Sahil Garg,Kuljeet Kaur,Shalini Batra,Gagangeet Singh Aujla,Graham Morgan,Neeraj Kumar,Albert Y. Zomaya,Rajiv Ranjan

DOI: https://doi.org/10.1016/j.jpdc.2019.09.013

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:With an exponential increase in the usage of different types of services and applications in cloud computing environment, the identification of malicious behaviour of different nodes becomes challenging due to the diversity of traffic patterns generated from various services and applications. Most of the existing solutions reported in the literature are restricted with respect to the usage of a specific technique applicable to single class datasets. But in real life scenarios, applications and services especially in cloud environment may have multi-class datasets. Moreover, non-linear behaviour among the dataset attributes generates additional challenges for identification of nodes behaviour, and it has not been exploited to its full potential in the existing solutions. This can lead to performance bottlenecks with respect to the identification of malicious behaviour of different nodes. Motivated from these facts, this paper proposes an Ensemble Artificial Bee Colony based Anomaly Detection Scheme (En-ABC) for multi-class datasets in cloud environment. En-ABC has following components for identification of malicious behaviour of nodes-(i) feature selection and optimization, (ii) data clustering, and (iii) identification of anomalous behaviour of nodes. The feature selection and optimization model in En-ABC has been built using Restricted Boltzmann Machine and Unscented Kalman Filter (to handle the non-linear behaviour of dataset attributes) respectively. Moreover, Artificial Bee Colony-based Fuzzy C-means clustering technique is used to obtain an optimal clustering based on two objective functions, i.e., Mean Square Deviation and Dunn Index (to handle the participation of attributes in multiple clustered datasets). Then, a profile of normal/abnormal behaviour has been built using clustering results for detection of the anomalies. Finally, the performance of the proposed scheme has been compared with the existing schemes (CM, SVM, ML-IDS and MSADA) using various parameters such as-detection, false alarm, and accuracy rates. Experimental results on benchmark (NSL-KDD, NAB and IBRL) and synthetic datasets validate the effectiveness of the proposed scheme.

computer science, theory & methods

Amol D. Vibhute,Vikram Nakum

DOI: https://doi.org/10.1016/j.procs.2024.01.161

2024-01-01

Procedia Computer Science

Abstract:With the advancements in computer networking, communication between end-to-end systems has increased drastically. However, security issues have also been raised. Thus, detecting anomalies from a complex cloud environment is still challenging. Therefore, the present article proposes the deep Convolutional Neural Network (CNN) model for detecting and classifying near-real-time network intrusions from an imbalanced cloud environment. The random forest model is also offered and implemented to select the best suitable features as input to the CNN model. The experiments were carried out on CSE-CIC-IDS2018 datasets. The results show that the proposed CNN model achieved 97.07% testing accuracy with a 2.93% error rate. The performance of the proposed model was also measured using precision, recall, and f1-score with 98.11, 96.93, and 97.52%. The results are more accurate, precise, promising, and able to detect network anomalies with the highest accuracy and can be successfully used in real-time Industry 4.0 systems.

Amira Mahamat Abdallah,Aysha Alkaabi,Ghaya Alameri,Saida Hafsa Rafique,Nura Shifa Musa,Thangavel Murugan

DOI: https://doi.org/10.1109/access.2024.3390844

IF: 3.9

2024-04-27

IEEE Access

Abstract:In the rapidly evolving landscape of computing and networking, the concepts of cloud networks have gained significant prominence. Although the cloud network offers on-demand access to shared resources, anomalies pose potential risks to the integrity and security of cloud networks. However, protecting the cloud network against anomalies remains a challenge. Unlike traditional detection techniques, machine learning (ML) and deep learning (DL) offer new and adaptable methods for detecting anomalies in cloud networks. The objective of this study is to comprehensively explore existing ML /DL methods for detecting different anomalies based on distributed denial of service anomaly (DDoS) and intrusion detection systems (IDS) in cloud networks. The study seeks to address the gaps in anomaly detection for cloud networks, proposing potential solutions for anomaly detection in these cloud environments. The ultimate goal is to contribute valuable insights and practical solutions to enhance the security and reliability of cloud networks through effective anomaly detection by ML/ DL techniques. Methodologies for ML/DL are explained, along with their advantages, disadvantages, and respective approaches. In addition, a summary of the comparison between different ML/ DL models is also included.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ibtihal AlSaleh,Aida Al-Samawi,Liyth Nissirat

