Skip to main content
SpringerLink
Log in

Securing IoT networks in cloud computing environments: a real-time IDS

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

The term “Internet of Things” (IoT) encompasses an entire group of gadgets that are capable of connecting to the Internet in order to gather and share data. The IoT paradigm is being pushed into computer networks by numerous highly advanced intrusions. Cloud computing greatly enhances the success of the IoT by enabling users to perform computing tasks using Internet-based services accessed through connected devices. This seamless integration of cloud technology and the IoT has become a powerful catalyst, revolutionizing the way we operate. The adoption of a distributed architecture, such as cloud computing, exposes the system to potential threats like Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks. To mitigate these risks, the concept of an intrusion detection system (IDS) has been introduced within the cloud environment. Various machine learning (ML) and deep learning (DL) algorithms have been proposed and implemented to effectively detect and respond to such malicious traffic in the cloud system. For dimension reduction during the training process of those algorithms, multiple independent and hybrid techniques have been proposed. This study presents an efficient ML-based real-time IDS framework with proposed hybrid feature selection techniques. Additionally, in this study, a concise comparative analysis has been conducted using five well-known public datasets. The findings presented in this paper reveal that our proposed IDS achieved a maximum accuracy of 99.98% in identifying malicious traffic.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Algorithm 1
Algorithm 2
Fig. 6
Algorithm 3
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data and materials availability

The author(s) will ensure the provision of the datasets and materials utilized and/or analyzed in this work for interested parties.

Code availability

The author(s) will make the code employed in this work available for access.

References

  1. Abdul-Ghani HA, Konstantas D (2019) A comprehensive study of security and privacy guidelines, threats, and countermeasures: an IoT perspective. J Sens Actuator Netw 8(2):22

    Article  Google Scholar 

  2. Cisco Annual Internet Report (2018–2023) White Paper., https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html. Accessed 30 Jan 2023

  3. Adat V, Gupta BB (2018) Security in Internet of Things: issues, challenges, taxonomy, and architecture. Telecommun Syst 67:423–441

    Article  Google Scholar 

  4. Khan AF, Anandharaj G (2020) A multi-layer security approach for DDoS detection in Internet of Things. Int J Intell Unmanned Syst 9(3):178–191

    Article  Google Scholar 

  5. Sagar S, Choudhary A, Ansari MSA, Govil MC (2023) A survey of energy-aware server consolidation in cloud computing. In: Evolution in computational intelligence: proceedings of the 10th international conference on frontiers in intelligent computing: theory and applications (FICTA 2022). Springer Nature, Singapore, pp 381–391

  6. Anthi E, Williams L, Burnap P (2018) Pulse: an adaptive intrusion detection for the internet of things. 35-4

  7. Cirani S, Ferrari G, Veltri L (2013) Enforcing security mechanisms in the IP-based internet of things: an algorithmic overview. Algorithms 6(2):197–226

    Article  Google Scholar 

  8. Thirumalai C, Mohan S, Srivastava G (2020) An efficient public key secure scheme for cloud and IoT security. Comput Commun 150:634–643

    Article  Google Scholar 

  9. Sfar AR, Natalizio E, Challal Y, Chtourou Z (2018) A roadmap for security challenges in the Internet of Things. Digital Commun Netw 4(2):118–137

    Article  Google Scholar 

  10. Ansari MSA, Govil MC, Pal K, Samaddar SG (2020) Tools and techniques in optimization of network resources. In: 2020 3rd international conference on emerging technologies in computer engineering: machine learning and internet of things (ICETCE). IEEE, pp 1–7

  11. Kabir E, Hu J, Wang H, Zhuo G (2018) A novel statistical technique for intrusion detection systems. Futur Gener Comput Syst 79:303–318

    Article  Google Scholar 

  12. Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31

    Article  Google Scholar 

  13. Ansari MSA, Chattopadhayay A, Das S (2010) A kernel level VFS logger for building efficient file system intrusion detection system. In: 2010 second international conference on computer and network technology. IEEE, pp 273–279

