Abstract
The term “Internet of Things” (IoT) encompasses an entire group of gadgets that are capable of connecting to the Internet in order to gather and share data. The IoT paradigm is being pushed into computer networks by numerous highly advanced intrusions. Cloud computing greatly enhances the success of the IoT by enabling users to perform computing tasks using Internet-based services accessed through connected devices. This seamless integration of cloud technology and the IoT has become a powerful catalyst, revolutionizing the way we operate. The adoption of a distributed architecture, such as cloud computing, exposes the system to potential threats like Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks. To mitigate these risks, the concept of an intrusion detection system (IDS) has been introduced within the cloud environment. Various machine learning (ML) and deep learning (DL) algorithms have been proposed and implemented to effectively detect and respond to such malicious traffic in the cloud system. For dimension reduction during the training process of those algorithms, multiple independent and hybrid techniques have been proposed. This study presents an efficient ML-based real-time IDS framework with proposed hybrid feature selection techniques. Additionally, in this study, a concise comparative analysis has been conducted using five well-known public datasets. The findings presented in this paper reveal that our proposed IDS achieved a maximum accuracy of 99.98% in identifying malicious traffic.
Similar content being viewed by others
Data and materials availability
The author(s) will ensure the provision of the datasets and materials utilized and/or analyzed in this work for interested parties.
Code availability
The author(s) will make the code employed in this work available for access.
References
Abdul-Ghani HA, Konstantas D (2019) A comprehensive study of security and privacy guidelines, threats, and countermeasures: an IoT perspective. J Sens Actuator Netw 8(2):22
Cisco Annual Internet Report (2018–2023) White Paper., https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html. Accessed 30 Jan 2023
Adat V, Gupta BB (2018) Security in Internet of Things: issues, challenges, taxonomy, and architecture. Telecommun Syst 67:423–441
Khan AF, Anandharaj G (2020) A multi-layer security approach for DDoS detection in Internet of Things. Int J Intell Unmanned Syst 9(3):178–191
Sagar S, Choudhary A, Ansari MSA, Govil MC (2023) A survey of energy-aware server consolidation in cloud computing. In: Evolution in computational intelligence: proceedings of the 10th international conference on frontiers in intelligent computing: theory and applications (FICTA 2022). Springer Nature, Singapore, pp 381–391
Anthi E, Williams L, Burnap P (2018) Pulse: an adaptive intrusion detection for the internet of things. 35-4
Cirani S, Ferrari G, Veltri L (2013) Enforcing security mechanisms in the IP-based internet of things: an algorithmic overview. Algorithms 6(2):197–226
Thirumalai C, Mohan S, Srivastava G (2020) An efficient public key secure scheme for cloud and IoT security. Comput Commun 150:634–643
Sfar AR, Natalizio E, Challal Y, Chtourou Z (2018) A roadmap for security challenges in the Internet of Things. Digital Commun Netw 4(2):118–137
Ansari MSA, Govil MC, Pal K, Samaddar SG (2020) Tools and techniques in optimization of network resources. In: 2020 3rd international conference on emerging technologies in computer engineering: machine learning and internet of things (ICETCE). IEEE, pp 1–7
Kabir E, Hu J, Wang H, Zhuo G (2018) A novel statistical technique for intrusion detection systems. Futur Gener Comput Syst 79:303–318
Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31
Ansari MSA, Chattopadhayay A, Das S (2010) A kernel level VFS logger for building efficient file system intrusion detection system. In: 2010 second international conference on computer and network technology. IEEE, pp 273–279
Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Futur Gener Comput Syst 82:761–768
Nabavi SR, Mousavi SM (2016) A novel cluster-based key management scheme to improve scalability in wireless sensor networks. IJCSNS 16(7):150
