Novel collaborative intrusion detection for enhancing cloud security

Widad Elbakri, Maheyzah Md Siraj*, Bander Ali Saleh Al-rimy, Sultan Ahmed Almalki, Tami Alghamdi, Azan Hamad Alkhorem, Frederick T. Sheldon

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

10 Downloads (Pure)

Abstract

Intrusion Detection Models (IDM) often suffer from poor accuracy, especially when facing coordinated attacks such as Distributed Denial of Service (DDoS). One significant limitation of existing IDM solutions is the lack of an effective technique to determine the optimal period for sharing attack information among nodes in a distributed IDM environment. This article proposes a novel collaborative IDM model that addresses this issue by leveraging the Pruned Exact Linear Time (PELT) change point detection algorithm. The PELT algorithm dynamically determines the appropriate intervals for disseminating attack information to nodes within the collaborative IDM framework. Additionally, to enhance detection accuracy, the proposed model integrates a Gradient Boosting Machine with a Support Vector Machine (GBM-SVM) for collaborative detection of malicious activities. The proposed model was implemented in Apache Spark using the NSL-KDD benchmark intrusion detection dataset. Experimental results demonstrate that this collaborative approach significantly improves detection accuracy and responsiveness to coordinated attacks, providing a robust solution for enhancing cloud security.

Original languageEnglish
Pages (from-to)942-953
Number of pages12
JournalInternational Journal of Advanced Computer Science and Applications
Volume15
Issue number12
DOIs
Publication statusPublished - 1 Dec 2024

Keywords

  • anomaly detection
  • Cloud security
  • collaborative model
  • DDoS
  • feature selection
  • gradient boosting machine
  • intrusion detection
  • NSL-KDD
  • Pruned Exact Linear Time (PELT)
  • support vector machine

Fingerprint

Dive into the research topics of 'Novel collaborative intrusion detection for enhancing cloud security'. Together they form a unique fingerprint.

Cite this