Fang Jinhe,Feng Yan,Wang Ruijie

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.048

2006-01-01

Abstract:After discussing the constraints of current intrusion detection systems(IDS),we issue two problems should be considered in developing an adaptive IDS,one is to select the time to update the normal profile and the other is to select a mechanism to update the profile.To resolve the first problem,we calculate the similarity between the incremental audit data and the normal profile and then decide whether to and when to update the profile.To resolve the second problem,we employ a sliding window approach and use only the audit data inside that sliding window to update the profile.The window therefore acts to filter out outdated audit data and to build a profile based on only recent data that reflects the recent system activities.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

Khloud Al Jallad,Mohamad Aljnidi,Mohammad Said Desouki

DOI: https://doi.org/10.48550/arXiv.2209.13961

2022-09-28

Cryptography and Security

Abstract:With the growing use of information technology in all life domains, hacking has become more negatively effective than ever before. Also with developing technologies, attacks numbers are growing exponentially every few months and become more sophisticated so that traditional IDS becomes inefficient detecting them. This paper proposes a solution to detect not only new threats with higher detection rate and lower false positive than already used IDS, but also it could detect collective and contextual security attacks. We achieve those results by using Networking Chatbot, a deep recurrent neural network: Long Short Term Memory (LSTM) on top of Apache Spark Framework that has an input of flow traffic and traffic aggregation and the output is a language of two words, normal or abnormal. We propose merging the concepts of language processing, contextual analysis, distributed deep learning, big data, anomaly detection of flow analysis. We propose a model that describes the network abstract normal behavior from a sequence of millions of packets within their context and analyzes them in near real-time to detect point, collective and contextual anomalies. Experiments are done on MAWI dataset, and it shows better detection rate not only than signature IDS, but also better than traditional anomaly IDS. The experiment shows lower false positive, higher detection rate and better point anomalies detection. As for prove of contextual and collective anomalies detection, we discuss our claim and the reason behind our hypothesis. But the experiment is done on random small subsets of the dataset because of hardware limitations, so we share experiment and our future vision thoughts as we wish that full prove will be done in future by other interested researchers who have better hardware infrastructure than ours.

Faten Louati,Farah Barika Ktata,Ikram Amous

DOI: https://doi.org/10.1007/s10586-024-04306-9

2024-03-10

Cluster Computing

Abstract:The growing complexity of security threats and the pervasive prevalence of cyberattacks have become more apparent in the present era, and the advent of big data, characterized by its distinctive features, has introduced layers of complexity to security tasks. Intrusion Detection Systems (IDSs) constitute a crucial line of defense, but their adaptation to the realm of big data is imperative. While traditional Machine Learning (ML)-based IDSs have been pivotal in detecting malicious patterns, they are often incapable to keep pace with the demands of expansive big data networks. This paper proposes a novel decentralized Multi-Agent Reinforcement Learning (MARL)-based IDS designed to address the specific challenges posed by big data. Our solution employs decentralized cooperative MARL, securing communicative channels throughout the detection process and concurrent data preprocessing which significantly reduces the overall processing time. Furthermore, the integration of Cloud computing and Big Data streaming techniques further facilitates real-time intrusion detection as cloud's resources allow rapid pre-process and analyse of massive data streams using powerful clusters. Likewise, Big Data streaming techniques ensure that potential intrusions are identified and addressed as they occur. Experimental results, conducted on the widely recognized NSLKDD benchmark dataset, demonstrate the superiority of our solution over other state-of-the-art approaches for big data networks, achieving an accuracy rate of 97.44%.