DOI: https://doi.org/10.3390/s24051418

IF: 3.9

2024-02-23

Sensors

Abstract:Cloud computing has revolutionized the information technology landscape, offering businesses the flexibility to adapt to diverse business models without the need for costly on-site servers and network infrastructure. A recent survey reveals that 95% of enterprises have already embraced cloud technology, with 79% of their workloads migrating to cloud environments. However, the deployment of cloud technology introduces significant cybersecurity risks, including network security vulnerabilities, data access control challenges, and the ever-looming threat of cyber-attacks such as Distributed Denial of Service (DDoS) attacks, which pose substantial risks to both cloud and network security. While Intrusion Detection Systems (IDS) have traditionally been employed for DDoS attack detection, prior studies have been constrained by various limitations. In response to these challenges, we present an innovative machine learning approach for DDoS cloud detection, known as the Bayesian-based Convolutional Neural Network (BaysCNN) model. Leveraging the CICDDoS2019 dataset, which encompasses 88 features, we employ Principal Component Analysis (PCA) for dimensionality reduction. Our BaysCNN model comprises 19 layers of analysis, forming the basis for training and validation. Our experimental findings conclusively demonstrate that the BaysCNN model significantly enhances the accuracy of DDoS cloud detection, achieving an impressive average accuracy rate of 99.66% across 13 multi-class attacks. To further elevate the model's performance, we introduce the Data Fusion BaysFusCNN approach, encompassing 27 layers. By leveraging Bayesian methods to estimate uncertainties and integrating features from multiple sources, this approach attains an even higher average accuracy of 99.79% across the same 13 multi-class attacks. Our proposed methodology not only offers valuable insights for the development of robust machine learning-based intrusion detection systems but also enhances the reliability and scalability of IDS in cloud computing environments. This empowers organizations to proactively mitigate security risks and fortify their defenses against malicious cyber-attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Feiyi Chen,Yingying zhang,Zhen Qin,Lunting Fan,Renhe Jiang,Yuxuan Liang,Qingsong Wen,Shuiguang Deng

DOI: https://doi.org/10.1109/icde60146.2024.00047

2024-01-01

Abstract:Anomaly detection significantly enhances the robustness of cloud systems.While neural network-based methods have recently demonstrated strongadvantages, they encounter practical challenges in cloud environments: thecontradiction between the impracticality of maintaining a unique model for eachservice and the limited ability to deal with diverse normal patterns by aunified model, as well as issues with handling heavy traffic in real time andshort-term anomaly detection sensitivity. Thus, we propose MACE, a multi-normal-pattern accommodated and efficientanomaly detection method in the frequency domain for time series anomalydetection. There are three novel characteristics of it: (i) a patternextraction mechanism excelling at handling diverse normal patterns with aunified model, which enables the model to identify anomalies by examining thecorrelation between the data sample and its service normal pattern, instead ofsolely focusing on the data sample itself; (ii) a dualistic convolutionmechanism that amplifies short-term anomalies in the time domain and hindersthe reconstruction of anomalies in the frequency domain, which enlarges thereconstruction error disparity between anomaly and normality and facilitatesanomaly detection; (iii) leveraging the sparsity and parallelism of frequencydomain to enhance model efficiency. We theoretically and experimentally provethat using a strategically selected subset of Fourier bases can not only reducecomputational overhead but is also profitable to distinguish anomalies,compared to using the complete spectrum. Moreover, extensive experimentsdemonstrate MACE's effectiveness in handling diverse normal patterns with aunified model and it achieves state-of-the-art performance with highefficiency.