  14. Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Futur Gener Comput Syst 82:761–768

    Article  Google Scholar 

  15. Nabavi SR, Mousavi SM (2016) A novel cluster-based key management scheme to improve scalability in wireless sensor networks. IJCSNS 16(7):150

    Google Scholar 

  16. Babar SD, Mahalle PN (2016) A hash key-based key management mechanism for cluster-based wireless sensor network. J Cyber Secur Mobil 5:73–88

    Google Scholar 

  17. Kasinathan P, Pastrone C, Spirito MA, Vinkovits M (2013) Denial-of-service detection in 6LoWPAN based Internet of Things. In: 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob). IEEE, pp 600–607

  18. Anajemba JH, Tang Y, Iwendi C, Ohwoekevwo A, Srivastava G, Jo O (2020) Realizing efficient security and privacy in IoT networks. Sensors 20(9):2609

    Article  ADS  PubMed  PubMed Central  Google Scholar 

  19. Feroz Khan AB, Anandharaj G (2019) A cognitive key management technique for energy efficiency and scalability in securing the sensor nodes in the IoT environment: CKMT. SN Appl Sci 1(12):1575

    Article  Google Scholar 

  20. Wood L, Alsawy S (2018) Recovery in psychosis from a service user perspective: a systematic review and thematic synthesis of current qualitative evidence. Community Ment Health J 54:793–804

    Article  CAS  PubMed  Google Scholar 

  21. Ansari MSA, Pal K, Govil P, Govil MC, Chaurasia N, Vidyarthi A, Alharbi M (2023) Identification of vulnerable selfish peer in P2P network using nature-inspired optimization techniques. Phys Commun 59:102110

    Article  Google Scholar 

  22. Kumar P, Babulal KS (2023) Hematological image analysis for segmentation and characterization of erythrocytes using FC-TriSDR. Multimed Tools Appl 82(5):7861–7886

    Article  Google Scholar 

  23. Özgür A, Erdem H (2016) A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015

  24. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE symposium on computational intelligence for security and defense applications. IEEE, pp 1–6

  25. McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans Inf Syst Secur (TISSEC) 3(4):262–294

    Article  Google Scholar 

  26. Alsharif N (2021) Ensembling PCA-based feature selection with random tree classifier for intrusion detection on IoT network. In: 2021 8th international conference on electrical engineering, computer science and informatics (EECSI). IEEE

  27. Venkatesan Srinath (2023) Design an intrusion detection system based on feature selection using ML algorithms. Math Stat Eng Appl 72(1):702–710

    Google Scholar 

  28. Venkatesh B, Anuradha J (2019) A review of feature selection and its methods. Cybern Inf Technol 19(1):3–26

    MathSciNet  Google Scholar 

  29. Kumar C, Biswas S, Ansari MSA, Govil MC (2023) Nature-inspired intrusion detection system for protecting software-defined networks controller. Comput Secur 134:103438

    Article  Google Scholar 

  30. Aggarwal P, Sharma SK (2015) Analysis of KDD dataset attributes-class wise for intrusion detection. Proc Comput Sci 57:842–851

    Article  Google Scholar 

  31. Siddiqui MK, Naahid S (2013) Analysis of KDD CUP 99 dataset using clustering based data mining. Int J Database Theory Appl 6(5):23–34

    Article  Google Scholar 

  32. Ingre B, Yadav A (2015) Performance analysis of NSL-KDD dataset using ANN. In: 2015 international conference on signal processing and communication engineering systems. IEEE, pp 92–96

  33. Sahu S, Mehtre BM (2015) Network intrusion detection system using J48 decision tree. In: 2015 international conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 2023–2026

  34. Subba B, Biswas S, Karmakar S (2016) Enhancing performance of anomaly based intrusion detection systems through dimensionality reduction using principal component analysis. In: 2016 IEEE international conference on advanced networks and telecommunications systems (ANTS). IEEE, pp 1–6