computer science, information systems, theory & methods

Fadi Salo,MohammadNoor Injadat,Ali Bou Nassif,Aleksander Essex

DOI: https://doi.org/10.48550/arXiv.2005.12267

2020-05-24

Abstract:Cloud computing has become a powerful and indispensable technology for complex, high performance and scalable computation. The exponential expansion in the deployment of cloud technology has produced a massive amount of data from a variety of applications, resources and platforms. In turn, the rapid rate and volume of data creation has begun to pose significant challenges for data management and security. The design and deployment of intrusion detection systems (IDS) in the big data setting has, therefore, become a topic of importance. In this paper, we conduct a systematic literature review (SLR) of data mining techniques (DMT) used in IDS-based solutions through the period 2013-2018. We employed criterion-based, purposive sampling identifying 32 articles, which constitute the primary source of the present survey. After a careful investigation of these articles, we identified 17 separate DMTs deployed in an IDS context. This paper also presents the merits and disadvantages of the various works of current research that implemented DMTs and distributed streaming frameworks (DSF) to detect and/or prevent malicious attacks in a big data environment.

Cryptography and Security,Artificial Intelligence,Machine Learning

Gulab Sah,Subhasish Banerjee,Sweety Singh

DOI: https://doi.org/10.1007/s10207-022-00616-4

2022-10-08

International Journal of Information Security

Abstract:The intrusion detection system (IDS) plays an important role in extracting and analysing the network traffics to detect aberrant activity. However, emerging technologies, like cloud computing, Internet of Things, etc., generate a large volume of traffics, which may carry the irrelevant attributes that do not have any impact on classification or in detection of assaults. Hence, it's became an open challenge for the researchers to extract the meaningful data from huge amounts of traffic and also to examine whether the selected features could increase IDS performance or not. To solve these issues, features selection approaches (FSA) have been used in this research to remove non-relevant features and find the important ones. Later, the various classifiers have been used to investigate the best classifier which could increase the performance of IDS's detection-engine on the NSL-KDD datasets. However, to validate, the investigated best-performing classifier with the suitable features selection technique (FST) has also been implemented on a real-time dataset, i.e. combined CICIDS2017. The experiment results in this research suggest that the acquired subset of relevant features under the proposed model's (Decision Tree + Recursive Feature Elimination) could increase the IDS performance with average accuracy of 99.21% and 99.94% on the well-known NSL-KDD and CICIDS2017 datasets, respectively, and could also minimize the computation cost, in parallel.

computer science, information systems, theory & methods, software engineering

Prabhat Kumar,Govind P. Gupta,Rakesh Tripathi

DOI: https://doi.org/10.1007/s12652-020-02696-3

IF: 3.662

2020-11-27

Journal of Ambient Intelligence and Humanized Computing

Abstract:With the development of internet of things (IoT), capabilities of computing, networking infrastructure, storage of data and management have come very close to the edge of networks. This has accelerated the necessity of Fog computing paradigm. Due to availability of Internet, most of our business operations are integrated with IoT platform. Fog computing has enhanced the strategy of collecting and processing, huge amount of data. On the other hand, attacks and malicious activities has adverse consequences on the development of IoT, Fog, and cloud computing. This has led to development of many security models using fog computing to protect IoT network. Therefore, for dynamic and highly scalable IoT environment, a distributed architecture based intrusion detection system (IDS) is required that can distribute the existing centralized computing to local fog nodes and can efficiently detect modern IoT attacks. This paper proposes a novel distributed ensemble design based IDS using Fog computing, which combines k-nearest neighbors, XGBoost, and Gaussian naive Bayes as first-level individual learners. At second-level, the prediction results obtained from first level is used by Random Forest for final classification. Most of the existing proposals are tested using KDD99 or NSL-KDD dataset. However, these datasets are obsolete and lack modern IoT-based attacks. In this paper, UNSW-NB15 and actual IoT-based dataset namely, DS2OS are used for verifying the effectiveness of the proposed system. The experimental result revealed that the proposed distributed IDS with UNSW-NB15 can achieve higher detection rate upto 71.18% for Backdoor, 68.98% for Analysis, 92.25% for Reconnaissance and 85.42% for DoS attacks. Similarly, with DS2OS dataset, detection rate is upto 99.99% for most of the attack vectors.

computer science, information systems,telecommunications, artificial intelligence

