Yu Jing1, Zhiwei Zhang1,2,*, Tianzhu Hu1,2, Zhaoyang Li1, and Senpeng Liu1
Zhiwei Zhang
1 School of Computer Science and Technology, Xidian University, Xi’an, Shaanxi, 710071, China
2 Institute of Network Information, Academy of Systems Engineering, Academy of Military Sciences, China
*Corresponding author
Traditional data-driven intrusion detection systems (IDSs) are typically based on the recognition of some specific features, regulations or patterns belonging to the well-defined known attacks, so they cannot separate new or unknown attacks from abnormities and may even confuse new attacks and legitimate behaviors. With the development of artificial intelligence (AI) technology, it becomes the mainstream technology to improve the detection performance of intrusion detection system. However, the available AI-driven IDSs can hardly classify different types of new attacks separated from abnormities, and they are usually not dedicated to the private cloud, edge or fog computing environments, where the update of the new attack recognition can be very different from that of the public environments. In this article, we present a novel sustainable and AI-driven intrusion detection scheme to support the classification of new attacks in the private clouds. We first adopt the convolutional neural network algorithm to recognize the known attacks, and then propose a new model of recognition and classification for unknown attacks based on network behaviors. We further propose a new approach to update the attacks recognition model for the private clouds. Finally, we provide extensive experiment results to demonstrate that our proposed scheme outperforms the previous IDSs in terms of attack detection accuracy, attack classification accuracy and updating efficiency.
Intrusion Detection, Deep Learning, New Attack Classification, Private Cloud Computing
Yu Jing, Zhiwei Zhang, Tianzhu Hu, Zhaoyang Li, and Senpeng Liu (2021). Sustainable Intrusion Detection with New Attack Classification in Private Clouds. Journal of Networking and Network Applications, Volume 1, Issue 4, pp. 150–159. https://doi.org/10.33969/J-NaNA.2021.010402.
[1] W Lee, S Stolfo, “Data mining approaches for intrusion detection,” 7th USENIX Security Symposium, pp. 79–94, 1998.
[2] N. T. Van, T. N. Thinh, “An anomaly-based network intrusion detection system using deep learning,” in 2017 international conference on system science and engineering (ICSSE) IEEE, 2017, 210-214.
[3] C. Yin, Y. Zhu, J. Fei, et al., “A deep learning approach for intrusion detection using recurrent neural networks,” Ieee Access, 2017, 5, 21954-21961.
[4] I. lianou, P. kypros, et al., “A signature-based intrusion detection system for the Internet of Things,” Information and Communication Technology Form (2018).
[5] B. A. Tama, M. Comuzzi, K. H. Rhee, “TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system”. IEEE Access, 2019, 7, 94497-94507.
[6] M. Mazini, B. Shirazi, I. Mahdavi, “Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms”. Journal of King Saud University-Computer and Information Sciences, 2019, 31(4), 541-553.
[7] Gao X, Shan C, Hu C, et al. “An adaptive ensemble machine learning model for intrusion detection”. IEEE Access, 2019, 7: 82512-82521.
[8] Otoum S, Kantarci B, Mouftah H T. “On the feasibility of deep learning in sensor network intrusion detection”. IEEE Networking Letters, 2019, 1(2): 68-71.
[9] Sarker I H, Abushark Y B, Alsolami F, et al. “Intrudtree: a machine learning based cyber security intrusion detection model”. Symmetry, 2020, 12(5): 754.
[10] Ferrag M A, Maglaras L, Moschoyiannis S, et al. “Deep learning for cyber security intrusion detection: Approaches, datasets, and compara-tive study”. Journal of Information Security and Applications, 2020, 50: 102419.
[11] M. A. Hatef, V. Shaker, M. R. Jabbarpour, et al., “HIDCC: A hybrid intrusion detection approach in cloud computing”. in Concurrency and Computation: Practice and Experience, 2018, 30(3).
[12] N. Moustafa, G. Creech, E. Sitnikova, et al., “Collaborative anomaly detection framework for handling big data of cloud computing”. in 2017 military communications and information systems conference (MilCIS). IEEE, 2017, 1-6.
[13] M. Idhammad, K. Afdel, M. Belouch, “Distributed intrusion detection system for cloud environments based on data mining techniques”, Procedia Computer Science, 2018, 127, 35-41.
[14] K. K. Nguyen, D. T. Hoang, D. Niyato, et al., “Cyberattack detection in mobile cloud computing: A deep learning approach,” in 2018 IEEE Wireless Communications and Networking Conference (WCNC). IEEE, 2018, 1-6.
[15] Mugunthan S R. “Soft computing based autonomous low rate DDOS attack detection and security for cloud computing”. journal of soft computing paradigm (JSCP), 2019, 1(02): 80-90.
[16] Tian Z, Luo C, Qiu J, et al. “A distributed deep learning system for web attack detection on edge devices”. IEEE Transactions on Industrial Informatics, 2019, 16(3): 1963-1971.
[17] Kushwah G S, Ranga V. “Voting extreme learning machine based distributed denial of service attack detection in cloud computing”. Journal of Information Security and Applications, 2020, 53: 102532.
[18] Dhanapal A, Nithyanandam P. “The slow HTTP distributed denial of service attack detection in cloud”. Scalable Computing: Practice and Experience, 2019, 20(2): 285-298.
[19] Kesavamoorthy R, Soundar K R. “Swarm intelligence based autonomous DDoS attack detection and defense using multi agent system”. Cluster Computing, 2019, 22(4): 9469-9476.
[20] Dinh P T, Park M. “BDF-SDN: A big data framework for ddos attack detection in large-scale sdn-based cloud,”2021 IEEE Conference on Dependable and Secure Computing (DSC). IEEE, 2021: 1-8.
[21] D. K. Denatious, A. John, “Survey on data mining techniques to enhance intrusion detection,” in 2012 International Conference on Computer Communication and Informatics. IEEE, 2012, 1-5.
[22] P. Casas, J. Mazel, P. Owezarski, “Unsupervised network intrusion de-tection systems: Detecting the unknown without knowledge,” Computer Communications, 2012, 35(7), 772-783.
[23] P. Jongsuebsuk, N. Wattanapongsakorn, C. Charnsripinyo, “Network intrusion detection with fuzzy genetic algorithm for unknown attacks,” in The International Conference on Information Networking 2013 (ICOIN), IEEE, 2013, 1-5.
[24] C. D. Xuan, H. H. Nam. “A method of monitoring and detecting APT attacks based on unknown domainsProcedia,” Computer Science 150 (2019), 316-323.
[25] Zhao J, Shetty S, Pan J W, et al. “Transfer learning for detecting unknown network attacks”. EURASIP Journal on Information Security, 2019, 2019(1): 1-13.
[26] Zhang Y, Niu J, Guo D, et al. “Unknown Network Attack Detection Based on Open Set Recognition”. Procedia Computer Science, 2020, 174: 387-392.
[27] Zhang Z, Zhang Y, Niu J, et al. “Unknown network attack detection based on open-set recognition and active learning in drone network”. Transactions on Emerging Telecommunications Technologies, 2021.
[28] Wang H, Mumtaz S, Li H, et al. “An identification strategy for un-known attack through the joint learning of space–time features.” Future Generation Computer Systems, 2021, 117: 145-154.