Elsevier

Information Sciences

Volume 501, October 2019, Pages 543-557
Information Sciences

Intrusion detection and security calculation in industrial cloud storage based on an improved dynamic immune algorithm

https://doi.org/10.1016/j.ins.2018.06.072Get rights and content

Abstract

Cloud computing is a new storage and calculation mode, which has been widely used as a tool to store and analyze users’ data. With the development of industrial intelligence and big data, it is also prevalent in industrial field to accelerate production or to discover more knowledge to make better decisions. There are three main properties in cloud computing, namely dynamic and time-variation, large-scale, and change-of-ownership. Therefore, the data security problems are different and complicated than those in conventional networks. The existing methods, such as encrypted storage, security audit, and access control, cannot solve these security problems proactively and efficiently due to their own drawbacks. Commonly, self-samples always have similar features, while non-self-samples are abnormal in their own way. This paper mainly focuses on these two sources of data, one is intrusion detection of external non-self-samples and another is security calculation of self-samples. In this case, an improved dynamic immune algorithm (IDIA) is proposed, which is composed of an improved negative selection algorithm (iNSA) with the way of shift mutation and an improved dynamic clone selection algorithm (iDCS) with random grouping strategy. The former algorithm is used to generate detectors, and the latter is used to update them dynamically and adaptively. On this basis, an automated industrial production system is designed to guarantee the data security that not been accessed by external or other users. Datasets of KDD CUP99 and real industrial production data are collected to evaluate the performance of IDIA. The experiment results show the proposed algorithm can detect the intrusive data samples and identify autologous ones efficaciously.

Introduction

During the last decade, as one of the core technologies in the current information era, cloud computing has been rapidly applied to all industries. It is leading a new revolution on the ways of data storage and calculation. This is a novel-innovative mode that enables users to access their resources online, which had been stored to the virtual data center before. Users can access their data anywhere at any time without worrying about the cost of management, operation, and maintenance. It is beneficial to cloud manufacturing [7], [25] that the high-performance abilities of storage and calculation to massive production data collected from industrial production process by sensors. However, the leakage and damage of important information has occurred frequently in some cloud services because of network intrusion. The security issues have become a bottleneck restricting the development of cloud storage [1]. In addition, the data has a higher requirement for its authenticity and accuracy in industrial cloud systems than in Internet. Since an incorrect decision made by abnormal data may make greater economic loss to large-scale manufacturing enterprises. Therefore, a better and effective approach should be proposed to alleviate it.

At present, the academic researches on data security of cloud storage mainly focus on three methods, which are encryption, security audit, and access control. Encryption is a common method that can protect every file or data block. However, cloud computing is not only a storage system but also a calculation system. Namely, that decrypt each file is the precondition to calculate them. This is a time-consuming and inconvenient way, especially under large-scale calculation circumstance. To alleviate the issue of searching the target data in encrypted file systems, Jiang et al. [12] proposed a multi-keyword ranked search scheme over encrypted cloud data. Koo et al. [15] proposed an approach to achieve efficient data retrieval in cloud storage using attribute-based encryption (ABE), which allowed encrypting and decrypting the content only by users with a set of attributes satisfying the access policy strictly. They are the effective measures for the usual data storage, but these methods are not applicable in industrial cloud circumstance. Because these schemes have not considered the requirement of immediate computing. Controllers by data-driven will execute their next operations according to decisions that feedback by data analytics. Security audit is a method based on a third-party auditor (TPA) to check data integrity and monitor abnormal data. Wang et al. [24] proposed a secure cloud storage system supporting privacy-preserving public auditing. In addition, due to the problem of integrity auditing and secure deduplication on cloud data, Li et al. [16] proposed two secure systems, SecCloud and SecCloud+. The former helps clients generate data tags before uploading as well as audit the integrity of data having been stored in cloud. The latter wants to encrypt their data before uploading and enables integrity auditing and secure deduplication on encrypted data. Although, these methods can protect users’ data in a manner, they still have two restrictions. Firstly, this way is easier to be deployed in small-scale applications based on cloud computing. However, deployed it in cloud computing systems is not easy, because it will refer to many parts such as conventional frameworks, configurations, and resource scheduling. Secondly, it is still a passive defense mode. In other words, it may be able to detect the unusual data and record down the abnormal information. However, However, the abilities should be further improved that to clean the viruses out and to prevent illegal operations proactively. Access control is another way to defense data security based on control and limit unauthorized clients. Zhou et al. [35] proposed a scheme based on the role-based access control (RBAC), which is a well-known access control model. It allows an organization to store data securely in a public cloud, while maintaining the sensitive information related to the organization's structure in a private cloud. Zhong et al. [34] proposed another access control scheme that is a decentralized multi-authority CP-ABE, Ciphertext-Policy Attribute based Encryption [5]. This scheme was more practical for supporting the user revocation. However, these schemes can be carried out effectively in the case that access rights are only reading and writing. Once the type of authority is increased, the number of keys will increase correspondingly. Then, this controlling method will become very complicated. Moreover, it is hard to avoid the existing of super user, for example the supplier, who get the ownership of users’ data and can access every account if wanted. Since the data's ownership will change from users’ to the supplier's, when someone stores data to cloud center. Actually, users just have the right of use. In such case, the heuristic algorithms inspired by biology should provide us a better solution, one of which is the immune algorithm.

