Yawen Xue,Jie Pan,Yangyang Geng,Zeyu Yang,Mengxiang Liu,Ruilong Deng

DOI: https://doi.org/10.1109/ticps.2024.3406505

2024-01-01

Abstract:Industrial control systems (ICSs) are becoming increasingly interconnected as the rapid convergence of information technology (IT) and operation technology (OT) networks, and meanwhile massive attack surfaces have been exposed. However, traditional intrusion detection systems (IDSs) are difficult to be directly deployed in ICSs due to the hard real-time requirement and rare patching chance. Besides, the design of effective and practical IDSs is hampered by the lack of benchmarking ICS cybersecurity datasets. To bridge the gaps, this paper makes the first attempt by open-sourcing the developed ICS cybersecurity datasets and proposing a decision fusion based real-time IDS. Firstly, we design a customized cybersecurity dataset in a full-hardware and high-fidelity platform, including 7 types of cyber threats tailored for ICSs. The collected dataset includes network traffic, sensor readings, actuator status, and system parameters, providing the state-of-the-art benchmark dataset for ICSs consisting of cross-layer characteristics. Furthermore, we design an online decision fusion-based IDS by strategically integrating 4 widely-used machine learning models. The proposed IDS is deployed on a real-time running ethanol distillation, surpassing the performance of single detection models in terms of precision and F1-score, which substantially enhances intrusion detection accuracy and cybersecurity of ICS.

Rasheed Ahmad,Izzat Alsmadi,Ahmad, Rasheed

DOI: https://doi.org/10.1007/s10586-024-04365-y

2024-03-27

Cluster Computing

Abstract:The increasing frequency and sophistication of cyber-attacks pose significant threats to organizational entities and critical national infrastructure, leading to substantial financial and operational consequences. Detecting such attacks early and accurately remains a complex endeavour, compounded by challenges in intrusion detection system (IDS) design, the exploitation of zero-day attacks, and issues of reliability and resiliency in physical systems. This research addresses these challenges through a two-fold approach: firstly, implementing input data fusion from diverse and heterogeneous sources, and secondly, fusing classifiers from multiple deep learning (DL)-based algorithms. The success of machine learning (ML) and DL models for IDS relies on meticulous data collection and classifier selection. The paper underscores the limitations of relying on single datasets and ML/DL algorithms, emphasizing potential biases and training restrictions. Rigorous experiments were conducted to identify optimal DL architectures, ensuring the creation of models that exhibit robust generalization on new traffic instances, leading to trusted and unbiased results. The study demonstrates the efficacy of the proposed models through comprehensive evaluations and metrics. Results indicate that the fusion of data and classifiers significantly improves model generalization. The paper also outlines key challenges and future trends in data fusion, emphasizing its role in enhancing IDS performance for securing critical infrastructure.

computer science, information systems, theory & methods

Ahlem Abid,Farah Jemili,Ouajdi Korbaa

DOI: https://doi.org/10.1080/24751839.2023.2239617

2023-07-26

Journal of Information and Telecommunication

Abstract:Industry 4.0 refers to a new generation of connected and intelligent factories that is driven by the emergence of new technologies such as artificial intelligence, Cloud computing, Big Data and industrial control systems (ICS) in order to automate all phases of industrial operations. The presence of connected systems in industrial environments poses a considerable security challenge, moreover with the huge amount of data generated daily, there are complex attacks that occur in seconds and target production lines and their integrity. But, until now, factories do not have all the necessary tools to protect themselves, they mainly use traditional protection. In order to improve industrial control systems in terms of efficiency and response time, the present paper propose a new distributed intrusion detection approach using artificial intelligence methods, Big Data techniques and deployed in a cloud environment. A variety of Machine Learning and Deep Learning algorithms, basically convolutional neural networks (CNN), have been tested to compare performance and choose the most suitable model for the classification. We test the performance of our model by using the industrial dataset SWat.

