Migration Letters

Volume: 20, No: S13(2023), pp. 511-519

ISSN: 1741-8984 (Print) ISSN: 1741-8992 (Online)
www.migrationletters.com

A Machine Learning based CIDS Model for Intrusion Detection to

Ensure Security within Cloud Network
Santosh Kumar Maurya1, Dr. Suraj Malik2, Dr. Neeraj Kumar3* and Dr. Hare Ram Singh4

Abstract
Cloud computing has evolved rapidly in recent years, and security concerns have gained
prominence. Cloud computing offers the incredible capacity to provide inexpensive, easy-
to-manage, flexible, adaptive, and powerful assets on the move via the Internet. Through
effective and shared utilization, cloud computing maximizes the potential of hardware
resources. Many issues in cloud computing raise are concerned regarding data and service
availability. Numerous security services are needed to enhance cloud security for both
users and service providers. One of the most essential research to establish security within
cloud to avoid load imbalance situation through robust Cloud Intrusion Detection Systems
(CIDS). Denial of service, scanning, malware code injection, virus, worm, and password
cracking is prevalent cloud security issues. These attacks might jeopardize the company's
reputation and inflict financial damage if not identified in time. Protecting the cloud from
these kinds of threats, early detection and true prediction of such threats is the key goal of
our proposal through this paper. It has been observed from earlier research proposals that
dimensionality reduction is applied in conjunction with Data Mining (DM) and ML
approaches found more perfomant in order to create such a robust model to ensure cloud
network, authors suggested an CIDS by selecting appropriate features utilizing pertinent
feature reduction approaches, then feeding this subset of data through the ML tool.
The simulation of the suggested model through ‘Python’ using ‘Scikit-Learn’ tool. Outcome
of simulation experimental has been measured using various performance evaluation
metric such as Precision, Recall, F-Score, Detection Ratio, RoC-curve etc. using
KDDcup99 dataset as a benchmark. Simulation results from our suggested methodology
were found more effective and comparable to several other existing methodologies.
It has observed that ML based proposed model found capable enough to protect the cloud-
based information by uncovering suspicious user behaviour interns as an outcome, secure
cloud network against the threat and also found more performant in true prediction and
early intrusion detection resultant reduction of computational cost.

Keywords: Cloud Computing, Intrusion Detection, Machine Learning, Cloud Security.

Introduction
The term “cloud” or, particularly, “cloud computing” refers to the act of accessing
resources, software, and databases via the Internet and outside of the constraints of local
hardware. This technology allows organizations to scale their operations more easily by
outsourcing a piece, or the majority, of infrastructure administration to third-party hosting
providers. The greatest challenge with cloud services is security and privacy. The primary

1
Department of Computer Science and Engineering, IIMT University, Meerut, India. santoshcse200@gmail.com
2
Department of Computer Science and Engineering, IIMT University, Meerut, India. surajmalik@iimtindia.net
3*
Department of Science Technology & Technical Education, Patna, India. javaneeraj@gmail.com
4
Department of Computer Science and Engineering, G.N.I.O.T, Greater Noida, U. P. India. hrsingh2000.2000@gmail.com
512 A Machine Learning based CIDS Model for Intrusion Detection to Ensure Security within
Cloud Network

