Malicious host detection and classification in cloud forensics with DNN and SFLO approaches

Abstract

The rate of using cloud service is increased in recent years. The service provided by cloud computing (CC) is pre-owned by various laptops, smartphones, desktop computers, and notebook users. Cloud service enable the authorization practice due to an increasing number of cloud service users. Cloud service employs different host to deliver service to the users. But some hosts may be malicious and steal the user’s information or else it provides an unwanted file instead of original files to the user. In previous works, this malicious hosts are identified by site re-routing links, distinguishing file types and so on. The main impact of this malicious host is that it delivers infected data or files to the user or it divert the user to the non-requested data and files. In this paper, we focus on identification and classification of malicious hosts. The host list is examined to extract the features of malicious host by applying firefly algorithm. This identified features are then pre-processed by principal component analysis (PCA) method. The Deep Neural Network based Shuffled Frog Leap Optimization (DNN-SFLO) algorithm is a famous deep learning (DL) approach proposed to test the optimized weights of an identified features. DNN-SFLO accurately detects the malicious host, because the presence of malicious host may affect the cloud service. Performance of DNN-SFLO based host detection is compared with Naïve Bayes, Neural Network (NN), Artificial NN (ANN), Fuzzy C-Means (FCM), Fuzzy k-Nearest Neighbour (FKNN), Support vector machine (SVM). Implementation for this host detection process is carried out in python. The performance metrics taken to evaluate the effectiveness of DNN-SFLO is F-measure, precision, G-mean, sensitivity, error detection probability, and recall

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

References

  1. Abdel-Hamid NB, ElGhamrawy S, El Desouky A, Arafat H (2018) A dynamic spark-based classification framework for imbalanced big data. J Grid Comput 16(4):607–626

    Article  Google Scholar 

  2. Ahmad MSK, Lalitha Bhaskari D (2016) Cloud Forensics-A Framework for investigating Cyber Attacks in cloud environment. Procedia Computer Science 85:149–154

    Article  Google Scholar 

  3. Ameer P, Lazarescu M, Soh ST (2018) Towards a practical cloud forensics logging framework. J Inf Secur Appl 42:18–28

    Google Scholar 

  4. Arar ÖF, Ayan K (2015) Software defect prediction using cost-sensitive neural network. Appl Soft Comput 33:263–277

    Article  Google Scholar 

  5. Bailey SF, Scheible MK, Williams C et al (2017) Secure and robust cloud computing for high-throughput forensic microsatellite sequence analysis and databasing. Forensic Sci Int: Genet 31:40–47

    Article  Google Scholar 

  6. Biggs S and Vidalis S (2009) Cloud computing: The impact on digital forensic investigations. In ICITST 2009 International Conference for Internet Technology and Secured Transactions, 2009, pp 1–6. IEEE.

  7. Birk D and Wegener C (2011) Technical issues of forensic investigations in cloud computing environments. In 2011 IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), pp 1–10. IEEE.

  8. Bi M, Jian X, Wang M, Zhou F (2016) Anomaly detection model of user behavior based on principal component analysis. J Ambient Intell Humaniz Comput 7(4):547–554

    Article  Google Scholar 

  9. Cahyani NDW, Martini B, Choo KKR, Al-Azhar AMN (2017) Forensic data acquisition from cloud-of-things devices: windows Smartphones as a case study. Concurr Comput: Pract Exp 29(14):e3855

    Article  Google Scholar 

  10. Canali C, Lancellotti R (2014) Improving scalability of cloud monitoring through PCA-based clustering of virtual machines. J Comput Sci Technol 29(1):38–52

    Article  Google Scholar 

  11. Dykstra J, Sherman AT (2012) Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digit Investig 9:S90–S98

    Article  Google Scholar 

  12. Esposito C, Castiglione A, Martini A et al (2016) Cloud manufacturing: security, privacy, and forensic concerns. IEEE Cloud Comput 3(4):16–22

    Article  Google Scholar 

  13. Ghorbani MA, Shamshirband S, Haghi DZ et al (2017) Application of firefly algorithm-based support vector machines for prediction of field capacity and permanent wilting point. Soil Tillage Res 172:32–38

    Article  Google Scholar 

  14. Hay B, Nance K and Bishop M (2011) Storm clouds rising: security challenges for IaaS cloud computing. In 2011 44th Hawaii International Conference on System Sciences (HICSS), pp 1–7. IEEE

  15. Imran A, Aljawarneh S, Sakib K (2016) web data amalgamation for security engineering: digital forensic investigation of open source cloud. J UCS 22(4):494–520

    MathSciNet  Google Scholar 

  16. Jichao Hu, Yue Fu (2015) Task scheduling model of cloud computing based on firefly algorithm. Int J Hybrid Inf Technol 8(8):35–46

    Google Scholar 

  17. Kaur G, and Kaur K. (2017) An Adaptive Firefly Algorithm for Load Balancing in Cloud Computing. In Proceedings of Sixth International Conference on Soft Computing for Problem Solving, pp 63–72. Springer, Singapore.

  18. Kaur P, Mehta S (2017) Resource provisioning and work flow scheduling in clouds using augmented Shuffled Frog Leaping Algorithm. J Parallel Distrib Comput 101:41–50

    Article  Google Scholar 

  19. Keyun R, Carthy J, Kechadi T et al. (2011) Cloud forensics. In IFIP International Conference on Digital Forensics, pp 35–46. Springer, Berlin, Heidelberg.

