An Efficient Network IDS for Cloud Environments Based on a Combination of Deep Learning and an Optimized Self-adaptive Heuristic Search Algorithm

  • Zouhair ChibaEmail author
  • Noreddine Abghour
  • Khalid Moussaid
  • Amina El Omri
  • Mohamed Rida
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11704)


Nowadays, Cloud Computing (CC) is one of the fastest emerging core technologies in the current information era. It is leading a new revolution on the ways of data storage and calculation. CC remains gaining traction among organizations thanks to its appealing features like pay-per-use model for billing customers, elasticity, ubiquity, scalability and availability of resources for businesses. Hence, many organizations are moving their workloads or processes to cloud due to its inherent advantages. Nevertheless, several security issues arise with the transition to this computing paradigm including intrusion detection. Attackers and intruders developed new sophisticated tools defeating traditional Intrusion Detection Systems (IDS) by huge amount of network traffic data and dynamic behaviors. The existing Cloud IDSs suffer from low detection accuracy and high false positive rate. To overcome this issue, we propose a smart approach using a self-adaptive heuristic search algorithm called “Improved Self-Adaptive Genetic Algorithm” (ISAGA) to build automatically a Deep Neural Network (DNN) based Anomaly Network Intrusion Detection System (ANIDS). ISAGA is a variant of standard Genetic Algorithm (GA), which is developed based on GA improved through an Adaptive Mutation Algorithm (AMA) and optimization strategies. The optimization strategies carried out are Parallel Processing and Fitness Value Hashing that reduce execution time, convergence time and save processing power. Our approach consists of using ISAGA with the goal of searching the optimal or near optimal combination of most relevant values of the parameters included in construction of DNN based IDS or impacting its performance, like feature selection, data normalization, architecture of DNN, activation function, learning rate and Momentum term, which ensure high detection rate, high accuracy and low false alarm rate. CloudSim 4.0 simulator platform and CICIDS2017 dataset were used for simulation and validation of the proposed system. The implementation results obtained have demonstrated the ability of our ANIDS to detect intrusions with high detection accuracy and low false alarm rate, and have indicated its superiority in comparison with state-of-the-art methods.


Cloud computing Anomaly detection Network intrusion detection system Deep Neural Network Optimization Genetic algorithm Adaptive Mutation Algorithm Heuristic search algorithm Parallel processing Fitness value hashing CICIDS2017 dataset 


  1. 1.
    Verizon, State of the Market: Enterprise Cloud. Accessed 17 Feb 2019
  2. 2.
    Hogan, M., Sokol, A.: NIST cloud computing standards roadmap. Version 2. NIST Cloud Computing Standards Roadmap Working Group. NIST Special Publications 500-291, NIST, Gaithersburg, MD, pp. 1–113 (2013)Google Scholar
  3. 3.
    Kumar, P.R., Raj, P.H., Jelciana, P.: Exploring data security issues and solutions in cloud computing. Procedia Comput. Sci. 125, 691–697 (2018)CrossRefGoogle Scholar
  4. 4.
    Wang, W., Ren, L., Chen, L., Ding, Y.: Intrusion detection and security calculation in industrial cloud storage based on an improved dynamic immune algorithm. Inf. Sci. 501, 543–557 (2018)CrossRefGoogle Scholar
  5. 5.
    Idhammad, M., Afdel, K., Belouch, M.: Distributed intrusion detection system for cloud environments based on data mining techniques. Procedia Comput. Sci. 127(C), 35–41 (2018)CrossRefGoogle Scholar
  6. 6.
    Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems, pp. 1097–1105. Curran Associates, Inc., Lake Tahoe (2012)Google Scholar
  7. 7.
    Jacobson, L., Kanbe, B.: Genetic Algorithms in Java Basics, pp. 143–144. Apress, New York (2015)CrossRefGoogle Scholar
  8. 8.
    Mehmood, Y., Shibli, M.A., Kanwal, A., Masood, R.: Distributed intrusion detection system using mobile agents in cloud computing environment. In: 2015 Conference on Information Assurance and Cyber Security (CIACS), pp. 1–8. IEEE (2015)Google Scholar
  9. 9.
    Mehibs, S.M., Hashim, S.H.: Proposed network intrusion detection system‎ in cloud environment based on back‎ propagation neural network. J. Univ. Babylon Pure Appl. Sci. 26(1), 29–40 (2018)CrossRefGoogle Scholar
  10. 10.
    Saljoughi, A.S., Mehrvarz, M., Mirvaziri, H.: Attacks and intrusion detection in cloud computing using neural networks and particle swarm optimization algorithms. Emerg. Sci. J. 1(4), 179–191 (2018)Google Scholar
  11. 11.
    Hajimirzaei, B., Navimipour, N.J.: Intrusion detection for cloud computing using neural networks and artificial bee colony optimization algorithm. ICT Expr. 5, 56–59 (2018)CrossRefGoogle Scholar
  12. 12.
    Ghosh, P., Jha, S., Dutta, R., Phadikar, S.: Intrusion detection system based on BCS-GA in cloud environment. In: Shetty, N.R., Patnaik, L.M., Prasad, N.H., Nalini, N. (eds.) ERCICA 2016, pp. 393–403. Springer, Singapore (2018). Scholar
  13. 13.
    Chiba, Z., Abghour, N., Moussaid, K., El Omri, A., Rida, M.: A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection. Comput. Secur. 75, 36–58 (2018)CrossRefGoogle Scholar
  14. 14.
    Tama, B.A., Rhee, K.: Attack classification analysis of IoT network via deep learning approach. Res. Briefs Inf. Commun. Technol. Evol. (ReBICTE) 3, 1–9 (2017)Google Scholar
  15. 15.
    Ahmim, A., Maglaras, L., Ferrag, M.A., Derdour, M., Janicke, H.: A novel hierarchical intrusion detection system based on decision tree and rules-based models. arXiv preprint arXiv:1812.09059 (2018)
  16. 16.
    Musbau, D.A, Alhassan, J.K.: Ensemble learning approach for the enhancement of performance of intrusion detection system. In: International Conference on Information and Communication Technology and its Applications (ICTA 2018), pp. 1–8. CEUR-WS, Minna (2018)Google Scholar
  17. 17.
    The NSL-KDD data set. Accessed 17 Feb 2019
  18. 18.
    Gharib, A., Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: An evaluation framework for intrusion detection dataset. In: 2016 International Conference on Information Science and Security (ICISS), pp. 1–6. IEEE, Pattaya (2016)Google Scholar
  19. 19.
    Sharma, P., Sengupta, J., Suri, P.K.: WLI-FCM and artificial neural network based cloud intrusion detection system. Int. J. Adv. Network. Appl. 10(1), 3698–3703 (2018)Google Scholar
  20. 20.
    Aslahi-Shahri, B.M., et al.: A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput. Appl. 27(6), 1669–1676 (2016)CrossRefGoogle Scholar
  21. 21.
    Hamamoto, A.H., Carvalho, L.F., Sampaio, L.D.H., Abrão, T., Proença Jr., M.L.: Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Syst. Appl. 92, 390–402 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Zouhair Chiba
    • 1
    Email author
  • Noreddine Abghour
    • 1
  • Khalid Moussaid
    • 1
  • Amina El Omri
    • 1
  • Mohamed Rida
    • 1
  1. 1.LIMSAD Labs, Faculty of Sciences Ain ChockHassan II University of CasablancaCasablancaMorocco

Personalised recommendations