Zachary Tauscher,Yushan Jiang,Kai Zhang,Jian Wang,Houbing Song

DOI: https://doi.org/10.48550/arXiv.2108.08394

2021-08-19

Abstract:With massive data being generated daily and the ever-increasing interconnectivity of the world's Internet infrastructures, a machine learning based intrusion detection system (IDS) has become a vital component to protect our economic and national security. In this paper, we perform a comprehensive study on NSL-KDD, a network traffic dataset, by visualizing patterns and employing different learning-based models to detect cyber attacks. Unlike previous shallow learning and deep learning models that use the single learning model approach for intrusion detection, we adopt a hierarchy strategy, in which the intrusion and normal behavior are classified firstly, and then the specific types of attacks are classified. We demonstrate the advantage of the unsupervised representation learning model in binary intrusion detection tasks. Besides, we alleviate the data imbalance problem with SVM-SMOTE oversampling technique in 4-class classification and further demonstrate the effectiveness and the drawback of the oversampling mechanism with a deep neural network as a base model.

Cryptography and Security,Machine Learning

Gulab Sah,Sweety Singh,Subhasish Banerjee

DOI: https://doi.org/10.23919/jcc.fa.2022-0076.202409

2024-10-01

China Communications

Abstract:The key objective of intrusion detection systems (IDS) is to protect the particular host or network by investigating and predicting the network traffic as an attack or normal. These IDS uses many methods of machine learning (ML) to learn from past-experience attack i.e. signatures based and identify the new ones. Even though these methods are effective, but they have to suffer from large computational costs due to considering all the traffic features, together. Moreover, emerging technologies like the Internet of Things (IoT), big data, etc. are getting advanced day by day; as a result, network traffics are also increasing rapidly. Therefore, the issue of computational cost needs to be addressed properly. Thus, in this research, firstly, the ML methods have been used with the feature selection technique (FST) to reduce the number of features by picking out only the important ones from NSL-KDD, CICIDS2017, and CIC-DDoS2019 datasets later that helped to build IDSs with lower cost but with the higher performance which would be appropriate for vast scale network. The experimental result demonstrated that the proposed model i.e. Decision tree (DT) with Recursive feature elimination (RFE) performs better than other classifiers with RFE in terms of accuracy, specificity, precision, sensitivity, F1-score, and G-means on the investigated datasets.

telecommunications

Cristiano Antonio de Souza,Carlos Becker Westphall,Jean Douglas Valencio,Renato Bobsin Machado,Wesley dos R. Bezerra

DOI: https://doi.org/10.1016/j.adhoc.2024.103541

IF: 4.816

2024-05-11

Ad Hoc Networks

Abstract:Special security techniques, such as intrusion detection mechanisms, are indispensable in modern computer systems. With the emergence of the Internet of Things they have become even more important. It is important to detect and identify the attack in a category so that countermeasures specific to the threat category can be resolved. However, most existing multiclass detection approaches have some weaknesses, mainly related to detecting specific categories of attacks and problems with false positives. This article addresses this research problem and advances state-of-the-art, bringing contributions to a two-stage detection architecture called DNNET-Ensemble, combining binary and multiclass detection. While the benign traffic can be quickly released on the first detection, the intrusive traffic can be subjected to a robust analysis approach without causing delay issues. Additionally, we propose the DNNET binary approach for the binary detection level, which can provide more accurate and faster binary detection. We present the proposal of a federated strategy to train the neural model of the DNNET method without sending data to the cloud, thus preserving the privacy of local data. The proposed Hybrid Attribute Selection strategy can find an optimal subset of attributes through a wrapper method with a lower training cost due to pre-selection using a filter method. Furthermore, the proposed Soft-SMOTE improvement allows operating with a balanced dataset with a minor training time increase, even in scenarios where there are a large number of classes with a large imbalance among them. Results obtained from experiments on renowned intrusion datasets and laboratory experiments demonstrate that the approach can achieve superior detection rates and false positive performance compared to other state-of-the-art approaches.

computer science, information systems,telecommunications

YU Yan,GUO Shan-Qing,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137X.2007.05.018