focus of this work is on security, specifically attack detection in the cloud. Cloud security
is a set of procedures and technologies that are meant to address both external and internal
threats to enterprise security. As they implement their digital transformation strategy and
include cloud-based tools & services into their infrastructure, businesses require cloud
security. In recent years, the terms digital transformation and cloud migration have become
commonplace in business settings. While both expressions can indicate different things to
different organizations, they all have one thing in common: the need for change. As
businesses adopt these concepts and work to optimize their operational approach, new
issues emerge in balancing efficiency and security. While more current technologies assist
organizations in expanding capabilities beyond the limits of on-premise infrastructure,
shifting to cloud-based environments can have many consequences if not done securely.
Several instances with cloud security have been documented, including Code Spaces, a
code hosting service, which was attacked by a DDoS attack in 2014, forcing it to go down
permanently [1]. In 2017, a DDoS attack launched on a cloud-based corporation called
Cedexis knocked off numerous famous French news websites. In 2013, Yahoo suffered a
data breach that affected around 3 billion of its user accounts. In 2017, the cloud-based
start-up One Login was hacked. A hacker gained access to AWS keys, which he exploited
to access AWS API from one intermediary host to another [1].
In February 2018, GitHub.com faced a DDoS incident that rendered it offline for a few
minutes. Furthermore, according to NVD, the number of network vulnerabilities grows
each year, increasing the security dangers in cloud computing. In order to address the
aforementioned problems, cloud security provides a number of advantages, such as
protection from attacks, data security, improved accessibility, reliability enhancement,
improved scalability, and compliance with laws and regulations [2]. Protecting businesses
against hackers and distributed denial of service (DDoS) R2L, U2R, and probe assaults is
one of the main goals of cloud security [3].
In addition to solving security concerns, it offers live monitoring and help, which increases
availability in addition to safeguarding sensitive data by taking safeguards like encryption
to prevent information from getting into the wrong hands. Redundancy is included in a
sensible cloud security strategy, resulting in a more dependable experience. Secure cloud
architecture enables quicker disaster recovery of the most important resources and data in
the event of an attack. Making sure a complicated cloud infrastructure complies with
industry regulatory standards can be challenging. By offering security and assistance, cloud
service provider’s aid in ensuring compliance [2]. Machine Learning (ML) technologies
are used to ensure network security in order to overcome some of these issues. This
technology also offers significant benefits in terms of early and precise prediction with
acceptable attack detection accuracy.
An effort to gain unauthorized access to a company’s network in order to steal data or carry
out other illegal activities is referred to as a “Network Attack”. The fundamental objective
of an assault on a business network is to breach the perimeter and get access to inside
systems. Once inside, attackers usually combine various attack strategies, including
damaging an endpoint, spreading malware, or exploiting a network system weakness. Both
active and passive attacks can be divided into various kinds. When hackers attempt to alter
or interfere with the content of messages or information, they are considered to be
conducting active attacks. In a passive attack, an intrusive party gathers data packets as they
travel over the network. These threats have an effect on both the system's integrity and
availability. These attacks have an effect on the entire system, and data is changed as a
result. These network attacks have the potential to be catastrophic not just for one country
or organization, but for the entire world. Because of this, it is important to control them
early on, and machine learning has the ability to do so for certain kinds of attacks.
The document is organized as is indicated below. We have thoroughly evaluated all related
work in section 2. In section 3, we described the suggested security designs that make
 Santosh Kumar Maurya et al. 513

