SpringerLink
Log in

HIDM: A Hybrid Intrusion Detection Model for Cloud Based Systems

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The cloud computing model is very popular among the users in different sectors like banking, healthcare, education etc due to its customized low-cost services with high level reliability with efficiency. Since the cloud services are accessed through the internet by various types of users, therefore the security is a major concern in cloud based system. Network attackers can cause damage to the system through intrusive acts such as denial of service attack, backdoor channel attack etc. One strategy to stop this kind of attack and safeguard the system is to use intrusion detection model. Most of the intrusion detection models can only identify known attacks with less efficiency. But most of them are unable to detect unknown attacks which are apparently new and recycled threats. Thus a network intrusion detection model is required in cloud based systems that can identify known as well as unknown attacks. In this research work, a hybrid intrusion detection model has been introduced for cloud based systems which can uses signature based detection as well as anomaly based detection in a combined way to detect all types of attack. The experiments are performed on UNSW-NB15, CICIDS2017 and NSL-KDD datasets to get the model performance and found that it has high detection rate 92.7% on UNSW-NB15, 85.1% on CICIDS dataset and 99.8% on NSL-KDD dataset. The comparative analysis of the proposed model shows that the model performance is better than some existing models.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Germany)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Singh, A., & Chatterjee, K. (2017). Cloud security issues and challenges: A survey. Journal of Network and Computer Applications, 79, 88–115.

    Article  Google Scholar 

  2. Mell, P., Grance, T., et al. (2011). The nist definition of cloud computing. Recommendations of the National Institute of Standards and Technology.

  3. Sharma, P., Sengupta, J., & Suri, P. (2019). Survey of intrusion detection techniques and architectures in cloud computing. International Journal of High Performance Computing and Networking, 13(2), 184–198.

    Article  Google Scholar 

  4. Yadav, R. M. (2019). Effective analysis of malware detection in cloud computing. Computers & Security, 83, 14–21.

    Article  Google Scholar 

  5. Bace, R., & Mell, P. (2001). Nist special publication on intrusion detection systems. Technical report, Booz-allen and Hamilton Inc MCLEAN VA.

  6. Alam, S., Shuaib, M., & Samad, A. (2019). A collaborative study of intrusion detection and prevention techniques in cloud computing. In International Conference on Innovative Computing and Communications (pp. 231–240). Springer.

  7. Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., & Rajarajan, M. (2013). A survey of intrusion detection techniques in cloud. Journal of Network and Computer Applications, 36(1), 42–57.

    Article  Google Scholar 

  8. Bakshi, A., & Dujodwala, Y. B. (2010). Securing cloud from ddos attacks using intrusion detection system in virtual machine. In 2010 Second International Conference on Communication Software and Networks (pp. 260–264). IEEE.

  9. Schapire, R. E. (2003). The boosting approach to machine learning: An overview. Nonlinear Estimation and Classification, 149–171.

  10. Li, Y., **a, J., Zhang, S., Yan, J., Ai, X., & Dai, K. (2012). An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Systems with Applications, 39(1), 424–430.

    Article  Google Scholar 

  11. Roschke, S., Cheng, F., & Meinel, C. (2009). An extensible and virtualization-compatible ids management architecture. In 2009 Fifth International Conference on Information Assurance and Security (Vol. 2, pp. 130–134). IEEE.

  12. Toosi, A. N., & Kahani, M. (2007). A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Computer Communications, 30(10), 2201–2212.

    Article  Google Scholar 

  13. Aljawarneh, S., Aldwairi, M., & Yassein, M. B. (2018). Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computational Science, 25, 152–160.

    Article  Google Scholar 

  14. Hoque, M.S., Mukit, M., Bikas, M., Naser, A., et al. (2012). An implementation of intrusion detection system using genetic algorithm. ar**v preprint ar**v:1204.1336

  15. Subramanian, U., & Ong, H. S. (2014). Analysis of the effect of clustering the training data in Naive Bayes classifier for anomaly network intrusion detection. Journal of Advances in Computer Networks, 2(1), 85–88.

