مدل ترکیبی تشخیص ناهنجاری با استفاده از خوشه بندی وزنی معکوس و یادگیری ماشین در بستر محیط‌های ابری

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشجوی دکتری، گروه کامپیوتر، دانشگاه آزاد اسلامی واحد بروجرد، بروجرد، ایران

2 استادیار،گروه کامپیوتر،دانشگاه صنعتی امیرکبیر، تهران، ایران

3 استادیار،گروه کامپیوتر،دانشگاه آیت الله بروجردی،بروجرد، ایران

چکیده

 امروزه به دلیل حملات و نفوذهای بسیار پیشرفته، شناسایی حملات در اینترنت اشیاء در بستر محیط­های ابری بسیار دشوار شده است. از مشکلات دیگر سیستم­های ابری می­توان به پایین بودن دقت در تشخیص خطا، نرخ مثبت کاذب و زمان محاسبات طولانی اشاره کرد. در روش پیشنهادی یک مدل تشخیص نفوذ ترکیبی شامل یک الگوریتم خوشه­بندی و یک طبقه­بندی جنگل تصادفی مبتنی بر ماشین، برای محیط­های ترکیبی مه و ابر ارائه می­دهیم. همچنین برای کنترل ترافیک شبکه در لایه فیزیکی و همچنین تشخیص ناهنجاری در بین دستگاه­های اینترنت اشیاء محاسبات در مه و لبه­های ابر انجام خواهد شد به این صورت که  پس از پیش پردازش، ترافیک ورودی به مه و ابر بررسی و در صورت نیاز به یک ماژول تشخیص ناهنجاری هدایت می­شوند. برای شناسایی نوع هر حمله از یک طبقه­بندی یادگیری مبتنی بر جنگل تصادفی استفاده شده است. از داده­های عمومی و داده­های ابری برای تحقیق استفاده شده است. دقت کلی سیستم تشخیص نفوذ پیشنهادی 03/98 و متوسط نرخ مثبت کاذب 17 % و نرخ تشخیص ناهنجاری 30/96 بوده است که نسبت به روش­های گذشته قابل ملاحظه است.

کلیدواژه‌ها


عنوان مقاله [English]

The Presentation of a Hybrid Anomaly Detection Model Using Inverse Weight Clustering and Machine Learning in Cloud Environments

نویسندگان [English]

  • Adeleh jafar gholi beik 1
  • M. E. Shiri Ahmad Abadi 2
  • Reza Rezakhani 3
1 PhD student, computer department, Islamic Azad University, Borujard branch, Borujard, Iran
2 Assistant Professor, Computer Department, Amir Kabir University of Technology, Tehran, Iran
3 Assistant Professor, Computer Department, Ayatollah Borujerdi University, Borujerd, Iran
چکیده [English]

Today, due to highly advanced attacks and intrusions, it has become very difficult to detect IoT attacks in cloud environments. Other problems with cloud systems include low error detection accuracy, false positive rates, and long computation times. In the proposed method, we present a hybrid intrusion detection model including a clustering algorithm and a machine-based random forest classification for the fog and cloud environments. Also, to control the network traffic in the physical layer and also to detect the anomalies between IoT devices, calculations are performed on the fog and the edges of the cloud, so that after preprocessing, the incoming traffic to the fog and cloud are checked and if necessary, they are directed to an anomaly detection module. A random forest-based learning classification is used to identify the type of each attack. Both the general and cloud data have been used for this research. The overall accuracy, the mean false positive rate and the anomaly detection rate of the proposed intrusion detection system are 98.03, 17% and 96.30 respectively, which is notable in comparison to previous methods .

کلیدواژه‌ها [English]