Babar SD, Mahalle PN (2016) A hash key-based key management mechanism for cluster-based wireless sensor network. J Cyber Secur Mobil 5:73–88
Kasinathan P, Pastrone C, Spirito MA, Vinkovits M (2013) Denial-of-service detection in 6LoWPAN based Internet of Things. In: 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob). IEEE, pp 600–607
Anajemba JH, Tang Y, Iwendi C, Ohwoekevwo A, Srivastava G, Jo O (2020) Realizing efficient security and privacy in IoT networks. Sensors 20(9):2609
Feroz Khan AB, Anandharaj G (2019) A cognitive key management technique for energy efficiency and scalability in securing the sensor nodes in the IoT environment: CKMT. SN Appl Sci 1(12):1575
Wood L, Alsawy S (2018) Recovery in psychosis from a service user perspective: a systematic review and thematic synthesis of current qualitative evidence. Community Ment Health J 54:793–804
Ansari MSA, Pal K, Govil P, Govil MC, Chaurasia N, Vidyarthi A, Alharbi M (2023) Identification of vulnerable selfish peer in P2P network using nature-inspired optimization techniques. Phys Commun 59:102110
Kumar P, Babulal KS (2023) Hematological image analysis for segmentation and characterization of erythrocytes using FC-TriSDR. Multimed Tools Appl 82(5):7861–7886
Özgür A, Erdem H (2016) A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015
Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE symposium on computational intelligence for security and defense applications. IEEE, pp 1–6
McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans Inf Syst Secur (TISSEC) 3(4):262–294
Alsharif N (2021) Ensembling PCA-based feature selection with random tree classifier for intrusion detection on IoT network. In: 2021 8th international conference on electrical engineering, computer science and informatics (EECSI). IEEE
Venkatesan Srinath (2023) Design an intrusion detection system based on feature selection using ML algorithms. Math Stat Eng Appl 72(1):702–710
Venkatesh B, Anuradha J (2019) A review of feature selection and its methods. Cybern Inf Technol 19(1):3–26
Kumar C, Biswas S, Ansari MSA, Govil MC (2023) Nature-inspired intrusion detection system for protecting software-defined networks controller. Comput Secur 134:103438
Aggarwal P, Sharma SK (2015) Analysis of KDD dataset attributes-class wise for intrusion detection. Proc Comput Sci 57:842–851
Siddiqui MK, Naahid S (2013) Analysis of KDD CUP 99 dataset using clustering based data mining. Int J Database Theory Appl 6(5):23–34
Ingre B, Yadav A (2015) Performance analysis of NSL-KDD dataset using ANN. In: 2015 international conference on signal processing and communication engineering systems. IEEE, pp 92–96
Sahu S, Mehtre BM (2015) Network intrusion detection system using J48 decision tree. In: 2015 international conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 2023–2026
Subba B, Biswas S, Karmakar S (2016) Enhancing performance of anomaly based intrusion detection systems through dimensionality reduction using principal component analysis. In: 2016 IEEE international conference on advanced networks and telecommunications systems (ANTS). IEEE, pp 1–6
Hajisalem V, Babaie S (2018) A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection. Comput Netw 136:37–50
Kayacık HG, Zincir-Heywood N (2005) Analysis of three intrusion detection system benchmark datasets using machine learning algorithms. In: Intelligence and security informatics: IEEE international conference on intelligence and security informatics, ISI 2005, Atlanta, GA, USA, May 19-20, 2005. Proceedings 3 (pp 362–367). Springer, Berlin, Heidelberg
Parsazad S, Saboori E, Allahyar A (2012) Fast feature reduction in intrusion detection datasets. In: 2012 Proceedings of the 35th international convention MIPRO. IEEE, pp 1023–1029
Rampure V, Tiwari A (2015) A rough set based feature selection on KDD CUP 99 data set. Int J Database Theory Appl 8(1):149–156
Hasan MAM, Nasser M, Ahmad S, Molla KI (2016) Feature selection for intrusion detection using random forest. J Inf Secur 7(3):129–140
Janarthanan T, Zargari S (2017) Feature selection in UNSW-NB15 and KDDCUP’99 datasets. In: 2017 IEEE 26th international symposium on industrial electronics (ISIE). IEEE, pp 1881–1886
Kolias C, Kambourakis G, Stavrou A, Gritzalis S (2015) Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset. IEEE Commun Surv Tutor 18(1):184–208
