Deep self-taught learning framework for intrusion detection in cloud computing environment

Abstract

<p>Cloud has become a target-rich environment for malicious attacks by cyber intruders. Security is a major concern and remains an obstacle to the adoption of cloud computing. The intrusion detection system (IDS) is regarded as defense-in-depth. Unfortunately, most machine learning approaches designed for cloud intrusion detection require large amounts of labeled attack samples, but in real practice, they are limited. Therefore, the key impetus of this work is to introduce self-taught learning (STL) combining stacked sparse autoencoder (SSAE) with long short-term memory (LSTM) as a candidate solution to learn the robust feature representation and efficiently improve the performance of IDS with respect to false alarm rate (FAR) and detection rate (DR). Accordingly, the proposed approach as a first step employs SSAE to achieve dimensional reduction by learning the discriminative features from network traffic. The approach adopts LSTM to recognize the intrusion with the features encoded by SSAE. To evaluate the detective performance of our model, a comprehensive set of experiments are conducted on NSL-KDD. Also, ablation experiments are conducted to show the contribution of each component of our approach. Further, the comparative analysis shows the efficacy of our approach against the existing approaches with an accuracy of 86.31%.</p>