  • IDS
  • Cloud Computing
  • Fog Computing
  • Anomaly Detection
  • IoT
[1]            H. F. Atlam, A. Alenezi, R. J. Walters, G. B. Wills, and J. Daniel, "Developing an adaptive Risk-based access control model for the Internet of Things," in 2017 IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and ieee smart data (SmartData), 2017: IEEE, pp. 655-661. 
[2]     S. Iqbal et al., "On cloud security attacks: A taxonomy and intrusion detection and prevention as a service," Journal of Network and Computer Applications, vol. 74, pp. 98-120, 2016.
[3]     G. Somani, M. S. Gaur, D. Sanghi, M. Conti, and R. Buyya, "DDoS attacks in cloud computing: Issues, taxonomy, and future directions," Computer Communications, vol. 107, pp. 30-48, 2017.
[4]     G. Somani, M. S. Gaur, D. Sanghi, M. Conti, M. Rajarajan, and R. Buyya, "Combating DDoS attacks in the cloud: requirements, trends", and future directions  IEEE Cloud Computing, vol. 4, no. 1, pp. 22-32, 2017. 
[5]     M. A. Lawal, R. A. Shaikh, and S. R. Hassan, "An anomaly mitigation framework for iot using fog computing," Electronics, vol. 9, no. 10, p. 1565, 2020.
[6]     S. Na, L. Xumin, and G. Yong, "Research on k-means clustering algorithm: An improved k-means clustering algorithm," in 2010 Third International Symposium on intelligent information technology and security informatics, 2010: Ieee, pp. 63-67. 
[7]     Barbakh, W., & Fyfe, C. (2007). Inverse weighted clustering algorithm. Computing and Information Systems, 11(2).
[8]     H. Neuschmied, M. Winter, K. Hofer-Schmitz, B. Stojanovic, and U. Kleb, "Two Stage Anomaly Detection for Network Intrusion Detection," in ICISSP, 2021, pp. 450-457. 
[9]     S. Weisong, Z. Xingzhou, W. Yifan, and Z. Qingyang, "Edge computing: State-of-the-art and future directions," Journal of Computer Research and Development, vol. 56, no. 1, p. 69, 2019.
[10]         F. M. Ramos, D. Kreutz, and P. Verissimo, "Software-defined networks: On the road to the softwarization of networking," Cutter IT journal, 2015.
[11]   M. Mirzaei, A. Mehabadi,” Hybrid Anomaly Detection Method Using Community Detection in Graph and Feature Selection,” Journal of  Electronical & Cyber Defence Vol. 8, No. 1, 2020. (in persion)
[12]   K. Shoushian , A. J. Rashidi, M. Dehghani,” Modeling of Cyber-Attacks Obfuscation, Based on   Alteration Technique of Attack,” Journal of  Electronical & Cyber Defence Vol. 8, No. 1, 2020. (in persion)
[13]  V. Yadegari, A. Matinfar, “Detect Web Denial of Service Attacks Using Entropy and Support Vector Machine Algorithm,” Journal of Electronical & Cyber Defence Vol. 6, No. 4, 2019. (in persion)
[14]  C. Modi, D. Patel, B. Borisanya, A. Patel, M. Rajarajan, A novel framework for intrusion detection in cloud, in: Proceedings of the Fifth International Conference on Security of Information and Networks, ACM, pp. 67–74, 2012.
[15]  S. Teng, C. Zheng, H. Zhu, D. Liu, and W. Zhang, “A cooperative intrusion detection model for cloud computing networks,” International Journal of Security and its applications, vol. 8, no. 3, 
pp. 107–118, 2014.
[16]  S. Weisong, Z. Xingzhou, W. Yifan, and Z. Qingyang, "Edge computing: State-of-the-art and future directions," Journal of Computer Research and Development, vol. 56, no. 1, p. 69, 2019.
[17]  M. Idhammad, K. Afdel, M. Belouch, “Dos detection method based on artificial neural networks,” International Journal of Advanced Computer Science and Applications (ijacsa), vol 10, pp 14569, 2017.
[18]  L. Liu and Y. Zhai, "A Survey on MapReduce Scheduling in Cloud Computing,"  Fifth International Conference on Instrumentation and Measurement, Computer, Communication and Control,  pp. 1710-1715, 2015.
[19]  M. M. Rashid, J. Kamruzzaman, M. M. Hassan, T. Imam, and S. Gordon, "Cyberattacks Detection in IoT-Based Smart City Applications Using Machine Learning Techniques," International Journal of Environmental Research and Public Health, vol. 17, no. 24, p. 9347, 2020.
[20]  M. Idhammad, K. Afdel, M. Belouch, Distributed Intrusion Detection System for Cloud Environments based on Data Mining techniques, Procedia Computer Science, Vol 127,pp35-41, 2018.
[21]  R. Beghdad, “Efficient deterministic method for detecting new U2R attacks,” Computer Communications, Vol 32, pp1104-1110, 2009.
[22]  E .Kim, and S. Kim, “A Novel Anomaly Detection System Based on HFR-MLR Method”, in Mobile, Ubiquitous, and Intelligent Computing, p p. 279-286, 2014.
[23]  C.A. Charu, and K.R. Chandan, “Data clustering: algorithms and applications,” In: Chapman and Hall/CRC Boston, MA. 2013.
[24]  H. Pajouh, G. Dastghaibyfard, and S. Hashemi,” Two-tier network anomaly detection model,” a machine learning approach. Journal of Intelligent Information Systems, Vol 48, pp. 61-74, 2017.
[25]  S. Mishra and A. Tripathi, "IoT platform business model for innovative management systems," International Journal of Financial Engineering, vol. 7, no. 03, p. 2050030, 2020.
دوره 9، شماره 4 - شماره پیاپی 36
شماره پیاپی 36، فصلنامه زمستان
اسفند 1400
صفحه 21-29
  • تاریخ دریافت: 07 آبان 1399
  • تاریخ بازنگری: 24 مرداد 1400
  • تاریخ پذیرش: 24 مرداد 1400
  • تاریخ انتشار: 01 اسفند 1400