Feasibility of Supervised Machine Learning for Cloud Security

Cloud computing is gaining significant attention, however, security is the biggest hurdle in its wide acceptance. Users of cloud services are under constant fear of data loss, security threats and availability issues. Recently, learning-based methods for security applications are gaining popularity in the literature with the advents in machine learning techniques. However, the major challenge in these methods is obtaining real-time and unbiased datasets. Many datasets are internal and cannot be shared due to privacy issues or may lack certain statistical characteristics. As a result of this, researchers prefer to generate datasets for training and testing purpose in the simulated or closed experimental environments which may lack comprehensiveness. Machine learning models trained with such a single dataset generally result in a semantic gap between results and their application. There is a dearth of research work which demonstrates the effectiveness of these models across multiple datasets obtained in different environments. We argue that it is necessary to test the robustness of the machine learning models, especially in diversified operating conditions, which are prevalent in cloud scenarios. In this work, we use the UNSW dataset to train the supervised machine learning models. We then test these models with ISOT dataset. We present our results and argue that more research in the field of machine learning is still required for its applicability to the cloud security.

[1]  Mohammed Samaka,et al.  Application delivery in multi-cloud environments using software defined networking , 2014, Comput. Networks.

[2]  A. Abraham,et al.  Intrusion Detection Systems Using Decision Trees and Support Vector Machines , 2004 .

[3]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[4]  Mário M. Freire,et al.  Security issues in cloud environments: a survey , 2014, International Journal of Information Security.

[5]  Rouslan A. Moro,et al.  Support Vector Machines (SVM) as a Technique for Solvency Analysis , 2008 .

[6]  Michael I. Jordan,et al.  On Discriminative vs. Generative Classifiers: A comparison of logistic regression and naive Bayes , 2001, NIPS.

[7]  Mohammed Samaka,et al.  A survey on service function chaining , 2016, J. Netw. Comput. Appl..

[8]  Vidhya A Review of DOS Attacks in Cloud Computing , 2014 .

[9]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[10]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[11]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[12]  Mohammed Samaka,et al.  Multi-cloud Distribution of Virtual Functions and Dynamic Service Deployment: Open ADN Perspective , 2015, 2015 IEEE International Conference on Cloud Engineering.

[13]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[14]  Avinash Sonule,et al.  Development of servers in cloud computing to solve issues related to security and backup , 2011, 2011 IEEE International Conference on Cloud Computing and Intelligence Systems.

[15]  Ali A. Ghorbani,et al.  Detecting P2P botnets through network behavior analysis and machine learning , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[16]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[17]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[18]  Zhao Yan,et al.  Application of Support Vector Machine to Reliability Analysis of Engine Systems , 2013 .

[19]  Taeshik Shon,et al.  A hybrid machine learning approach to network anomaly detection , 2007, Inf. Sci..

[20]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[21]  C. Yeun,et al.  Cloud computing security management , 2010, 2010 Second International Conference on Engineering System Management and Applications.

[22]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[23]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[24]  Jingfeng Xue,et al.  A Trust Model Based on Cloud Model and Bayesian Networks , 2011 .

[25]  S. Hyakin,et al.  Neural Networks: A Comprehensive Foundation , 1994 .

[26]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[27]  John R. Anderson,et al.  Machine learning - an artificial intelligence approach , 1982, Symbolic computation.

[28]  Kien A. Hua,et al.  Decision tree classifier for network intrusion detection with GA-based feature selection , 2005, ACM Southeast Regional Conference.

[29]  István Szabó,et al.  On the Validation of Traffic Classification Algorithms , 2008, PAM.