Research Area:  Machine Learning
Intrusion Detection System (IDS) is a vital security solution for cloud network in providing defense against cyber attacks. However, existing IDSs suffer from various limitations that include the inability to adapt to changing attack patterns, identify novel attacks, requirements of significant computational resources, and absence of balance between accuracy and false-positive rates (FPR). These shortcomings in current IDSs reduce their effectiveness for deploying in cloud-based application systems. Moreover, most of the cloud IDS researches use conventional network benchmark datasets like NSL-KDD for evaluation, which do not provide the actual picture of their performance in real-world cloud systems. To address these challenges, we propose a Double Deep Q-Network (DDQN) and prioritized experience replay based adaptive IDS model built for accurate detection of new and complex attacks in cloud platforms. We evaluated our proposed model using a practical cloud-specific intrusion dataset, namely, ISOT-CID and a conventional network-based benchmark dataset (NSL-KDD). The experimental results show better performance than state-of-the-art IDSs along with novel attack detection capabilities. Further, We have used flow-based analysis in our model to ensure low computing resource requirements. Besides, we evaluated the robustness of our model against a black-box adversarial attack resembling a real-life scenario and observed a marginal decrease in the performance. Finally, we demonstrated our model-s usability in a practical use case with frequent changes in the attack pattern.
Author(s) Name:  Kamalakanta Sethi,Rahul Kumar, Dinesh Mohanty, Padmalochan Bera
Conferrence name:  Security, Privacy, and Applied Cryptography Engineering
Publisher name:  Springer
Paper Link:   https://link.springer.com/chapter/10.1007/978-3-030-66626-2_4