    Article  Google Scholar 

  16. Zhengbing, H., Jun, S., & Shirochin, V. (2007). An intelligent lightweight intrusion detection system with forensics technique. In 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (pp. 647–651). IEEE.

  17. Ibrahim, L. M. (2010). Anomaly network intrusion detection system based on distributed time-delay neural network (dtdnn). Journal of Engineering Science and Technology, 5(4), 457–471.

    Google Scholar 

  18. Chen, W.-H., Hsu, S.-H., & Shen, H.-P. (2005). Application of svm and ann for intrusion detection. Computers & Operations Research, 32(10), 2617–2634.

    Article  MATH  Google Scholar 

  19. Hajimirzaei, B., & Navimipour, N. J. (2019). Intrusion detection for cloud computing using neural networks and artificial bee colony optimization algorithm. Ict Express, 5(1), 56–59.

    Article  Google Scholar 

  20. Horng, S.-J., Su, M.-Y., Chen, Y.-H., Kao, T.-W., Chen, R.-J., Lai, J.-L., & Perkasa, C. D. (2011). A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Systems with Applications, 38(1), 306–313.

    Article  Google Scholar 

  21. Tillapart, P., Yeophantong, T., Jirapun, D., & Nongpong, K. (2015). Thanachai thumthawatworn. In International Conference on Electrical Engineering/Electronics.

  22. Manzoor, I., Kumar, N., et al. (2017). A feature reduced intrusion detection system using ann classifier. Expert Systems with Applications, 88, 249–257.

    Article  Google Scholar 

  23. Dovom, E. M., Azmoodeh, A., Dehghantanha, A., Newton, D. E., Parizi, R. M., & Karimipour, H. (2019). Fuzzy pattern tree for edge malware detection and categorization in iot. Journal of Systems Architecture, 97, 1–7.

    Article  Google Scholar 

  24. Hassan, M. M. M. (2013). Network intrusion detection system using genetic algorithm and fuzzy logic. International Journal of Innovative Research in Computer and Communication Engineering, 1(7).

  25. Raja, S., & Ramaiah, S. (2017). An efficient fuzzy-based hybrid system to cloud intrusion detection. International Journal of Fuzzy Systems, 19(1), 62–77.

    Article  Google Scholar 

  26. Stolfo, S., et al. (2002). The third international knowledge discovery and data mining tools competition. The University of California.

  27. Keegan, N., Ji, S.-Y., Chaudhary, A., Concolato, C., Yu, B., & Jeong, D. H. (2016). A survey of cloud-based network intrusion detection analysis. Human-centric Computing and Information Sciences, 6(1), 1–16.

    Article  Google Scholar 

  28. Hamad, H. M., & Al-Hoby, M. (2012). Managing intrusion detection as a service in cloud networks. International Journal of Computer Applications, 41(1).

  29. Xuren, W., Famei, H., & Rongsheng, X. (2006). Modeling intrusion detection system by discovering association rule in rough set theory framework. In 2006 International Conference on Computational Inteligence for Modelling Control and Automation and International Conference on Intelligent Agents Web Technologies and International Commerce (CIMCA’06) (pp. 24–24). IEEE.

  30. Raman, M. G., Somu, N., Kirthivasan, K., Liscano, R., & Sriram, V. S. (2017). An efficient intrusion detection system based on hypergraph-genetic algorithm for parameter optimization and feature selection in support vector machine. Knowledge-Based Systems, 134, 1–12.

    Article  Google Scholar 

  31. Houmansadr, A., Zonouz, S. A., & Berthier, R. (2011). A cloud-based intrusion detection and response system for mobile phones. In 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W) (pp. 31–32). IEEE.

  32. Li, H., & Liu, D. (2010). Research on intelligent intrusion prevention system based on snort. In 2010 International Conference on Computer, Mechatronics, Control and Electronic Engineering (Vol. 1, pp. 251–253). IEEE.