Manal Abdullah Alohali,Fahd N Al-Wesabi,Anwer Mustafa Hilal,Shalini Goel,Deepak Gupta,Ashish Khanna

DOI: https://doi.org/10.1007/s11571-022-09780-8

Abstract:In recent days, Cognitive Cyber-Physical System (CCPS) has gained significant interest among interdisciplinary researchers which integrates machine learning (ML) and artificial intelligence (AI) techniques. This era is witnessing a rapid transformation in digital technology and AI where brain-inspired computing-based solutions will play a vital role in industrial informatics. The application of CCPS with brain-inspired computing in Industry 4.0 will create a significant impact on industrial evolution. Though the CCPSs in industrial environment offer several merits, security remains a challenging design issue. The rise of artificial intelligence AI techniques helps to address cybersecurity issues related to CCPS in industry 4.0 environment. With this motivation, this paper presents a new AI-enabled multimodal fusion-based intrusion detection system (AIMMF-IDS) for CCPS in industry 4.0 environment. The proposed model initially performs the data pre-processing technique in two ways namely data conversion and data normalization. In addition, improved fish swarm optimization based feature selection (IFSO-FS) technique is used for the appropriate selection of features. The IFSO technique is derived by the use of Levy Flight (LF) concept into the searching mechanism of the conventional FSO algorithm to avoid the local optima problem. Since the single modality is not adequate to accomplish enhanced detection performance, in this paper, a weighted voting based ensemble model is employed for the multimodal fusion process using recurrent neural network (RNN), bi-directional long short term memory (Bi-LSTM), and deep belief network (DBN), depicts the novelty of the work. The simulation analysis of the presented model highlighted the improved performance over the recent state of art techniques interms of different measures.

Ambareen Siraj,Rayford B. Vaughn,Susan M. Bridges,A. Siraj,R.B. Vaughn,S.M. Bridges

DOI: https://doi.org/10.1109/hicss.2004.1265658

2004-01-01

Abstract:Most modern intrusion detection systems employ multiple intrusion sensors to maximize their trustworthiness. The overall security view of the multi-sensor intrusion detection system can serve as an aid to appraise the trustworthiness in the system. This paper presents our research effort in that direction by describing a Decision Engine for an Intelligent Intrusion Detection System (IIDS) that fuses information from different intrusion detection sensors using an artificial intelligence technique. The Decision Engine uses Fuzzy Cognitive Maps (FCMs) and fuzzy rule-bases for causal knowledge acquisition and to support the causal knowledge reasoning process. In this paper, we report on the workings of the Decision Engine that has been successfully embedded into the IIDS architecture being built at the Center for Computer Security Research (CCSR), Mississippi State University.

Mhamad Bakro,Rakesh Ranjan Kumar,Amerah A. Alabrah,Zubair Ashraf,Sukant K. Bisoy,Nikhat Parveen,Souheil Khawatmi,Ahmed Abdelsalam

DOI: https://doi.org/10.3390/electronics12112427

IF: 2.9

2023-05-27

Electronics

Abstract:The application of cloud computing has increased tremendously in both public and private organizations. However, attacks on cloud computing pose a serious threat to confidentiality and data integrity. Therefore, there is a need for a proper mechanism for detecting cloud intrusions. In this paper, we have proposed a cloud intrusion detection system (IDS) that is focused on boosting the classification accuracy by improving feature selection and weighing the ensemble model with the crow search algorithm (CSA). The feature selection is handled by combining both filter and automated models to obtain improved feature sets. The ensemble classifier is made up of machine and deep learning models such as long short-term memory (LSTM), support vector machine (SVM), XGBoost, and a fast learning network (FLN). The proposed ensemble model's weights are generated with the CSA to obtain better prediction results. Experiments are executed on the NSL-KDD, Kyoto, and CSE-CIC-IDS-2018 datasets. The simulation shows that the suggested system attained more satisfactory results in terms of accuracy, recall, precision, and F-measure than conventional approaches. The detection rate and false alarm rate (FAR) of different attack types was more efficient for each dataset. The classifiers' performances were also compared individually to the ensemble model in terms of the false positive rate (FPR) and false negative rate (FNR) to demonstrate the ensemble model's robustness.

