Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms
Introduction
In recent years, cloud computing has revolutionized the IT world with rapidly emerging and widely accepted paradigm for computing systems. The appealing features of Cloud computing (CC) continue to fuel its integration in many sectors including governments, industry, education, entertainment, to name few (Fernandes et al., 2014). CC is defined by the National Institute of Standards and Technology (NIST) as computational model that delivers convenient, on-demand, network access to a shared pool of configurable computing resources (e.g. networks, servers, applications, storage, etc.) as “service” over the Internet for satisfying computing demand of users. Those offered resources can be quickly provisioned and released with minimal management effort or service provider interactions (Mell and Grance, 2011). NIST introduces CC by considering its 5 main features (i.e., bandwidth, rapid flexibility, measurable, on-demand service, and Resource Pooling) and its 3 service delivering models (i.e., software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS)) (Brunette and Mogull, 2009). The pay-as-you-go and the on-demand elastic operation Cloud characteristics are changing the enterprise computing model, shifting on-premises infrastructures to off premises data centers, accessed over the Internet and managed by cloud hosting providers (Idhammad et al., 2018). Development of CC has aroused as a multifaceted technology with the capability to support a broad spectrum of applications. It emerged as a breakaway in usage of Internet. Hence, CC is now a topic of great impact and has proved itself as a driver for small companies in rapidly developing world. It is an anatomy for providing various beneficial services using the Internet (Ghosh et al., 2016).Other attractive advantages of cloud computing are hardware cost reduction (since users do not need to accommodate powerful processors or any hardware resources), continuous and quick upgrading/updating of services, high capacity of storage, global access to documents (users could access their required documents and applications just by connecting to the Internet wherever they are), parallel processing, resource sharing, acceleration and time saving. However, some of the most important challenges of cloud computing are efficiency, security, privacy and trust, control and ownership, availability, fault tolerance and fault recovery, and the costs of connection bandwidth (Hatef et al., 2018).
Since cloud computing services are offered over the Internet, the data security and privacy are the major hurdles to the success of CC and its large scale adoption by organizations and companies. Moreover, the open and distributed (decentralized) nature of CC has resulted this class of computing, prone to cyber attacks and intrusions (Hatef et al., 2018). NIST defines intrusion as an attempt to endanger security policies (privacy, integrity and availability) or skip computer and network security mechanisms. One of major security issues in Cloud is to detect and prevent network intrusions since the network is the backbone of Cloud, and hence vulnerabilities in network directly affect the security of Cloud.
With each passing year, not only has the sheer volume of threats increased, but the threat landscape has become more diverse, with attackers working harder to discover new avenues of attack and cover their tracks while doing so. Regardless the important evolution of the information security technologies in recent years, intrusions and attacks continue to defeat existing intrusion detection systems in Cloud environments (Iqbal et al., 2016). Attackers developed new sophisticated techniques able to bring down an entire Cloud platform or even many within minutes. Recently a destructive DDoS attack has brought down more than 70 vital services of Internet including Github, Twitter, Amazon, Paypal, etc. Attackers have exploiting advantages of Cloud Computing and IoT (Internet of Things) to generate a tremendous amount of attack traffic; more than 665 Gb/s (Wikipedia 2016, Anon 2019a). Further, Epsilon leaked millions of names and email addresses from its customer database, and from Stratfor in the United States, 75,000 credit card numbers and 860,000 usernames and passwords were stolen (Chou, 2013). In 2017, ransomware attacks affected many banks, National Health Service hospitals in the United Kingdom, large telecom companies, and natural gas companies, while in 74 countries tens of thousands of systems were hacked (Ismael Valenzuela, 2019). Thus, intrusion and attack tools have become more sophisticated challenging existing network Cloud IDSs by large volumes of network traffic data, dynamic and complex behaviors and new types of attacks. It is obvious that a network Cloud IDS should analyze large volumes of network traffic data, detect efficiently the new attack behaviors and reach high accuracy with low false. However, preprocessing, analyzing and detecting intrusions in Cloud environments using traditional techniques have become very costly in terms of computation, time and budget. Therefore, efficient intrusions detection in Cloud environments requires adoption of new intelligent techniques such as Machine Learning (ML) techniques (Idhammad et al., 2018).
One of the main ML techniques that has successful used in solving complex practical problems is DNN. DNNs have the ability to solve several problems confronted by the other present techniques used in intrusion detection (Mehibs and Hashim, 2018). There are four advantages of intrusion detection based on DNN (Yassin et al., 2012; Wu and Banzhaf, 2010; Krizhevsky et al., 2012):
- ❖
DNN provides elasticity in intrusion detection process, where DNN has the ability to analyze and ensure that data right or partially right. Likewise, DNN is capable of performing analysis on data in nonlinear fashion.
- ❖
DNN has the ability to process data from a number of sources in a non-linear fashion .This is very important especially when coordinated attack by multiple attackers is conducted against the network.
- ❖
High speed in processing data.
