Machine Learning for Anomaly Detection and Categorization in Multi-cloud Environments
This work addresses the need for specific attack categorization in intrusion detection systems for multi-cloud environments, though it is incremental as it applies existing methods to a new context.
The paper tackles the problem of detecting and categorizing network attacks in multi-cloud environments, achieving over 99% detection accuracy and 93.6% categorization accuracy using linear regression and random forest.
Recently, advances in machine learning techniques have attracted the attention of the research community to build intrusion detection systems (IDS) that can detect anomalies in the network traffic. Most of the research works, however, do not differentiate among different types of attacks. This is, in fact, necessary for appropriate countermeasures and defense against attacks. In this paper, we investigate both detecting and categorizing anomalies rather than just detecting, which is a common trend in the contemporary research works. We have used a popular publicly available dataset to build and test learning models for both detection and categorization of different attacks. To be precise, we have used two supervised machine learning techniques, namely linear regression (LR) and random forest (RF). We show that even if detection is perfect, categorization can be less accurate due to similarities between attacks. Our results demonstrate more than 99% detection accuracy and categorization accuracy of 93.6%, with the inability to categorize some attacks. Further, we argue that such categorization can be applied to multi-cloud environments using the same machine learning techniques.