Filter-Based Ensemble Feature Selection and Deep Learning Model for Intrusion Detection in Cloud Computing
<p>Analytical Model for Network Intrusion Detection System with Deep learning.</p> "> Figure 2
<p>Design of intrusion detection.</p> "> Figure 3
<p>Architecture of Deep Learning Neural Network.</p> "> Figure 4
<p>Analysis of (<b>a</b>) RNN structure and (<b>b</b>) RNN proc ess.</p> "> Figure 4 Cont.
<p>Analysis of (<b>a</b>) RNN structure and (<b>b</b>) RNN proc ess.</p> "> Figure 5
<p>Structure of deep recurrent neural network.</p> "> Figure 6
<p>The performance analysis using Confusion Matrix on KDDCup-99 database.</p> "> Figure 7
<p>The performance analysis using Confusion Matrix on NSL-KDD dataset.</p> "> Figure 8
<p>The Accuracy performance of confusion matrix.</p> "> Figure 9
<p>F measure performance of confusion matrix.</p> "> Figure 10
<p>Precision performance of confusion matrix.</p> "> Figure 11
<p>Recall performance of confusion matrices.</p> "> Figure 12
<p>Sensitivity performance of confusion matrix.</p> "> Figure 13
<p>Specificity performance of confusion matrix.</p> ">
Abstract
:1. Introduction
- ➢
- Development of FEFS and DLM for intrusion detection in the cloud computing environment. Initially, the worldwide datasets of KDDCup-99 and NSL-KDD are used to gather the incursion data.
- ➢
- The data are utilized for validation of the proposed methodology. The collected database is utilized for feature selection to empower the intrusion prediction. The FEFS is a combination of three feature extraction processes: filter, wrapper and embedded algorithms. Based on the above feature extraction process, the essential features are selected for enabling the training process in the DLM.
- ➢
- Finally, the classifier receives the chosen features. The DLM is a combination of RNN and TDO. In the RNN, the optimal weighting parameter is selected with the assistance of the TDO.
2. Literature Review
3. Proposed Intrusion Detection Model
3.1. Model Training and Testing Dataset
3.2. Dataset Description
- ➢
- Probe attack: In this category of outbreak, host ports can be checked for exposed docks that can be secondhand to identify probable vulnerabilities in the cloud computing organization.
- ➢
- Denial of service attack: A type of assault that causes resources or services produced by cloud computing system users to become unavailable.
- ➢
- User to root attack: An attempt to strengthen the base account hijacking those results from a hijacked user explanation.
- ➢
- Remote to local attack (R2L): A system package is sent to a system to target a user explanation and gain access to the computer’s contents.
3.3. Feature Extraction
3.3.1. Embedded Algorithms
3.3.2. Wrapper
3.3.3. Filter
3.3.4. Parameter Derivation
3.4. Deep Learning Neural Network (DNN)
3.4.1. Recurrent Neural Network
Choosing the Loss and Activation Function
The Fitness Function for Training the Network
Weight Matrix Update Computation
3.4.2. Tasmanian Devil Optimization
Stage 1: Initialization
Algorithm 1: Pseudocode of TDO |
Initiate TDO |
Input the optimization issue data |
Initiate the population’s size and the amount of iterations |
Computation of the objective function and setting up the devil position |
For I = 1:N |
For T = 1:t |
Probability<0.5, If probability = RAND |
Method 1: Exploration phase |
Choose carrion |
Compute new status of devil |
Update the devil |
Else |
Method 2: Exploitation state |
Phase 1: Choosing a target and assaulting |
Choose the devil’s prey |
Compute new status |
Update the devil |
Phase 2: Prey chasing |
Update neighborhood radius |