engineering, electrical & electronic,computer science, information systems,physics, applied

Rafika Saadouni,Amina Khacha,Z. Aliouat,Yasmine Harbi

DOI: https://doi.org/10.1109/ISIA55826.2022.9993487

2022-11-29

Abstract:The internet of things (IoT) is expected to offer a significant impact on the industry domain leading to the concept of industrial IoT (IIoT). The IIoT comprises machine-to-machine (M2M) and communication technologies with data automation and exchange to improve product quality and decrease pro-duction costs. As a consequence, a large amount of data is collected and smartly processed to provide optimal industrial operations. This growing deployment enables adversaries to con-duct potential and destructive cyber-attacks to accomplish their malicious goals. Therefore, intelligent decision-making actions for cyber-attack detection in IIoT are sorely required. To address this challenge, we propose an intrusion detection system (IDS) using deep learning models. Specifically, the proposed system is based on the combination of convolutional neural network (CNN) and long short-term memory (LSTM) that are excellent techniques for intrusion detection and classification due to their ability in classifying main characteristics and their effectiveness in performing faster computations. We adopt the most recent dataset named Edge-IIoTset that contains a real traffic network of IoT and IIoT applications. The proposed model is evaluated in terms of accuracy, precision, false positive rate, and detection cost within binary and multi-class classifications. The obtained results show that our CNN-LSTM model provides better performance and robustness in cyber security intrusion detection for IIoT applications compared to LSTM and traditional machine learning models. Moreover, it outperforms two recent related models in terms of accuracy rate.

Engineering,Computer Science

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

Soham Biswas,Md. Sarfaraj Alam Ansari

DOI: https://doi.org/10.1007/s11227-024-06021-z

IF: 3.3

2024-03-22

The Journal of Supercomputing

Abstract:The term "Internet of Things" (IoT) encompasses an entire group of gadgets that are capable of connecting to the Internet in order to gather and share data. The IoT paradigm is being pushed into computer networks by numerous highly advanced intrusions. Cloud computing greatly enhances the success of the IoT by enabling users to perform computing tasks using Internet-based services accessed through connected devices. This seamless integration of cloud technology and the IoT has become a powerful catalyst, revolutionizing the way we operate. The adoption of a distributed architecture, such as cloud computing, exposes the system to potential threats like Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks. To mitigate these risks, the concept of an intrusion detection system (IDS) has been introduced within the cloud environment. Various machine learning (ML) and deep learning (DL) algorithms have been proposed and implemented to effectively detect and respond to such malicious traffic in the cloud system. For dimension reduction during the training process of those algorithms, multiple independent and hybrid techniques have been proposed. This study presents an efficient ML-based real-time IDS framework with proposed hybrid feature selection techniques. Additionally, in this study, a concise comparative analysis has been conducted using five well-known public datasets. The findings presented in this paper reveal that our proposed IDS achieved a maximum accuracy of 99.98% in identifying malicious traffic.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Hassen Mohammed Alsafi,Wafaa Mustafa Abduallah,Al-Sakib Khan Pathan

DOI: https://doi.org/10.48550/arXiv.1203.3323

2012-03-15

Abstract:Today, many organizations are moving their computing services towards the Cloud. This makes their computer processing available much more conveniently to users. However, it also brings new security threats and challenges about safety and reliability. In fact, Cloud Computing is an attractive and cost-saving service for buyers as it provides accessibility and reliability options for users and scalable sales for providers. In spite of being attractive, Cloud feature poses various new security threats and challenges when it comes to deploying Intrusion Detection System (IDS) in Cloud environments. Most Intrusion Detection Systems (IDSs) are designed to handle specific types of attacks. It is evident that no single technique can guarantee protection against future attacks. Hence, there is a need for an integrated scheme which can provide robust protection against a complete spectrum of threats. On the other hand, there is great need for technology that enables the network and its hosts to defend themselves with some level of intelligence in order to accurately identify and block malicious traffic and activities. In this case, it is called Intrusion prevention system (IPS). Therefore, in this paper, we emphasize on recent implementations of IDS on Cloud Computing environments in terms of security and privacy. We propose an effective and efficient model termed as the Integrated Intrusion Detection and Prevention System (IDPS) which combines both IDS and IPS in a single mechanism. Our mechanism also integrates two techniques namely, Anomaly Detection (AD) and Signature Detection (SD) that can work in cooperation to detect various numbers of attacks and stop them through the capability of IPS.