Mhamad Bakro,Rakesh Ranjan Kumar,Amerah A. Alabrah,Zubair Ashraf,Sukant K. Bisoy,Nikhat Parveen,Souheil Khawatmi,Ahmed Abdelsalam

DOI: https://doi.org/10.3390/electronics12112427

IF: 2.9

2023-05-27

Electronics

Abstract:The application of cloud computing has increased tremendously in both public and private organizations. However, attacks on cloud computing pose a serious threat to confidentiality and data integrity. Therefore, there is a need for a proper mechanism for detecting cloud intrusions. In this paper, we have proposed a cloud intrusion detection system (IDS) that is focused on boosting the classification accuracy by improving feature selection and weighing the ensemble model with the crow search algorithm (CSA). The feature selection is handled by combining both filter and automated models to obtain improved feature sets. The ensemble classifier is made up of machine and deep learning models such as long short-term memory (LSTM), support vector machine (SVM), XGBoost, and a fast learning network (FLN). The proposed ensemble model's weights are generated with the CSA to obtain better prediction results. Experiments are executed on the NSL-KDD, Kyoto, and CSE-CIC-IDS-2018 datasets. The simulation shows that the suggested system attained more satisfactory results in terms of accuracy, recall, precision, and F-measure than conventional approaches. The detection rate and false alarm rate (FAR) of different attack types was more efficient for each dataset. The classifiers' performances were also compared individually to the ensemble model in terms of the false positive rate (FPR) and false negative rate (FNR) to demonstrate the ensemble model's robustness.

engineering, electrical & electronic,computer science, information systems,physics, applied

Hamed Alqahtani,Iqbal H. Sarker,Asra Kalim,Syed Md. Minhaz Hossain,Sheikh Ikhlaq,Sohrab Hossain

DOI: https://doi.org/10.1007/978-981-15-6648-6_10

2020-01-01

Abstract:As the alarming growth of connectivity of computers and the significant number of computer-related applications increase in recent years, the challenge of fulfilling cyber-security is increasing consistently. It also needs a proper protection system for numerous cyberattacks. Thus, detecting inconsistency and attacks in a computer network and developing intrusion detection system (IDS) that performs a potential role for cyber-security. Artificial intelligence, particularly machine learning techniques, has been used to develop a useful data-driven intrusion detection system. In this paper, we employ various popular machine learning classification algorithms, namely Bayesian Network, Naive Bayes classifier, Decision Tree, Random Decision Forest, Random Tree, Decision Table, and Artificial Neural Network, to detect intrusions due to provide intelligent services in the domain of cyber-security. Finally, we test the effectiveness of various experiments on cyber-security datasets having several categories of cyber-attacks and evaluate the effectiveness of the performance metrics, precision, recall, f1-score, and accuracy.

Muhammad Muntazir Khan,Muhammad Zubair Rehman,Abdullah Khan,Eimad Abusham

DOI: https://doi.org/10.1049/ell2.13235

2024-07-17

Electronics Letters

Abstract:The contributions of the paper are as follows: The introduction of an ensemble learning‐based stacking classifier for anomaly detection in communication network traffic. The utilization of base classifiers such as K‐nearest neighbour (KNN), logistic regression (LR), Naive Bayes (NB), and decision tree (DT), with Support Vector Machines (SVM) as a meta‐classifier for anomaly detection. A comprehensive comparison of accuracy, precision, recall, and F‐measure between the proposed model and individual models, including KNN, NB, DT, LDA, LR, and SVM. In recent years, the internet has not only enhanced the quality of our lives but also made us susceptible to high‐frequency cyber‐attacks on communication networks. Detecting such attacks on network traffic is made possible by intrusion detection systems (IDS). IDSs can be broadly divided into two groups based on the type of detection they provide. According to the established rules, the first signature‐based IDS detects threats. Secondly, anomaly‐based IDS detects abnormal conditions in the network. Various machine and deep learning approaches have been used to detect anomalies in network traffic in the past. To improve the detection of anomalies in network traffic, researchers have compared several machine learning models, such as support vector machines (SVM), logistic regressions (LRs), K‐Nearest Neighbour (KNN), Nave Bayes (NBs), and boosting algorithms. The accuracy, precision, and recall of many studies have been satisfactory to an extent. Therefore, this paper proposes an ensemble learning‐based stacking classifier (ELSC) to achieve a better accuracy rate. In the proposed ELSC algorithm, KNN, NB, LR, and Decision Trees (DT) served as the base classifiers, while SVM served as the meta classifier. Based on a Network Intrusion detection dataset provided by Kaggle.com, ELSC is compared to base classifiers such as KNN, NB, LR, DT, SVM, and Linear Discriminate Analysis. As a result of the simulations, the proposed ELBS stacking classifier was found to outperform the other comparative models and converge with an accuracy of 99.4%.