  20. Ko RK, Jagadpramana P, Mowbray M et al. (2011) TrustCloud: A framework for accountability and trust in cloud computing. In IEEE World Congress on Services (SERVICES), (pp 584–588). IEEE.

  21. Kumudha P, Venkatesan R (2016) Cost-sensitive radial basis function neural network classifier for software defect prediction. Sci World J. https://doi.org/10.1155/2016/2401496

    Article  Google Scholar 

  22. Lillard, Terrence V (2010) Digital forensics for network, Internet, and cloud computing: a forensic evidence guide for moving targets and data. Syngress Publishing.

  23. Manjula C, Florence L (2018) Deep neural network based hybrid approach for software defect prediction using software metrics. Cluster Comput 22(S4):9847–9863

    Article  Google Scholar 

  24. Martini B, Choo K-KR (2012) An integrated conceptual digital forensic framework for cloud computing. Digit Investig 9(2):71–80

    Article  Google Scholar 

  25. Mirsky Y, Doitshman T, Elovici Y et al. 2018. Kitsune: an ensemble of autoencoders for online network intrusion detection. Conference: Network and Distributed System Security Symposium

  26. Owen J-A (2014) Principal component analysis: data reduction and simplification. McNair Scholars Res J 1(1):2

    Google Scholar 

  27. Pajouh HH, Javidan R, Khayami R, Ali D, Choo KKR (2016) A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Trans Emerg Topics Comput 7(2):314–323

    Article  Google Scholar 

  28. Pajouh HH, Dastghaibyfard G, Hashemi S (2017) Two-tier network anomaly detection model: a machine learning approach. J Intell Inf Syst 48(1):61–74

    Article  Google Scholar 

  29. Pandeeswari N, Kumar G (2016) Anomaly detection system in cloud environment using fuzzy clustering based ANN. Mobile Netw Appl 21(3):494–505

    Article  Google Scholar 

  30. Planque B, Arneberg P (2017) Principal component analyses for integrated ecosystem assessments may primarily reflect methodological artefacts. ICES J Marine Sci 75(3):1021–1028

    Article  Google Scholar 

  31. Jiang Qi, Ma J, Wei F (2018) On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst J 12(2):2039–2042

    Article  Google Scholar 

  32. Rahman Ab, Hidayah N, Choo K-KR (2015) A survey of information security incident handling in the cloud. Comput Secur 49:45–69

    Article  Google Scholar 

  33. Rahman A, Hidayah N, Glisson WB et al. (2016) Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput 3(1):50–59

    Article  Google Scholar 

  34. Rahman A, Hidayah N, Cahyani NDW et al (2017) Cloud incident handling and forensic-by-design: cloud storage as a case study. Concurr Comput: Pract Exp 29(14):e3868

    Article  Google Scholar 

  35. Ruan K, Baggili I, Carthy J et al. (2011) Survey on cloud forensics and critical criteria for cloud forensic capability: A preliminary analysis.

  36. Ruan K, Carthy J, Kechadi T, Baggili I (2013) Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results. Digit Investig 10(1):34–43

    Article  Google Scholar 

  37. Sang T (2013) A log based approach to make digital forensics easier on cloud computing. In 2013 Third International Conference on Intelligent System Design and Engineering Applications (ISDEA), pp 91–94. IEEE

  38. Saraç E and Özel SA (2013) Web page classification using firefly optimization. In 2013 IEEE International Symposium on Innovations in Intelligent Systems and Applications (INISTA), pp 1–5. IEEE.

  39. Shaikh FB and Haider S (2011) Security threats in cloud computing. In 2011 international conference for Internet technology and secured transactions (ICITST), pp 214–219. IEEE.

  40. Shan, W. and Nie, S.P., 2017, July. Shuffled frog-leaping algorithm based neural network and its using in big data set. In 2017 13th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD) (pp 707–711). IEEE.

  41. Sood SK, Mahajan I (2017) Wearable IoT sensor based healthcare system for identifying and controlling chikungunya virus. Comput Ind 91:33–44

    Article  Google Scholar 

  42. Tanjim MM and Adnan MA (2018) Sketch: A Scalable Sketching Technique for PCA in the Cloud. In Proceedings of the Eleventh ACM International Conference on Web Search and Data Mining, pp 574–582. ACM.

  43. Wang Y, Uehara T, and Sasaki T (2015) Fog computing: Issues and challenges in security and forensics. In Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, vol. 3, pp 53–59. IEEE.

  44. Wang S, Zhou J, Liu JK, Jianping Yu, Chen J, Xie W (2016) An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans Inf Forensics Secur 11(6):1265–1277

    Article  Google Scholar 

  45. Wang H, Wang W, Cui L et al (2017) A hybrid multi-objective firefly algorithm for big data optimization. Appl Soft Comput 69:805–815

    Article  Google Scholar 

  46. Zawoad S, Dutta A, Hasan R (2016) Towards building forensics enabled cloud through secure logging-as-a-service. IEEE Trans Dependable Secure Comput 1:1–1

    Google Scholar 

  47. Ziyan Sheriff M, Majdi Mansouri M, Karim N (2017) Fault detection using multiscale PCA-based moving window GLRT. J Process Control 54:47–64

    Article  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to G. Nandita.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Nandita, G., Munesh Chandra, T. Malicious host detection and classification in cloud forensics with DNN and SFLO approaches. Int J Syst Assur Eng Manag (2021). https://doi.org/10.1007/s13198-021-01168-x

Download citation

Keywords

  • Cloud computing (CC)
  • Firefly algorithm
  • Principal component analysis
  • Malicious host identification
  • Classification