دانلود رایگان مقاله انگلیسی توزیع سیستم تشخیص نفوذ برای محیط های ابر بر اساس تکنیک های داده کاوی - الزویر 2018

Abstract

Nearly two decades after its emergence, the Cloud Computing remains gaining traction among organizations and individual users. Many security issues arise with the transition to this computing paradigm including intrusions detection. Intrusion and attack tools have become more sophisticated defeating traditional Intrusion Detection Systems (IDS) by large amount of network traffic data and dynamic behaviors. The existing Cloud IDSs suffer form low detection accuracy, high false positive rate and high running time. In this paper we present a distributed Machine Learning based intrusion detection system for Cloud environments. The proposed system is designed to be inserted in the Cloud side by side with the edge network components of the Cloud provider. This allows to intercept incoming network traffic to the edge network routers of the physical layer. A time-based sliding window algorithm is used to preprocess the captured network traffic on each Cloud router and pass it to an anomaly detection module using Naive Bayes classifier. A set of commodity server nodes based on Hadoop and MapReduce are available for each anomaly detection module to use when the network congestion increases. For each time window, the anomaly network traffic data on each router side are synchronized to a central storage server. Next, an ensemble learning classifiers based on the Random Forest is used to perform a final multi-class classification step in order to detect the type of each attack. Various experiment are performed in the Google Cloud Platform in order to assess the proposed system using the CIDDS-001 public dataset. The obtained results are satisfactory when compared to a standard Random Forest classifier. The system achieved an average accuracy of 97%, an average false positive rate of 0.21% and an average running time of 6.23s.

Conclusion

In this paper a distributed intrusion detection system for Cloud environments is proposed. The proposed IDS constitutes of 5 principal modules. The network traffic module capture the incoming network traffic to the Cloud on each one of the edge network routers in a 5 minutes time window basis. The captured data are then preprocessed and passed to a first anomaly detection step using a Naive Bayes model. Next, the suspected traffic at each network router side are synchronized to central server. Then, an ensemble learning classifier based on Random Forest is used to classify the network traffic data available on the central storage server and detect the types of each attack. The proposed IDS is implemented on the Google Cloud Platform and tested using the CIDDS-001 public dataset. The experimental results are satisfactory when compared to a standard Random Forest tested directly on the dataset. Despite, that the proposed IDS depicts high detection performances for several attack types included in the CIDDS001 public dataset, it is important to evaluate its performances in real world scenarios. For future work, we are planning to perform real world deployment of the IDS and evaluate it against several attack types.