engineering, electrical & electronic

Vibekananda Dutta,Michał Choraś,Marek Pawlicki,Rafał Kozik

DOI: https://doi.org/10.3390/s20164583

2020-08-15

Abstract:Currently, expert systems and applied machine learning algorithms are widely used to automate network intrusion detection. In critical infrastructure applications of communication technologies, the interaction among various industrial control systems and the Internet environment intrinsic to the IoT technology makes them susceptible to cyber-attacks. Given the existence of the enormous network traffic in critical Cyber-Physical Systems (CPSs), traditional methods of machine learning implemented in network anomaly detection are inefficient. Therefore, recently developed machine learning techniques, with the emphasis on deep learning, are finding their successful implementations in the detection and classification of anomalies at both the network and host levels. This paper presents an ensemble method that leverages deep models such as the Deep Neural Network (DNN) and Long Short-Term Memory (LSTM) and a meta-classifier (i.e., logistic regression) following the principle of stacked generalization. To enhance the capabilities of the proposed approach, the method utilizes a two-step process for the apprehension of network anomalies. In the first stage, data pre-processing, a Deep Sparse AutoEncoder (DSAE) is employed for the feature engineering problem. In the second phase, a stacking ensemble learning approach is utilized for classification. The efficiency of the method disclosed in this work is tested on heterogeneous datasets, including data gathered in the IoT environment, namely IoT-23, LITNET-2020, and NetML-2020. The results of the evaluation of the proposed approach are discussed. Statistical significance is tested and compared to the state-of-the-art approaches in network anomaly detection.

Abdul Rehman Javed,Muhammad Usman,Saif Ur Rehman,Mohib Ullah Khan,Mohammad Sayad Haghighi

DOI: https://doi.org/10.1109/tits.2020.3025875

IF: 8.5

2021-07-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Connected and Automated Vehicles (CAVs), owing to their characteristics such as seamless and real-time transfer of data, are imperative infrastructural advancements to realize the emerging smart world. The sensor-generated data are, however, vulnerable to anomalies caused due to faults, errors, and/or cyberattacks, which may cause accidents resulting in fatal casualties. To help in avoiding such situations by timely detecting anomalies, this study proposes an anomaly detection method that incorporates a combination of a multi-stage attention mechanism with a Long Short-Term Memory (LSTM)-based Convolutional Neural Network (CNN), namely, MSALSTM-CNN. The data streams, in the proposed method, are converted into vectors and then processed for anomaly detection. We also designed a method, namely, weight-adjusted fine-tuned ensemble: WAVED, which works on the principle of average predicted probability of multiple classifiers to detect anomalies in CAVs and benchmark the performance of the MSALSTM-CNN method. The MSALSTM-CNN method effectively enhances the anomaly detection rate in both low and high magnitude cases of anomalous instances in the dataset with the gain of up to 2.54% in F-score for detecting different single anomaly types. The method achieves the gain of up to 3.24% in F-score in the case of detecting mixed anomaly types. The experiment results show that the MSALSTM-CNN method achieves promising performance gain for both single and mixed multi-source anomaly types as compared to the state-of-the-art and benchmark methods.