Networking and Internet Architecture,Cryptography and Security

K. Sundaramoorthy,K E Purushothaman,Jeba Sonia J,N Kanthimathi

DOI: https://doi.org/10.1016/j.cose.2024.104081

IF: 5.105

2024-09-01

Computers & Security

Abstract:The evolution of cloud computing has revolutionized how users access services, simplifying the development and deployment of applications across various industries. With its pervasive adoption, robust security measures become imperative. Integrating Intrusion Detection Systems (IDSs) into cloud computing and Wireless Sensor Networks (WSNs) addresses these challenges. IDSs serve as attentive protectors, monitoring network traffic and responding to breaches promptly, enhancing security across industries reliant on cloud services. Similarly, IDS integration in WSNs ensures the security of mission-critical operations, despite resource constraints and dynamic topologies, facilitated by cloud computing. This research proposes a hybrid IDS approach, leveraging the NSL-KDD dataset and methodologies like Intrusion Support Scalar Impact Rate (ISSIR), Optimized Support Vector Machine (OSVM), Extended Long-Short-Term Memory (ELSTM), and Multilayer Perceptron Neural Network (MLPNN), enhancing intrusion detection efficacy. ISSIR aids in feature selection, OSVM mitigates localization errors, ELSTM enables precise anomaly detection, and MLPNN provides robust defense mechanisms. Each method is integrated into a collaborative framework to address specific challenges in detecting intrusions with higher accuracy and reduced false positives. The interplay between these methodologies strengthens the overall intrusion detection framework, addressing the dynamic nature of cybersecurity threats. Results demonstrate the superior performance of MLPNN across various metrics, showcasing its effectiveness in accurately predicting outcomes compared to other models. The proposed MLPNN hybrid system achieves an accuracy of 99.9%, surpassing state-of-the-art methods. This study underscores the significance of advancing IDSs in cloud computing and WSNs, offering insights into enhancing security and mitigating vulnerabilities in an interconnected digital landscape.

computer science, information systems

Abhijeet Sahu,Katherine Davis

DOI: https://doi.org/10.3390/s22062100

2022-03-09

Abstract:False alerts due to misconfigured or compromised intrusion detection systems (IDS) in industrial control system (ICS) networks can lead to severe economic and operational damage. However, research using deep learning to reduce false alerts often requires the physical and cyber sensor data to be trustworthy. Implicit trust is a major problem for artificial intelligence or machine learning (AI/ML) in cyber-physical system (CPS) security, because when these solutions are most urgently needed is also when they are most at risk (e.g., during an attack). To address this, the Inter-Domain Evidence theoretic Approach for Inference (IDEA-I) is proposed that reframes the detection problem as how to make good decisions given uncertainty. Specifically, an evidence theoretic approach leveraging Dempster-Shafer (DS) combination rules and their variants is proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from supervised-learning classifiers. Using this model, a location-cum-domain-based fusion framework is proposed to evaluate the detector's performance using disjunctive, conjunctive, and cautious conjunctive rules. The approach is demonstrated in a cyber-physical power system testbed, and the classifiers are trained with datasets from Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, we consider plausibility, belief, pignistic, and general Bayesian theorem-based metrics as decision functions. To improve the performance, a multi-objective-based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function. Finally, we present a software application to evaluate the DS fusion approaches with different parameters and architectures.

