Dr. Sharvari Chandrashekhar Tamane, Professor and HoD, Information Technology, MGM University, Aurangabad has published a patent on “Deep Learning Based Intrusion Prediction Model“ on 29th January 2021 in the Indian Patent Advanced Search System, Government of India, along with Ms. Manisha Bharati, AP, Department of Computer Engineering, Indira College of Engineering & Management, Pune.
- Introduction:
Cloud computing sites are a major obligation for interviewees who are interested in assessing the vulnerability of their services and as a result have misused many resources. The growing number of attacks and vulnerability tactics requires preventive measures by program managers.
Predicting the user's intentions when using the app can improve the services provided to users by adjusting the app's resources to their needs. In this context, the need for a more efficient and faster security system is gaining importance. These measures are further compounded by the increase in data heterogeneity and the increasing severity of the attack. In addition, less response time from human resources and the greater amount of information and information generated, makes the decision-making process more difficult. In response, there is an increase in the use of Intrusion Detection Systems (IDS), as a means of identifying attack patterns, aggressive actions and unauthorized access to the environment.
- Proposed Attack Detection Architecture
There are two main stages in the construction of the attack detection, as shown in Figure 1. The first phase is the “Model Builder” to perform (i) data collection, (ii) data classification, (iii) model training, and (iv) feature selection. In "Data Collector," it is necessary to collect malicious data and data from network attacks, such as in the IoT environment. The dataset distinguishes each type of attack and malicious data. Each category includes all data with the same category of attack and risk data the "Selection Feature" module, selects the most appropriate features for each type of attack category. This module is essential for achieving a heavy-duty acquisition program with high acquisition performance. The method of selecting an element based on the combination would be acceptable to select the appropriate element for each type of attack. After obtaining the most suitable feature sets, a trained model for each type of attack will be made with machine learning algorithms (ML) in the "Model Trainer" module. We have tried several ML algorithms, including naïve Bayes, neural input network (ANN), Convolution Neural Network (CNN) etc. As mentioned, filter-based selection methods are very similar to ML-based acquisition programs.

Figure 1. The block diagram of the proposed attack detection prediction architecture
- Research Problem:
As the network user grows, network attacks become more and more common, more difficult to access, traditional network technology to meet network security requirements, while network access (IDS) is a form of surveillance technology, it has become an important topic in the field of network security. Network access detection is a problem of isolation in pattern recognition, including mainly modules such as feature selection and partition selection and optimization, etc. Network data is very complex with high-density features, and the feature set contains some of the more obsolete and useless features, this will increase the training time model and complications of the computer, and have negative effects on the acquisition of entry. Therefore, before modeling detected network penetration, it is common to make a feature selection algorithm to select feature subsets in the acquisition results, and reduce the size of the features, current methods based on sequential search algorithms, key component analysis, genetic algorithm, particle particles optimization algorithm and other methods for selecting features. However, no approach has so far provided a satisfactory approach to the solution to malicious internal attacks. Therefore, this study will investigate appropriate strategies to reduce and overcome the problem of internal attacks / malicious intruders.
Research Hypothesis: we thought that one of the best ways to detect threats and reduce false positives could be provided by CNN-based IDS models within Cloud Computing over conventional methods.
The question in the study's study was "does the Deep Learning system improve the performance of Cloud Computing security compared to IDS only?"
- Objectives:
The purpose of this work is to create a distinction that can distinguish network flow as positive or negative. The problem is understood as a problem of classification and supervised learning using labels provided in the database that identifies network flow as positive or negative. Various methods of data classification will be explored for problem-solving as the binary separation problem distinguishes between each category of attacks assigned to the database.
- Methodology:
We used new virtual reality data set CSE-CIC-IDS2017. The test is performed on Google Collaboratory under python 3 using TensorFlow and Graphics Processing Unit (GPU) and 25GB RAM and 200 GB with extended Cloud Space. Details of the IDS method used in the test are shown in Fig. 2. Specifically, the method consists of four phases: (1) Database Phase, (2) Pre-processing Phase, (3) Training Phase and (4) Testing Phase.