engineering, electrical & electronic,transportation science & technology, civil

Jing Zhang

DOI: https://doi.org/10.48550/arXiv.1901.09294

2019-01-27

Abstract:Anomaly detecting as an important technical in cloud computing is applied to support smooth running of the cloud platform. Traditional detecting methods based on statistic, analysis, etc. lead to the high false-alarm rate due to non-adaptive and sensitive parameters setting. We presented an online model for anomaly detecting using machine learning theory. However, most existing methods based on machine learning linked all features from difference sub-systems into a long feature vector directly, which is difficult to both exploit the complement information between sub-systems and ignore multi-view features enhancing the classification performance. Aiming to this problem, the proposed method automatic fuses multi-view features and optimize the discriminative model to enhance the accuracy. This model takes advantage of extreme learning machine (ELM) to improve detection efficiency. ELM is the single hidden layer neural network, which is transforming iterative solution the output weights to solution of linear equations and avoiding the local optimal solution. Moreover, we rank anomies according to the relationship between samples and the classification boundary, and then assigning weights for ranked anomalies, retraining the classification model finally. Our method exploits the complement information between sub-systems sufficiently, and avoids the influence from imbalance dataset, therefore, deal with various challenges from the cloud computing platform. We deploy the privately cloud platform by Openstack, verifying the proposed model and comparing results to the state-of-the-art methods with better efficiency and simplicity.

Machine Learning

Isra Al-Turaiki,Najwa Altwaijry

DOI: https://doi.org/10.1089/big.2020.0263

IF: 4.426

2021-06-01

Big Data

Abstract:Cybersecurity protects and recovers computer systems and networks from cyber attacks. The importance of cybersecurity is growing commensurately with people's increasing reliance on technology. An anomaly detection-based network intrusion detection system is essential to any security framework within a computer network. In this article, we propose two models based on deep learning to address the binary and multiclass classification of network attacks. We use a convolutional neural network architecture for our models. In addition, a hybrid two-step preprocessing approach is proposed to generate meaningful features. The proposed approach combines dimensionality reduction and feature engineering using deep feature synthesis. The performance of our models is evaluated using two benchmark data sets, namely the network security laboratory-knowledge discovery in databases data set and the University of New South Wales Network Based 2015 data set. The performance is compared with similar deep learning approaches in the literature, as well as state-of-the-art classification models. Experimental results show that our models achieve good performance in terms of accuracy and recall, outperforming similar models in the literature.

computer science, theory & methods, interdisciplinary applications

N. Pandeeswari,Ganesh Kumar

DOI: https://doi.org/10.1007/s11036-015-0644-x

2015-08-16

Mobile Networks and Applications

Abstract:Cloud computing affords lot of resources and computing facilities through Internet. Cloud systems attract many users with its desirable features. In spite of them, Cloud systems may experience severe security issues. Thus, it is essential to create an Intrusion Detection System (IDS) to detect both insider and outsider attacks with high detection accuracy in cloud environment. This work proposes an anomaly detection system at the hypervisor layer named Hypervisor Detector that uses a hybrid algorithm which is a mixture of Fuzzy C-Means clustering algorithm and Artificial Neural Network (FCM-ANN) to improve the accuracy of the detection system. The proposed system is implemented and compared with Naïve Bayes classifier and Classic ANN algorithm. The DARPA’s KDD cup dataset 1999 is used for experiments. Based on extensive theoretical and performance analysis, it is evident that the proposed system is able to detect the anomalies with high detection accuracy and low false alarm rate even for low frequent attacks thereby outperforming Naïve Bayes classifier and Classic ANN.

computer science, information systems,telecommunications, hardware & architecture