advantage of efficient cloud-based techniques. The results of the simulation are presented
and thoroughly discussed in Section 4 in conjunction with the experimental analysis. In our
research on cloud parallelization methodologies, the application of machine learning
algorithms for intrusion detection is highlighted. The conclusion and other
recommendations for the future study were covered in Section 5.
Analysis of Literature
In order to address the problem of intrusion detection in cloud computing environments,
numerous research initiatives have been proposed. The work on cloud intruder detection
services was contributed by Hamad, H. et al. (2012). By providing simple and user-friendly
online interfaces, this allows clients to select the protection settings they want to use. There
are some desired characteristics for the intrusion detection framework that must be met in
order for it to be compliant with the conventional SaaS service models. These consist of
giving consumers the option to subscribe or unsubscribe from the service, alter the
prerequisites for subscription, pay for the size and complexity of the subscription database,
and make the service simple to use. They use a straightforward snort to guard a single
network and achieve the maximum detection ratio for 50 networks. The requirements range
from requiring 200 to 1000 signatures. It was noted that as the number of rules increased,
the detection ratio decreased [4].
In 2021, Sachdeva, Shaweta, and Aleem Ali contributed their work employing machine
learning and digital forensics for threat classification in cloud network environments
Service attacks such as Internet Control Message Protocol Attack, Transmission Control
Protocol Sync Attack, and User Datagram Protocol Attack. They created a fusion (deep
learning-based digital forensics) algorithm that works effectively as a data classification
detective. A generic cloud-based digital forensic framework. Also proposed methods of
dead/live forensic collection and analysis within/outside of the ICMP Attack, TCP Sync
Attack, UDP Attack, and built a digital forensic triage for the examination and partial
analysis of in-cloud computing systems with a high accuracy of 99.36%. Obtained
Perception Multilayer Perceptron (MLP), Random Forest, and Naive Bayes all had 98.63%,
98.02 % and 96.91% overall accuracy respectively [5].
Later researchers noticed and recommended that ML approaches are gaining popularity in
security applications because to their quick processing capabilities and real-time
predictions. Cloud computing is a paradigm that offers many services over the internet with
high flexibility and at a low cost. As such, another suggestion employing ML techniques
Data Augmentation for Intrusion Detection and Classification in Cloud Networks proposed
by Zina Chkirbene et al. (2021) and they faced with key difficulty like smaller sample of
train-dataset. The application of these strategies is the available training data for each new
possible attack category. They presented an ML-based model for detection of intrusions
that focuses on ensuring improved learning of minority classes by utilizing the Generative
Adversarial Network (GAN) architecture. GAN generates highly informative "like real"
instances to be attached to the original data, improving class detection with limited training
data. Overall classification performance and detection accuracy for both the UNSW and
NSL-KDD datasets [6], especially for the rarely detected classes [7].
Another researcher Onyema, E. M (2022) suggested an ensemble intrusion technique built
on the Cyborg Intelligence (machine learning and biological intelligence) architecture to
improve security of IoT enabled networks used for network traffic in smart cities. They
used the KDDcup99 dataset to explore the utility of a number of implemented algorithms,
including Random Forest, Bayesian network (BN), C5.0, CART, and Artificial Neural
Network, in recognizing threats and attacks-botnets in IoT networks based on cyborg
intelligence. As a result of the AdaBoost algorithm's use of short decision trees, they used
it. The findings show that the AdaBoost ensemble learning based on the Cyborg
Intelligence Intrusion Detection framework facilitates distinct network features with the
ability to quickly recognize various botnet attacks effectively. The results of balancing the

Migration Letters
514 A Machine Learning based CIDS Model for Intrusion Detection to Ensure Security within
Cloud Network

