A distributed intrusion detection scheme for cloud computing

Abstract

Intrusion detection systems (IDS) is an important security measure used to secure cloud resources, however, IDS often suffer from poor detection accuracy due to coordinated attacks such as a DDoS. Various research on distributed IDSs have been proposed to detect DDoS however, the limitations of these works the lack of technique to determine an appropriate period to share attack information among nodes in the distributed IDS. Therefore, this article proposes a distributed IDS that uses a binary segmentation change point detection algorithm to address the appropriate period to send attack information to nodes in distributed IDS and using parallel Stochastic Gradient Descent with Support Vector Machine (SGD-SVM) to achieve the distributed detection. The result of the proposed scheme was implemented in Apache Spark using NSL-KDD benchmark intrusion detection dataset. Experimental results show that the proposed distributed intrusion detection scheme outperforms existing distributed IDS for cloud computing.