Noah Oghenefego Ogwara,Krassie Petrova,Mee Loong Yang

DOI: https://doi.org/10.1155/2022/5988567

2022-02-27

Journal of Computer Networks and Communications

Abstract:Attacks on cloud computing (CC) services and infrastructure have raised concerns about the efficacy of data protection mechanisms in this environment. The framework developed in this study (CCAID: cloud computing, attack, and intrusion detection) aims to improve the performance of intrusion detection systems (IDS) operating in CC environments. It deploys a proposed new hybrid ensemble feature selection (FS) method. The ensemble includes FS algorithms of three different types (filter, wrapper, and embedded algorithms). The selected features used to train the ML (machine learning) model of the intrusion detection component comprised a binary detection engine for the identification of malicious/attack packets and a multiclassification detection engine for the identification of the type of attack. Both detection engines deploy ensemble classifiers. Experiments were carried out using the NSL KDD dataset. The binary model achieved a classification accuracy of 99.55% with a very low false alarm rate of 0.45%. The classification accuracy of the multiclassification model was also high (98.92%). These results compare very favourably with the results reported in the literature and indicate the feasibility of the framework implementation.

Jinming Wang,Tao Yang,Bingjing Yan,Pengchao Yao,Wenhai Wang,Qiang Yang

DOI: https://doi.org/10.1109/EI256261.2022.10117041

2022-01-01

Abstract:With the development and advances of information and networking technologies in Cyber-physical Power systems (CPPS), the frequency of information exchange between CPPS and the external networks is significantly increasing, leading to an ever-growing risk of cyberspace threats and attacks, e.g., malware injection to the CPPS. The existing detectors against malware are mainly based on static analysis, which deals well with known malware, but cannot cope with unknown or obfuscated malware. To this end, this paper proposed a novel multi-classifier ensemble system (MCES) for malware detection based on behavioral analysis. The developed detection model of MCES is a hierarchical learning model with kernel components consisting of base classifiers and one meta classifier. The proposed solution is assessed through experiments based on in total 14800 malware and 14800 benign samples. The numerical results demonstrated that MCES outperformed existing machine learning-based classifiers in identifying malware through application program interface (API) call sequences. The proposed model achieved the highest accuracy of 97.54%, and the highest recall of 97.85% in comparison with the state-of-the-art deep learning based malware detectors.

Aws Naser Jaber,Shafiq Ul Rehman

DOI: https://doi.org/10.1007/s10586-020-03082-6

2020-03-25

Cluster Computing

Abstract:Cloud computing offer various services over the Internet based on pay-per-use concept. Therefore, many organizations have already adopted this system to attract the users with its desirable features. However, due to its design, makes it vulnerable to malicious attacks. This demands an Intrusion Detection System that can detect such attacks with high detection accuracy in cloud environment. This paper proposes a novel intrusion detection system that combines a fuzzy c means clustering (FCM) algorithm with support vector machine (SVM) to improve the accuracy of the detection system in cloud computing environment. The proposed system is implemented and compared with existing mechanisms. The NSL-KDD dataset is used for experiments. Based on performance evaluation and comparative analysis, the results obtained using this new hybrid mechanism (FCM–SVM) show that the proposed system can detect the anomalies with high detection accuracy and low false alarm rates over the existing techniques.

Dheyaaldin Alsalman

DOI: https://doi.org/10.1109/access.2024.3359033

IF: 3.9

2024-02-03

IEEE Access

Abstract:Anomaly detection is a critical aspect of various applications, including security, healthcare, and network monitoring. In this study, we introduce FusionNet, an innovative ensemble model that combines the strengths of multiple machine learning algorithms, namely Random Forest, K-Nearest Neighbors, Support Vector Machine, and Multi-Layer Perceptron, for enhanced anomaly detection. FusionNet's architecture leverages the diversity of these algorithms to achieve high accuracy and precision. We evaluate FusionNet's performance on two distinct datasets, Dataset 1 and Dataset 2, and compare it with traditional machine learning models, including SVM, KNN, and RF. The results demonstrate that FusionNet consistently outperforms these models across both datasets in terms of accuracy, precision, recall, and F1 score. On Dataset 1, FusionNet achieves an accuracy of 98.5% and on Dataset 2, it attains an accuracy of 99.5%. FusionNet's remarkable ability to detect anomalies with exceptional accuracy underscores its potential for real-world applications. This study highlights the significance of FusionNet as a robust model for anomaly detection and provides insights into its superior performance over traditional models. The results emphasize the promising prospects of FusionNet in security, healthcare, and other domains where accurate anomaly detection is crucial.

