الفهرس | Only 14 pages are availabe for public view |
Abstract Moving company applications and data to cloud platforms is becoming increasingly popular. However, due to their distributed and decentralized nature, cloud computing environments are vulnerable to hackers looking for potential security holes to exploit. Effective intrusion detection systems (IDS) are required to protect big data. Signaturebased IDS solutions are challenged by the increase in zero-day attacks as they can only detect known threats. Anomaly-based techniques can detect novel attacks, but suffer from high false positive rates. In addition, hybrid systems that combine signature and anomaly-based methods face challenges such as configuration complexity, increased costs and a higher risk of false positives. The core problem of this thesis is to accurately detect novel zero-day attacks on cloud computing systems while minimizing false positives. In this thesis, a recursive feature elimination based on partitioning (PRFE) algorithm was proposed to select optimal features from the Information Security and Object Technology Cloud Intrusion Dataset (ISOT-CID). This reduces the complexity of the feature space and training times for the machine learning (ML) model while improving the accuracy of malicious attack detection. The proposed Adaptive Multi-Phase-based IDS (AMPIDS) framework, developed with tools such as Snort, Jupyter Notebook and CloudSim, aims to detect known and zero-day attacks with high accuracy and few false positives. It combines supervised and unsupervised machine learning techniques and uses an adaptive threshold based on actual network behavior to detect anomalies. Keywords: - Intrusion Detection System; Cloud Computing; Big Data; Machine Learning; Feature selection; Snort; ISOT-CID dataset |