Abstract
The expansion of the cloud computing market has provided a breakthrough in efficiently storing and managing data for individuals and companies. As personal and corporate data move to the cloud, diverse attacks targeting the cloud have also increased for heist beneficial information. Therefore, cloud service providers offer protective environments through diverse security solutions. However, security solutions are limited in preventing advanced attacks because it is challenging to reflect the environment of each user. This paper proposes a Cloud Intrusion Detection System (C-IDS) that adapts to each user’s cloud environment and performs real-time attack detection using Natural Language Processing (NLP). Notably, the C-IDS learns the deployed client environment logs and detects anomalies using the Seq2Seq model with BI-LSTM and Bahdanau attention. We used multiple domain datasets, Linux, Windows, Hadoop, OpenStack, Apache, OpenSSH, and CICIDS2018 to verify the performance of the C-IDS. C-IDS consists of a ‘recognition’ that identifies logs in the deployed environment and a ‘detection’ that discovers anomalies. The recognition results showed an average accuracy of 98.2% for multiple domain datasets. Moreover, the detection results based on the trained model exhibited an average accuracy of 94.2% for the Hadoop, OpenStack, Apache, and CICIDS2018 datasets.
| Original language | English |
|---|---|
| Article number | 143 |
| Journal | Journal of Cloud Computing |
| Volume | 13 |
| Issue number | 1 |
| DOIs | |
| Publication status | Published - 2024 Dec |
Bibliographical note
Publisher Copyright:© The Author(s) 2024.
Keywords
- Anomaly detection
- CICIDS-2018 dataset
- Cloud computing
- Cyber security
- Intrusion detection system
- Natural language processing
- System log analysis
ASJC Scopus subject areas
- Software
- Computer Networks and Communications