- ❖
High capability of generalization.
- ❖
Remarkable classification performance.
In this work, we present a machine learning based intrusion detection system for Cloud environments. We propose an intelligent approach to build automatically a network intrusion detection system (NIDS) based on Deep Neural Network (DNN), by using a novel hybrid Framework (IGASAA) that combines an improved Genetic Algorithm (GA) by means of optimization strategies, which are Fitness Value Hashing (FVH) and Parallel Processing. SAA is incorporated to IGA in order to optimize its heuristic search. DNN has been widely studied in a machine learning research field and ambly used for practical applications in image processing computer vision and speech recognition, etc. (Hinton et al., 2012). DNN is adopted to this study due to its appealing features in terms of intrusion detection cited previously. Our goal is to develop an effective and efficient Anomaly Network Intrusion Detection System called “MLIDS” (Machine Learning based Intrusion Detection System), based on Deep Neural Network (DNN), Genetic Algorithm (GA) and Simulated Annealing Algorithm (SAA), with the purpose to reduce impact of network attacks (known attacks, and unknown attacks), while ensuring higher detection rate, lower false positive rate, higher accuracy and higher precision with an affordable computational cost. Further, the proposed system is designed to be deployed both in front-end and back-end of the cloud. Consequently, that helps to detect attacks from external network of the cloud and also internal attacks either in internal physical network or virtual network within hypervisors.
The rest of this paper is organized as follows: Section 2 gives the literature surrounding network intrusion detection systems (NIDS) in Cloud Environments. Section 3 explains the background related to this study, such Deep Neural Network, Simulated Annealing Algorithm, Genetic Algorithm and its optimization strategies as Parallel processing and Fitness Value Hashing. Section 4 introduces the proposed system in detail, describes its work, explains the role of Simulated Annealing Algorithm in this system and provides the framework of our model. Section 5 presents positions of the proposed system in a Cloud Network. Detailed description of CICIDS 2017 NSL-KDD and CIDDS-001 datasets, experimental results obtained based on those datasets and analysis are provided in Section 6. Finally, Section 7 ends with the conclusions and Future work.
Section snippets
Literature review
Hatef et al. (2018) have proposed a hybrid network intrusion detection system called HIDCC, which combines signature-based detection technique and anomaly-based detection technique, in order to identify efficiently the internal and external attacks in the cloud environment. Snort was used as a signature-based intrusion detection module to detect known attacks by using the known attacks rules database and derived attacks database. For trapping unknown attacks that were not detected by Snort, the
Related background
This section provides the necessary background to understand the problem in hand. First subsection shed the light on Deep Neural Network (DNN). Next subsection introduces and describes the operation of a standard GA, followed by a presentation in the third subsection of some optimization strategies applied to GA in this study, namely Parallel Processing and Fitness Value Hashing. Finally, the last subsection presents Simulated Annealing Algorithm (SAA).
The proposed system
This section describes in detail our new proposed IDS and gives the model of that IDS.
Positions of the proposed system in a cloud network
The goal of the proposed MLIDS is to detect intruders and suspicious activities in and around the cloud computing environment by monitoring network traffic, while maintaining confidentiality, availability, integrity and performance of cloud resources and offered services. It allows detecting and stopping attacks in real time impairing the security of the Cloud Datacenter.
As shown in Fig. 6, we propose to deploy our NIDS on two strategic positions:
- ❖
Front-end of cloud: Placing NIDS on front end of
Experimentation and discussion
The experiments have been conducted using a Windows 10 – 64 bits PC with 32 GB RAM and CPU Intel(R) Core-i7 2700 K CPU. For simulation, we have used CloudSim simulator 4.0. In the first subsection of the current section, we give the performance metrics employed for assessment of our model. Next, the second subsection presents in detail the main dataset used in our study namely CICIDS2017 for implementation and validation of our model, along with the data pre-processing procedure, followed by
Conclusions and future work
In order to develop an efficient and an effective anomaly network intrusion system (ANIDS) for detection and prevention of both inside and outside assaults in cloud environment with high detection precision and low false warnings, we have adopted an intelligent approach to build automatically such IDS based on Deep Neural network (DNN). Our method consists of using a hybrid framework called “IGASAA” that combines machine learning techniques, namely Improved Genetic Algorithm (IGA) and Simulated
Declaration of interests
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgment
We would like to thank all members of LIMSAD Labs for their help and support.
Zouhair Chiba is a Ph.D. Student at LIMSAD Labs within Faculty of Sciences, Hassan II University of Casablanca (Morocco). He had a Master in Computer and Internet Engineering in 2013, and a Bachelor of Mathematical Sciences. He research interests are in the area of Security, Big Data on Cloud Infrastructures, Computer Networks, Mobile Computing and Distributed Systems.
References (85)
- et al.
A cooperative and hybrid network intrusion detection framework in cloud computing based on snort and optimized back propagation neural network
Procedia Comput Sci
(2016) - et al.
A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection
Comput Secur
(2018) - et al.
