Technical Seminar on

Cloud Intrusion Detection Method Based on Stacked Contractive Auto-Encoder and Support Vector Machine
Submitted in partial fulfillment of the requirements for the award of the degree of

Bachelor of Engineering In Information sScience & Engineering

SUBMITTED BY

D H AVA L A S H R E E B J A I N (1SV20IS004) Guide:

MERLIN B
Cloud Intrusion Detection
Method Based on Stacked
Contractive Auto-Encoder
and Support Vector Machine
 CONTENTS
• Introduction
• Objectives
• Litrature Survey
• Problem Statement
• Scope Of The Project
• AUTOENCODER AND ITS VARIANTs
• Training Process of SCAE
• Output Layer: SVM Classifier
• CLOUD INTRUSION DETECTION SYSTEM BASED ON SCAE AND SVM
• SCAE & SVM Classifier
• Attack Detection
• Proposed Methodology
• Conclusion Pitch Deck
 INTRODUCTION

 CLOUD computing is an emerging Internet-based computing model that provides tenants with seemingly

“unlimited” IT services, thereby freeing them from complex underlying hardware, software, and protocol stacks.

 Although “open for all service” is the essence of cloud computing, it does not necessarily comprise useless
informtion.

 Cloud computing refers to the delivery of computing services including servers, storage, databases, networking,
software, and moreover the Internet ("the cloud").

 Cloud computing has witnessed exponential growth and widespread adoption across industries in recent years.

 Intrusion detection is one of the technologies for protecting cloud computing from malicious attacks.

 Intrusion detection plays a crucial role in mitigating security risks and protecting cloud environments from
unauthorized access and malicious activities.
 Intrusion detection plays a crucial role in mitigating security risks and protecting cloud environments from
unauthorized access and malicious activities.

 A Stacked Contractive Autoencoder (SCAE) is a type of artificial neural network used for unsupervised
learning and feature extraction.

 SCAE offers several advantages over traditional autoencoders, including improved feature learning,
enhanced generalization capabilities, and better resistance to overfitting.

 The key innovation of SCAE lies in its ability to learn robust and informative features from high-
dimensional input data through the incorporation of a contractive regularization term.

 SVMs can be employed for intrusion detection in cloud environments. By analyzing network traffic
patterns, system logs, and user behaviors, SVM models can classify activities as normal or malicious,
thereby enhancing the security posture of cloud systems.

 SVM models can predict resource demands and dynamically allocate resources to meet performance
requirements while minimizing costs.
 OBJECTIVES

 Utilize the capabilities of stacked contractive auto-encoder (SCAE) to extract meaningful features from
high-dimensional data obtained from cloud environments.

 Leverage the dimensionality reduction capabilities of SCAE to transform the extracted features into a
lower-dimensional representation, reducing the computational complexity and resource requirements of the
intrusion detection process.

 Employ support vector machine (SVM) as a robust and effective classifier to analyze the transformed
feature space and detect potential intrusions or security threats.

 Evaluate the performance of the proposed intrusion detection method using appropriate metrics such as
detection rate, false positive rate, and accuracy.

 Optimize the model parameters and architecture to achieve optimal performance in terms of detection
accuracy, efficiency, and scalability.
 Integrate the developed IDS with existing cloud security frameworks and infrastructures to enhance overall
security posture.

 Ensure that the intrusion detection method is robust to various types of security threats, data anomalies,
and environmental changes.

 Implement mechanisms for continuous learning and adaptation to evolving threat landscapes and changing
cloud configurations.

 Design the intrusion detection system to scale effectively with the size and complexity of cloud
environments.

 Minimize computational overhead and resource consumption to enable efficient operation in large-scale
cloud deployments without compromising detection accuracy or performance.
 LITRATURE SURVEY
PAPERS OBJECTIVES
Springer (2016): In this work, They propose an
Ensemble-based ensemble-based multi-filter feature
multi-filter feature selection method that combines the
selection method for output of four filter methods to
DDoS detection achieve an optimum selection.
in cloud computing.
IEEE (2017): It has been previously shown that for
Cloud-Based Cyber- cyber-physical systems,
Physical Intrusion taking into account also the physical
Detection manifestation of cyber
for Vehicles Using attacks on the vehicles can improve
Deep Learning. detection accuracy and
reduce detection latency.
METHODOLOGY PERFORMANCE
Ensemble-based multi-filter feature Cluster methods,
selection method, Filter methods, ant colony
Cloud DDoS, Intrusion detection algorithm and SVM
system, Machining learning. 98.62%.
In terms of the deep learning with an average
architecture designed for accuracy of 94% and
our intrusion detection methodology. reporting over 90%
accuracy across 84% of
the datasets, followed
closely by Support
Vector Machines (SVM)
with an average of 92%
accuracy.
PAPERS OBJECTIVES METHODOLOGY PERFORMANCE