Kim K, Aminanto ME (2017) Deep learning in intrusion detection perspective: overview and further challenges. In: 2017 international workshop on big data and information security (IWBIS). IEEE, pp 5–10
Wang CR, Xu RF, Lee SJ, Lee CH (2018) Network intrusion detection using equality constrained-optimization-based extreme learning machines. Knowl-Based Syst 147:68–80
Moustafa N, Slay J, Creech G (2017) Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans Big Data 5(4):481–494
Khammassi C, Krichen S (2017) A GA-LR wrapper approach for feature selection in network intrusion detection. Comput Secur 70:255–277
Gauthama Raman MR, Somu N, Jagarapu S, Manghnani T, Selvam T, Krithivasan K, Shankar Sriram VS (2020) An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artif Intell Rev 53:3255–3286
Stiawan D, Idris MYB, Bamhdi AM, Budiarto R (2020) CICIDS-2017 dataset feature analysis with information gain for anomaly detection. IEEE Access 8:132911–132921
Panigrahi R, Borah S (2018) A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems. Int J Eng Technol 7(3.24):479–482
Verma A, Ranga V (2018) On evaluation of network intrusion detection systems: statistical analysis of CIDDS-001 dataset using machine learning techniques. Pertanika J Sci Technol 26(3):1307–1332
Yin Y, Jang-Jaccard J, Xu W, Singh A, Zhu J, Sabrina F, Kwak J (2023) IGRF-RFE: a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset. J Big Data 10(1):1–26
Vishwakarma M, Kesswani N (2022) DIDS: a deep neural network based real-time intrusion detection system for IoT. Decision Anal J 5:100142
Sarhan M, Layeghy S, Moustafa N, Gallagher M, Portmann M (2022) Feature extraction for machine learning-based intrusion detection in IoT networks. Digital Commun Netw. https://doi.org/10.1016/j.dcan.2022.08.012
Chen YW, Sheu JP, Kuo YC, Van Cuong N (2020) Design and implementation of IoT DDoS attacks detection system based on machine learning. In: 2020 European conference on networks and communications (EuCNC). IEEE, pp 122–127
Kozik R, Choraś M, Ficco M, Palmieri F (2018) A scalable distributed machine learning approach for attack detection in edge computing environments. J Parallel Distrib Comput 119:18–26
Pajouh HH, Javidan R, Khayami R, Dehghantanha A, Choo KKR (2016) A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Trans Emerg Top Comput 7(2):314–323
Bostani H, Sheikhan M (2017) Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach. Comput Commun 98:52–71
Hodo E, Bellekens X, Hamilton A, Dubouilh PL, Iorkyase E, Tachtatzis C, Atkinson R (2016) Threat analysis of IoT networks using artificial neural network intrusion detection system. In: 2016 international symposium on networks, computers and communications (ISNCC). IEEE, pp 1–6
Niyaz Q, Sun W, Javaid AY, Alam M (2015) A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI international conference on bio-inspired information and communications technologies (Formerly BIONETICS), BICT-15 (Vol 15, No. 2015, pp 21–26)
Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Futur Gener Comput Syst 82:761–768
Tsikala Vafea M, Atalla E, Georgakas J, Shehadeh F, Mylona EK, Kalligeros M, Mylonakis E (2020) Emerging technologies for use in the study, diagnosis, and treatment of patients with COVID-19. Cell Mol Bioeng 13:249–257
Otoom M, Otoum N, Alzubaidi MA, Etoom Y, Banihani R (2020) An IoT-based framework for early identification and monitoring of COVID-19 cases. Biomed Signal Process Control 62:102149
Siddiqi Murtaza Ahmed, Pak Wooguil (2020) Optimizing filter-based feature selection method flow for intrusion detection system. Electronics 9(12):2114
Otoum Yazan, Liu Dandan, Nayak Amiya (2022) DL-IDS: a deep learning-based intrusion detection framework for securing IoT. Trans Emerg Telecommun Technol 33(3):e3803
Mohammadpour Leila et al (2022) A survey of CNN-based network intrusion detection. Appl Sci 12(16):8162
Ali Tariq Emad, Chong Yung-Wey, Manickam Selvakumar (2023) Comparison of ML/DL approaches for detecting DDoS attacks in SDN. Appl Sci 13(5):3033
Sindhu Siva S. Sivatha, Geetha Suryakumar, Kannan Arputharaj (2012) Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst Appl 39(1):129–141
