Search In this Thesis
   Search In this Thesis  
العنوان
Adaptive Secure Intrusion Detection
Framework for Big Data in Cloud
Environment
المؤلف
Hesham Mohamed Mostafa El Masry
هيئة الاعداد
باحث / هشام محمد مصطفى المصرى
مشرف / حاتم محمد عبد القادر
مشرف / أيمن السيد خضر
الموضوع
Information Systems
تاريخ النشر
2024
عدد الصفحات
137P.
اللغة
الإنجليزية
الدرجة
الدكتوراه
التخصص
Information Systems
تاريخ الإجازة
21/2/2024
مكان الإجازة
جامعة المنوفية - كلية الحاسبات والمعلومات - نظم المعلومات
الفهرس
Only 14 pages are availabe for public view

from 152

from 152

Abstract

Moving company applications and data to cloud platforms is becoming increasingly
popular. However, due to their distributed and decentralized nature, cloud computing
environments are vulnerable to hackers looking for potential security holes to exploit.
Effective intrusion detection systems (IDS) are required to protect big data. Signaturebased IDS solutions are challenged by the increase in zero-day attacks as they can only
detect known threats. Anomaly-based techniques can detect novel attacks, but suffer
from high false positive rates. In addition, hybrid systems that combine signature and
anomaly-based methods face challenges such as configuration complexity, increased
costs and a higher risk of false positives.
The core problem of this thesis is to accurately detect novel zero-day attacks on cloud
computing systems while minimizing false positives. In this thesis, a recursive feature
elimination based on partitioning (PRFE) algorithm was proposed to select optimal
features from the Information Security and Object Technology Cloud Intrusion Dataset
(ISOT-CID). This reduces the complexity of the feature space and training times for the
machine learning (ML) model while improving the accuracy of malicious attack
detection.
The proposed Adaptive Multi-Phase-based IDS (AMPIDS) framework, developed
with tools such as Snort, Jupyter Notebook and CloudSim, aims to detect known and
zero-day attacks with high accuracy and few false positives. It combines supervised and
unsupervised machine learning techniques and uses an adaptive threshold based on
actual network behavior to detect anomalies.
Keywords: - Intrusion Detection System; Cloud Computing; Big Data; Machine
Learning; Feature selection; Snort; ISOT-CID dataset