Zouhair Chiba,Noreddine Abghour,Khalid Moussaid,Amina El omri,Mohamed Rida

DOI: https://doi.org/10.1016/j.cose.2019.06.013

2019-09-01

Abstract:<p>The appealing features of Cloud Computing continue to fuel its adoption and its integration in many sectors such industry, governments, education and entertainment. Nevertheless, uploading sensitive data to public cloud storage services poses security risks such as integrity, availability and confidentiality to organizations. Moreover, the open and distributed (decentralized) structure of the cloud has resulted this class of computing, prone to cyber attackers and intruders. Thereby, it is imperative to develop an anomaly network intrusion system to detect and prevent both inside and outside assaults in cloud environment with high detection precision and low false warnings. In this work, we propose an intelligent approach to build automatically an efficient and effective Deep Neural Network (DNN) based anomaly Network IDS using a hybrid optimization framework (IGASAA) based on Improved Genetic Algorithm (IGA) and Simulated Annealing Algorithm (SAA). The IDS resulted is called "MLIDS" (Machine Learning based Intrusion Detection System). Genetic Algorithm (GA) is improved through optimization strategies, namely Parallel Processing and Fitness Value Hashing, which reduce execution time, convergence time and save processing power. Moreover, SAA was incorporated to IGA with the aim to optimize its heuristic search. Our approach consists of using IGASAA in order to search the optimal or near-optimal combination of most relevant values of the parameters included in construction of DNN based IDS or impacting its performance, like feature selection, data normalization, architecture of DNN, activation function, learning rate and Momentum term, which ensure high detection rate, high accuracy and low false alarm rate. For simulation and validation of the proposed method, CloudSim 4.0 simulator platform and three benchmark IDS datasets were used, namely CICIDS2017, NSL-KDD version 2015 and CIDDS-001. The implementation results of our model demonstrate its ability to detect intrusions with high detection accuracy and low false alarm rate, and indicate its superiority in comparison with state-of-the-art methods.</p>

computer science, information systems

Mohammad Reza Monfared,Seyed Mostafa Fakhrahmad

DOI: https://doi.org/10.1007/s40998-022-00493-6

2022-08-19

Iranian Journal of Science and Technology Transactions of Electrical Engineering

Abstract:Industrial control systems (ICSs) are essential and inseparable part of industrial infrastructures. Industrial control systems have long been designed and established isolated from the outside world; however, due to the needs for development and performance improvement, these industrial systems have been connected to other organization networks. Since security requirements and predictions have not been considered, ICSs are faced with new security threats. Therefore, cybersecurity in industrial control systems is of utmost importance due to severe economic, environmental, human and political consequences. Hence, the design of intrusion detection systems based on industrial control systems is also essential. In the present study, an accurate ICS scheme is developed based on the capabilities of deep neural networks (DNNs). In the proposed scheme, we try to detect the spatial space of packets exclusively by employing convolutional networks. Passing through the long short-term memory (LSTM) network, the time dependence between packets is used to diagnose abnormalities and attacks. Show that the proposed intrusion detection system outperforms other existing industrial intrusion detection systems in terms of accuracy. The high ability of the proposed scheme in dealing with unbalanced data sets is another exciting feature of the proposed scheme.

Mariam Elnour,Mohammad Noorizadeh,Mohammad Shakerpour,Nader Meskin,Khaled Khan,Raj Jain

DOI: https://doi.org/10.1109/access.2023.3303015

IF: 3.9

2023-08-22

IEEE Access

Abstract:In light of the advancement of the technologies used in industrial control systems, securing their operation has become crucial, primarily since their activity is consistently associated with integral elements related to the environment, the safety and health of people, the economy, and many others. This work presents a distributed, machine learning based attack detection and mitigation framework for sensor false data injection cyber-physical attacks in industrial control systems. It is developed using the system's standard operational data and validated using a hybrid testbed of a reverse osmosis plant. A MATLAB/Simulink-based simulation model of the process validated with actual data from a local plant is used. The control system is implemented using Siemens S7-1200 programmable logic controllers with 200SP Distributed Input/Output modules. The proposed solution can be adopted in the existing industrial control systems and demonstrated effective performance in real-time detection and mitigation of actual cyber-physical attacks launched by compromising the communication links between the process and the programmable logic controllers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Faten Louati,Farah Barika Ktata,Ikram Amous