Compute new status |
Update the devil |
End if |
End for I = 1:N |
Store the optimal solution |
End for T = 1:t |
Save the optimal solution achieved by TDO |
End TDO |
Computational Complexity
Genetic Algorithm for Optimizing Recurrent Neural Network
4. Performance Evaluation
5. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Shamshirband, S.; Fathi, M.; Chronopoulos, A.T.; Montieri, A.; Palumbo, F.; Pescapè, A. Computational intelligence intrusion detection techniques in mobile cloud computing environments: Review, taxonomy, and open research issues. J. Inf. Secur. Appl. 2020, 55, 102582. [Google Scholar] [CrossRef]
- Jaber, A.N.; Rehman, S.U. FCM–SVM based intrusion detection system for cloud computing environment. Clust. Comput. 2020, 23, 3221–3231. [Google Scholar] [CrossRef]
- Wang, W.; Du, X.; Shan, D.; Qin, R.; Wang, N. Cloud Intrusion Detection Method Based on Stacked Contractive Auto-Encoder and Support Vector Machine. IEEE Trans. Cloud Comput. 2020, 10, 1634–1646. [Google Scholar] [CrossRef]
- Shin, S.; Gu, G. CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds? In Proceedings of the IEEE International Conference on Network Protocols (ICNP), Austin, TX, USA, 30 October–2 November 2012; pp. 1–6. [Google Scholar] [CrossRef]
- Lin, F.; Zhou, Y.; An, X.; You, I.; Choo, K.-K.R. Fair Resource Allocation in an Intrusion-Detection System for Edge Computing: Ensuring the Security of Internet of Things Devices. IEEE Consum. Electron. Mag. 2018, 7, 45–50. [Google Scholar] [CrossRef]
- Deshpande, P.; Sharma, S.C.; Peddoju, S.K.; Junaid, S. HIDS: A host-based intrusion detection system for cloud computing environment. Int. J. Syst. Assur. Eng. Manag. 2018, 9, 567–576. [Google Scholar] [CrossRef]
- Nathiya, T.; Suseendran, G. An Effective Hybrid Intrusion Detection System for Use in Security Monitoring in the Virtual Network Layer of Cloud Computing Technology. In Data Management, Analytics, and Innovation; Springer: Singapore, 2019; pp. 483–497. [Google Scholar]
- Patil, R.; Dudeja, H.; Modi, C. Designing an efficient security framework for detecting intrusions in virtual network of cloud computing. Comput. Secur. 2019, 85, 402–422. [Google Scholar] [CrossRef]
- Truong, T.C.; Zelinka, I.; Plucar, J.; Čandík, M.; Šulc, V. Artificial intelligence and cybersecurity: Past, presence, and future. In Artificial Intelligence and Evolutionary Computations in Engineering Systems; Springer: Singapore, 2020; pp. 351–363. [Google Scholar]
- Ghosh, P.; Karmakar, A.; Sharma, J.; Phadikar, S. CS-PSO based intrusion detection system in cloud environment. In Emerging Technologies in Data Mining and Information Security; Springer: Singapore, 2019; pp. 261–269. [Google Scholar]
- Nguyen, X.-H.; Nguyen, X.-D.; Huynh, H.-H.; Le, K.-H. Realguard: A Lightweight Network Intrusion Detection System for IoT Gateways. Sensors 2022, 22, 432. [Google Scholar] [CrossRef]
- Abbas, A.; Khan, M.A.; Latif, S.; Ajaz, M.; Shah, A.A.; Ahmad, J. A New Ensemble-Based Intrusion Detection System for Internet of Things. Arab. J. Sci. Eng. 2022, 47, 1805–1819. [Google Scholar] [CrossRef]
- Lo, W.W.; Layeghy, S.; Sarhan, M.; Gallagher, M.; Portmann, M. E-GraphSAGE: A Graph Neural Network based Intrusion Detection System for IoT. In Proceedings of the NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary, 25–29 April 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1–9. [Google Scholar]
- Ravi, V.; Chaganti, R.; Alazab, M. Recurrent deep learning-based feature fusion ensemble meta-classifier approach for intelligent network intrusion detection system. Comput. Electr. Eng. 2022, 102, 108156. [Google Scholar] [CrossRef]
