Technical Seminar on

Cloud Intrusion Detection Method Based on Stacked Contractive Auto-Encoder and Support Vector Machine
Submitted in partial fulfillment of the requirements for the award of the degree of

Bachelor of Engineering In Information Science & Engineering

SUBMITTED BY

D H AVA L A S H R E E B J A I N (1SV20IS004) Guide:

MERLIN B
Cloud Intrusion Detection
Method Based on Stacked
Contractive Auto-Encoder
and Support Vector Machine
 CONTENTS
• Introduction
• Objectives
• Litrature Survey
• Problem Statement
• Scope
• Autoencoder And Its Varients
• Training Process of SCAE
• Output Layer: SVM Classifier
• Cloud Intrusion Detection SystemBased On SCAE & SVM
• SCAE & SVM Classifier
• Attack Detection
• Proposed Methodology
• Conclusion Pitch Deck
 INTRODUCTION

 CLOUD computing is an emerging Internet-based computing model.

 That provides“unlimited” IT services, thereby freeing them from complex underlying hardware, software, and
protocol stacks.

 It is open for all service.

 Cloud computing has witnessed exponential growth and widespread adoption across industries in recent years.

 Intrusion detection is one of the technologies for protecting cloud computing from malicious attacks.

 A Stacked Contractive Autoencoder (SCAE) is a type of artificial neural network used for unsupervised learning
and feature extraction.

 SVMs can be employed for intrusion detection in cloud environments. By analyzing network traffic patterns,
system logs, and user behaviors.
 OBJECTIVES

 Evaluate the performance of the proposed intrusion detection method using appropriate metrics such as
detection rate, false positive rate, and accuracy.

 Optimize the model parameters and architecture to achieve optimal performance in terms of detection
accuracy, efficiency, and scalability.

 Includes enhancing security, real time detection,compalance with privacy regulations

 Implement mechanisms for continuous learning and adaptation to evolving threat landscapes and changing
cloud configurations.
 LITRATURE SURVEY
PAPERS OBJECTIVES METHODOLOGY PERFORMANCE

IEEE (2016): In this paper, They apply a deep DNN,SDN 75.75%

Deep Learning learning approach for flow-based
Approach for anomaly detection in an SDN
Network Intrusion environment. We build a Deep Neural
Detection in Network (DNN) model for
Software Defined an intrusion detection system
Networking

IEEE (2017): It has been previously shown that for In terms of the deep learning 85.7%
Cloud-Based Cyber- cyber-physical systems, architecture designed for
Physical Intrusion taking into account also the physical our intrusion detection methodology.
Detection manifestation of cyber
for Vehicles Using attacks on the vehicles can improve
Deep Learning. detection accuracy and
reduce detection latency.
PAPERS
IEEE (2018):
A Deep Learning Approach
to Network
Intrusion Detection
IEEE (2019):
Introducing Deep Learning
Self-Adaptive Misuse
Network Intrusion Detection
Systems
OBJECTIVES METHODOLOGY PERFORMANCE
To perform our evaluations, Deep learning, 85.42%.
we have used the KDD Cup network security
’99
and NSL-KDD datasets. Both
of these datasets are
considered
as benchmarks within NIDS
research.
Their proposal comes to deal intrusion detection systems, 87.76%
with a well-known artificial neural networks,
disadvantage of misuse IDSs, deep learning
namely their stiffness to
adapt upon
changes.
 PROBLEM STATEMENT

In the context of cloud computing, ensuring security is essential. One critical aspect is detecting and preventing
unauthorized access or malicious activities within cloud systems. However, the network traffic in a cloud
environment is complex, with large-scale data and various patterns. Developing an effective intrusion detection
system for such an environment is challenging.
 SCOPE
 Researching and understanding existing intrusion detection methods and cloud security challenges.

 Designing the architecture for the intrusion detection system, integrating stacked contractive autoencoder and
support vector machine algorithms.

 Developing software modules for data preprocessing, feature extraction, model training, and anomaly detection.

 Conducting experiments to evaluate the performance of the system using real-world cloud data sets.

 Iteratively refining the system based on feedback and performance metrics.

 Documenting the entire process, including design decisions, implementation details, and experimental results.

 Providing guidelines for deploying and maintaining the intrusion detection system in cloud environments.