  33. Li, L., Yang, D.-Z., & Shen, F.-C. (2010). A novel rule-based intrusion detection system using data mining. In 2010 3rd International Conference on Computer Science and Information Technology (Vol. 6, pp. 169–172). IEEE.

  34. Shirazi, H. M. (2010). An intelligent intrusion detection system using genetic algorithms and features selection. Majlesi Journal of Electrical Engineering, 4(1).

  35. Vieira, K., Schulter, A., Westphall, C., & Westphall, C. (2009). Intrusion detection for grid and cloud computing. It Professional, 12(4), 38–43.

    Article  Google Scholar 

  36. **a, T., Qu, G., Hariri, S., & Yousif, M. (2005). An efficient network intrusion detection method based on information theory and genetic algorithm. In PCCC 2005. 24th IEEE International Performance, Computing, and Communications Conference, 2005 (pp. 11–17). IEEE.

  37. Botha, M., Von Solms, R., Perry, K., Loubser, E., & Yamoyany, G. (2002). The utilization of artificial intelligence in a hybrid intrusion detection system. In Proceedings of the 2002 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on Enablement Through Technology (pp. 149–155).

  38. Bhushan, K., & Gupta, B. B. (2019). Distributed denial of service (ddos) attack mitigation in software defined network (sdn)-based cloud computing environment. Journal of Ambient Intelligence and Humanized Computing, 10(5), 1985–1997.

    Article  Google Scholar 

  39. Pillutla, H., & Arjunan, A. (2019). Fuzzy self organizing maps-based ddos mitigation mechanism for software defined networking in cloud computing. Journal of Ambient Intelligence and Humanized Computing, 10(4), 1547–1559.

    Article  Google Scholar 

  40. Idhammad, M., Afdel, K., & Belouch, M. (2018). Distributed intrusion detection system for cloud environments based on data mining techniques. Procedia Computer Science, 127, 35–41.

    Article  Google Scholar 

  41. Lo, C.-C., Huang, C.-C., & Ku, J. (2010). A cooperative intrusion detection system framework for cloud computing networks. In 2010 39th International Conference on Parallel Processing Workshops (pp. 280–284). IEEE.

  42. Anitha, E., & Malliga, S. (2013). A packet marking approach to protect cloud environment against ddos attacks. In 2013 International Conference on Information Communication and Embedded Systems (ICICES) (pp. 367–370). IEEE.

  43. Delkesh, T., & Jabraeil Jamali, M. A. (2019). Eaodv: Detection and removal of multiple black hole attacks through sending forged packets in manets. Journal of Ambient Intelligence and Humanized Computing, 10(5), 1897–1914.

    Article  Google Scholar 

  44. Sheltami, T., Basabaa, A., & Shakshuki, E. (2014). A3acks: Adaptive three acknowledgments intrusion detection system for manets. Journal of Ambient Intelligence and Humanized Computing, 5(4), 611–620.

    Article  Google Scholar 

  45. Colom, J. F., Gil, D., Mora, H., Volckaert, B., & Jimeno, A. M. (2018). Scheduling framework for distributed intrusion detection systems over heterogeneous network architectures. Journal of Network and Computer Applications, 108, 76–86.

    Article  Google Scholar 

  46. Kozik, R., Choraś, M., Ficco, M., & Palmieri, F. (2018). A scalable distributed machine learning approach for attack detection in edge computing environments. Journal of Parallel and Distributed Computing, 119, 18–26.

    Article  Google Scholar 

  47. Son, J., & Buyya, R. (2019). Latency-aware virtualized network function provisioning for distributed edge clouds. Journal of Systems and Software, 152, 24–31.

    Article  Google Scholar 

  48. Wang, Y., Meng, W., Li, W., Liu, Z., Liu, Y., & Xue, H. (2019). Adaptive machine learning-based alarm reduction via edge computing for distributed intrusion detection systems. Concurrency and Computation: Practice and Experience, 31(19), 5101.