Intrusion detection for cloud computing using neural networks and artificial bee colony optimization algorithm
ICT Express
(2019) - et al.
Network anomaly detection system using genetic algorithm and fuzzy logic
Expert Syst Appl
(2018) - et al.
Distributed intrusion detection system for cloud environments based on data mining techniques
Procedia Comput Sci
(2018) - et al.
On cloud security attacks: a taxonomy and intrusion detection and prevention as a service
J Netw Comput Appl
(2016) - et al.
A systematic analysis of performance measures for classification tasks
Inf Process Manag
(2009) Gaussian process latent variable model for dimensionality reduction in intrusion detection
- et al.
A new distributed intrusion detection system based on multi-agent system for cloud environment
Int J Commun Netw Inf Secur
(2018) - Ahmim, A., Maglaras, L., Ferrag, M.A., Derdour, M., & Janicke, H. (2018). A novel hierarchical intrusion detection...
Another fuzzy anomaly detection system based on ant clustering algorithm
IEICE Trans Fundam Electron Commun Comput Sci
A neural network ensemble classifier for effective intrusion detection using fuzzy clustering and radial basis function networks
Int J Artif Intell Tools
Detectors generation using genetic algorithm for a negative selection inspired anomaly network intrusion detection system
Extreme gradient boosting based tuning for classification in intrusion detection systems
An enhanced intrusion detection system based on clustering
Fuzzy data mining and genetic algorithms applied to intrusion detection
False positives reduction in intrusion detection systems using alert correlation and datamining techniques
Int J Adv Res Comput Sci Softw Eng
Detection of intrusions in KDDCup dataset using GA by enumeration technique
Int J Innov Res Comput Commun Eng
Intrusion detection based on minimax probability machine with immune clonal feature optimized
Security threats on cloud computing vulnerabilities
Int J Comput Sci Inf Technol
A network-based intrusion detection system
Security issues in cloud environments: a survey
Int J Inf Secur
Intrusion detection and attack classification using back-propagation neural network
Int J Eng Res Technol
BNID: a behavior-based network intrusion detection at network-layer in cloud environment
An evaluation framework for intrusion detection dataset
Intrusion detection system based on BCS-GA in cloud environment
CS-PSO based intrusion detection system in cloud environment
Towards intrusion detection for encrypted networks
Genetic algorithms
Speech emotion recognition using deep neural network and extreme learning machine
HIDCC: a hybrid intrusion detection approach in cloud computing
Concurr Comput: Pract Exp
Deep neural networks for acoustic modeling in speech recognition: the shared views of four research groups
IEEE Signal Process Mag
Genetic algorithms in Java basics
Cited by (127)
The robust scheme for intrusion detection system in Internet of Things
2023, Internet of Things (Netherlands)Dependable federated learning for IoT intrusion detection against poisoning attacks
2023, Computers and SecurityReviewing methods of deep learning for diagnosing COVID-19, its variants and synergistic medicine combinations
2023, Computers in Biology and MedicineRadio fingerprinting for anomaly detection using federated learning in LoRa-enabled Industrial Internet of Things
2023, Future Generation Computer SystemsFACVO-DNFN: Deep learning-based feature fusion and Distributed Denial of Service attack detection in cloud computing
2023, Knowledge-Based Systems
Zouhair Chiba is a Ph.D. Student at LIMSAD Labs within Faculty of Sciences, Hassan II University of Casablanca (Morocco). He had a Master in Computer and Internet Engineering in 2013, and a Bachelor of Mathematical Sciences. He research interests are in the area of Security, Big Data on Cloud Infrastructures, Computer Networks, Mobile Computing and Distributed Systems.
Noreddine Abghour is currently associate professor in the Faculty of Science of Hassan II University, Morocco. He received his Ph.D. degree from National Polytechnic Institute of Toulouse (France) in 2004. His-research mainly deals with Security in Distributed Computing Systems.
Khalid Moussaid is recently appointed director of Computer Science, Modeling Systems and Decision Support laboratory of the Hassan II University of Casablanca. He has a Ph.D. in Oriented Object Database; a Master in Computer Science and a Bachelor of Science in Applied Mathematics. He is interested in Optimization, Algorithmic and especially in the field of Big Data and Cloud Computing.
Amina El omri is a professor of Higher Education in Computer Science at the Faculty of Sciences, University Hassan II Casablanca, Morocco. Her main scientific interests concern Algorithms, Optimization, Transport and the Logistic problems. She has participated with a lot of research papers in workshops and conferences, and published several journal articles.
Mohamed Rida is a professor in Computer Science at the Faculty of Sciences, University Hassan II Casablanca (Morocco) and member of LIMSAD Labs within the same Faculty. He received his Ph.D. degree from University Hassan II Mohammadia in 2005, and his thesis subject was “Virtual Container Terminal: Design and Development of an object platform for the simulation of the operations of a container terminal ". His research area includes Transport, Geographic Information System and Big Data.