point detection while offering a more accurate and precise approach to detecting security threats in dynamic cloud environments.
AB - Cloud computing environments, characterized by dynamic scaling, distributed architectures, and complex workloads, are increasingly targeted by malicious actors. These threats encompass unauthorized access, data breaches, denial-of-service attacks, and evolving malware variants. Traditional security solutions often struggle with the dynamic nature of cloud environments, highlighting the need for robust Adaptive Cloud Intrusion Detection Systems (CIDS). Existing adaptive CIDS solutions, while offering improved detection capabilities, often face limitations such as reliance on approximations for change point detection, hindering their precision in identifying anomalies. This can lead to missed attacks or an abundance of false alarms, impacting overall security effectiveness. To address these challenges, we propose ACIDS (Adaptive Cloud Intrusion Detection System)-PELT. This novel Adaptive CIDS framework leverages the Pruned Exact Linear Time (PELT) algorithm and a Support Vector Machine (SVM) for enhanced accuracy and efficiency. ACIDS-PELT comprises four key components: (1) Feature Selection: Utilizing a hybrid harmony search algorithm and the symmetrical uncertainty filter (HSO-SU) to identify the most relevant features that effectively differentiate between normal and anomalous network traffic in the cloud environment. (2) Surveillance: Employing the PELT algorithm to detect change points within the network traffic data, enabling the identification of anomalies and potential security threats with improved precision compared to existing approaches. (3) Training Set: Labeled network traffic data forms the training set used to train the SVM classifier to distinguish between normal and anomalous behaviour patterns. (4) Testing Set: The testing set evaluates ACIDS-PELT’s performance by measuring its accuracy, precision, and recall in detecting security threats within the cloud environment. We evaluate the performance of ACIDS-PELT using the NSL-KDD benchmark dataset. The results demonstrate that ACIDS-PELT outperforms existing cloud intrusion detection techniques in terms of accuracy, precision, and recall. This superiority stems from ACIDS-PELT’s ability to overcome limitations associated with approximation and imprecision in change point detection while offering a more accurate and precise approach to detecting security threats in dynamic cloud environments.
KW - Adaptive cloud IDS
KW - distributed denial of service (DDoS)
KW - harmony search
KW - ISOT-CID
KW - machine learning
KW - NSL-KDD
KW - PELT
KW - SVM
UR - http://www.scopus.com/inward/record.url?scp=85199177899&partnerID=8YFLogxK
U2 - 10.32604/cmc.2024.048105
DO - 10.32604/cmc.2024.048105
M3 - Article
AN - SCOPUS:85199177899
SN - 1546-2218
VL - 79
SP - 3725
EP - 3756
JO - Computers, Materials and Continua
JF - Computers, Materials and Continua
IS - 3
ER -