Intrusion detection in cloud computing based on time series anomalies utilizing machine learning

Abdel-Rahman Al-Ghuwairi; Yousef Sharrab; Dimah Al-Fraihat; Majed AlElaimat; Ayoub Alsarhan; Abdulmohsen Algarni

doi:10.1186/s13677-023-00491-x

Journal of Cloud Computing: Advances, Systems and Applications (Aug 2023)

Intrusion detection in cloud computing based on time series anomalies utilizing machine learning

Abdel-Rahman Al-Ghuwairi,
Yousef Sharrab,
Dimah Al-Fraihat,
Majed AlElaimat,
Ayoub Alsarhan,
Abdulmohsen Algarni

Affiliations

Abdel-Rahman Al-Ghuwairi: Department of Software Engineering, The Hashemite University
Yousef Sharrab: Department of Data Science and Artificial Intelligence, Isra University
Dimah Al-Fraihat: Department of Software Engineering, Isra University
Majed AlElaimat: Department of Software Engineering, The Hashemite University
Ayoub Alsarhan: Department of Information Technology, The Hashemite University
Abdulmohsen Algarni: Department of Computer Science, King Khalid University

DOI: https://doi.org/10.1186/s13677-023-00491-x
Journal volume & issue: Vol. 12, no. 1
pp. 1 – 17

Abstract

Read online

Abstract The growth of cloud computing is hindered by concerns about privacy and security. Despite the widespread use of network intrusion detection systems (NIDS), the issue of false positives remains prevalent. Furthermore, few studies have approached the intrusion detection problem as a time series issue, requiring time series modeling. In this study, we propose a novel technique for the early detection of intrusions in cloud computing using time series data. Our approach involves a method for Feature Selection (FS) and a prediction model based on the Facebook Prophet model to assess its efficiency. The FS method we propose is a collaborative feature selection model that integrates time series analysis techniques with anomaly detection, stationary, and causality tests. This approach specifically addresses the challenge of misleading connections between time series anomalies and attacks. Our results demonstrate a significant reduction in predictors employed in our prediction model, from 70 to 10 predictors, while improving performance metrics such as Mean Absolute Error (MAE), Mean Squared Error (MSE), Root Mean Squared Error (RMSE), Mean Absolute Percentage Error (MAPE), Median Absolute Percentage Error (MdAPE), and Dynamic Time Warping (DTW). Furthermore, our approach has resulted in reduced training, prediction, and cross-validation times of approximately 85%, 15%, and 97%, respectively. Although memory consumption remains similar, the utilization time has been significantly reduced, resulting in substantial resource usage reduction. Overall, our study presents a comprehensive methodology for effective early detection of intrusions in cloud computing based on time series anomalies, employing a collaborative feature selection model and the Facebook Prophet prediction model. Our findings highlight the efficiency and performance improvements achieved through our approach, contributing to the advancement of intrusion detection techniques in the context of cloud computing security.

Published in Journal of Cloud Computing: Advances, Systems and Applications

ISSN: 2192-113X (Online)
Publisher: SpringerOpen
Country of publisher: United Kingdom
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Electronics: Computer engineering. Computer hardware; Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://journalofcloudcomputing.springeropen.com

About the journal

Abstract

Keywords