2007-01-01

Computer Science

Abstract:Existing anomaly intrusion detection algorithms based on machine learning are usually founded on the equivalent learning of all historical dataset.Therefore,the learned network behavior profiles depend on the historical data heavily,thus behavior characteristics of current network traffic can not be represented exactly.At the same time,the network packets which arrive persistently with high speed and large volume can not be stored and maintained in time because of the high time and space complexity of the anomaly intrusion detection algorithms.So,a kind of two-phase intrusion detection method based on data stream clustering is presented.In the method,the statistical information of the network traffic are collected and generated on line firstly.Then the statistical information which can represent current network situation nicely are used to detect the intrusions.Accordingly,the influence of historical data can be reduced.The empirical results manifest that such a two-phase intrusion detection method has better detection performance than that based on all historical data,as well as resolves the problems of insufficient system resources,such as memory,etc.,to improve the flexibility and concurrency of system.

Santosh Kumar Sahu,Durga Prasad Mohapatra,Jitendra Kumar Rout,Kshira Sagar Sahoo,Ashish Kr. Luhach

DOI: https://doi.org/10.1089/big.2020.0201

IF: 4.426

2021-08-01

Big Data

Abstract:In this study, we set up a scalable framework for large-scale data processing and analytics using the big data framework. The popular classification methods are implemented, tuned, and evaluated by using intrusion datasets. The objective is to select the best classifier after optimizing the hyper-parameters. We observed that the decision tree (DT) approach outperforms compared with other methods in terms of classification accuracy, fast training time, and improved average prediction rate. Therefore, it is selected as a base classifier in our proposed ensemble approach to study class imbalance. As the intrusion datasets are imbalanced, most of the classification techniques are biased toward the majority class. The misclassification rate is more in the case of the minority class. An ensemble-based method is proposed by using K-Means, RUSBoost, and DT approaches to mitigate the class imbalance problem; empirically investigate the impact of class imbalance on classification approaches' performance; and compare the result by using popular performance metrics such as Balanced Accuracy, Matthews Correlation Coefficient, and F-Measure, which are more suitable for the assessment of imbalanced datasets.

computer science, theory & methods, interdisciplinary applications

Martin Andreoni Lopez,Diogo M. F. Mattos,Otto Carlos M. B. Duarte,Guy Pujolle

DOI: https://doi.org/10.1002/cpe.5344

2019-05-21

Concurrency and Computation: Practice and Experience

Abstract:<p>The late detection of security threats causes a significant increase in the risk of irreparable damages and restricts any defense attempt. In this paper, we propose a s<b>CA</b>lable <b>TR</b>Affic <b>C</b>lassifier and <b>A</b>nalyzer (CATRACA). CATRACA works as an efficient online Intrusion Detection and Prevention System implemented as a Virtualized Network Function. CATRACA is based on Apache Spark, a Big Data Streaming processing system, and it is deployed over the Open Platform for Network Functions Virtualization (OPNFV), providing an accurate real‐time threat‐detection service. The system presents a friendly graphical interface that provides real‐time visualization of the traffic and the attacks that occur in the network. Our prototype can differentiate normal traffic from denial of service (DoS) attacks and vulnerability probes over 95% accuracy under three different datasets. Moreover, CATRACA handles streaming data under concept drift detection with more than 85% of accuracy.</p>

