Introduction: The last few decades have seen a marked increase in individuals' dependence on the internet. Users require considerable internet data and a wide variety of services. Cloud computing offers on-demand services under a "pay-as-you-use" framework. Given its open and distributed nature, security is a paramount concern. An intrusion detection system (IDS) serves the purpose of overseeing activities and identifying any unauthorized access or attacks on the computing system. Machine learning (ML) techniques are effective in identifying both known and unknown threats. In this study, we have suggested an IDS framework that addresses the problem of a single point of failure by utilizing the collaboration between the user and the cloud service provider to operate the IDS. It makes use of clustering followed by classification approaches. Clustering helps in minimizing the data size, time to respond and shorten the training period for classification. We conducted an evaluation of the proposed IDS framework’s suitability using KDD cup 1999 dataset on the cloud platform. In the first experiment, clusters were labelled using k nearest neighbour method on cloud VMs users, and all VMs’s clusters are merged label wise for classification. In the second experiment, all clusters belonging to the same cloud VM user are aggregated before classifying them. The results show that the low frequent attacks are more accurately detected in second experiment than the first one. The first experiment excels in detecting Probe and Denial of service attacks. However, both experiment tend to have a high detection rate for normal data, exceeding 97%.

Objectives: The objective of this paper is to design and implement IDS framework using machine leanring techniques for cloud platform.

Methods:To evaluate the performance and functionality of the proposed IDS, we have carried out two independent experiments on a cloud platform using the KDD CUP 1999 intrusion dataset. This dataset includes 19.69% normal data, 2% of various attack types such as R2L, U2R, and PROBE and 79.23% DOS attacks. In these experiments, we have utilized 98,804 instances for testing and 395,216 instances for training the models.Labeled clusters of each cloud user – VMs are combined in experment 1. All clusters of a cloud users are combined in experiment 2.

Results: The first scenario performs better at detecting DoS and probe attacks, while the second scenario is more effective at identifying low-frequency attacks. In both scenarios, over 97% of normal data is detected. Additionally, the proposed solution improves the detection rate of DoS and regular attacks by 0.1%. 

ConclusionsThe model is implemented in two stages. In the first stage, a clustering technique is used to reduce reaction time and data volume. This stage helps distinguish between different types of attacks and identify multiclass attacks. The supervised learning approach benefits from reduced training time by utilizing clusters generated from the dataset. Cloud providers and consumers participating in the proposed IDS reduce the risk of a single point of failure. In the event of a virtual machine failure, the IDS remote controller can still detect the intrusion. The applicability of the proposed IDS framework has been verified using the KDD CUP 1999 dataset.