I am Geetika Tiwari pursuing my Mtech from Sardar Patel University in Computer Science.

Today I will be presenting my research on Detecting and Classifying Incoming Traffic in a

Secure Cloud Computing Environment Using ML and DL System.
This is my plan for the presentation.
What motivated us?
In real-life scenarios, there are many security incidents that occurred & reported via the internet,
wireless networks, and cloud computing & thereby increasing over the years.
So we need to build an automated system that can detect these attacks. Although we have
some models already built on detecting known attacks, what about unknown attacks? So we
thought machine learning & deep learning could be options. When we researched there were AI
ML systems but accuracy still has scope for improvement.
Let us start with the Problem statement
We wanted to detect the attacks in network traffic for the data which are not known. This type of
data does not get filtered with earlier systems. So, IDS is a system that alarms when attacks
occur.

IDS
Intrusion is an attempt to breach your confidentiality, Integrity & Availability.
Intrusion Detection is the process of monitoring these intrusions and detecting them.

There are various IDS methodologies. 3 main are

Signature Based: It compared patterns against captured events.
Anomaly Based: It compares normal profiles with the observed events.
Hybrid: Mix of Signature & Anomaly Based. It is the methodology that overcomes the cons of
both methodologies.
The proposed flow chart of my approach is
Get the input
Then preprocess the data
Do feature selection
Classify them using various ML & Deep Learning Systems.
Performance evaluation
The result is the detection of various unknown attacks.

I will detail each step:

These are the attacks that are more suited for modern anomaly detection algorithms than
previous ones. UNSW had 10 distinct attacks -> Shellcode, Fuzzers, Worms, etc.

So we split the train and test data as per the suggested ratio.
Once the split is done, data is preprocessed i.e. we cleaned the data by handling nulls and
dropping irrelevant features.

Then we applied the select k-best technique to select K-best features.

Top one is dmean= mean of the packet size transmitted by destination
Second one is sloss = source packets retransmitted or dropped
Third one is sjit = source jitter I.e. the variation in time delay between when a signal is
transmitted and when it is received.
Fourth one is rate= rate of transmission
Fifth one is sload = source bits per second

After selecting features, we ran all the machine learning and deep learning models.
Then measures the performance with the help of accuracy, precision, recall, and F1-score with
the help of standard formulas.

So here is the comparison of the performance of all the models applied for eg: Dark blue
represents True Positives which means those are accurately predicted so if you notice random
forest gives the highest going more into the results.

Random Forest is giving me the highest accuracy, Recall, precision, and F1-score and less time
to predict the data set.

("Random Forest is a classifier that contains a number of decision trees on various subsets of
the given dataset and takes the average to improve the predictive accuracy of that dataset."
Instead of relying on one decision tree, the random forest takes the prediction from each tree
and based on the majority votes of predictions, and it predicts the final output.

The greater number of trees in the forest leads to higher accuracy and prevents the problem of
overfitting.
)

So our approach is kind of shown better accuracy than the base paper where they have an SVM
(support vector machine) & ANN(artificial neural network) model having an accuracy of 95% by
using Random forest we have increased the accuracy to 97%.

As in real life as our model provided greater accuracy in classification so it can be used to meet
security regulations.
We think that our performance can be improved in our model by data mining and data
clustering.