    Article  Google Scholar 

  49. Gao, Y., Liu, Y., **, Y., Chen, J., & Wu, H. (2018). A novel semi-supervised learning approach for network intrusion detection on cloud-based robotic system. IEEE Access, 6, 50927–50938.

    Article  Google Scholar 

  50. Hatef, M. A., Shaker, V., Jabbarpour, M. R., Jung, J., & Zarrabi, H. (2018). Hidcc: A hybrid intrusion detection approach in cloud computing. Concurrency and Computation: Practice and Experience, 30(3), 4171.

    Article  Google Scholar 

  51. Xu, X. (2006). Adaptive intrusion detection based on machine learning: feature extraction, classifier construction and sequential pattern prediction. International Journal of Web Services Practices, 2(1–2), 49–58.

    Google Scholar 

  52. Mazzariello, C., Bifulco, R., & Canonico, R. (2010). Integrating a network ids into an open source cloud computing environment. In 2010 Sixth International Conference on Information Assurance and Security (pp. 265–270). IEEE.

  53. Park, S.-T., Li, G., & Hong, J.-C. (2020). A study on smart factory-based ambient intelligence context-aware intrusion detection system using machine learning. Journal of Ambient Intelligence and Humanized Computing, 11(4), 1405–1412.

    Article  Google Scholar 

  54. Stevanovic, M., & Pedersen, J. M. (2014). An efficient flow-based botnet detection using supervised machine learning. In 2014 International Conference on Computing, Networking and Communications (ICNC) (pp. 797–801). IEEE.

  55. Chen, T., Zhang, X., **, S., & Kim, O. (2014). Efficient classification using parallel and scalable compressed model and its application on intrusion detection. Expert Systems with Applications, 41(13), 5972–5983.

    Article  Google Scholar 

  56. Kim, H., Kim, J., Kim, I., & Chung, T.-m. (2015). Behavior-based anomaly detection on big data. Australian Information Security Management Conference.

  57. Albayati, M., & Issac, B. (2015). Analysis of intelligent classifiers and enhancing the detection accuracy for intrusion detection system. International Journal of Computational Intelligence Systems, 8(5), 841–853.

    Article  Google Scholar 

  58. Papamartzivanos, D., Mármol, F. G., & Kambourakis, G. (2018). Dendron: Genetic trees driven rule induction for network intrusion detection systems. Future Generation Computer Systems, 79, 558–574.

    Article  Google Scholar 

  59. Abbasi, A., Wetzels, J., Bokslag, W., Zambon, E., & Etalle, S. (2014). On emulation-based network intrusion detection systems. In International Workshop on Recent Advances in Intrusion Detection (pp. 384–404). Springer.

  60. Panda, M., Abraham, A., & Patra, M. R. (2010). Discriminative multinomial naive bayes for network intrusion detection. In 2010 Sixth International Conference on Information Assurance and Security (pp. 5–10). IEEE.

  61. Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J., & Alazab, A. (2020). Hybrid intrusion detection system based on the stacking ensemble of c5 decision tree classifier and one class support vector machine. Electronics, 9(1), 173.

    Article  Google Scholar 

  62. Kim, G., Lee, S., & Kim, S. (2014). A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Systems with Applications, 41(4), 1690–1700.

    Article  MathSciNet  Google Scholar 

  63. Al-Yaseen, W. L., Othman, Z. A., & Nazri, M. Z. A. (2017). Multi-level hybrid support vector machine and extreme learning machine based on modified k-means for intrusion detection system. Expert Systems with Applications, 67, 296–303.

    Article  Google Scholar 

  64. VivinSandar, S., & Shenai, S. (2012). Economic denial of sustainability (edos) in cloud services using http and xml based ddos attacks. International Journal of Computer Applications, 41(20).

  65. Ahmed, M., Mahmood, A. N., & Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 60, 19–31.

    Article  Google Scholar 

  66. Lippmann, R., Haines, J. W., Fried, D. J., Korba, J., & Das, K. (2000). The 1999 darpa off-line intrusion detection evaluation. Computer networks, 34(4), 579–595.