The immune system is the essential defense mechanism of biology with immunologic function. It is mainly to identify the body cells classified as a ``self" and ``non-self". The function of security defensing can remove ``non-self" sells through the organism inducing the security and defense mechanisms. Compared with the existing methods, the immune mechanism can detect intrusions in real-time and make a response to clear them. It is also a defense system and an adaptive information processing system that evolved through evolution. Since, it has the characteristics of self-adaptation, self-learning, robust, and memory. After the initial invasion of the virus, the immune system will engender the primary immune response, then note these virus's characteristics. When such or similar viruses are invading again, the immune system will distinguish and eliminate them rapidly using these responses before. This process named second response [20]. Therefore the artificial immune system (AIS) [4] inspired by the biological immune system is more suitable for intrusion detection. The applications of AIS in network security have been for a long time [2], [33]. So far, researchers have expanded its field to cloud circumstance, which is more complex and changeful than conventional networks. Yao et al. [31] proposed an immunological mechanism inspired rescheduling algorithm for workflow to the resource failures in cloud systems. Zheng et al. [32] proposed a smartphone malware detection model (SP-MDM) based on AIS to solve the problem that unknown malware could not be effectively detected by the traditional signature-based detection technology. In the AIS, the NSA [8], [11] and the dynamic clonal selection algorithm (DCS) [3], [23] are mainly used to ensure the security.

Under the circumstance of industrial cloud storage, it is very important to identify and respond to malicious behaviors as soon as possible. In this paper, we design an automated industrial production system based on IDIA to provide some new ideas and thoughts for cloud manufacturing. The main contributions of this paper are as follows: (1) Inspired by the immune defense mechanism and real-time retrieving, we design a kind of automation production system running in industrial cloud computing that ensures the security of data storage and calculation. (2) We improve the negative selection algorithm with the way of shift mutation and dynamic clonal selection algorithm with the strategy of random grouping respectively to solve the problem of low efficiency and blindness for detectors generating and updating. (3) We introduce the thought of "vaccine bank", so that the next generation of detectors generated more targeted.

The rest of this paper is organized as follows. We introduce the security in hierarchical model for cloud computing and the automated production system in Section 2. Section 3 proposes the IDIA composed by iNSA and iDCS with detector generation and dynamic update strategy. Section 4 introduces to the matching strategy in industrial cloud storage. We experimentally evaluate our approach in Section 5, and conclude the paper in Section 6.

Section snippets

The security in hierarchical model for cloud computing service

A large number of low-configured computers constitute cloud center, which distributes all computing tasks to resource pools. Users could obtain computational capability, storage space and a variety of information services as needed. It is a good way to enhance the utilization of hardware resources. Fig. 1 shows a hierarchical model of cloud computing, which can be divided into three categories: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) [1]

Idia for data security

In this section, we will introduce the IDIA into the data security problem of cloud storage. To generate the detectors efficiently, we use the iNSA to mutate incompetent ones that they regard self-samples as non-self-samples mistakenly. Meanwhile, we also improve the detectors dynamic update strategy by iDCS for the complex and volatile network environment of cloud computing.

The matching strategy for data security of industrial cloud storage

In this section, four data sets will be discussed, namely, self-samples (S), detectors (D), memory self-samples (MS) and memory detectors (MD), which are all critical factors to the automated production system in industrial cloud. S is a low dimensional representation of data which is processed by three steps as the following statements.

  • (1)

    Feature extraction with PCA [29] to reduce the dimensions of each sample;

  • (2)

    Standardization with Eqs. (10)–(12) to avoid different units that may influence

Experimental evaluation on the KDD CUP dataset

In this section, the experiments are carried out under the environment of MATLAB2014a running on an Intel Xeon computer with 3.0GHZ and 8 G RAM. The dataset used here is KDD CUP 1999 [19], which is still one of the most credible and trustful public synthetic datasets, especially, in the field of intrusion detection. The full dataset has about five million connection records with 41 dimensions. The set we use in this paper is only 10% of the size that is about 425,691 corrected labeled samples.

Conclusions

In this paper, we discuss the improved dynamic immune algorithms for data security in industrial cloud circumstance, which mainly considering its dynamics and adaptability. The improved ways are shift mutation for iNSA and random grouping for iDCS respectively to detectors generation and dynamic update. On this basis, an automated production system is proposed. It is our main idea that using a more proactive security defense mechanism to protect data security, especially in cloud computing that

Acknowledgements

This work was supported in part by the National Key Research and Development Plan from Ministry of Science and Technology (2016YFB0302700), National Natural Science Foundation of China (nos. 61473077, 61503075), International Collaborative Project of the Shanghai Committee of Science and Technology(no. 16510711100), and Program for Changjiang Scholars from the Ministry of Education (2015-2019). Finally, would like to thank Prof. Kuangrong Hao for her contributions to the work and for her

References (35)

  • A E Eiben et al.

    From evolutionary computation to the evolution of things

    Nature

    (2015)
  • D Golightly et al.

    Manufacturing in the cloud: a human factors perspective

    Int. J. Ind. Ergon.

    (2016)
  • W Hu et al.

    Online adaboost-based parameterized methods for dynamic distributed network intrusion detection

    IEEE Trans. Cybern.

    (2014)
  • C A Janeway et al.

    Innate immune recognition

    Annu. Rev. Immunol.

    (2002)
  • Z Ji et al.

    Revisiting Negative Selection Algorithms

    Evol. Comput.

    (2007)
  • C Jirapummin et al.

    Hybrid neural networks for intrusion detection system

    IEEE Trans. Signal Process.

    (2002)
  • Y Kawamoto et al.

    Effectively collecting data for the location-based authentication in internet of things

    IEEE Syst. J.

    (2015)
  • Cited by (0)

    View full text