Authors:
Mohamed Loughmari,Anass El Affar,DOI NO:
https://doi.org/10.26782/jmcms.2025.09.00007Keywords:
Intrusion Detection System (IDS),Cloud Computing,Hybrid Model,XGBoost,Isolation Forest,Network Security,CICIDS2018,Abstract
Security remains one of the most critical concerns in all types and sizes of networks. Among the various strategies and policies designed to protect networks and systems, intrusion detection systems (IDSs) are paramount in identifying and preventing attacks. As security threats evolve, next-generation security solutions are progressively incorporating artificial intelligence (AI) to enhance their effectiveness. Consequently, the building of an effective and intelligent intrusion detection system remains one of the most significant research challenges. This study proposes a novel hybrid IDS model that combines anomaly detection and supervised learning to improve attack detection in Cloud Computing (CC) environments. Our approach utilizes the CICIDS2018 dataset, noted for its large scale, recency, inclusion of diverse real-world attack scenarios, and suitability for CC contexts. Our methodology first employs Isolation Forest for anomaly detection. Then, the anomaly results are added as a new feature to the dataset. Subsequently, the eXtreme Gradient Boosting (XGBoost) model is employed on this enriched dataset. This two-stage hybrid approach enhances the model's learning capabilities and leads to more accurate threat detection. The experimental results indicate that the proposed model achieves superior performance, with high recall, F1-score, precision, and accuracy. Moreover, a comparative analysis with existing literature further confirms these strong results. The findings indicate that combining anomaly detection with supervised learning can provide a more robust approach for enhancing IDS, particularly in demanding environments such as CC.Refference:
I. “2025-Cloud-Security-Report-Fortinet.”
II. A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges,” Cybersecurity, vol. 2, no. 1, p. 20, Jul. 2019. 10.1186/s42400-019-0038-7.
III. A. N. Jaber and S. U. Rehman, “FCM–SVM based intrusion detection system for cloud computing environment,” Clust. Comput., vol. 23, no. 4, pp. 3221–3231, Dec. 2020. 10.1007/s10586-020-03082-6.
IV. A. Singh and K. Chatterjee, “Cloud security issues and challenges: A survey,” J. Netw. Comput. Appl., vol. 79, pp. 88–115, Feb. 2017. 10.1016/j.jnca.2016.11.027.
V. C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan, “A survey of intrusion detection techniques in Cloud,” J. Netw. Comput. Appl., vol. 36, no. 1, pp. 42–57, Jan. 2013. 10.1016/j.jnca.2012.05.003.
VI. E. Besharati, M. Naderan, and E. Namjoo, “LR-HIDS: logistic regression host-based intrusion detection system for cloud environments,” J. Ambient Intell. Humaniz. Comput., vol. 10, no. 9, pp. 3669–3692, Sep. 2019. 10.1007/s12652-018-1093-8.
VII. E. U. H. Qazi, M. H. Faheem, and T. Zia, “HDLNIDS: Hybrid Deep-Learning-Based Network Intrusion Detection System,” Appl. Sci., vol. 13, no. 8, p. 4921, Apr. 2023. 10.3390/app13084921.
VIII. F. T. Liu, K. M. Ting, and Z.-H. Zhou, “Isolation-Based Anomaly Detection,” ACM Trans. Knowl. Discov. Data, vol. 6, no. 1, pp. 1–39, Mar. 2012. 10.1145/2133360.2133363.
IX. F. Zhao, H. Zhang, J. Peng, X. Zhuang, and S.-G. Na, “A semi-self-taught network intrusion detection system,” Neural Comput. Appl., vol. 32, no. 23, pp. 17169–17179, Dec. 2020. 10.1007/s00521-020-04914-7.
X. H. Attou et al., “Towards an Intelligent Intrusion Detection System to Detect Malicious Activities in Cloud Computing,” Appl. Sci., vol. 13, no. 17, p. 9588, Aug. 2023. 10.3390/app13179588.
XI. I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization:,” in Proceedings of the 4th International Conference on Information Systems Security and Privacy, Funchal, Madeira, Portugal: SCITEPRESS – Science and Technology Publications, 2018, pp. 108–116. 10.5220/0006639801080116.
XII. M. Al-Fawa’reh, M. Al-Fayoumi, S. Nashwan, and S. Fraihat, “Cyber threat intelligence using PCA-DNN model to detect abnormal network behavior,” Egypt. Inform. J., vol. 23, no. 2, pp. 173–185, Jul. 2022. 10.1016/j.eij.2021.12.001.
XIII. M. Sajid et al., “Enhancing intrusion detection: a hybrid machine and deep learning approach,” J. Cloud Comput., vol. 13, no. 1, p. 123, Jul. 2024. 10.1186/s13677-024-00685-x.
XIV. Mayura V. Shelke, Jyoti Yogesh Deshmukh, Deepika Amol Ajalkar, and R. B. Dhumal, “A Robust Ensemble Learning Approach for Malware Detection and Classification,” J. Adv. Res. Appl. Sci. Eng. Technol., vol. 48, no. 1, pp. 152–167, Jul. 2024. 10.37934/araset.48.1.152167.
XV. P. Fränti and S. Sieranoja, “K-means properties on six clustering benchmark datasets,” Appl Intell, vol. 48, no. 12, pp. 4743–4759, Dec. 2018. 10.1007/s10489-018-1238-7
XVI. S. Alzughaibi and S. El Khediri, “A Cloud Intrusion Detection Systems Based on DNN Using Backpropagation and PSO on the CSE-CIC-IDS2018 Dataset,” Appl. Sci., vol. 13, no. 4, p. 2276, Feb. 2023. 10.3390/app13042276.
XVII. T. Chen and C. Guestrin, “XGBoost: A Scalable Tree Boosting System,” in Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco California USA: ACM, Aug. 2016, pp. 785–794. 10.1145/2939672.2939785.
XVIII. T. Jafarian, A. Ghaffari, A. Seyfollahi, and B. Arasteh, “Detecting and mitigating security anomalies in Software-Defined Networking (SDN) using Gradient-Boosted Trees and Floodlight Controller characteristics,” Comput. Stand. Interfaces, vol. 91, p. 103871, Jan. 2025. 10.1016/j.csi.2024.103871.
XIX. T. Sowmya and E. A. Mary Anita, “A comprehensive review of AI based intrusion detection system,” Meas. Sens., vol. 28, p. 100827, Aug. 2023. 10.1016/j.measen.2023.100827.
XX. W. H. Aljuaid and S. S. Alshamrani, “A Deep Learning Approach for Intrusion Detection Systems in Cloud Computing Environments,” Appl. Sci., vol. 14, no. 13, p. 5381, Jun. 2024. 10.3390/app14135381.
XXI. Z. Yang et al., “A systematic literature review of methods and datasets for anomaly-based network intrusion detection,” Comput. Secur., vol. 116, pp. 102675, May 2022. 10.1016/j.cose.2022.102675.