DOI: https://doi.org/10.1007/s10586-024-04306-9

2024-03-10

Cluster Computing

Abstract:The growing complexity of security threats and the pervasive prevalence of cyberattacks have become more apparent in the present era, and the advent of big data, characterized by its distinctive features, has introduced layers of complexity to security tasks. Intrusion Detection Systems (IDSs) constitute a crucial line of defense, but their adaptation to the realm of big data is imperative. While traditional Machine Learning (ML)-based IDSs have been pivotal in detecting malicious patterns, they are often incapable to keep pace with the demands of expansive big data networks. This paper proposes a novel decentralized Multi-Agent Reinforcement Learning (MARL)-based IDS designed to address the specific challenges posed by big data. Our solution employs decentralized cooperative MARL, securing communicative channels throughout the detection process and concurrent data preprocessing which significantly reduces the overall processing time. Furthermore, the integration of Cloud computing and Big Data streaming techniques further facilitates real-time intrusion detection as cloud's resources allow rapid pre-process and analyse of massive data streams using powerful clusters. Likewise, Big Data streaming techniques ensure that potential intrusions are identified and addressed as they occur. Experimental results, conducted on the widely recognized NSLKDD benchmark dataset, demonstrate the superiority of our solution over other state-of-the-art approaches for big data networks, achieving an accuracy rate of 97.44%.

computer science, information systems, theory & methods

Azidine Guezzaz,Mourade Azrour,Said Benkirane,Mouaad Mohy-Eddine,Hanaa Attou,Maryam Douiba

DOI: https://doi.org/10.34028/iajit/19/5/14

2022-01-01

The International Arab Journal of Information Technology

Abstract:Due to the development of cloud computing and Internet of Things (IoT) environments, such as healthcare systems, telecommunications and Industry 4.0 or Industrial IoT (IIoT) many daily services are transformed. Therefore, Security issues become useful to better protect these novel technologies. IIoT security represents a real challenge for industry actors and academic research. A set of security approaches, such as intrusion detection are integrated to improve IIoT environments security. Hence, an Intrusion Detection System (IDS) aims to monitor, detect an intrusion in real time and then make reliable decisions. Many recent IDS incorporate Machine Learning (ML) techniques to improve their Accuracy (ACC), precision and Detection Rate (DR). This paper presents a hybrid IDS for Edge-Based IIoT Security using ML techniques. This new hybrid framework is based on misuse and anomaly detection using K-Nearest Neighbor (K-NN) and Principal Component Analysis (PCA) techniques. Specifically, the K-NN classifier has been incorporated to improve detection accuracy and make effective decision and the PCA is used for an enhanced feature engineering and training process. The obtained results have proven that our proposed Framework presents many advantages compared with other recent models. It gives good results with 99.10% ACC, 98.4% DR 2.7% False Alarm Rate (FAR) on NSL-KDD dataset and 98.2% ACC, 97.6% DR, 2.9% FAR on Bot-IoT dataset.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Zouhair Chiba,Moulay Seddiq El Kasmi Alaoui,Noreddine Abghour,Khalid Moussaid

DOI: https://doi.org/10.17762/ijcnis.v14i1.5264

2022-04-15

International Journal of Communication Networks and Information Security (IJCNIS)

Abstract:Cloud computing (CC) is the fastest-growing data hosting and computational technology that stands today as a satisfactory answer to the problem of data storage and computing. Thereby, most organizations are now migratingtheir services into the cloud due to its appealing features and its tangible advantages. Nevertheless, providing privacy and security to protect cloud assets and resources still a very challenging issue. To address the aboveissues, we propose a smart approach to construct automatically an efficient and effective anomaly network IDS based on Deep Neural Network, by using a novel hybrid optimization framework “ISAGASAA”. ISAGASAA framework combines our new self-adaptive heuristic search algorithm called “Improved Self-Adaptive Genetic Algorithm” (ISAGA) and Simulated Annealing Algorithm (SAA). Our approach consists of using ISAGASAA with the aim of seeking the optimal or near optimal combination of most pertinent values of the parametersincluded in building of DNN based IDS or impacting its performance, which guarantee high detection rate, high accuracy and low false alarm rate. The experimental results turn out the capability of our IDS to uncover intrusionswith high detection accuracy and low false alarm rate, and demonstrate its superiority in comparison with stateof-the-art methods.