  35. Hajisalem V, Babaie S (2018) A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection. Comput Netw 136:37–50

    Article  Google Scholar 

  36. Kayacık HG, Zincir-Heywood N (2005) Analysis of three intrusion detection system benchmark datasets using machine learning algorithms. In: Intelligence and security informatics: IEEE international conference on intelligence and security informatics, ISI 2005, Atlanta, GA, USA, May 19-20, 2005. Proceedings 3 (pp 362–367). Springer, Berlin, Heidelberg

  37. Parsazad S, Saboori E, Allahyar A (2012) Fast feature reduction in intrusion detection datasets. In: 2012 Proceedings of the 35th international convention MIPRO. IEEE, pp 1023–1029

  38. Rampure V, Tiwari A (2015) A rough set based feature selection on KDD CUP 99 data set. Int J Database Theory Appl 8(1):149–156

    Article  Google Scholar 

  39. Hasan MAM, Nasser M, Ahmad S, Molla KI (2016) Feature selection for intrusion detection using random forest. J Inf Secur 7(3):129–140

    Google Scholar 

  40. Janarthanan T, Zargari S (2017) Feature selection in UNSW-NB15 and KDDCUP’99 datasets. In: 2017 IEEE 26th international symposium on industrial electronics (ISIE). IEEE, pp 1881–1886

  41. Kolias C, Kambourakis G, Stavrou A, Gritzalis S (2015) Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset. IEEE Commun Surv Tutor 18(1):184–208

    Article  Google Scholar 

  42. Kim K, Aminanto ME (2017) Deep learning in intrusion detection perspective: overview and further challenges. In: 2017 international workshop on big data and information security (IWBIS). IEEE, pp 5–10

  43. Wang CR, Xu RF, Lee SJ, Lee CH (2018) Network intrusion detection using equality constrained-optimization-based extreme learning machines. Knowl-Based Syst 147:68–80

    Article  Google Scholar 

  44. Moustafa N, Slay J, Creech G (2017) Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans Big Data 5(4):481–494

    Article  Google Scholar 

  45. Khammassi C, Krichen S (2017) A GA-LR wrapper approach for feature selection in network intrusion detection. Comput Secur 70:255–277

    Article  Google Scholar 

  46. Gauthama Raman MR, Somu N, Jagarapu S, Manghnani T, Selvam T, Krithivasan K, Shankar Sriram VS (2020) An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artif Intell Rev 53:3255–3286

    Article  Google Scholar 

  47. Stiawan D, Idris MYB, Bamhdi AM, Budiarto R (2020) CICIDS-2017 dataset feature analysis with information gain for anomaly detection. IEEE Access 8:132911–132921

    Article  Google Scholar 

  48. Panigrahi R, Borah S (2018) A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems. Int J Eng Technol 7(3.24):479–482

    Google Scholar 

  49. Verma A, Ranga V (2018) On evaluation of network intrusion detection systems: statistical analysis of CIDDS-001 dataset using machine learning techniques. Pertanika J Sci Technol 26(3):1307–1332

    Google Scholar 

  50. Yin Y, Jang-Jaccard J, Xu W, Singh A, Zhu J, Sabrina F, Kwak J (2023) IGRF-RFE: a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset. J Big Data 10(1):1–26

    Article  Google Scholar 

  51. Vishwakarma M, Kesswani N (2022) DIDS: a deep neural network based real-time intrusion detection system for IoT. Decision Anal J 5:100142

    Article  Google Scholar 

  52. Sarhan M, Layeghy S, Moustafa N, Gallagher M, Portmann M (2022) Feature extraction for machine learning-based intrusion detection in IoT networks. Digital Commun Netw. https://doi.org/10.1016/j.dcan.2022.08.012

    Article  Google Scholar 

  53. Chen YW, Sheu JP, Kuo YC, Van Cuong N (2020) Design and implementation of IoT DDoS attacks detection system based on machine learning. In: 2020 European conference on networks and communications (EuCNC). IEEE, pp 122–127

