A Cloud Intrusion Detection System Using Novel PRFCM Clustering and KNN Based Dempster-Shafer Rule

A Cloud Intrusion Detection System Using Novel PRFCM Clustering and KNN Based Dempster-Shafer Rule

Partha Ghosh (Netaji Subhash Engineering College, Maulana Abul Kalam Azad University of Technology, Kolkata, India), Shivam Shakti (Netaji Subhash Engineering College, Maulana Abul Kalam Azad University of Technology, Kolkata, India) and Santanu Phadikar (Maulana Abul Kalam Azad University of Technology, Kolkata, India)
Copyright: © 2016 |Pages: 18
DOI: 10.4018/IJCAC.2016100102
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Cloud computing has established a new horizon in the field of Information Technology. Due to the large number of users and extensive utilization, the Cloud computing paradigm attracts intruders who exploit its vulnerabilities. To secure the Cloud environment from such intruders an Intrusion Detection System (IDS) is required. In this paper the authors have proposed an anomaly based IDS which classifies an incoming connection by taking the deviation of it from the normal behaviors. The proposed method uses a novel Penalty Reward based Fuzzy C-Means (PRFCM) clustering algorithm to generate a rule set and the best rule set is extracted from it using a modified approach for KNN algorithm. This best rule set is used in evidential reasoning of Dempster Shafer Theory for classification. The IDS has been trained and tested with NSL-KDD dataset for performance evaluation. The results prove the proposed IDS to be highly efficient and reliable.
Article Preview

1. Introduction

For the last decade, Internet has turned out to be an inseparable part of daily human life. With growing number of users there is a need for robust services for development and deployment of software as well as exchange of data. The advent of Cloud computing has given more dimensions to the developers as well as to the users. In basic terms, Cloud computing is the phrase used to describe different scenarios in which computing resource is delivered as a hosted service over the Internet. There are three fundamental types of services offered by the Cloud Service Providers (CSP) - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) (Subashini & Kavitha, 2011). The Cloud infrastructure makes use of integrated technologies, standard Internet protocols and virtualization techniques. The bugs and vulnerabilities in these technologies render Cloud vulnerable to intrusion as well as traditional attacks (Modi et al., 2013). To protect the Cloud environment from intruders an effective and efficient Intrusion Detection System (IDS) is required. An IDS is deployed in the Cloud network to classify the incoming connections as normal or attack. An intrusion tries to exploit the confidentiality, integrity and availability of resources (Liao, Lin, Lin et al., 2013). There are two major techniques for intrusion detection- Anomaly Detection and Misuse Detection (Patel, Taghavi, Bakhtiyari, & Júnior, 2013). In case of Anomaly detection, it is a behavior based detection system that defines and characterizes normal behavior of the system. Whenever action deviates from the expected behavior, it is considered as an Anomaly. Therefore, it can detect unknown or novel attacks (Govindarajan & Chandrasekaran, 2011). But since the normal behavior of user differs, the rate of false alarm is high (Özyer, Alhajj, & Barker, 2007). Whereas, Misuse Detection technique is knowledge based detection system where predefined rules or signature of attacks are already formed and that can be used to determine an incoming attack by pattern matching of known attack. Misuse Detection based IDS have higher accuracy than the Anomaly Detection based IDS (Jamdagni, Tan, He, Nanda, & Liu, 2013). However, unknown and variation of known attacks cannot be identified by misuse detection (Ghosh, Mandal, & Kumar, 2015). In this paper the authors have proposed an Anomaly based Intrusion Detection System. Here they use a novel Penalty Reward based Fuzzy C-Means (PRFCM) clustering algorithm to train the IDS which performs better than FCM clustering algorithm. Further, a modified approach for K-Nearest Neighbor (KNN) and Dempster-Shafer Theory (DST) is used in order to classify an incoming connection. Rest of the paper is organized as follows: Section 2 surveys related work in IDS. Section 3 provides a preliminary theory for the proposed system. Section 4 gives a detail of the sample dataset used in the experiment. Section 5 lays out the proposed model. Section 6 and 7 presents the result and conclusion respectively.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing