IEEE Access (Jan 2023)

An Improved Design for a Cloud Intrusion Detection System Using Hybrid Features Selection Approach With ML Classifier

  • Mhamad Bakro,
  • Rakesh Ranjan Kumar,
  • Amerah Alabrah,
  • Zubair Ashraf,
  • Md Nadeem Ahmed,
  • Mohammad Shameem,
  • Ahmed Abdelsalam

DOI
https://doi.org/10.1109/ACCESS.2023.3289405
Journal volume & issue
Vol. 11
pp. 64228 – 64247

Abstract

Read online

The focus of cloud computing nowadays has been reshaping the digital epoch, in which clients now face serious concerns about the security and privacy of their data hosted in the cloud, as well as increasingly sophisticated and frequent cyberattacks. Therefore, it has become imperative for both individuals and organizations to implement a robust intrusion detection system (IDS) capable of monitoring packets in the network, distinguishing between benign and malicious behavior, and detecting the type of attacks. IDS based on ML are efficient and precise in spotting network threats. Yet, for large dimensional data sizes, the performance of these systems decreases. Thus, it is critical to building a suitable feature selection approach that selects necessary features without having an impact on the classification process or causing information loss. Furthermore, training ML models on unbalanced datasets show a rising false positive rate (FPR) and a lowering detection rate (DR). In this paper, we present an improved cloud IDS designed by incorporating the synthetic minority over-sampling technique (SMOTE) to address the imbalanced data issue, and for feature selection, we propose to use a hybrid approach that includes three techniques: information gain (IG), chi-square (CS), and particle swarm optimization (PSO). Finally, the random forest (RF) model is utilized for detecting and classifying various types of attacks. The suggested system has been verified by the UNSW-NB15 and Kyoto datasets, achieving accuracies of over 98% and 99% in the multi-class classification scenario, respectively. It was noticed that an intrusion detection system with fewer informative features would operate more effectively. The simulation results significantly outperform other methodologies proposed in the related work in terms of different evaluation metrics.

Keywords