Chao Liu,Zhaojun Gu,Jialiang Wang

DOI: https://doi.org/10.1109/access.2021.3082147

IF: 3.9

2021-01-01

IEEE Access

Abstract:Digital assets have come under various network security threats in the digital age. As a kind of security equipment to protect digital assets, intrusion detection system (IDS) is less efficient if the alert is not timely and IDS is useless if the accuracy cannot meet the requirements. Therefore, an intrusion detection model that combines machine learning with deep learning is proposed in this paper. The model uses the k-means and the random forest (RF) algorithms for the binary classification, and distributed computing of these algorithms is implemented on the Spark platform to quickly classify normal events and attack events. Then, by using the convolutional neural network (CNN), long short-term memory (LSTM), and other deep learning algorithms, the events judged as abnormal are further classified into different attack types finally. At this stage, adaptive synthetic sampling (ADASYN) is adopted to solve the unbalanced dataset. The NSL-KDD and CIS-IDS2017 datasets are used to evaluate the performance of the proposed model. The experimental results show that the proposed model has better TPR for most of attack events, faster data preprocessing speed, and potentially less training time. In particular, the accuracy of multi-target classification can reach as high as 85.24% in the NSL-KDD dataset and 99.91% in the CIC-IDS2017 dataset.

computer science, information systems,telecommunications,engineering, electrical & electronic

Iftikhar Ahmad,Qazi Emad Ul Haq,Muhammad Imran,Madini O. Alassafi,Rayed A. AlGhamdi

DOI: https://doi.org/10.3390/math10030530

IF: 2.4

2022-02-08

Mathematics

Abstract:Intrusion detection in computer networks is of great importance because of its effects on the different communication and security domains. The detection of network intrusion is a challenge. Moreover, network intrusion detection remains a challenging task as a massive amount of data is required to train the state-of-the-art machine learning models to detect network intrusion threats. Many approaches have already been proposed recently on network intrusion detection. However, they face critical challenges owing to the continuous increase in new threats that current systems do not understand. This paper compares multiple techniques to develop a network intrusion detection system. Optimum features are selected from the dataset based on the correlation between the features. Furthermore, we propose an AdaBoost-based approach for network intrusion detection based on these selected features and present its detailed functionality and performance. Unlike most previous studies, which employ the KDD99 dataset, we used a recent and comprehensive UNSW-NB 15 dataset for network anomaly detection. This dataset is a collection of network packets exchanged between hosts. It comprises 49 attributes, including nine types of threats such as DoS, Fuzzers, Exploit, Worm, shellcode, reconnaissance, generic, and analysis Backdoor. In this study, we employ SVM and MLP for comparison. Finally, we propose AdaBoost based on the decision tree classifier to classify normal activity and possible threats. We monitored the network traffic and classified it into either threats or non-threats. The experimental findings showed that our proposed method effectively detects different forms of network intrusions on computer networks and achieves an accuracy of 99.3% on the UNSW-NB15 dataset. The proposed system will be helpful in network security applications and research domains.

mathematics

Ying Gao,Hongrui Wu,Binjie Song,Yaqia Jin,Xiongwen Luo,Xing Zeng

DOI: https://doi.org/10.1109/access.2019.2948382

IF: 3.9

2019-01-01

IEEE Access

Abstract:Security assurance in Vehicular Ad hoc Network (VANET) is a crucial and challenging task due to the open-access medium. One great threat to VANETs is Distributed Denial-of-Service (DDoS) attack because the target of this attack is to prevent authorized nodes from accessing the services. To provide high availability of VANETs, a scalable, reliable and robust network intrusion detection system should be developed to efficiently mitigate DDoS. However, big data from VANETs poses serious challenges to DDoS attack detection since the detection system require scalable methods to capture, store and process the big data. To overcome these challenges, this paper proposes a distributed DDoS network intrusion detection system based on big data technology. The proposed detection system consists of two main components: real-time network traffic collection module and network traffic detection module. To build our proposed system, we use Spark to speed up data processing and use HDFS to store massive suspicious attacks. In the network collection module, micro-batch data processing model is used to improve the real-time performance of traffic feature collection. In the traffic detection module, the classification algorithm based on Random Forest (RF) is adopted. In order to evaluate the accuracy of detection, the algorithm was evaluated and compared in the datasets, containing NSL-KDD and UNSW-NB15. The experimental results show that the proposed detection algorithm reached the accuracy rate of 99.95% and 98.75%, and the false alarm rate (FAR) of 0.05% and 1.08%, respectively, in two datasets.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sridhar Patthi,Sugandha Singh,Ila Chandana Kumari P

DOI: https://doi.org/10.1007/s11042-023-17781-w

IF: 2.577

2024-01-07

Multimedia Tools and Applications

Abstract:The proliferation of wireless networks as a primary data transmission channel has brought about a surge in data volume but also raised security threats and privacy concerns. Intrusion Detection Systems (IDS) have proven effective in safeguarding data transmission, yet they struggle to detect minor or rare attacks that mimic normal traffic. To address this challenge, we propose a novel two-layer classification model integrating K-nearest neighbor (KNN) and support vector machines (SVMs). In the first layer, KNN classifies data into Normal, Major, and Minor Attack categories, while the second layer further distinguishes Major Attacks into DoS or Probe and Minor Attacks into U2R or R2. Our framework incorporates Common Correlated Feature Selection (CCFS) to optimize feature discrimination, partitioning training data into three groups. Furthermore, we explore data preprocessing techniques to enhance data interpretation and maintain statistical normalcy in traffic connection features. Our experimental analysis utilizes the NSL-KDD dataset, demonstrating that our approach significantly improves detection rates, particularly for Minor Attacks, achieving a remarkable 92.33% detection rate for U2R and 91.33% for R2L attacks. This represents a substantial 10% enhancement over existing methods, outperforming Multi-Layer Perceptron (MLP) by 13.23%, Random Forest (RF) by 10.11%, J48- Decision Tree (DT) by 9.23%, and Naïve Bayes (NB) by 9.42% and 8.17% in terms of detection rates. These results underscore the effectiveness of our approach in enhancing intrusion detection performance.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Brunel Elvire Bouya-Moko,Edward Kwadwo Boahen,Changda Wang

DOI: https://doi.org/10.3390/electronics11111675

IF: 2.9

2022-05-25

Electronics

Abstract:Strong network connections make the risk of malicious activities emerge faster while dealing with big data. An intrusion detection system (IDS) can be utilized for alerting suitable entities when hazardous actions are occurring. Most of the techniques used to classify intrusions lack the techniques executed with big data. This paper devised an optimization-driven deep learning technique for detecting the intrusion using the Spark model. The input data is fed to the data partitioning phase wherein the partitioning of data is done using the proposed fuzzy local information and Bhattacharya-based C-means (FLIBCM). The proposed FLIBCM was devised by combining Bhattacharya distance and fuzzy local information C-Means (FLICM). The feature selection was achieved with classwise info gained to select imperative features. The data augmentation was done with oversampling to make it apposite for further processing. The detection of intrusion was done using a deep Maxout network (DMN), which was trained using the proposed student psychology water cycle caviar (SPWCC) obtained by combining the water cycle algorithm (WCA), the conditional autoregressive value at risk by regression quantiles (CAViaR), and the student psychology-based optimization algorithm (SPBO). The proposed SPWCC-based DMN offered enhanced performance with the highest accuracy of 97.6%, sensitivity of 98%, and specificity of 97%.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ahlem Abid,Farah Jemili,Ouajdi Korbaa

DOI: https://doi.org/10.1080/24751839.2023.2239617

2023-07-26

Journal of Information and Telecommunication

Abstract:Industry 4.0 refers to a new generation of connected and intelligent factories that is driven by the emergence of new technologies such as artificial intelligence, Cloud computing, Big Data and industrial control systems (ICS) in order to automate all phases of industrial operations. The presence of connected systems in industrial environments poses a considerable security challenge, moreover with the huge amount of data generated daily, there are complex attacks that occur in seconds and target production lines and their integrity. But, until now, factories do not have all the necessary tools to protect themselves, they mainly use traditional protection. In order to improve industrial control systems in terms of efficiency and response time, the present paper propose a new distributed intrusion detection approach using artificial intelligence methods, Big Data techniques and deployed in a cloud environment. A variety of Machine Learning and Deep Learning algorithms, basically convolutional neural networks (CNN), have been tested to compare performance and choose the most suitable model for the classification. We test the performance of our model by using the industrial dataset SWat.