Elsevier

Computers & Electrical Engineering

Volume 71, October 2018, Pages 978-987
Computers & Electrical Engineering

FCM technique for efficient intrusion detection system for wireless networks in cloud environment

https://doi.org/10.1016/j.compeleceng.2017.10.011Get rights and content

Abstract

With the emergence of ad-hoc networks, the communication methods in the field of wireless have greatly developed. A great deal of research has been conducted, especially in mobile nodes or mobile ad hoc networks (MANETs). The greatest advantage of MANETs is that they don't require predefined infrastructures, such as router link, hub etc. The nodes in a MANET are capable of forming a network which is time-dependent but not permanent to establish communication based on the allocated path. Routing attacks can cause great damage to MANETs. In the past few years, the research work has proposed a special intrusion detection mechanism to detect these attacks, resulting in eliminating malicious nodes in the network. The proposed work in this research paper addresses an efficient fuzzy clustering based algorithm for intrusion detection of a MANET implementation in a cloud storage environment. This paper has presented a model and experimental justifications for improving the efficiency.

Introduction

With the development of advanced communication technologies and protocols, the field of information technology has undergone a great revolution, especially in dealing with large amounts of data and its storage in the cloud environment. This has become an inevitable trend, especially in today's environment where all communications and transactions are digital. Promotions in the global IT industry are heavily depended on cloud environment and its effective management [1], [2], [3], [4]. The efficiency of the cloud is largely determined by the rapid retrieval of system storage and demand. Another key requirement of the cloud is that it requires a fool security environment to protect the systems from unauthorized data accesses. The security of the cloud is affected by intrusion attacks in many forms, which may cause great damage to the corresponding layers such as transport layer and application layer. Hence,in order to improve the security of cloud storage system, it is urgent to develop an intrusion detection scheme or algorithm. In the cloud storage environment, no infrastructure is required and predefined, thus we use the Ad Hoc network. The Ad hoc network (MANET) model and nodes play important roles in the network, and packet communicate from the sources to the destination [5], [6], [7]. A typical cloud storage environment is depicted in Fig. 1.

As shown in Fig. 1, the efficiency of the cloud environment depends on several attributes, such as data protection and its authorized mechanism, the communication of a secured channel from source to destination, protection of nodes from unauthorized access and usage, effective intrusion detection mechanism which protects the nodes or if infected, and a mechanism which isolates the malicious node from rest nodes. A basic advantage of cloud storage based on traditional storage mechanisms is that data can be provided whenever and anywhere and it can be accessed by the internet. It eliminates the lack of mobility in all areas where the storage device is carried. In large capacity data pools, it can provide resources on the network for users as needed. Prominent cloud infrastructures could be found in application engines such as Google, Amazon, Microsoft Azure etc., As mentioned in previous sections, MANETs are analogous to cloud computing networks of proposed application in this paper. Cloud does not require any predefined infrastructures similar to mobile ad hoc networks [8], [9], [10], [11], [12]. The intrusion detection and management systems proposed in this paper are implemented in the MANET architecture. A basic MANET architecture is depicted in Fig. 2.

As already known, MANET is a self-organizing, self-configuring capability of bringing together mobile nodes without wires and hence making it an anti-infrastructure implementation [13]. A MANET initiates the transfer of information in the form of packets from sources to destination. Each node in the MANET must ensure that it is configured perfectly to start forwarding the packet to the next node. While they are characterized by numerous merits, MANET implementations are constrained by changing configurations because the nodes are mobile, and each node in the network has limited power and memory management capabilities. The architecture shown in Fig. 2 has three major layers, that are, the middleware and application layers, transport protocol layer and the control layer. The control layer is basically a technology enabling layer which is divided into local area (LAN), metropolitan (MAN) and wide area (WAN) networks. There is another category known as the personal area network or PAN which is active to the distance of 8–11 m. Variations in LAN include the Wireless LAN active from 1000 – 1700 m. The next layer is the Networking layer which is responsible for defining the self-organizing and self-configuring protocols. In this layer, an efficient and fast single hop and multi-hop strategy for node are also defined to node transmission. The last layer is the intermediate layer associated with group communication, memory allocation, and sharing. MANETs incorporate almost all of state of art technologies like Blue tooth, WIMAX, IEEE 802.11 and Hyper LAN [14], [15], [16].