training dataset to focus more on training cases for which earlier models lacking to attain
maximum predictions [8].
An intrusion detection system with a variety of components, including an analyzer, a shared
packet buffer in a virtual environment, an OSLR, a packet differentiator, and an intrusion
detection engine (IDE), was proposed by Varadharajan et al [9]. The host OS or VMM
incorporates the model. Virtual machines send packets to the packet differentiator for
processing. Each entity's information (process, application, virtual machine, and OS) is
contained in OSLR. It is in charge of checking the validity of the source address. The IDE
compares the packet for recognised patterns (signature matching), and then by anomaly
module for valid patterns. Anomaly module updates VM behaviour by using machine
learning methods over OSLR.
In a cloud context, Modi et al.'s usage of a signature matching technique integrated anomaly
detection approach was demonstrated. A database of recognised attack signatures is used
by Snort as a signature-IDS. The decision tree algorithm is used to categorise incursions
that SNORT is unable to find. Anomaly detection module receives the packets if Snort
detects legal behaviour [10].
In a study, An NIDS architecture that is installed at the VMM privilege domain was
suggested by Tien et al. Each VM's detection rules are chosen based on its OS and currently
active services. The remaining rules are not in effect. Nmap, Xprobe2 P0f, Source Fire,
RNA (Real time Network awareness), and more tools are available to obtain OS and
network services that are running in virtual machines. The operating system kernel map in
the virtual machine can also be used to access the virtual machine system information [11].
A multi-level intrusion detection strategy in the cloud environment was put out by Lee et
al. and is based on anomalous scores. A suitable IDS is selected for the user based on the
user's anomaly score, which is calculated when the user seeks access to the cloud system
using the AAA (Authentication, Authorization and Accounting) module. A central database
houses user profile logs. In order to process user transactions, AAA receives data from the
database[9].
The Divided Data Parallel (DDP) technique, a content matching method, was introduced
by Christopher. This method's fundamental concept involves processing a packet payload
in parallel across n CPUs. A packet payload is split into n sub packets and distributed
among n processors so that signatures can be compared in parallel, cutting down on overall
delay[12].
Vokorokos et al. proposed GNORT, a modified version of SNORT that utilises the parallel
processing capabilities of GPU computers. A cluster of nodes (GNORT sensors) is used in
the NIDS architecture GNORT to capture network packets. A gateway distributes traffic to
each node for additional processing. The coordinator node, often known as the mentor, is
in charge of coordinating collaboration among other nodes. Network Activity Capturing
Layer, Intrusion Detection Layer, and Synchronisation Layer are the three components of
architecture[13].
Bayesian networks have been employed in hybrid system decision-making in recent years
because they provide a more sophisticated method of handling this than an RBS. According
to Kruegel et al.[14], most hybrid systems have significant false alarm rates because of their
overly simplistic methodologies. They therefore developed a hybrid host-based anomaly
detection system that uses four different detection techniques. A Bayesian network is used
to determine the final output classification for the DARPA99 data set[15] .
To attain our research goal of developing more secure service assessment within cloud
networks, the author reviewed several previous research ideas. This part discusses the
thorough investigation in light of our research domain of interest. It is observed that the AI-
based hybrid technique is more efficient in both feature selection and classification and
detection accuracy. Therefore, this analytical work has recommended that there is a
 Santosh Kumar Maurya et al. 515

requirement for an intelligent feature selection technique that suggests an optimal subset of
features from big data. With this optimal subset of features for the same dataset. Following
a thorough review of relevant literature, our effort was inspired to fill some of the research
gaps as:
• To develop a more accurate and efficient model for intrusion detection within cloud
to ensure safe services for user.
• To assess the performance of existing machine learning algorithms in cloud
network intrusion detection.
• More reliable in true prediction even for less numbers of sample for training.
• To prevent the dependence of dimension reduction on the classifier.
• Attain maximum classification accuracy.
• Minimizes the False Alarm rate.
• High detection rate for any classifier technique.
• Low computation cost.
• Well-perform for Big-data.
• Avoid Load Imbalance situation within cloud
Proposed Methodology
The use of cloud computing is widely employed to do away with the requirement for local
information resources. In this paper, we discuss the issue of intrusion detection in cloud
systems and the potential for allowing clients to purchase intrusion detection as a service.
The CIDS, which is designed to serve as an intrusion detection web service supplied for
cloud clients in a service-based design, is described in the paper.
About the Dataset
The majority of research efforts in the intrusion detection domain have been undertaken
utilizing the few public datasets already accessible, such as '10% KddCup99'. Because our
model is built on supervised learning techniques, the only dataset with labels for both
training and test sets is '10% KddCup99'. Despite its restrictions, the '10% KddCup99'
dataset has intriguing properties and is expected to constitute a typical challenge for the
intrusion detection problem.