    Article  Google Scholar 

  67. Bolon-Canedo, V., Sanchez-Marono, N., & Alonso-Betanzos, A. (2011). Feature selection and classification in multiple class datasets: An application to kdd cup 99 dataset. Expert Systems with Applications, 38(5), 5947–5957.

    Article  Google Scholar 

  68. https://www.unb.ca/cic/datasets/nsl.html

  69. Moustafa, N., & Slay, J. (2015). Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS) (pp. 1–6). IEEE.

  70. https://www.unb.ca/cic/datasets/ids-2017.html

  71. https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset

  72. Samriya, J. K., Tiwari, R., Cheng, X., Singh, R. K., Shankar, A., & Kumar, M. (2022). Network intrusion detection using aco-dnn model with dvfs based energy optimization in cloud framework. Sustainable Computing: Informatics and Systems, 35, 100746.

    Google Scholar 

  73. Balamurugan, E., Mehbodniya, A., Kariri, E., Yadav, K., Kumar, A., & Haq, M. A. (2022). Network optimization using defender system in cloud computing security based intrusion detection system withgame theory deep neural network (idsgt-dnn). Pattern Recognition Letters, 156, 142–151.

    Article  Google Scholar 

  74. Sahu, S. K., Katiyar, A., Kumari, K. M., Kumar, G., & Mohapatra, D. P. (2019). An svm-based ensemble approach for intrusion detection. International Journal of Information Technology and Web Engineering (IJITWE), 14(1), 66–84.

    Article  Google Scholar 

  75. Sahu, S. K., Mohapatra, D. P., Rout, J. K., Sahoo, K. S., & Luhach, A. K. (2021). An ensemble-based scalable approach for intrusion detection using big data framework. Big Data, 9(4), 303–321.

    Article  Google Scholar 

  76. Singh, A., Chatterjee, K., & Satapathy, S.C. (2021). An edge based hybrid intrusion detection framework for mobile edge computing. Complex & Intelligent Systems, 1–28.

  77. Moustafa, N., & Slay, J. (2016). The evaluation of network anomaly detection systems: Statistical analysis of the unsw-nb15 data set and the comparison with the kdd99 data set. Information Security Journal: A Global Perspective, 25(1–3), 18–31.

    Google Scholar 

  78. Kumar, V., Das, A. K., & Sinha, D. (2021). Uids: A unified intrusion detection system for iot environment. Evolutionary Intelligence, 14(1), 47–59.

    Article  Google Scholar 

  79. Mao, B., Kawamoto, Y., & Kato, N. (2020). Ai-based joint optimization of qos and security for 6g energy harvesting internet of things. IEEE Internet of Things Journal, 7(8), 7032–7042.

    Article  Google Scholar 

  80. Li, Y., Li, F., Yang, S., Chen, H., Zhang, Q., Wu, Y., & Wang, Y. (2019). Ptasim: Incentivizing crowdsensing with poi-tagging cooperation over edge clouds. IEEE Transactions on Industrial Informatics, 16(7), 4823–4831.

    Article  Google Scholar 

  81. Artur, M. (2021). Review the performance of the bernoulli naïve bayes classifier in intrusion detection systems using recursive feature elimination with cross-validated selection of the best number of features. Procedia Computer Science, 190, 564–570.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology, Patna, Bihar, 800005, India

    Lalit Kumar Vashishtha, Akhil Pratap Singh & Kakali Chatterjee

Authors
  1. Lalit Kumar Vashishtha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Akhil Pratap Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kakali Chatterjee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kakali Chatterjee.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Vashishtha, L.K., Singh, A.P. & Chatterjee, K. HIDM: A Hybrid Intrusion Detection Model for Cloud Based Systems. Wireless Pers Commun 128, 2637–2666 (2023). https://doi.org/10.1007/s11277-022-10063-y

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-022-10063-y

Keywords

Search

Navigation