A Cloud Intrusion Detection System Using Novel PRFCM Clustering and KNN Based Dempster-Shafer Rule

Cloud computing has established a new horizon in the field of Information Technology. Due to the large number of users and extensive utilization, the Cloud computing paradigm attracts intruders who exploit its vulnerabilities. To secure the Cloud environment from such intruders an Intrusion Detection System IDS is required. In this paper the authors have proposed an anomaly based IDS which classifies an incoming connection by taking the deviation of it from the normal behaviors. The proposed method uses a novel Penalty Reward based Fuzzy C-Means PRFCM clustering algorithm to generate a rule set and the best rule set is extracted from it using a modified approach for KNN algorithm. This best rule set is used in evidential reasoning of Dempster Shafer Theory for classification. The IDS has been trained and tested with NSL-KDD dataset for performance evaluation. The results prove the proposed IDS to be highly efficient and reliable.

[1]  A. Damodaram,et al.  Algorithm for Clustering with Intrusion Detection Using Modified and Hashed K – Means Algorithms , 2012 .

[2]  M. Esmaili Dempster-Shafer Theory and Network Intrusion Detection Systems , 1997 .

[3]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[4]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[5]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[6]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.

[7]  Arthur P. Dempster,et al.  A Generalization of Bayesian Inference , 1968, Classic Works of the Dempster-Shafer Theory of Belief Functions.

[8]  R. M. Chandrasekaran,et al.  Intrusion detection using neural based hybrid classification methods , 2011, Comput. Networks.

[9]  Saeed Khazaee,et al.  Using fuzzy C-means algorithm for improving intrusion detection performance , 2013, 2013 13th Iranian Conference on Fuzzy Systems (IFSC).

[10]  Roberto Di Pietro,et al.  Secure virtualization for cloud computing , 2011, J. Netw. Comput. Appl..

[11]  Ming-Yang Su,et al.  Using clustering to improve the KNN-based classifiers for online anomaly network traffic identification , 2011, J. Netw. Comput. Appl..

[12]  J. L. Hodges,et al.  Discriminatory Analysis - Nonparametric Discrimination: Consistency Properties , 1989 .

[13]  Thomas M. Chen,et al.  Dempster-Shafer theory for intrusion detection in ad hoc networks , 2005, IEEE Internet Computing.

[14]  M. Hemalatha,et al.  An evaluation of clustering technique over intrusion detection system , 2012, ICACCI '12.

[15]  Tansel Özyer,et al.  Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening , 2007, J. Netw. Comput. Appl..

[16]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[17]  Rakowsky Uwe Kay,et al.  Fundamentals of the Dempster-Shafer theory and its applications to system safety and reliability modelling , 2007 .

[18]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[19]  Xiangjian He,et al.  RePIDS: A multi tier Real-time Payload-based Intrusion Detection System , 2013, Comput. Networks.

[20]  Partha Ghosh,et al.  An Efficient Cloud Network Intrusion Detection System , 2015 .

[21]  Thierry Denoeux,et al.  A k-nearest neighbor classification rule based on Dempster-Shafer theory , 1995, IEEE Trans. Syst. Man Cybern..

[22]  Partha Ghosh,et al.  An Efficient Hybrid Multilevel Intrusion Detection System in Cloud Environment , 2014 .

[23]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[24]  V. Rao Vemuri,et al.  Use of K-Nearest Neighbor classifier for intrusion detection , 2002, Comput. Secur..

[25]  Jacek M. Leski Generalized weighted conditional fuzzy clustering , 2003, IEEE Trans. Fuzzy Syst..

[26]  J. Bezdek,et al.  FCM: The fuzzy c-means clustering algorithm , 1984 .

[27]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[28]  Ke Ma,et al.  Design of Intrusion Detection System Based on Data Mining Algorithm , 2009, 2009 International Conference on Signal Processing Systems.

[29]  Arthur P. Dempster,et al.  Upper and Lower Probabilities Induced by a Multivalued Mapping , 1967, Classic Works of the Dempster-Shafer Theory of Belief Functions.

[30]  James M. Keller,et al.  A fuzzy K-nearest neighbor algorithm , 1985, IEEE Transactions on Systems, Man, and Cybernetics.

[31]  M. Govindarajan,et al.  Intrusion detection using k-Nearest Neighbor , 2009, 2009 First International Conference on Advanced Computing.

[32]  Arthur P. Dempster,et al.  New Methods for Reasoning Towards PosteriorDistributions Based on Sample Data , 1966, Classic Works of the Dempster-Shafer Theory of Belief Functions.

[33]  Sahibsingh A. Dudani The Distance-Weighted k-Nearest-Neighbor Rule , 1976, IEEE Transactions on Systems, Man, and Cybernetics.

[34]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..