- Derhab, A.; Aldweesh, A.; Emam, A.Z.; Khan, F.A. Intrusion Detection System for Internet of Things Based on Temporal Convolution Neural Network and Efficient Feature Engineering. Wirel. Commun. Mob. Comput. 2020, 2020, 6689134. [Google Scholar] [CrossRef]
- Pham, N.T.; Foo, E.; Suriadi, S.; Jeffrey, H.; Lahza, H.F.M. Improving performance of intrusion detection system using ensemble methods and feature selection. In Proceedings of the Australasian Computer Science Week Multiconference, Brisband, QLD, Australia, 29–31 January 2018; pp. 1–6. [Google Scholar]
- Besharati, E.; Naderan, M.; Namjoo, E. LR-HIDS: Logistic regression host-based intrusion detection system for cloud environments. J. Ambient. Intell. Humaniz. Comput. 2018, 10, 3669–3692. [Google Scholar] [CrossRef]
- Belouch, M.; El Hadaj, S.; Idhammad, M. A Two-Stage Classifier Approach using RepTree Algorithm for Network Intrusion Detection. Int. J. Adv. Comput. Sci. Appl. 2017, 8, 389–394. [Google Scholar] [CrossRef] [Green Version]
- Vijayanand, R.; Devaraj, D.; Kannapiran, B. Intrusion detection system for wireless mesh network using multiple support vector machine classifiers with genetic-algorithmbased feature selection. Comput. Secur. 2018, 77, 304–314. [Google Scholar] [CrossRef]
- Aljawarneh, S.; Aldwairi, M.; Yassein, M.B. Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J. Comput. Sci. 2018, 25, 152–160. [Google Scholar] [CrossRef]
- Moustafa, N.; Slay, J. A hybrid feature selection for network intrusion detection systems: Central points. arXiv 2017, arXiv:1707.05505. [Google Scholar]
- Mogal, D.G.; Ghungrad, S.; Bhusare, B.B. Nids using machine learning classifiers on unsw-nb15 and kddcup99 datasets. Int. J. Adv. Res. Comput. Commun. Eng. 2017, 6, 533–537. [Google Scholar] [CrossRef]
- Available online: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (accessed on 20 November 2022).
- Available online: https://www.unb.ca/cic/datasets/nsl.html (accessed on 20 November 2022).
- Aljawarneh, S.; Aldwairi, M.; Yassein, M.B. Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J. Comput. Sci. 2018, 25, 152–160. [Google Scholar] [CrossRef]
- Çavuşoğlu, Ü. A new hybrid approach for intrusion detection using machine learning methods. Appl. Intell. 2019, 49, 2735–2761. [Google Scholar] [CrossRef]
- Krishnaveni, S.; Vigneshwar, P.; Kishore, S.; Jothi, B.; Sivamohan, S. Anomaly-Based Intrusion Detection System Using Support Vector Machine. In Advances in Intelligent Systems and Computing; Springer: Berlin, Germany, 2020; pp. 723–731. [Google Scholar] [CrossRef]
- Shang, K.; Chen, Z.; Liu, Z.; Song, L.; Zheng, W.; Yang, B.; Liu, S.; Yin, L. Haze Prediction Model Using Deep Recurrent Neural Network. Atmosphere 2021, 12, 1625. [Google Scholar] [CrossRef]
- Fan, C.; Wang, J.; Gang, W.; Li, S. Assessment of deep recurrent neural network-based strategies for short-term building energy predictions. Appl. Energy 2019, 236, 700–710. [Google Scholar] [CrossRef]
- Dehghani, M.; Hubalovsky, S.; Trojovsky, P. Tasmanian Devil Optimization: A New Bio-Inspired Optimization Algorithm for Solving Optimization Algorithm. IEEE Access 2022, 10, 19599–19620. [Google Scholar] [CrossRef]
- Rout, T.M.; Baker, C.M.; Huxtable, S.; Wintle, B.A. Monitoring, imperfect detection, and risk optimization of a Tasmanian devil insurance population. Conserv. Biol. 2018, 32, 267–275. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Rani, S.; Babbar, H.; Srivastava, G.; Gadekallu, T.R.; Dhiman, G. Security Framework for Internet of Things based Software Defined Networks using Blockchain. IEEE Internet Things J. 2022. [Google Scholar] [CrossRef]