  54. Kozik R, Choraś M, Ficco M, Palmieri F (2018) A scalable distributed machine learning approach for attack detection in edge computing environments. J Parallel Distrib Comput 119:18–26

    Article  Google Scholar 

  55. Pajouh HH, Javidan R, Khayami R, Dehghantanha A, Choo KKR (2016) A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Trans Emerg Top Comput 7(2):314–323

    Article  Google Scholar 

  56. Bostani H, Sheikhan M (2017) Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach. Comput Commun 98:52–71

    Article  Google Scholar 

  57. Hodo E, Bellekens X, Hamilton A, Dubouilh PL, Iorkyase E, Tachtatzis C, Atkinson R (2016) Threat analysis of IoT networks using artificial neural network intrusion detection system. In: 2016 international symposium on networks, computers and communications (ISNCC). IEEE, pp 1–6

  58. Niyaz Q, Sun W, Javaid AY, Alam M (2015) A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI international conference on bio-inspired information and communications technologies (Formerly BIONETICS), BICT-15 (Vol 15, No. 2015, pp 21–26)

  59. Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Futur Gener Comput Syst 82:761–768

    Article  Google Scholar 

  60. Tsikala Vafea M, Atalla E, Georgakas J, Shehadeh F, Mylona EK, Kalligeros M, Mylonakis E (2020) Emerging technologies for use in the study, diagnosis, and treatment of patients with COVID-19. Cell Mol Bioeng 13:249–257

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  61. Otoom M, Otoum N, Alzubaidi MA, Etoom Y, Banihani R (2020) An IoT-based framework for early identification and monitoring of COVID-19 cases. Biomed Signal Process Control 62:102149

    Article  PubMed  PubMed Central  Google Scholar 

  62. Siddiqi Murtaza Ahmed, Pak Wooguil (2020) Optimizing filter-based feature selection method flow for intrusion detection system. Electronics 9(12):2114

    Article  Google Scholar 

  63. Otoum Yazan, Liu Dandan, Nayak Amiya (2022) DL-IDS: a deep learning-based intrusion detection framework for securing IoT. Trans Emerg Telecommun Technol 33(3):e3803

    Article  Google Scholar 

  64. Mohammadpour Leila et al (2022) A survey of CNN-based network intrusion detection. Appl Sci 12(16):8162

    Article  CAS  Google Scholar 

  65. Ali Tariq Emad, Chong Yung-Wey, Manickam Selvakumar (2023) Comparison of ML/DL approaches for detecting DDoS attacks in SDN. Appl Sci 13(5):3033

    Article  CAS  Google Scholar 

  66. Sindhu Siva S. Sivatha, Geetha Suryakumar, Kannan Arputharaj (2012) Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst Appl 39(1):129–141

    Article  Google Scholar 

  67. Mohammad AH (2021) Intrusion detection using a new hybrid feature selection model. Intell Autom Soft Comput. https://doi.org/10.32604/iasc.2021.016140

    Article  Google Scholar 

  68. Kim Taehoon, Pak Wooguil (2022) Real-time network intrusion detection using deferred decision and hybrid classifier. Futur Gener Comput Syst 132:51–66

    Article  Google Scholar 

  69. Siyyal Shafqat Ali et al (2022) Analyzing ml-based ids over real-traffic. Inte J Innov Sci Technol 4(3):621–640

    Article  Google Scholar 

  70. Ansari MSA, Pal K, Govil P, Govil MC, Awasthi LK (2023) A statistical analysis of SAMPARK dataset for peer-to-peer traffic and selfish-peer identification. Multimed Tools Appl 82(6):8507–8535

    Article  Google Scholar 

  71. Kampaktsis Polydoros N et al (2021) State-of-the-art machine learning algorithms for the prediction of outcomes after contemporary heart transplantation: results from the UNOS database. Clin Transplant 35(8):e14388

    Article  PubMed  Google Scholar 

  72. Zhang Zhongheng, Ho Kwok M, Hong Yucai (2019) Machine learning for the prediction of volume responsiveness in patients with oliguric acute kidney injury in critical care. Crit Care 23(1):1–10