Figure 1: ‘10% KddCup99’ UCI repository dataset

We included it in our study because it is the most extensive dataset that is still regularly
used to compare, contrast, and evaluate the efficacy of intrusion detection. The training
data includes 24 attack categories, whereas the test data includes 38 attack types. Each of
these attack kinds are assigned to one of the four basic attack classes: "Normal," "DoS,"
"Probe," "R2L," or "U2R" [16]. Each connection record has 7 discrete attributes and 34
continuous features, total 42 features. The ‘10% KddCup99’ dataset of UCI repository was

Migration Letters
516 A Machine Learning based CIDS Model for Intrusion Detection to Ensure Security within
Cloud Network

chosen as testbed. The frequency of occurrence of attacks within the dataset is depicted
above as Box Plot in Fig. 1.
Normalization and Dimensionality Reduction
It is another aspect to be analyzed because, most of the times, not all dimensions of a dataset
are essential or necessary for attaining the desired conclusion. There are two approaches to
this, the first of which is the feature selection approach, in which we select the relevant
feature, feed it to the system in line with the requirement, and discard the remainder. Using
PCA (Principal Component Analysis) for our simulation we had considered only the five
features of ‘10% KddCup99’ dataset. To maintain the uniformity of the dataset we had
utilized the Min-Max equation Eq. (1) [17]. After finalization of inputs of five features
‘duration’, ‘protocol_type’, ‘flag’, ‘diff_srv_rate’ and ‘dst_host_rerror_rate’ [6] out of
thirty-two features, we reduce redundancy in relational tables and prevent unwanted
abnormalities from the database.
(𝑥 − 𝑥𝑚𝑖𝑛 )
= (1)
(𝑥𝑚𝑎𝑥 − 𝑥𝑚𝑖𝑛 )
Proposed Model CIDS Model
To eliminate the above research gap, we are motivated to proposed a robust classification
and best predictive model which is reliable on any data_set, best performing as for as
accuracy is concern keeping low computational cost. Fig. 2 is a proposed CIDS Model as
depicted below, where services request data packet flowing over cloud network traffic were
protect against threats like DDoS, U2R, Probe, R2L etc.

Figure 2: Proposed CIDS Model

Proposed Algorithm
Proposed Algorithm (Ensure secure service within Cloud Network)

Step 1: BEGIN
Step 2: Refinement of Dataset (Normalization).
Step 3: Operate Machine Learning classifiers.
Step 4: Train the Predictive Model.
Step 5: Perform testing on Model.
Step 6: Performance Analysis using Evaluation Metric by Confusion Matrix, Precision, Recall,
ROC
Step 7: Predictive Outcomes to Ensure Secure Services.
Step 8: STOP.
Early detection and prediction are essential for ensuring secure service on a cloud network.
CIDS model (Fig. 2) with proposed algorithm as shown below, where datasets were
analyzed and categorised using various ML techniques. The model is trained using the
trends seen in the administrator's sample data. In the following sections, the proposed model
has been realized and justified using simulation results.
 Santosh Kumar Maurya et al. 517

Simulation Work
Using our proposed predictive model and follow the steps suggested as per proposed
algorithm. Simulation work has been carried out on ‘Python’ and testing-training done
using ‘10%KddCup99’ dataset.
Experimental Outcomes
K-fold cross-validation is useful when we want to keep as much data for the training stage
as possible while not risking losing valuable data to the validation dataset. In this case, the
dataset is divided into k number of folds, with one fold used as the test dataset and the rest
as the training dataset, and the entire process is repeated n times as defined. Averaging all
of the results obtained will be utilized to determine the final result in a regression. In a
classification situation, the ultimate result is the average of the outcomes, such as accuracy,
true positive rate (TPR), F1-score, etc
Sampling type: Stratified 5-fold Cross validation
Target class: None, show average over classes
Table 2: Performance of Proposed CIDS Model on various ML classifiers
Model AUC (%) DR (%) F1 (%) Precision (%) Recall (%)
K-NN 91.77 96.53 96.26 96.37 96.54
Neural Network 98.03 97.17 96.90 97.01 97.18
Naïve Bayes 96.37 96.11 95.63 95.32 96.11
SVM 66.98 14.15 18.22 31.31 14.16
K-NN SVM Neural Network Naïve Bayes

