A classifier mechanism for host based intrusion detection and prevention system in cloud computing environment
Distributed denial-of-service (DDoS) attacks are incidents in a cloud computing environment that cause major performance disturbances. Intrusion-detection and prevention system (IDPS) are tools to protect against such incidents, and the correct placement of ID/IP systems on networks is of great impo...
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2018
|
| Subjects: | |
| Online Access: | http://umpir.ump.edu.my/id/eprint/31127/ http://umpir.ump.edu.my/id/eprint/31127/1/A%20classifier%20mechanism%20for%20host%20based%20intrusion%20detection%20and%20prevention%20system%20in%20cloud%20computing%20environment.wm.pdf |
| _version_ | 1848823691078533120 |
|---|---|
| author | Al-Zarqawee, Aws Naser |
| author_facet | Al-Zarqawee, Aws Naser |
| author_sort | Al-Zarqawee, Aws Naser |
| building | UMP Institutional Repository |
| collection | Online Access |
| description | Distributed denial-of-service (DDoS) attacks are incidents in a cloud computing environment that cause major performance disturbances. Intrusion-detection and prevention system (IDPS) are tools to protect against such incidents, and the correct placement of ID/IP systems on networks is of great importance for optimal monitoring and for achieving maximum effectiveness in protecting a system. Even with such systems in place, however, the security level of general cloud computing must be enhanced. More potent attacks attempt to take control of the cloud environment itself; such attacks include malicious virtual-machine (VM) hyperjacking as well as traditional network-security threats such as traffic snooping (which intercepts network traffic), address spoofing and the forging of VMs or IP addresses. It is difficult to manage a host-based IDPS (H-IDPS) because information must be configured and managed for every host, so it is vital to ensure that security analysts fully understand the network and its context in order to distinguish between false positives and real problems. For this, it is necessary to know the current most important classifiers in machine learning, as these offer feasible protection against false-positive alarms in DDoS attacks. In order to design a more efficient classifier, it is necessary to develop a system for evaluating the classifier. In this thesis, a new mechanism for an H-IDPS classifier in a cloud environment has desigend. The mechanism’s design is based on the hybrid Antlion Optimization Algorithm (ALO) with Multilayer Perceptron (MLP) to protect against DDoS attacks. To implement the proposed mechanism, we demonstrate the strength of the classifier using a dimensionally reduced dataset using NSL-KDD. Furthermore, we focus on a detailed study of the NSL-KDD dataset that contains only selected records. This selected dataset provides a good analysis of various machine-learning techniques for H-IDPS. The evaluation process H-IDPS system shows the increases of intrusion detection accuracy and decreases the false positive alarms when compared to other related works. This is epitomized by the skilful use of the confusion matrix technique for organizing classifiers, visualizing their performance, and assessing their overall behaviour. |
| first_indexed | 2025-11-15T03:01:09Z |
| format | Thesis |
| id | ump-31127 |
| institution | Universiti Malaysia Pahang |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T03:01:09Z |
| publishDate | 2018 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | ump-311272023-01-17T06:56:12Z http://umpir.ump.edu.my/id/eprint/31127/ A classifier mechanism for host based intrusion detection and prevention system in cloud computing environment Al-Zarqawee, Aws Naser QA75 Electronic computers. Computer science Distributed denial-of-service (DDoS) attacks are incidents in a cloud computing environment that cause major performance disturbances. Intrusion-detection and prevention system (IDPS) are tools to protect against such incidents, and the correct placement of ID/IP systems on networks is of great importance for optimal monitoring and for achieving maximum effectiveness in protecting a system. Even with such systems in place, however, the security level of general cloud computing must be enhanced. More potent attacks attempt to take control of the cloud environment itself; such attacks include malicious virtual-machine (VM) hyperjacking as well as traditional network-security threats such as traffic snooping (which intercepts network traffic), address spoofing and the forging of VMs or IP addresses. It is difficult to manage a host-based IDPS (H-IDPS) because information must be configured and managed for every host, so it is vital to ensure that security analysts fully understand the network and its context in order to distinguish between false positives and real problems. For this, it is necessary to know the current most important classifiers in machine learning, as these offer feasible protection against false-positive alarms in DDoS attacks. In order to design a more efficient classifier, it is necessary to develop a system for evaluating the classifier. In this thesis, a new mechanism for an H-IDPS classifier in a cloud environment has desigend. The mechanism’s design is based on the hybrid Antlion Optimization Algorithm (ALO) with Multilayer Perceptron (MLP) to protect against DDoS attacks. To implement the proposed mechanism, we demonstrate the strength of the classifier using a dimensionally reduced dataset using NSL-KDD. Furthermore, we focus on a detailed study of the NSL-KDD dataset that contains only selected records. This selected dataset provides a good analysis of various machine-learning techniques for H-IDPS. The evaluation process H-IDPS system shows the increases of intrusion detection accuracy and decreases the false positive alarms when compared to other related works. This is epitomized by the skilful use of the confusion matrix technique for organizing classifiers, visualizing their performance, and assessing their overall behaviour. 2018-09 Thesis NonPeerReviewed pdf en http://umpir.ump.edu.my/id/eprint/31127/1/A%20classifier%20mechanism%20for%20host%20based%20intrusion%20detection%20and%20prevention%20system%20in%20cloud%20computing%20environment.wm.pdf Al-Zarqawee, Aws Naser (2018) A classifier mechanism for host based intrusion detection and prevention system in cloud computing environment. PhD thesis, Universiti Malaysia Pahang (Contributors, Thesis advisor: Mohamad Fadli, Zolkipli). |
| spellingShingle | QA75 Electronic computers. Computer science Al-Zarqawee, Aws Naser A classifier mechanism for host based intrusion detection and prevention system in cloud computing environment |
| title | A classifier mechanism for host based intrusion detection and prevention system in cloud computing environment |
| title_full | A classifier mechanism for host based intrusion detection and prevention system in cloud computing environment |
| title_fullStr | A classifier mechanism for host based intrusion detection and prevention system in cloud computing environment |
| title_full_unstemmed | A classifier mechanism for host based intrusion detection and prevention system in cloud computing environment |
| title_short | A classifier mechanism for host based intrusion detection and prevention system in cloud computing environment |
| title_sort | classifier mechanism for host based intrusion detection and prevention system in cloud computing environment |
| topic | QA75 Electronic computers. Computer science |
| url | http://umpir.ump.edu.my/id/eprint/31127/ http://umpir.ump.edu.my/id/eprint/31127/1/A%20classifier%20mechanism%20for%20host%20based%20intrusion%20detection%20and%20prevention%20system%20in%20cloud%20computing%20environment.wm.pdf |