En-ABC: An ensemble artificial bee colony based anomaly detection scheme for cloud environment

Abstract With an exponential increase in the usage of different types of services and applications in cloud computing environment, the identification of malicious behavior of different nodes becomes challenging due to the diversity of traffic patterns generated from various services and applications. Most of the existing solutions reported in the literature are restricted with respect to the usage of a specific technique applicable to single class datasets. But in real life scenarios, applications and services especially in cloud environment may have multi-class datasets. Moreover, non-linear behavior among the dataset attributes generates additional challenges for identification of nodes behavior, and it has not been exploited to its full potential in the existing solutions. This can lead to performance bottlenecks with respect to the identification of malicious behavior of different nodes. Motivated from these facts, this paper proposes an Ensemble Artificial Bee Colony based Anomaly Detection Scheme (En-ABC) for multi-class datasets in cloud environment. En-ABC has following components for identification of malicious behavior of nodes-(i) feature selection and optimization, (ii) data clustering, and (iii) identification of anomalous behavior of nodes. The feature selection and optimization model in En-ABC has been built using Restricted Boltzmann Machine and Unscented Kalman Filter (to handle the non-linear behavior of dataset attributes) respectively. Moreover, Artificial Bee Colony-based Fuzzy C-means clustering technique is used to obtain an optimal clustering based on two objective functions, i.e., Mean Square Deviation and Dunn Index (to handle the participation of attributes in multiple clustered datasets). Then, a profile of normal/abnormal behavior has been built using clustering results for detection of the anomalies. Finally, the performance of the proposed scheme has been compared with the existing schemes (CM, SVM, ML-IDS and MSADA) using various parameters such as-detection, false alarm, and accuracy rates. Experimental results on benchmark (NSL-KDD, NAB and IBRL) and synthetic datasets validate the effectiveness of the proposed scheme.

[1]  Hao Li,et al.  Unsupervised video anomaly detection using feature clustering , 2012, IET Signal Process..

[2]  Mamun Bin Ibne Reaz,et al.  A novel SVM-kNN-PSO ensemble method for intrusion detection system , 2016, Appl. Soft Comput..

[3]  Hiroki Takakura,et al.  Toward a more practical unsupervised anomaly detection system , 2013, Inf. Sci..

[4]  Tinghuai Ma,et al.  An efficient and scalable density-based clustering algorithm for datasets with complex structures , 2016, Neurocomputing.

[5]  Nagarajan Kandasamy,et al.  A New Approach to Dimensionality Reduction for Anomaly Detection in Data Traffic , 2016, IEEE Transactions on Network and Service Management.

[6]  Danai Koutra,et al.  Graph based anomaly detection and description: a survey , 2014, Data Mining and Knowledge Discovery.

[7]  Vanish Talwar,et al.  Statistical techniques for online anomaly detection in data centers , 2011, 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops.

[8]  Dan Wang,et al.  Anomaly detection based on probability density function with Kullback-Leibler divergence , 2016, Signal Process..

[9]  Lin Zhu,et al.  A graph-based semi-supervised k nearest-neighbor method for nonlinear manifold distributed data classification , 2016, Inf. Sci..

[10]  Xinghuo Yu,et al.  An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems , 2014, Comput. Secur..

[11]  Yuancheng Li,et al.  A semi-supervised learning approach for detection of phishing webpages , 2013 .

[12]  Hong Yan,et al.  Cluster analysis of gene expression data based on self-splitting and merging competitive learning , 2004, IEEE Transactions on Information Technology in Biomedicine.

[13]  Shalini Batra,et al.  A novel ensembled technique for anomaly detection , 2017, International Journal of Communication Systems.

[14]  Vipin Kumar,et al.  Anomaly Detection for Discrete Sequences: A Survey , 2012, IEEE Transactions on Knowledge and Data Engineering.

[15]  Wenbin Chen,et al.  An immune-inspired semi-supervised algorithm for breast cancer diagnosis , 2016, Comput. Methods Programs Biomed..

[16]  Mete Celik,et al.  Anomaly detection in temperature data using DBSCAN algorithm , 2011, 2011 International Symposium on Innovations in Intelligent Systems and Applications.

