Hybrid machine learning approach based intrusion detection in cloud: A metaheuristic assisted model

Abstract

Cloud computing provides various cost-effective on-demand services to the user and so it is rising like a real trend in the IT service model. However, due to its open and distributed architecture, it is highly vulnerable to attackers. The security and privacy of cloud users has become a major hurdle. The most prevalent approach for detecting attacks on the cloud is the Intrusion Detection System (IDS). Scalability and autonomous self-adaptation weren’t features of contemporary IDS deployed in traditional Internet or Intranet contexts. Furthermore, they lack determinism, making them inappropriate for cloud-based settings. This necessitates the development of new cloud-based IDS capable of fulfilling the firm’s security standards. Therefore, in this research work, we have introduced a new IDS model for the cloud environment. Our research work is made up of four major phases: “data pre-processing, optimal clustering, feature selection, and attack detection phase”. Initially, the collected raw data are pre-processed to enhance the quality of the data. Then, these pre-processed data are segmented with the newly introduced K-means clustering model, where we’ve optimally selected the centroids by introducing a new hybrid optimization model referred as Spider Monkey Updated with Sealion Optimization (SMSLO), which is the conceptual hybridization of standard SeaLion Optimization (SLnO) and Spider Monkey Optimization (SMO), respectively. At the end of segmentation, two clusters (attack data and non-attack data) will be formed. The data available in both clusters seems to be huge in dimensions, so we’ve lessened the dimensions of the data in the clusters by applying the “Principal Component Analysis (PCA)” algorithm. Subsequently, these dimensionality-reduced features pass into the attack detection phase. The attack detection phase is modeled with the optimized Deep Belief Network (DBN), which portrays the type of attack (Dos, Botnet, DDoS as well) that intruded into the network. Since the DBN makes the final detections; it is ought to be less prone to errors. We have lessened the detection errors such as the Mean Square Error (MSE) of DBN by fine-tuning its weight using a new hybrid optimization model (SMSLO). Finally, the result acquired from the proposed work (DBN+SMSLO) is validated.