Deep Generative Learning Models for Cloud Intrusion Detection Systems

Intrusion detection (ID) on the cloud environment has received paramount interest over the last few years. Among the latest approaches, machine learning-based ID methods allow us to discover unknown attacks. However, due to the lack of malicious samples and the rapid evolution of diverse attacks, constructing a cloud ID system (IDS) that is robust to a wide range of unknown attacks remains challenging. In this article, we propose a novel solution to enable robust cloud IDSs using deep neural networks. Specifically, we develop two deep generative models to synthesize malicious samples on the cloud systems. The first model, conditional denoising adversarial autoencoder (CDAAE), is used to generate specific types of malicious samples. The second model (CDAEE-KNN) is a hybrid of CDAAE and the K-nearest neighbor algorithm to generate malicious borderline samples that further improve the accuracy of a cloud IDS. The synthesized samples are merged with the original samples to form the augmented datasets. Three machine learning algorithms are trained on the augmented datasets and their effectiveness is analyzed. The experiments conducted on four popular IDS datasets show that our proposed techniques significantly improve the accuracy of the cloud IDSs compared with the baseline technique and the state-of-the-art approaches. Moreover, our models also enhance the accuracy of machine learning algorithms in detecting some currently challenging distributed denial of service (DDoS) attacks, including low-rate DDoS attacks and application layer DDoS attacks.

Automated summary

This article proposes a novel solution to enable robust cloud IDSs using deep neural networks. By developing two deep generative models to synthesize malicious samples on the cloud systems, the accuracy of cloud IDSs is significantly improved. The experiments also show that this method enhances the accuracy of detecting DDoS attacks.