The Presentation of a Hybrid Anomaly Detection Model Using Inverse Weight Clustering and Machine Learning in Cloud Environments

Document Type : Original Article

Authors

1 PhD student, computer department, Islamic Azad University, Borujard branch, Borujard, Iran

2 Assistant Professor, Computer Department, Amir Kabir University of Technology, Tehran, Iran

3 Assistant Professor, Computer Department, Ayatollah Borujerdi University, Borujerd, Iran

Abstract

Today, due to highly advanced attacks and intrusions, it has become very difficult to detect IoT attacks in cloud environments. Other problems with cloud systems include low error detection accuracy, false positive rates, and long computation times. In the proposed method, we present a hybrid intrusion detection model including a clustering algorithm and a machine-based random forest classification for the fog and cloud environments. Also, to control the network traffic in the physical layer and also to detect the anomalies between IoT devices, calculations are performed on the fog and the edges of the cloud, so that after preprocessing, the incoming traffic to the fog and cloud are checked and if necessary, they are directed to an anomaly detection module. A random forest-based learning classification is used to identify the type of each attack. Both the general and cloud data have been used for this research. The overall accuracy, the mean false positive rate and the anomaly detection rate of the proposed intrusion detection system are 98.03, 17% and 96.30 respectively, which is notable in comparison to previous methods .

Keywords


[1]            H. F. Atlam, A. Alenezi, R. J. Walters, G. B. Wills, and J. Daniel, "Developing an adaptive Risk-based access control model for the Internet of Things," in 2017 IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and ieee smart data (SmartData), 2017: IEEE, pp. 655-661. 
[2]     S. Iqbal et al., "On cloud security attacks: A taxonomy and intrusion detection and prevention as a service," Journal of Network and Computer Applications, vol. 74, pp. 98-120, 2016.
[3]     G. Somani, M. S. Gaur, D. Sanghi, M. Conti, and R. Buyya, "DDoS attacks in cloud computing: Issues, taxonomy, and future directions," Computer Communications, vol. 107, pp. 30-48, 2017.
[4]     G. Somani, M. S. Gaur, D. Sanghi, M. Conti, M. Rajarajan, and R. Buyya, "Combating DDoS attacks in the cloud: requirements, trends", and future directions  IEEE Cloud Computing, vol. 4, no. 1, pp. 22-32, 2017. 
[5]     M. A. Lawal, R. A. Shaikh, and S. R. Hassan, "An anomaly mitigation framework for iot using fog computing," Electronics, vol. 9, no. 10, p. 1565, 2020.
[6]     S. Na, L. Xumin, and G. Yong, "Research on k-means clustering algorithm: An improved k-means clustering algorithm," in 2010 Third International Symposium on intelligent information technology and security informatics, 2010: Ieee, pp. 63-67. 
[7]     Barbakh, W., & Fyfe, C. (2007). Inverse weighted clustering algorithm. Computing and Information Systems, 11(2).
[8]     H. Neuschmied, M. Winter, K. Hofer-Schmitz, B. Stojanovic, and U. Kleb, "Two Stage Anomaly Detection for Network Intrusion Detection," in ICISSP, 2021, pp. 450-457. 
[9]     S. Weisong, Z. Xingzhou, W. Yifan, and Z. Qingyang, "Edge computing: State-of-the-art and future directions," Journal of Computer Research and Development, vol. 56, no. 1, p. 69, 2019.
[10]         F. M. Ramos, D. Kreutz, and P. Verissimo, "Software-defined networks: On the road to the softwarization of networking," Cutter IT journal, 2015.
[11]   M. Mirzaei, A. Mehabadi,” Hybrid Anomaly Detection Method Using Community Detection in Graph and Feature Selection,” Journal of  Electronical & Cyber Defence Vol. 8, No. 1, 2020. (in persion)
[12]   K. Shoushian , A. J. Rashidi, M. Dehghani,” Modeling of Cyber-Attacks Obfuscation, Based on   Alteration Technique of Attack,” Journal of  Electronical & Cyber Defence Vol. 8, No. 1, 2020. (in persion)
[13]  V. Yadegari, A. Matinfar, “Detect Web Denial of Service Attacks Using Entropy and Support Vector Machine Algorithm,” Journal of Electronical & Cyber Defence Vol. 6, No. 4, 2019. (in persion)
[14]  C. Modi, D. Patel, B. Borisanya, A. Patel, M. Rajarajan, A novel framework for intrusion detection in cloud, in: Proceedings of the Fifth International Conference on Security of Information and Networks, ACM, pp. 67–74, 2012.
[15]  S. Teng, C. Zheng, H. Zhu, D. Liu, and W. Zhang, “A cooperative intrusion detection model for cloud computing networks,” International Journal of Security and its applications, vol. 8, no. 3, 
pp. 107–118, 2014.
[16]  S. Weisong, Z. Xingzhou, W. Yifan, and Z. Qingyang, "Edge computing: State-of-the-art and future directions," Journal of Computer Research and Development, vol. 56, no. 1, p. 69, 2019.
[17]  M. Idhammad, K. Afdel, M. Belouch, “Dos detection method based on artificial neural networks,” International Journal of Advanced Computer Science and Applications (ijacsa), vol 10, pp 14569, 2017.
[18]  L. Liu and Y. Zhai, "A Survey on MapReduce Scheduling in Cloud Computing,"  Fifth International Conference on Instrumentation and Measurement, Computer, Communication and Control,  pp. 1710-1715, 2015.
[19]  M. M. Rashid, J. Kamruzzaman, M. M. Hassan, T. Imam, and S. Gordon, "Cyberattacks Detection in IoT-Based Smart City Applications Using Machine Learning Techniques," International Journal of Environmental Research and Public Health, vol. 17, no. 24, p. 9347, 2020.
[20]  M. Idhammad, K. Afdel, M. Belouch, Distributed Intrusion Detection System for Cloud Environments based on Data Mining techniques, Procedia Computer Science, Vol 127,pp35-41, 2018.
[21]  R. Beghdad, “Efficient deterministic method for detecting new U2R attacks,” Computer Communications, Vol 32, pp1104-1110, 2009.
[22]  E .Kim, and S. Kim, “A Novel Anomaly Detection System Based on HFR-MLR Method”, in Mobile, Ubiquitous, and Intelligent Computing, p p. 279-286, 2014.
[23]  C.A. Charu, and K.R. Chandan, “Data clustering: algorithms and applications,” In: Chapman and Hall/CRC Boston, MA. 2013.
[24]  H. Pajouh, G. Dastghaibyfard, and S. Hashemi,” Two-tier network anomaly detection model,” a machine learning approach. Journal of Intelligent Information Systems, Vol 48, pp. 61-74, 2017.
[25]  S. Mishra and A. Tripathi, "IoT platform business model for innovative management systems," International Journal of Financial Engineering, vol. 7, no. 03, p. 2050030, 2020.
Volume 9, Issue 4 - Serial Number 36
Serial No. 36, Winter Quarterly
February 2022
Pages 21-29
  • Receive Date: 28 October 2020
  • Revise Date: 15 August 2021
  • Accept Date: 15 August 2021
  • Publish Date: 20 February 2022