 Overall, the project aims to deliver a robust and effective intrusion detection solution tailored for cloud
environments, capable of accurately identifying and mitigating security threats.
 AUTOENCODER AND ITS VARIANTS
1. Autoencoder (AE)

2. Denoising Autoencoder (DAE)

3. Contractive Autoencoder (CAE)

4. Contrastive Analysis
 TRAINING PROCESS OF SCAE

• Fundamentally, the exact structure of our deep learning model will be obtained through experiments and training
on a large number of structural combinations

• The training process can be divided into three stages:

1. Unsupervised greedy layer-wise pretraining

2. Unrolling, and

3. Supervised fine-tuning.
 OUTPUT LAYER: SVM CLASSIFIER

• SVM is essentially a binary classification model, but attack types in the cloud computing environment are
diverse.Hence, more than one classifier should be employed.
• SVM can solve multi-class (m-class) classification problems, and it involves two methods:
1. “one-versusone” (OVO) and
2. “one-versus-all” (OVA).
• In the OVO approach, a separate binary classifier is trained for each pair of classes in the dataset.
• For a classification problem with \( N \) classes, this results in \( \frac{N(N-1)}{2} \) binary classifiers
• In the OVA approach, \( N \) binary classifiers are trained, each one trained to distinguish between one class and
the rest of the classes combined.
• For each classifier, the positive class is one of the \( N \) classes, and the negative class consists of all the other \
( N-1 \) classes.

20XX Pitch Deck

 CLOUD INTRUSION DETECTION SYSTEM BASED ON
SCAE AND SVM:
• Here, we use software-Defined networking( SDN )technology to build our Cloud intrusion detection
system(CIDS), which decouples the traditional network structure into data plane, control plane, and application
plane.
• An openflow virtual switch (OVS) is used to forward the virtual network flow; this represents the data plane.
• A network controller (NC) is used to install the flow table and routing control as well as to collect network traffic;
this represents the control plane.
• The anomaly detection application is used to achieve three main functions:
(1) data preprocessing, where the network traffic is transformed and standardized,
(2) classifier training, where the SCAE&SVM model used for feature extraction and classification detection is
trained from the preprocessed network traffic, and
(3) attack recognition, where the trained classifier is used to detect intrusion on the testing dataset or online
network traffic 20XX Pitch Deck
 SCAE & SVM CLASSIFIER
• When building classifiers or other predictors, combining feature learning methods can lead to
dimensionality reduction and high detection performance.

• Here, we use the SCAE deep learning algorithm to extract essential features from raw network traffic.
Note that the SCAE is pretrained in an unsupervised mode and fine-tuned by employing a supervised
back-propagation algorithm.

• Once the essential features are extracted, they will be used to train the SVM classifier. Here, the SVM
classifier exploits the OVA approach to distinguish between normal and abnormal data.

• We consider SCAE & SVM as a whole or a black-box, and the learned features are not visible.
 ATTACK DETECTION
• After the SCAE & SVM classifier has been trained, we use the trained and saved classifier to detect the
testing data or online traffic.

• When the network traffic is transported to the SCAE&SVM classifier, an output is generated, which
indicates whether the data is normal or an attack .

• For example, if the classifier considers records as normal, then the records will be labeled as Normal, and
others will be labeled as non-Normal.

• By contrast, if the classifier considered records as DOS, then the records will be labeled as DOS, and
others will be labeled as non DOS .
PROPOSED METHODOLOGY
 FLOW DIAGRAM
Data Collection
and Preparation

Feature Extraction
(Stacked Contractive Autoencoder)

Model Training
(Support Vector Machine)

Anomaly Detection

Performance Check

Fine-tuning and Deployment

Validation and Improvement

 CONCLUSION
In this research presents a novel and practical solution for enhancing security in cloud computing
environments. By leveraging advanced machine learning techniques such as Stacked Contractive Auto-
Encoder (SCAE) and Support Vector Machine (SVM), we have developed a robust intrusion detection
system capable of proactively identifying and mitigating security threats, thereby safeguarding critical
assets, data, and services hosted in the cloud. This work contributes to the advancement of security
practices in cloud computing and paves the way for further research and innovation in this critical area.
 REFRENCES

1. https://ieeexplore.ieee.org/document/9112664
2. https://ieeexplore.ieee.org/document/7777224
3. https://ieeexplore.ieee.org/document/8171725
4. https://ieeexplore.ieee.org/document/8620986
5. www.wikipedia.org
6. www.chatgpt.com
THANK YOU