Among other issues in MANETs, a major challenge is the security of mobile nodes because each node is subjected to limited physical protection, which is a more obvious issue. Security is also a challenge because a centralized control unit is lacking due to the infrastructureless environment of the MANET. Because of the above factors, intrusion detection technology cannot guarantee long time secure communication even in the network, especially new hacker technology will appear every day. Hence, we need an effective and fool proof intrusion detection mechanism for ensuring maximum efficiency and transmission security of packets in the path between nodes [17]. In order to effectively implement a fool like IDS system, we must understand different kinds of threats or intrusions of knowledge discussed below. External and internal attacks are the main categories of the incident intrusions on the network or nodes in the network. As the name suggests, an external attack is caused by a part of a network that has not been studied. They introduce traffic, which results in overload and congestion of communication paths, delays the transmission of data from the sources to the destination. Internal attacks are caused by nodes within the current network, which are called malicious nodes, resulting in disruption or interruption of normal communication in the channel causing rescheduled path and delay. In depth, the threats or attacks could be classified as break in attack which tries to directly break down the security of the system [18], [19], [20], [21]. A penetration attack is an attempt to obtain data from a cloud through a security mechanism, and a leak attack can cause unauthorized information or data to be transmitted from the network mechanism. Viruses are usually known attacks, and they try to infect files in the cloud. Denial of Service (DoS) attacks are quite critical attacks which deny any access or usage of system resources to the authorized user. Apart from these classification, proactive attacks are factors affecting confidentiality and integrity of data, while passive attacks pose a threat to data confidentiality. The malicious nodes in the passive attacks extract information from the network and utilize them in future exploitations or infestations which may cause network damage. The rest of the paper is organized into section II which presents the findings of the literature survey, section III illustrates the proposed work followed by the results and discussions of the findings. The proposed work aims to implement an effective fool proof security mechanism for IDS using a fuzzy set theory of decision making for the cloud storage systems.

Section snippets

Related work

With the rapid development of wireless communication technology and protocol, many research results have been found in the investigation [22], [23]. Since the proposed work focuses on development of intrusion detection mechanism for a MANET in a cloud environment, the literature survey has been limited to contributions in IDS and security issues. The works conducted by Bhosale et al had presented a review on the different types of intrusions, nature of attacks and the evidence responses could

Proposed work

A basic model of intrusion detection mechanism is shown in Fig. 3 starting with the client and the destination, to understand the different types of intrusion into the database during the identification process.

The functional architecture of the proposed solution is based on Google App Engine(GAE) platform. The platform is used to develop, host, and data centers managed by Google. GAE is a computer based sand server around the world and linked by a network. The App Engine applications are

Results and discussion

In order to evaluate the efficiency of the proposed work, Iris data set has been selected with four sets of repository data, that are Iris, Dermatology, Breast cancer and Mammographic masses. The simulation has been carried out with varying node numbers ranging from 20, 40, 60, 80 to 100. The speed has been taken as 12 m/s with a FDSAR routing protocol. The observed simulation time is 50seconds. The number of attackers has been varied from 1 down to 6. The entire environment is implemented and

Conclusion

MANET is a self-organizing and capable network of bringing mobile nodes together without wires and hence making it a non-infrastructure implementation. An MANET initiates the transfer of information in the form of packets from sources to destination. Each node in the MANET must ensure that it is configured perfectly to start forwarding the packet to the next node. While they are characterized by numerous merits, the implementation of MANET is subject to changes of configuration because the

Mingming Chen, is the member of Academic Committee of Xiamen Huaxia University and the recipient of Educational Evaluation Expert of Fujian Province. She is the dean of the information and mechanical Engineering Department of Xiamen Huaxia University. Her research fields are Information Communication Network System; System Development of Big Data; Communication Network Optimization; Information Storage.

References (25)

  • X. Yang et al.

    A new algorithm of the data mining model in cloud computing based on web Fuzzy clustering analysis

    J Theor Appl Inf Technol

    (2013)
  • Pandeeswari et al.

    Anomaly detection system in cloud environment using Fuzzy clustering based ANN

    Mobile Netw Appl

    (2016)
  • Cited by (0)

    Mingming Chen, is the member of Academic Committee of Xiamen Huaxia University and the recipient of Educational Evaluation Expert of Fujian Province. She is the dean of the information and mechanical Engineering Department of Xiamen Huaxia University. Her research fields are Information Communication Network System; System Development of Big Data; Communication Network Optimization; Information Storage.

    Ning Wang, is a doctoral student of Xiamen University and visiting scholar of School of Computer Science, FIU(2016). He was a recipient of Fujian Provincial Higher Education professional leaders(2014) and Educational Evaluation Expert of Fujian Province(2015). His research fields are Data Mining, System Development of Big Data, Information System Engineering, Cloud Computing.

    Haibo Zhou, is the Principal Investigator of one Technology Funded Project of Fujian Province and one Xiamen Science and Technology Bureau. His research fields are Computer Network, Automatic control, Electronic Information, System Development of Big Data.

    Yuzhi Chen, has experience in many engineering projects. He took part in many Technology Funded Projects of Fujian Province and Xiamen Science and Technology Bureau. His research fields are Electronic Information, Network Optimization, System Development of Big Data.

    Reviews processed and recommended for publication to the Editor-in-Chief by Associate Editor Dr. S. Smys.

    View full text