Article Preview
Top1. Introduction
Cyberspace refers to a complex environment that runs with the support of Information Communication Technology (ICT) devices and networks where several interactions are carried out among people, software, and services. A wide variety of attacks or incidents may occur intentionally or accidentally, natural or mandate. Cybersecurity in the various networked environments has become one of the prime anxieties in this advanced technical environment like a cloud computing environment. The Cloud computing environment utilizes virtualization, integrated tools, and techniques to run the services via standard Internet protocols. Many vulnerabilities are involved in the cloud computing environment, attracting intruders to explore and exploit different attacks. Already existing cloud computing attacks are Address Resolution Protocol (ARP poisoning), IP spoofing, IP Flooding, Domain Name Service (DNS) poisoning, Routing Information Protocol (RIP) attack, Denial of Service (DoS) attack, and Distributed Denial of Service (DDoS) attack. The Firewall provides security from outside attacks, but it fails to provide security against insider attacks.
IDSs can detect malicious activities or intrusions or attacks originated from a system or Internet that harm the network or systems (Selvakumar et al. 2019). The prerequisite of the IDS is high recall, precision, accuracy, and low False Alarm Rate (FAR) in identifying the intrusions or attacks. The IDS uses so many Machine Learning (ML) as well as Deep Learning (DL) based algorithms such as Decision Tree (DT), Support Vector Machines (SVMs), clustering, Artificial Neural Network (ANN), Deep Neural Network (DNN), auto-encoders, Deep Belief Network (DBN), etc. (Zhang et al. 2018). In general, the IDSs are of two types, which are Host-based IDS (HIDS) and Network-based IDS (NIDS). HIDS is designated only for one system to analyze its various by accessing and analyzing data from admin files such as logs and config files. It also creates a backup for the config files for restoring against any malicious attack. NIDS examines network traffic to identify any malicious events. It includes a packet sniffer collect and stores the network traffic data for further analysis. NIDS is dynamic, where the rules can be modified as per the requirements, such as capturing selective data for analysis, adding rules only for HTTP or FTP traffics. HIDS or NIDS are further classified broadly in two types – Signature-based and Anomaly-based. Signature-based NIDS tries to match a specific intrusion signature or pattern which are available in its database. It requires regular updates to combats the new attacks. As the size of the database increases, it demands a higher processing cost for analyzing each attack as the size of the signature database increases. In the case of anomaly detection, a normal network distribution pattern is calculated, and if the network packet deviates from the calculated pattern, it is considered an anomaly. It means that an anomaly-based NIDS first builds the profile for normal behaviors from valid network traffic and compares it with the other profiles to assign the score to the new coming profile. If the score crosses the defined threshold, the NIDS model indicates the occurrence of an anomaly. The profiling methods are generally based on machine learning and statistical data mining techniques (Alomari and Othman 2012). The model trained through profiling can detect the new type of attacks but vulnerable to high FAR than signature-based IDS. However, anomaly-based NIDS is useful for predicting a new kind of attack when someone is probing a network prior to the attack. It is used as the first primary and main security tool to monitor a network (Modi et al. 2013) (AlKadi et al. 2019). The NIDS sends alerts to the network administrator in case of intrusion detection or violation of the defined policy (AlKadi et al. 2019).