Article Preview
TopIntroduction
Cloud computing is a widespread term for the transportation of hosted services using the Internet. Cloud computing has evolved as one of the most vital dimension of the modern software industry by making a transition from computing-as-a-product to computing-as-a-service (Murugesan, 2011). Instead of setting up a physical infrastructure, Cloud allows us to have the luxury of using applications, software, platforms etc. as a service and one has to pay only for the resources he consumes (Singh & Jangwal, 2012). Since in a Cloud Environment data arrives from different heterogeneous sources therefore understanding the associative vulnerabilities is the foremost job to do (Grobauer, Walloschek, & Stöcker, 2011) and then, to provide a way to maintain the integrity, confidentiality and availability of the incoming and outgoing data. Hamlen et al. (Hamlen, Kantarcioglu, Khan, & Thuraisingham, 2010) in their work have discussed the various security issues of the Cloud. IDS is one such solution that provides data security to the Cloud Environment. Based on deployment, IDS have two models, Host Based IDS(HIDS) and Network Based IDS(NIDS). HIDS attempts to recognize unauthorized, abnormal behaviors on a specific device (Hu, 2010). HIDS uses both Anomaly Based and Misuse Based Detection Techniques and plays a very compliant role in identifying, logging records and alerting the admin if there is any security issue. Whereas NIDS completely works on Network traffic. It captures Ethernet Packets and scans it in real time to decide whether it is an attack or not (Mukherjee, Heberlein, & Levitt, 1994). The number of unnecessary generated alerts in Anomaly Based IDS which causes high false alarm can be reduced as demonstrated by Hacini et al. (Salima Hacini, Zahia Guessoum, 2013) .
As the network traffic is huge in size so the analysis of packets in real time is too time-consuming phenomenon, hence for better performance of IDS it is incorporated with various data mining algorithms extensively (Yanjie, 2015). For further enhancement in the performance pre-processing of data becomes inevitable which reduces dimensions quite significantly (Said, Stirling, Federolf, & Barker, 2011). Feature Selection is one of the most widely used pre-processing technique which eliminates irrelevant and homogeneous features from a given feature set (Mladeni, 2006). Another pre-processing technique is Clustering which helps to eliminate outliers, noise and group similar kind of objects. Objects can be either instances or features (Kryszkiewicz & Skonieczny, 2005). For the experimental purpose the authors have used NSL-KDD dataset for training and testing purpose. In this paper, initially authors have designed a fully connected weighted graph of features, where each node represents a feature. Then Core Clusters are created by removing inconsistent edges. Later, the relevant features which have high Mutual Information Values, are selected from each core in order to get the Relevant Feature Set (RFS). Using the above mentioned methods the authors have proposed an Anomaly Based Intrusion Detection System.