Neural Network, AUCAUC

Naïve Bayes, (%),(%),Neural Network, CA (%), Neural Network, F1 (%), Neural Network, Precision Neural Network, Recall (%),
98.03 96.37K-NN, CA (%), 96.53
97.17 96.9 K-NN, PrecisionNaïve
(%),
(%), Bayes,
97.01Precision
96.37 (%),Naïve
K-NN, Recall (%),Bayes,
97.18 Recall (%),
96.54
Naïve Bayes, CAK-NN, F1 (%),
(%), 96.11 96.26
Naïve Bayes, F1 (%), 95.63 95.32 96.11
K-NN, AUC (%), 91.77

SVM, AUC (%), 66.98

SVM, Precision (%), 31.31

SVM, F1 (%), 18.22

SVM, CA (%), 14.15 SVM, Recall (%), 14.16

Figure 3: Performance of predictive proposed model using ML techniques

Confusion Matrix
The confusion matrix, which is illustrated in Table 1, inferred that performed well in
predicting for all types of attacks, including those with a small amount of train data samples.
Table 1: Confusion Matrix
Prediction
DOS Normal Probe R2L U2R 𝞢
DOS 97.3% 1.9% 1.3% 0.0% 0.0% 54572
Normal 2.6% 96.2% 9.3% 20.7% 100.0% 87831
Actual Probe 0.1% 0.9% 88.9% 2.1% 0.0% 2131
R2L 0.0% 0.9% 0.5% 77.1% 0.0% 999
U2R 0.0% 0.1% 0.0% 0.0% 0.0% 52
𝞢 54367 89601 1426 188 3 145585

Migration Letters
518 A Machine Learning based CIDS Model for Intrusion Detection to Ensure Security within
Cloud Network

Figure 4: RoC Curve

The closer the ROC curve is to the upper left corner of the graph, where sensitivity = 1 and
false positive rate = 0 (specificity = 1). As a result, the optimal ROC curve, AUC is 1.0. As
per Table 2 and Fig. 4 outcome of all ML methodologies, AUC attain nearer to 1. Hence it
is clears that our proposal meets the objective through CIDS.
Observation of Proposed Work
• The majority of ML classifiers achieve excellent prediction accuracy.
• Neural Network performed well among several ML classifying strategies, with an
Area Under Curve (AUC) of 98.03 and Classification Accuracy (CA) of 97.17%,
as shown in Table 1 and Fig. 3.
• We obtained 66.98% AUC with 14.15% CA using simply the Support Vector
Machine (SVM). Based on this finding, we may conclude that the SVM model
could previously provide results after feature reduction. Thus, after dimension
reduction, the SVM classifier may classify up to a certain amount.
• According to Table 1, Table 2, and Fig. 3, the majority of the classifiers performed
well and achieved more than 95% CA.
• Table 2 and Fig. 4 show that the AUC is getting closer to one, which reduces load
imbalance situations in cloud load balancing.
Conclusion and Future Direction
This paper achieves the goal of securing the cloud network when accessing resources from
virtual machines linked with the cloud. The experimental results of our proposed CIDS
prediction model were determined to be worthwhile in realizing the role of ML in providing
security within a cloud computer network. The experimental result of the proposed
simulation, as discussed within the observations of the proposed work, clearly shows that
the proposed model is more performant in all respects, with a high rate of true prediction,
maximum CA, and the most important all outcome of simulation AUC is closer to one,
ensuring the cloud network is immune to attack. The attractive part of this idea is that, when
compared to competing methods, CIDS offered better attack detection rates above 96% in
almost all approaches.
This concept was advocated by the author as a future scope to feed use in cloud load
balancing. This predictive algorithm can forecast time series in a wide variety of domains.
References
D. Kadam, R. Patil, and C. Modi, “An enhanced approach for intrusion detection in virtual network
of cloud computing,” in 2018 Tenth International Conference on Advanced Computing (ICoAC),
2018, pp. 80–87.
 Santosh Kumar Maurya et al. 519