IEEE (2018):
A Deep Learning Approach
to Network
Intrusion Detection
To perform our evaluations, Deep learning, anomaly The proposed solution was
we have used the KDD Cup detection, auto-encoders, evaluated using the KDD Cup
’99 KDD, network security ’99 dataset.The authors
and NSL-KDD datasets. Both claimed a detection rate of
of these datasets are 97.90% .
considered when performing a 5-class
as benchmarks within NIDS classification of the NSL-KDD
research. dataset .This is result is lower
than our achieved accuracy of
85.42%.

IEEE (2019):
Introducing Deep Learning
Self-Adaptive Misuse
Network Intrusion Detection
Systems
Their proposal comes to deal
with a well-known
disadvantage of misuse IDSs,
namely their stiffness to
adapt upon
changes.
Adaptive intrusion detection
systems, artificial neural
networks, deep learning,
information
systems security, MAPE-K,
sparse auto encoders.
They evaluate our proposal
under several classification
metrics and demonstrate that
the ADR of the IDS increases
up to 73.37%
 PROBLEM STATEMENT

"Cloud Intrusion Detection Based on Stacked Contractive Auto-Encoder and Support Vector Machine" revolves
around the need for robust and efficient security measures in cloud computing environments. Despite the numerous
benefits of cloud computing, such as scalability, flexibility, and cost-effectiveness, security remains a significant
concern due to the dynamic nature of cloud infrastructures .
 SCOPE OF THE PROJECT
 Explore the principles and methodologies of stacked contractive auto-encoder (SCAE) and support vector
machine (SVM) to develop a deep understanding of their capabilities in feature extraction and
classification.

 Develop algorithms and models for training the SCAE and SVM components using labeled datasets of
normal and anomalous behavior in cloud environments.

 Implement the intrusion detection system (IDS) using appropriate programming languages and
frameworks, ensuring scalability, efficiency, and compatibility with cloud platforms.

 Preprocess the collected data to remove noise, handle missing values, and normalize the features to ensure
consistency and quality for training the intrusion detection models.

 Train the SCAE and SVM models using the preprocessed datasets, optimizing hyperparameters and
configurations to maximize detection accuracy and minimize false positives.
 Design and implement deployment strategies for the IDS, considering factors such as scalability, resource
utilization, and real-time monitoring requirements.

 Conduct thorough testing and validation in simulated and real-world cloud environments to verify the
functionality, reliability, and performance of the deployed intrusion detection system.

 Document the entire project lifecycle, including design specifications, implementation details, experimental
results, and findings.

 Prepare comprehensive reports, presentations, and technical documentation to communicate the research
outcomes, insights, and recommendations to stakeholders, academia, and the broader community.
 AUTOENCODER AND ITS VARIANTS
1. Autoencoder (AE):

• An autoencoder (AE) is an unsupervised feature dimensionality reduction technique, with its structure
consisting of an encoder and a decoder, including an input layer, a hidden layer, and an output layer.

• The encoder is used for dimensionality reduction and the decoder is used for reconstruction, which is
regarded as the reverse process of the encoder.

2. Denoising Autoencoder (DAE)

• Unlike the conventional AE, the denoising autoencoderv(DAE) aims to learn a more effective and robust
feature representation from the corrupted input data.

3. Contractive Autoencoder (CAE):

• DAE and proposed the contractive autoencoder (CAE) . The aim of CAE is to learn robust feature
representation.
• Although DAE and CAEhave the same purpose, they adopt two distinct methods. DAE learns robust
feature representation from a relatively intuitive perspective by randomly adding noise to the input.

• CAE learns robust feature representation from the perspective of analysis by regularization.

4. Contrastive Analysis:

• The three technologies described in Sections 1 to 3 can achieve feature dimensionality reduction. However,
the CAE has some advantages compared with the AE and DAE.

• In general, there are two criteria for good feature representation:

(1) good reconstruction of input data, and

(2) excellent robustness when the input data is disturbed to a certain extent.
 TRAINING PROCESS OF SCAE

• Fundamentally, the exact structure of our deep learning model will be obtained through experiments and training
on a large number of structural combinations

• They introduce the training process of the SCAE–SVM model in detail.

• The training process can be divided into three stages: unsupervised greedy layer-wise pretraining,unrolling, and
supervised fine-tuning.

• In the pretraining stage, the greedy layer-wise strategy is used to train a series of basic CAEs separately, and the
output of each CAE hidden layer is fed as the input of then CAE network.

• After the pretraining of each basic CAE network, the hidden layer of each CAE network is unrolled and stacked
into a deep CAE network (i.e., SCAE); in other words, only the encoder is retained while discarding the decoder
along with its parameters.

• Fine-tuning is the process of further adjusting the initial parameters to obtain an optimal model.
 OUTPUT LAYER: SVM CLASSIFIER

• SVM is essentially a binary classification model, but attack types in the cloud computing environment are
diverse.Hence, more than one classifier should be employed.
• SVM can solve multi-class (m-class) classification problems, and it involves two methods: “one-versusone”
(OVO) and “one-versus-all” (OVA).
• OVO takes the i and j class samples from training dataset and labels them as positive and negative classes,
respectively. Further, it constructs m(m-1)/2 binary classifiers.
• By contrast, OVA takes the j class samples from the training dataset labels them as a positive class; the remaining
samples are labeled as a negative class. Further, it constructs m binary classifiers.
• Obviously, the OVA approach requires fewer binary classifiers. Hence, we employ the SVM using the OVA
approach to construct our classifier.

20XX Pitch Deck

 CLOUD INTRUSION DETECTION SYSTEM BASED ON
SCAE AND SVM:
• Here, we use software-Defined networking( SDN )technology to build our Cloud intrusion detection
system(CIDS), which decouples the traditional network structure into data plane, control plane, and application
plane.
• An openflow virtual switch (OVS) is used to forward the virtual network flow; this represents the data plane.
• A network controller (NC) is used to install the flow table and routing control as well as to collect network traffic;
this represents the control plane.
• The anomaly detection application is used to achieve three main functions:
(1) data preprocessing, where the network traffic is transformed and standardized,
(2) classifier training, where the SCAE&SVM model used for feature extraction and classification detection is
trained from the preprocessed network traffic, and
(3) attack recognition, where the trained classifier is used to detect intrusion on the testing dataset or online
network traffic 20XX Pitch Deck
 SCAE & SVM CLASSIFIER
• When building classifiers or other predictors, combining feature learning methods can lead to
dimensionality reduction and high detection performance.

• Here, we use the SCAE deep learning algorithm to extract essential features from raw network traffic.
Note that the SCAE is pretrained in an unsupervised mode and fine-tuned by employing a supervised
back-propagation algorithm.

• Once the essential features are extracted, they will be used to train the SVM classifier. Here, the SVM
classifier exploits the OVA approach to distinguish between normal and abnormal data.

• We consider SCAE & SVM as a whole or a black-box, and the learned features are not visible.
 ATTACK DETECTION
• After the SCAE & SVM classifier has been trained, we use the trained and saved classifier to detect the
testing data or online traffic.

• When the network traffic is transported to the SCAEþSVM classifier, an output is generated, which
indicates whether the data is normal or an attack (i.e., DOS, Probe, R2L, U2R).

• For example, if the classifier considers records as normal, then the records will be labeled as Normal, and
others will be labeled as non-Normal.

• By contrast, if the classifier considered records as DOS, then the records will be labeled as DOS, and
others will be labeled as non DOS (including Normal, Probe, R2L, and U2R) and so on.
 PROPOSED METHODOLOGY
In this, we first describe the SCAE used for feature learning. Subsequently, we describe the
training process of the SCAE model, and the SVM classifier used for multiclass anomaly
detection
 CONCLUSION
our research presents a novel and practical solution for enhancing security in cloud computing
environments. By leveraging advanced machine learning techniques such as Stacked Contractive Auto-
Encoder (SCAE) and Support Vector Machine (SVM), we have developed a robust intrusion detection
system capable of proactively identifying and mitigating security threats, thereby safeguarding critical
assets, data, and services hosted in the cloud. This work contributes to the advancement of security
practices in cloud computing and paves the way for further research and innovation in this critical area.
THANK YOU