    Article  Google Scholar 

  73. Kilic Arman (2020) Artificial intelligence and machine learning in cardiovascular health care. Ann Thorac Surg 109(5):1323–1329

    Article  PubMed  Google Scholar 

  74. Wang Zheng (2018) Deep learning-based intrusion detection with adversaries. IEEE Access 6:38367–38384

    Article  Google Scholar 

  75. Ansari M, Alam S, Pal K, Govil MC, Govil P, Srivastava A (2021) Ensemble machine learning for P2P traffic identification. Int J Comput Digital Syst. https://doi.org/10.12785/ijcds/1001117

    Article  Google Scholar 

  76. Bahl A, Hellack B, Balas M, Dinischiotu A, Wiemann M, Brinkmann J, Haase A (2019) Recursive feature elimination in random forest classification supports nanomaterial grouping. NanoImpact 15:100179

    Article  Google Scholar 

  77. Ansari MSA, Pal K, Govil MC, Govil P, Srivastava A (2022) P2P traffic identification using machine learning and feature selection techniques. In: Edge analytics: select proceedings of 26th international conference-ADCOM 2020. Springer, Singapore, pp 393–407

  78. Elmachtoub AN, Liang JCN, McNellis R (2020) Decision trees for decision-making under the predict-then-optimize framework. In: International conference on machine learning. PMLR, pp 2858–2867

  79. Gladence LM, Karthi M, Anu VM (2015) A statistical comparison of logistic regression and different Bayes classification methods for machine learning. ARPN J Eng Appl Sci 10(14):5947–5953

    Google Scholar 

  80. Ahmad MW, Reynolds J, Rezgui Y (2018) Predictive modelling for solar thermal energy systems: a comparison of support vector regression, random forest, extra trees and regression trees. J Clean Prod 203:810–821

    Article  Google Scholar 

  81. Shataee S, Kalbi S, Fallah A, Pelz D (2012) Forest attribute imputation using machine-learning methods and ASTER data: comparison of k-NN, SVR and random forest regression algorithms. Int J Remote Sens 33(19):6254–6280

    Article  Google Scholar 

  82. Zhang Yang, Zhang Hongpo, Zhang Bo (2022) An effective ensemble automatic feature selection method for network intrusion detection. Information 13(7):314

    Article  CAS  Google Scholar 

  83. Gokul Pran S, Sivakami Raja (2023) An efficient feature selection and classification approach for an intrusion detection system using optimal neural network. J Intell Fuzzy Syst 44:8561–8571

    Article  Google Scholar 

  84. Elhanashi A, et al (2022) Machine learning techniques for anomaly-based detection system on CSE-CIC-IDS2018 dataset. In: International conference on applications in electronics pervading industry, environment and society. Springer, Cham

Download references

Funding

No financial funding has been received for the research, authoring, and publication of this article.

Author information

Authors and Affiliations

  1. Department of Computer Science & Engineering, National Institute of Technology Sikkim, Ravangla, India

    Soham Biswas & Md. Sarfaraj Alam Ansari

Authors
  1. Soham Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Md. Sarfaraj Alam Ansari
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors have contributed equally to the development of this manuscript, making it a significant research paper.

Corresponding author

Correspondence to Md. Sarfaraj Alam Ansari.

Ethics declarations

Conflict of interest

There are no Conflict of interest or conflicts of interest to declare.

Ethical approval

The content presented in this article represents the original work of the author and has not been previously published.

Consent to participate

All authors have reviewed and consented to the submitted version of the paper, acknowledging their inclusion as co-authors.

Consent for publication

The author(s) hereby provide permission to publish the work.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Biswas, S., Ansari, M.S.A. Securing IoT networks in cloud computing environments: a real-time IDS. J Supercomput (2024). https://doi.org/10.1007/s11227-024-06021-z

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11227-024-06021-z

Keywords

Search

Navigation