Article Preview
Top1. Introduction
For the last decade, Internet has turned out to be an inseparable part of daily human life. With growing number of users there is a need for robust services for development and deployment of software as well as exchange of data. The advent of Cloud computing has given more dimensions to the developers as well as to the users. In basic terms, Cloud computing is the phrase used to describe different scenarios in which computing resource is delivered as a hosted service over the Internet. There are three fundamental types of services offered by the Cloud Service Providers (CSP) - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) (Subashini & Kavitha, 2011). The Cloud infrastructure makes use of integrated technologies, standard Internet protocols and virtualization techniques. The bugs and vulnerabilities in these technologies render Cloud vulnerable to intrusion as well as traditional attacks (Modi et al., 2013). To protect the Cloud environment from intruders an effective and efficient Intrusion Detection System (IDS) is required. An IDS is deployed in the Cloud network to classify the incoming connections as normal or attack. An intrusion tries to exploit the confidentiality, integrity and availability of resources (Liao, Lin, Lin et al., 2013). There are two major techniques for intrusion detection- Anomaly Detection and Misuse Detection (Patel, Taghavi, Bakhtiyari, & Júnior, 2013). In case of Anomaly detection, it is a behavior based detection system that defines and characterizes normal behavior of the system. Whenever action deviates from the expected behavior, it is considered as an Anomaly. Therefore, it can detect unknown or novel attacks (Govindarajan & Chandrasekaran, 2011). But since the normal behavior of user differs, the rate of false alarm is high (Özyer, Alhajj, & Barker, 2007). Whereas, Misuse Detection technique is knowledge based detection system where predefined rules or signature of attacks are already formed and that can be used to determine an incoming attack by pattern matching of known attack. Misuse Detection based IDS have higher accuracy than the Anomaly Detection based IDS (Jamdagni, Tan, He, Nanda, & Liu, 2013). However, unknown and variation of known attacks cannot be identified by misuse detection (Ghosh, Mandal, & Kumar, 2015). In this paper the authors have proposed an Anomaly based Intrusion Detection System. Here they use a novel Penalty Reward based Fuzzy C-Means (PRFCM) clustering algorithm to train the IDS which performs better than FCM clustering algorithm. Further, a modified approach for K-Nearest Neighbor (KNN) and Dempster-Shafer Theory (DST) is used in order to classify an incoming connection. Rest of the paper is organized as follows: Section 2 surveys related work in IDS. Section 3 provides a preliminary theory for the proposed system. Section 4 gives a detail of the sample dataset used in the experiment. Section 5 lays out the proposed model. Section 6 and 7 presents the result and conclusion respectively.