computer science, information systems,telecommunications,engineering, electrical & electronic

Saikat Das,Sajal Saha,Annita Tahsin Priyoti,Etee Kawna Roy,Frederick T. Sheldon,Anwar Haque,Sajjan Shiva

DOI: https://doi.org/10.1109/tnsm.2021.3138457

2021-01-01

IEEE Transactions on Network and Service Management

Abstract:Proper security solutions in the cyber world are crucial for enforcing network security by providing real-time network protection against network vulnerabilities and data exploitation. An effective intrusion detection strategy is capable of taking a holistic approach for protecting critical systems against unauthorized access or attack. In this paper, we describe a machine learning (ML) based comprehensive security solution for network intrusion detection using ensemble supervised ML framework and ensemble feature selection methods. In addition, we provide a comparative analysis of several ML models and feature selection methods. The goal of this research is to design a generic detection mechanism and achieve higher accuracy with minimal false positive rates (FPR). NSL-KDD, UNSW-NB15, and CICIDS2017 datasets are used in the experiment, and results show that our detection model can identify 99.3% of intrusions successfully with the lowest 0.5% of false alarms, which depicts better performance metrics compared to existing solutions.

computer science, information systems

ZeYuan Fu

DOI: https://doi.org/10.1371/journal.pone.0271546

IF: 3.7

2022-10-07

PLoS ONE

Abstract:To improve the cybersecurity of Cloud Computing (CC) system. This paper proposes a Network Anomaly Detection (NAD) model based on the Fuzzy-C-Means (FCM) clustering algorithm. Secondly, the Cybersecurity Assessment Model (CAM) based on Grey Relational Grade (GRG) is creatively constructed. Finally, combined with Rivest Shamir Adleman (RSA) algorithm, this work proposes a CC network-oriented data encryption technology, selects different data sets for different models, and tests each model through design experiments. The results show that the average Correct Detection Rate (CDR) of the NAD model for different types of abnormal data is 93.33%. The average False Positive Rate (FPR) and the average Unreported Rate (UR) are 6.65% and 16.27%, respectively. Thus, the NAD model can ensure a high detection accuracy in the case of sufficient data. Meanwhile, the cybersecurity situation prediction by the CAM is in good agreement with the actual situation. The error between the average value of cybersecurity situation prediction and the actual value is only 0.82%, and the prediction accuracy is high. The RSA algorithm can control the average encryption time for very large text, about 12s. The decryption time is slightly longer but within a reasonable range. For different-size text, the encryption time is maintained within 0.5s. This work aims to provide important technical support for anomaly detection, overall security situation analysis, and data transmission security protection of CC systems to improve their cybersecurity.

multidisciplinary sciences

Tin Lai,Farnaz Farid,Abubakar Bello,Fariza Sabrina

2023-07-20

Abstract:The Internet of Things (IoT) integrates more than billions of intelligent devices over the globe with the capability of communicating with other connected devices with little to no human intervention. IoT enables data aggregation and analysis on a large scale to improve life quality in many domains. In particular, data collected by IoT contain a tremendous amount of information for anomaly detection. The heterogeneous nature of IoT is both a challenge and an opportunity for cybersecurity. Traditional approaches in cybersecurity monitoring often require different kinds of data pre-processing and handling for various data types, which might be problematic for datasets that contain heterogeneous features. However, heterogeneous types of network devices can often capture a more diverse set of signals than a single type of device readings, which is particularly useful for anomaly detection. In this paper, we present a comprehensive study on using ensemble machine learning methods for enhancing IoT cybersecurity via anomaly detection. Rather than using one single machine learning model, ensemble learning combines the predictive power from multiple models, enhancing their predictive accuracy in heterogeneous datasets rather than using one single machine learning model. We propose a unified framework with ensemble learning that utilises Bayesian hyperparameter optimisation to adapt to a network environment that contains multiple IoT sensor readings. Experimentally, we illustrate their high predictive power when compared to traditional methods.

Machine Learning,Social and Information Networks