Intrusion detection system in distributed cloud computing: Hybrid clustering and classification methods

Abstract

Cloud Computing is popular nowadays due to its storage and data access services. Security and privacy are prime concerns when network threats increase. Cloud computing offers organizations and enterprises a scalable, flexible, and cost-effective infrastructure to store data on the Web. An anomaly-based IDS implementation protects the integrity of the data in a database by identifying and quarantining records when something appears to have changed unexpectedly. Machine learning based clustering and classification methods are used for anomaly based IDS attack classification and scalability in advanced networking environments. Machine learning is a fast, efficient, and adaptable approach to develop intrusion detection models that can deal with emerging threats, i.e., known and unknown attacks (including zero-day attacks). This paper proposes an efficient Hybrid clustering and classification models for implementing an anomaly-based IDS for malicious attack type classifications such as normal (no intrusion), DoS, Probe, U2R, and R2L using threshold-based functions, and the results are tested with two different threshold values (e), 0.01 & 0.5. The experiments have been performed on two tested datasets, namely, NSL-KDD and KDDcup99. Detection rate, False alarm ratio, and accuracy have been used to study the performance of the proposed methodology. After applying the proposed approach, the K-means with random forest has been shown at two different threshold values to have a better classification accuracy, detection rate, and false alarm rate of 99.85%, 99.78% and 0.09% on the NSL-KDD dataset and 98.27%, 98.12% and 2.08% respectively on the KDDcup99 dataset.