M. Carroll, A. Van Der Merwe, and P. Kotze, “Secure cloud computing: Benefits, risks and
controls,” in 2011 Information Security for South Africa, 2011, pp. 1–9.
K. Aparna, G. R. Kumar, S. Ishar, N. Santhosh, and D. Sreeja, “CaseStudy On DDoS Attacks And
Attack TrendsIn Cloud Computing Environments”.
H. Hamad and M. Al-hoby, “Managing Intrusion Detection as a Service in Cloud Networks,” vol.
41, no. 1, pp. 35–40, 2012.
S. Sachdeva and A. Ali, “Machine learning with digital forensics for attack classification in cloud
network environment Machine learning with digital forensics for attack classification in cloud
network environment,” Int. J. Syst. Assur. Eng. Manag., no. September, 2021.
S. Choudhary and N. Kesswani, “ScienceDirect Analysis Analysis of and UNSW-NB15 UNSW-
NB15 Datasets Datasets using Deep Learning in IoT using Deep Learning in IoT,” Procedia
Comput. Sci., vol. 167, no. 2019, pp. 1561–1573, 2020.
Z. Chkirbene, H. Ben Abdallah, K. Hassine, R. Hamila, and A. Erbad, “Data augmentation for
intrusion detection and classification in cloud networks,” in 2021 International Wireless
Communications and Mobile Computing (IWCMC), 2021, pp. 831–836.
E. M. Onyema, S. Dalal, C. A. T. Romero, B. Seth, P. Young, and M. A. Wajid, “Design of intrusion
detection system based on cyborg intelligence for security of cloud network traffic of smart
cities,” J. Cloud Comput., vol. 11, no. 1, pp. 1–20, 2022.
W. C. Lin, S. W. Ke, and C. F. Tsai, “CANN: An intrusion detection system based on combining
cluster centers and nearest neighbors,” Knowledge-Based Syst., vol. 78, no. 1, pp. 13–21, 2015,
doi: 10.1016/j.knosys.2015.01.009.
D. Singh, D. Patel, B. Borisaniya, and C. Modi, “Collaborative ids framework for cloud,” Int. J.
Netw. Secur., vol. 2013, 2013.
B.B. Gupta and O.P. Badve, “Taxonomy of DoS and DDoS attacks and desirable defense mechanism
in a cloud computing environment,” Neural Comput. Appl., vol. 28, 3655–3682, 2017.
C. V Kopek, E. W. Fulp, and P. S. Wheeler, “Distributed data parallel techniques for content-
matching intrusion detection systems,” in MILCOM 2007-IEEE Military Communications
Conference, 2007, pp. 1–7.
L. Vokorokos, M. Ennert, M. Čajkovsk\`y, and A. Turinska, “A distributed network intrusion
detection system architecture based on computer stations using GPGPU,” in 2013 IEEE 17th
International Conference on Intelligent Engineering Systems (INES), 2013, pp. 323–326.
J. S. Stafford, “Behavior-based worm detection,” University of Oregon, 2012.
J. Kim and P. J. Bentley, “An evaluation of negative selection in an artificial immune system for
network intrusion detection,” in Proceedings of the 3rd Annual Conference on Genetic and
Evolutionary Computation, 2001, pp. 1330–1337.
M. K. Siddiqui and S. Naahid, “Analysis of KDD CUP 99 Dataset using Clustering based Data
Mining,” vol. 6, no. 5, pp. 23–34, 2013.
M. Mazziotta and A. Pareto, “Normalization methods for spatio-temporal analysis of environmental
performance: Revisiting the Min--Max method,” Environmetrics, vol. 33, no. 5, p. e2730, 2022.

Migration Letters