A Combined Decision for Secure Cloud Computing Based on Machine Learning and Past Information

Cloud computing has been presented as one of the most efficient techniques for hosting and delivering services over the internet. However, even with its wide areas of application, cloud security is still a major concern of cloud computing. In order to protect the communication in such environment, many secure systems have been proposed and most of them are based on attack signatures. These systems are often not very efficient for detecting all the types of attacks. Recently, machine learning technique has been proposed. This means that if the training set does not include enough examples in a particular class, the decision may not be accurate. In this paper, we propose a new firewall scheme named Enhanced Intrusion Detection and Classification (EIDC) system for secure cloud computing environment. EIDC detects and classifies the received traffic packets using a new combination technique called most frequent decision where the nodes' 11In this document we will use the words “node” and “user” interchangeably.past decisions are combined with the current decision of the machine learning algorithm to estimate the final attack category classification. This strategy increases the learning performance and the system accuracy. To generate our results, a public available dataset UNSW-NB-15 is used. Our results show that EICD improves the anomalies detection by 24% compared to complex tree.

[1]  Sebti Foufou,et al.  VacoNet: Variable and connected architecture for data center networks , 2016, 2016 IEEE Wireless Communications and Networking Conference.

[2]  Sebti Foufou,et al.  ScalNet: A Novel Network Architecture for Data Centers , 2015, 2015 IEEE Globecom Workshops (GC Wkshps).

[3]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[4]  Lamiaa Khalid,et al.  A weighted fusion scheme for cooperative spectrum sensing based on past decisions , 2011, 2011 IEEE 22nd International Symposium on Personal, Indoor and Mobile Radio Communications.

[5]  Bhavani M. Thuraisingham,et al.  Detection and Resolution of Anomalies in Firewall Policy Rules , 2006, DBSec.

[6]  Kien A. Hua,et al.  Decision tree classifier for network intrusion detection with GA-based feature selection , 2005, ACM Southeast Regional Conference.

[7]  Rouslan A. Moro,et al.  Support Vector Machines (SVM) as a Technique for Solvency Analysis , 2008 .

[8]  Young-Sik Jeong,et al.  A survey on cloud computing security: Issues, threats, and solutions , 2016, J. Netw. Comput. Appl..

[9]  Jingfeng Xue,et al.  A Trust Model Based on Cloud Model and Bayesian Networks , 2011 .

[10]  Mazen O. Hasna,et al.  Location privacy preservation in secure crowdsourcing-based cooperative spectrum sensing , 2016, EURASIP J. Wirel. Commun. Netw..

[11]  Giovanni Vigna,et al.  Testing network-based intrusion detection signatures using mutant exploits , 2004, CCS '04.

[12]  Sebti Foufou,et al.  Efficient techniques for energy saving in data center networks , 2018, Comput. Commun..

[13]  C. Yeun,et al.  Cloud computing security management , 2010, 2010 Second International Conference on Engineering System Management and Applications.

[14]  A. Abraham,et al.  Intrusion Detection Systems Using Decision Trees and Support Vector Machines , 2004 .