Figure 2. Flowchart of the IDS methodology.
We have used some python libraries, such as Scikit-learn, Camera, and Tensorflow, to support program implementation. Scikit-learn: is a support tool to use many algorithms for machine learning efficiently. It also provides the task of dividing data sets into multiple subsets, including splitting training and testing sets. We used this library to separate selected databases from training and testing data. In addition, we have used this library to experiment with tree-based algorithms and the Naïve Bayes. Keras: is a high-level neural network Python-API, and capable of operating on dependencies, including TensorFlow. Built with a focus on enabling rapid testing. Works over Tensorflow. It can also support multilayer view. Tensorflow: an even more sophisticated library of calculations using data flow graphs. It is possible to train and use wide neural networks effectively. Made with Google, and is an open-source software for high performance numeracy. It can strongly support machine learning and in-depth learning in many other scientific fields. Various activation tasks such as sigmoid, Tanh, and ReLU were used to determine which option was best for the proposed system.
- Experimental Results
- CSE-CIC-IDS2017 Dataset
This database contains data taken from Monday, July 3,2017, to Friday, July 7, 2017. The CICIDS2017 database is being revised by Sharafaldin et al., using the attack include BruteForce SSH, DoS, Heartbleed, Web Attack, infiltration, Botnet and DDoS, and Brute Force FTP. The CICFlowMeter tool is used to extract 80 network flow features in generated network traffic. The CICFlowMeter tool is used to extract 80 network flow features in generated network traffic. In addition, the CICIDS2017 database yields an ambiguous character of 25 users based on specific protocols such as FTP, HTTPS. Analyzing the typical features of each model is taken as shown in Fig. 3 below. Analyzing the training time for each model taken Above we can see that XGBoost takes less training time followed by ExtraTree and Decision Tree and Adaboost takes longer compared to training model.
Traffic Type |
Samples |
Benign |
5,177,646 |
Bruteforce-SSH |
187,589 |
Bruteforce-FTP |
193,354 |
Slow Loris-DOS |
10,990 |
Goldeneye-DOS |
41,508 |
Hulk-DOS |
461,912 |
SlowHTTPTest-DOS |
139,890 |
Web-Bruteforce |
611 |
XSS-Bruteforce |
230 |
SQL-Injection |
87 |
Infiltration |
92,403 |
Bot-Attack |
286,191 |
Attack Samples in Total |
1,414,765 |
Figure 3: Amount of Traffic Data Samples for Each Type in Datasets
Accuracy Analysis for each model and as shown in the graph Random Forest and ExtraTree are the most accurate models as they offer 98 Percent accuracy and Decision Tree provides 92 Percent accuracy, AdaBoost gives 80 Percent accuracy and XGBoost shows 62 percent accuracy.
The CSE-CIC2017 dataset used to train the model is extensive, including up-to-date network-level traffic attack scenarios, including imbalanced classes. The advantages of the ensemble methods used are resilient to outliers, feature scaling and missing values, particularly when highlighted. It can be seen from the experiment that the ensemble methods outperform conventional methods on this type of complex dataset, and Random Forest is the best accuracy classifier and feature selection for data set size reduction. Since training time for Extratrees is less and highest Accuracy we can conclude that Extratrees is the Fastest and accurate model.
- Design of CNN Model
CNN is the most advanced learning algorithm used for image training. To upgrade the CNN-based intervention model, converting the CIC-2018 database into images is required. We convert each labelled data into 13x6 image size because each data contains 78 elements without the ‘Label’ feature. 'Label' is used for image classification. The CNN model has convolutional layers, max-pooling layers, and a fully connected layer. We can find the perfect CNN model by editing those layers and model parameters such as kernel size, character number, and number of school leavers. Figure 4 shows our CNN model for CIC-2018. Table 1. Shows CNN model and parameters. We apply three layers of convolutional and two layers of maxpooling after each convolutional layer. Although the max pooling layer is not mandatory for the CNN model, we use the layer because there is very little chance of losing important features in large compounds as the converted images contain only numerical data rather than hidden signatures. In addition, we use 'value' as a function to activate each decision base. To reduce overcrowding, dropping is applied after each step of the top joint. Finally, a fully bonded layer is still distributed after the final layer of bonding. For CSE-CIC-IDS2017 dataset We had used Monday as the training is set with other csv files as test setup, Here Monday’s data contains only Benign data and other days contain Benign and Attack data.
|
Convolution Layer-1 |
Pooling Layer-1 |
Convolution Layer-2 |
Pooling Layer-2 |
Fully Connected Layer |
No. of Kernels |
16 |
- |
32 |
- |
- |
Kernel Size |
3*3 |
- |
3*3 |
- |
- |
Pooling Size |
- |
2*2 |
- |
2*2 |
- |
Dropout |
- |
0.7 |
- |
0.7 |
0.5 |
Figure 4. An Intrusion Detection Model based on a Convolutional Neural Network
Table 1. Training parameters CNN Model.
Parameters |
Value |
Optimizer |
Adam (0.001) |
Size of batch |
1000 |
Number of epochs |
10 |
Droprate |
0.5 |
Filtersize |
3 |
Num. of Classes |
2 |
Activation |
Relu |
Loss |
Binary Crossentropy |
Table 2. Accuracies Achieved by different models on dataset
Datasets |
Models |
Testing Accuracy |
CSE-CIC-IDS2017 |
Decision Trees |
92.62% |
XGBoost |
62.47% |
AdaBoost |
80.38% |
Extratrees |
98.43% |
Random Forest |
98.44% |
CNN |
99.9% |

Figure 5. Testing Accuracy Graph
Results As per the Table. 2 Clearly Highlights Convolution Neural Network one of the Deep Learning Approach Outperformed the traditional Machine learning Approaches when applied on dataset CSE-CIC-IDS-2017.
Conclusion:
We have noticed that the model created using the Deep Neural Network uses AutoEncoder layers as hidden layers show better results compared to the results from the model created using a using machine learning techniques. So, our acquired discovery structure can detect known attacks and their variations, too, and the system is often extended to detect new types of future attacks. In addition, the system has acquired a lightweight environment and therefore the best accuracy of using the feature selection method. Hybrid separation can also be very helpful in achieving easy accuracy with quick detection. IPS and IDS meet important business needs in terms of security. it is the basis of technology that tracks, monitors traffic across the network, identifies suspected traffic congestion, blocks and takes necessary action by notifying the supervisor. If an organization wants to send information privately then it is best to use IPS /IDS. Looking at current scenario of Data increase we suggest Deep Learning Approach like Convolution Neural Network Classifier to Protect the Cloud Network from Intrusions.