Mohammad AH (2021) Intrusion detection using a new hybrid feature selection model. Intell Autom Soft Comput. https://doi.org/10.32604/iasc.2021.016140
Kim Taehoon, Pak Wooguil (2022) Real-time network intrusion detection using deferred decision and hybrid classifier. Futur Gener Comput Syst 132:51–66
Siyyal Shafqat Ali et al (2022) Analyzing ml-based ids over real-traffic. Inte J Innov Sci Technol 4(3):621–640
Ansari MSA, Pal K, Govil P, Govil MC, Awasthi LK (2023) A statistical analysis of SAMPARK dataset for peer-to-peer traffic and selfish-peer identification. Multimed Tools Appl 82(6):8507–8535
Kampaktsis Polydoros N et al (2021) State-of-the-art machine learning algorithms for the prediction of outcomes after contemporary heart transplantation: results from the UNOS database. Clin Transplant 35(8):e14388
Zhang Zhongheng, Ho Kwok M, Hong Yucai (2019) Machine learning for the prediction of volume responsiveness in patients with oliguric acute kidney injury in critical care. Crit Care 23(1):1–10
Kilic Arman (2020) Artificial intelligence and machine learning in cardiovascular health care. Ann Thorac Surg 109(5):1323–1329
Wang Zheng (2018) Deep learning-based intrusion detection with adversaries. IEEE Access 6:38367–38384
Ansari M, Alam S, Pal K, Govil MC, Govil P, Srivastava A (2021) Ensemble machine learning for P2P traffic identification. Int J Comput Digital Syst. https://doi.org/10.12785/ijcds/1001117
Bahl A, Hellack B, Balas M, Dinischiotu A, Wiemann M, Brinkmann J, Haase A (2019) Recursive feature elimination in random forest classification supports nanomaterial grouping. NanoImpact 15:100179
Ansari MSA, Pal K, Govil MC, Govil P, Srivastava A (2022) P2P traffic identification using machine learning and feature selection techniques. In: Edge analytics: select proceedings of 26th international conference-ADCOM 2020. Springer, Singapore, pp 393–407
Elmachtoub AN, Liang JCN, McNellis R (2020) Decision trees for decision-making under the predict-then-optimize framework. In: International conference on machine learning. PMLR, pp 2858–2867
Gladence LM, Karthi M, Anu VM (2015) A statistical comparison of logistic regression and different Bayes classification methods for machine learning. ARPN J Eng Appl Sci 10(14):5947–5953
Ahmad MW, Reynolds J, Rezgui Y (2018) Predictive modelling for solar thermal energy systems: a comparison of support vector regression, random forest, extra trees and regression trees. J Clean Prod 203:810–821
Shataee S, Kalbi S, Fallah A, Pelz D (2012) Forest attribute imputation using machine-learning methods and ASTER data: comparison of k-NN, SVR and random forest regression algorithms. Int J Remote Sens 33(19):6254–6280
Zhang Yang, Zhang Hongpo, Zhang Bo (2022) An effective ensemble automatic feature selection method for network intrusion detection. Information 13(7):314
Gokul Pran S, Sivakami Raja (2023) An efficient feature selection and classification approach for an intrusion detection system using optimal neural network. J Intell Fuzzy Syst 44:8561–8571
Elhanashi A, et al (2022) Machine learning techniques for anomaly-based detection system on CSE-CIC-IDS2018 dataset. In: International conference on applications in electronics pervading industry, environment and society. Springer, Cham
Funding
No financial funding has been received for the research, authoring, and publication of this article.
Author information
Authors and Affiliations
Contributions
All authors have contributed equally to the development of this manuscript, making it a significant research paper.
Corresponding author
Ethics declarations
Conflict of interest
There are no Conflict of interest or conflicts of interest to declare.
Ethical approval
The content presented in this article represents the original work of the author and has not been previously published.
Consent to participate
All authors have reviewed and consented to the submitted version of the paper, acknowledging their inclusion as co-authors.
Consent for publication
The author(s) hereby provide permission to publish the work.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Biswas, S., Ansari, M.S.A. Securing IoT networks in cloud computing environments: a real-time IDS. J Supercomput (2024). https://doi.org/10.1007/s11227-024-06021-z
Accepted:
Published:
DOI: https://doi.org/10.1007/s11227-024-06021-z