English Else

Amani K. Samha,Ghalib H. Alshammri,Sasidhar Attuluri,Preetam Suman,Arvind Yadav

DOI: https://doi.org/10.1142/s0218843024500035

2024-03-19

International Journal of Cooperative Information Systems

Abstract:International Journal of Cooperative Information Systems, Ahead of Print. The prevalence of distributed denial of service (DDoS) flooding assaults is one of the most serious risks to cloud computing security. These types of assaults have as their primary objective the exhaustion of the system's available resources, that is, the target of the attack, in order to make the system in question unavailable to authorized users. Internet thieves often conduct flooding assaults of the kind known as DDoS, focusing primarily on the application and network levels. When the computer infrastructure is multi-mesh-geo distributed, includes multi-parallel services, and a high number of domains, it may be difficult to detect assaults. This is particularly true when a substantial number of domains are present. When there are a big number of independent administrative users using the services, the situation gets more complicated. The purpose of this body of research is to identify signs that may be utilized to detect DDoS flooding assaults; this is its main objective. As a result, throughout the course of our study, we established a composite metric that considers application, system, network, and infrastructure elements as possible indicators of the incidence of DDoS assaults. According to our research, DDoS assaults may be triggered by a combination of variables. Investigations of simulated traffic are being conducted in the cloud. High traffic may be the result of flooding assaults. The composite metric-based intrusion detection system will be the name of a one-of-a-kind intrusion detection system (IDS) that has been agreed upon ICMIDS. This system will use [math]-Means clustering and the Genetic Algorithm (GA) to detect whether an effort has been made to flood the cloud environment. CMIDS employs a multi-threshold algorithmic strategy in order to identify malicious traffic occurring on a cloud-based network. Cisco has created this technology. This strategy necessitates a comprehensive investigation of all factors, which is crucial for assuring the continuation of cloud-based computing-based activities. This monitoring system involves the development, administration, and storage of a profile database, denoted as Profile DB. This database is used for recording and using the composite metric for each virtual machine. The results of a series of tests are compared to the ISCX benchmark dataset and statistical settings. The results indicate that ICMIDS has a reasonably high detection rate and the lowest false alarm rate in the majority of situations examined during the series of tests done to validate and verify its efficacy. This was shown by the fact that ICMIDS had the lowest false alarm rate among all examined conditions.

computer science, information systems

Syed Mohamed Thameem Nizamudeen

DOI: https://doi.org/10.1186/s13677-023-00509-4

2023-09-23

Journal of Cloud Computing

Abstract:In the current era, a tremendous volume of data has been generated by using web technologies. The association between different devices and services have also been explored to wisely and widely use recent technologies. Due to the restriction in the available resources, the chance of security violation is increasing highly on the constrained devices. IoT backend with the multi-cloud infrastructure to extend the public services in terms of better scalability and reliability. Several users might access the multi-cloud resources that lead to data threats while handling user requests for IoT services. It poses a new challenge in proposing new functional elements and security schemes. This paper introduces an intelligent Intrusion Detection Framework (IDF) to detect network and application-based attacks. The proposed framework has three phases: data pre-processing, feature selection and classification. Initially, the collected datasets are pre-processed using Integer- Grading Normalization (I-GN) technique that ensures a fair-scaled data transformation process. Secondly, Opposition-based Learning- Rat Inspired Optimizer (OBL-RIO) is designed for the feature selection phase. The progressive nature of rats chooses the significant features. The fittest value ensures the stability of the features from OBL-RIO. Finally, a 2D-Array-based Convolutional Neural Network (2D-ACNN) is proposed as the binary class classifier. The input features are preserved in a 2D-array model to perform on the complex layers. It detects normal (or) abnormal traffic. The proposed framework is trained and tested on the Netflow-based datasets. The proposed framework yields 95.20% accuracy, 2.5% false positive rate and 97.24% detection rate.