Evaluating the Effectiveness of Machine Learning-Based Intrusion Detection in Multi-Cloud Environments
Hussein Jawad Kadhim AL Masoodi
Faculty of Computer Engineering, Department of Software Engineering, Islamic Azad university, Isfahan Branch (Khorasgan), Iran.
DOI: https://doi.org/10.58496/BJIoT/2024/012
Keywords: Intrusion Detection System, Machine Learning, Convolutional Neural Network, Multi-Cloud Environment, Network Security, UNSW-NB15 Dataset, Cybersecurity, Deep Learning
Abstract
In the dynamic landscape of cloud computing, multi-cloud environments have emerged as the prevalent ones due to offering a host of advantages including redundancy, flexibility, and increased security. These multi-cloud environments can, however, be vulnerable to stealthy cyber-attacks, thereby making it a challenging job to find efficient intrusion detection systems (IDS).
The efficiency of the Machine Learning-based Intrusion Detection System in multi-cloud environments has been evaluated using a 1-D Convolutional Neural Network to classify network traffic based on the UNSW-NB15 dataset. The dataset included a wide variety of network features, and it was decided that it could be used directly after converting the categorical variables into their numerical forms and scaling them with MinMaxScaler.
This was used for training and testing the 1D-CNN model, which had attained an accuracy of 84.02% during training and 82.79% on validation. Further, the performance of the model is elicited with metrics that include precision at 80.91%, recall at 82.79%, and an F1-score at 81.28%, showing its capability in identifying network intrusions effectively.
The small difference between the accuracy of training and validation shows that overfitting was minimal; thus, the model will generalize well when applied to unseen data. This research underlines the possibility of using deep learning techniques, and particularly CNNs, for intrusion detection in complex multi-cloud infrastructures. Probably future work would be optimizing the model through hyperparameter tuning, using additional sources of data, and even exploring much more sophisticated architectures that will further improve the accuracy of intrusion detection.