[17]  Mohsen Guizani,et al.  Edge Computing in the Industrial Internet of Things Environment: Software-Defined-Networks-Based Edge-Cloud Interplay , 2018, IEEE Communications Magazine.

[18]  Albert Y. Zomaya,et al.  A Hybrid Deep Learning-Based Model for Anomaly Detection in Cloud Datacenter Networks , 2019, IEEE Transactions on Network and Service Management.

[19]  Rudolph van der Merwe,et al.  The unscented Kalman filter for nonlinear estimation , 2000, Proceedings of the IEEE 2000 Adaptive Systems for Signal Processing, Communications, and Control Symposium (Cat. No.00EX373).

[20]  Kim-Kwang Raymond Choo,et al.  Fuzzy-Folded Bloom Filter-as-a-Service for Big Data Storage in the Cloud , 2019, IEEE Transactions on Industrial Informatics.

[21]  Geoffrey E. Hinton A Practical Guide to Training Restricted Boltzmann Machines , 2012, Neural Networks: Tricks of the Trade.

[22]  Vir V. Phoha,et al.  K-Means+ID3: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods , 2007, IEEE Transactions on Knowledge and Data Engineering.

[23]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[24]  Félix J. García Clemente,et al.  A Self-Adaptive Deep Learning-Based System for Anomaly Detection in 5G Networks , 2018, IEEE Access.

[25]  Dushantha Nalin K. Jayakody,et al.  SDN-Based Secure and Privacy-Preserving Scheme for Vehicular Networks: A 5G Perspective , 2019, IEEE Transactions on Vehicular Technology.

[26]  Xiaohui Yan,et al.  A new approach for data clustering using hybrid artificial bee colony algorithm , 2012, Neurocomputing.

[27]  Rajiv Ranjan,et al.  SAFE: SDN-Assisted Framework for Edge–Cloud Interplay in Secure Healthcare Ecosystem , 2019, IEEE Transactions on Industrial Informatics.

[28]  J. Bezdek,et al.  FCM: The fuzzy c-means clustering algorithm , 1984 .

[29]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[30]  Sridha Sridharan,et al.  Detecting rare events using Kullback-Leibler divergence: A weakly supervised approach , 2016, Expert Syst. Appl..

[31]  Yu-Lin He,et al.  Fuzziness based semi-supervised learning approach for intrusion detection system , 2017, Inf. Sci..

[32]  Joel J. P. C. Rodrigues,et al.  Hybrid Deep-Learning-Based Anomaly Detection Scheme for Suspicious Flow Detection in SDN: A Social Multimedia Perspective , 2019, IEEE Transactions on Multimedia.

[33]  Fred A. Hamprecht,et al.  Weakly Supervised Learning of a Classifier for Unusual Event Detection , 2008, IEEE Transactions on Image Processing.

[34]  Dervis Karaboga,et al.  A powerful and efficient algorithm for numerical function optimization: artificial bee colony (ABC) algorithm , 2007, J. Glob. Optim..

[35]  Robert Jenssen,et al.  A new information theoretic analysis of sum-of-squared-error kernel clustering , 2008, Neurocomputing.

[36]  Ming Wan,et al.  Double Behavior Characteristics for One-Class Classification Anomaly Detection in Networked Control Systems , 2017, IEEE Transactions on Information Forensics and Security.

[37]  Shalini Batra,et al.  Fuzzified Cuckoo based Clustering Technique for Network Anomaly Detection , 2017, Comput. Electr. Eng..

[38]  Laurence T. Yang,et al.  UAV-Empowered Edge Computing Environment for Cyber-Threat Detection in Smart Vehicles , 2018, IEEE Network.

[39]  Min-Woo Park,et al.  Multi-level Intrusion Detection System and log management in Cloud Computing , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[40]  Mohammad S. Obaidat,et al.  Edge Computing-Based Security Framework for Big Data Analytics in VANETs , 2019, IEEE Network.

[41]  Xin-She Yang,et al.  A literature survey of benchmark functions for global optimisation problems , 2013, Int. J. Math. Model. Numer. Optimisation.

[42]  Jugal K. Kalita,et al.  A multi-step outlier-based anomaly detection approach to network-wide traffic , 2016, Inf. Sci..