FLOLSTM: Fuzzy logic‐driven optimized LSTM for improved malicious traffic detection in hypervisor environments

Abstract

SummaryIn the ever‐evolving realm of cloud computing, the challenge of intrusion detection has grown increasingly intricate and vital. With the proliferation of cyber‐attacks and the widespread use of virtualized environments, there is a pressing need for network security solutions that are not only innovative and robust but also easily comprehensible. These solutions must possess the ability to effectively detect malicious activities, provide visibility into network operations, adapt to changing requirements, and promptly alert stakeholders to any suspicious behavior. In this study, we introduce a groundbreaking approach known as fuzzy logic‐driven optimized long short‐term memory (LSTM)—FLOLSTM, specifically designed for hypervisor‐based environments. By integrating fuzzy logic with an optimized LSTM neural network, FLOLSTM aims to significantly enhance the detection of attack traffic within hypervisor networks by combining the interpretability and uncertainty management capabilities of fuzzy logic with the temporal pattern recognition prowess of LSTM. The research methodology involves meticulous data collection from hypervisor monitors, followed by rigorous cleaning and preprocessing to enhance data reliability. Subsequently, the preprocessed data is input into the FLOLSTM classifier to identify malicious activities. Furthermore, the performance of the LSTM is fine‐tuned using the waterwheel plant optimization (WPO) algorithm. Experimental evaluations compare the efficiency of the proposed FLOLSTM with existing techniques across various metrics including accuracy, recall, precision, F‐measure, specificity, false‐positive rate (FPR), and false‐negative rate (FNR). Overall, the FLOLSTM model represents a significant advancement in intrusion detection for cloud environments, offering a potent blend of interpretability, accuracy, and efficiency. Its superior performance underscores its capacity to enhance network security and effectively mitigate cyber threats in dynamic and virtualized settings, thereby making a substantial impact on the field of cyber security.