- Han, Z.; Yang, Y.; Wang, W.; Zhou, L.; Gadekallu, T.R.; Alazab, M.; Gope, P.; Su, C. RSSI Map-Based Trajectory Design for UGV Against Malicious Radio Source: A Reinforcement Learning Approach. IEEE Trans. Intell. Transp. Syst. 2022. [Google Scholar] [CrossRef]
Feature Count | Feature Name | Description | Type |
---|---|---|---|
Feature 1 | Hot | The total number of the containers which are hot indicators | Numeric |
Feature 2 | Urgent | The quantity of the urgent packages as a whole | Numeric |
Feature 3 | Incorrect break | The total number of incorrect connections’ fragments | Numeric |
Feature 4 | Land | To validate the connection as from a similar host or not | Numeric |
Feature 5 | Dst-bytes | The number of information bytes sent from the source to the destination | Numeric |
Feature 6 | Src-bytes | The number of bytes of data transmitted from source to destination | Numeric |
Feature 7 | Flag | The error or normal status of the connection | String |
Feature 8 | Service | The kind of network service at the destination | String |
Feature 9 | Type of the protocol | A packet’s leading connection protocol | String |
Feature 10 | Duration | The length of the connection procedure | Numeric |
S. No | Methods | Description | Parameters |
---|---|---|---|
1 | Recurrent neural network | Learning rate | 0.001 |
2 | Minibatch size | 10 | |
3 | Loss function | Tanh | |
4 | Type of neurons | Bidirectional LSTM | |
5 | Learning rate | 0.01 | |
6 | Activation function output layer | Softmax | |
7 | Tasmanian devil optimization | Number of iterations | 100 |
8 | Number of populations | 50 | |
9 | Constant number | 0.5 | |
10 | Convergence parameter | 2 | |
11 | Upper limit | 10 | |
12 | Lower limit | −10 |
Accuracy | F Measure | Precision | Recall | Sensitivity | Specificity | |
---|---|---|---|---|---|---|
DNN | 0.87 | 0.85 | 0.84 | 0.83 | 0.81 | 0.82 |
RNN | 0.89 | 0.88 | 0.89 | 0.88 | 0.85 | 0.87 |
RNN-GA | 0.92 | 0.91 | 0.89 | 0.91 | 0.90 | 0.92 |
Proposed | 0.95 | 0.92 | 0.92 | 0.93 | 0.91 | 0.93 |
Attack Type | Average of Probabilities | Majority Voting | Product of Probability | Minimum Probability | Maximum Probability |
---|---|---|---|---|---|
Normal | 0.95 | 0.95 | 0.93 | 0.92 | 0.93 |
DoS | 0.94 | 0.94 | 0.92 | 0.91 | 0.92 |
Probe | 0.94 | 0.92 | 0.91 | 0.89 | 0.87 |
R2L | 0.93 | 0.91 | 0.89 | 0.87 | 0.84 |
U2R | 0.69 | 0.87 | 0.86 | 0.76 | 0.77 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Kavitha, C.; M., S.; Gadekallu, T.R.; K., N.; Kavin, B.P.; Lai, W.-C. Filter-Based Ensemble Feature Selection and Deep Learning Model for Intrusion Detection in Cloud Computing. Electronics 2023, 12, 556. https://doi.org/10.3390/electronics12030556
Kavitha C, M. S, Gadekallu TR, K. N, Kavin BP, Lai W-C. Filter-Based Ensemble Feature Selection and Deep Learning Model for Intrusion Detection in Cloud Computing. Electronics. 2023; 12(3):556. https://doi.org/10.3390/electronics12030556
Chicago/Turabian StyleKavitha, C., Saravanan M., Thippa Reddy Gadekallu, Nimala K., Balasubramanian Prabhu Kavin, and Wen-Cheng Lai. 2023. "Filter-Based Ensemble Feature Selection and Deep Learning Model for Intrusion Detection in Cloud Computing" Electronics 12, no. 3: 556. https://doi.org/10.3390/electronics12030556
APA StyleKavitha, C., M., S., Gadekallu, T. R., K., N., Kavin, B. P., & Lai, W. -C. (2023). Filter-Based Ensemble Feature Selection and Deep Learning Model for Intrusion Detection in Cloud Computing. Electronics, 12(3), 556. https://doi.org/10.3390/electronics12030556