Advances in Engineering Software 173 (2022) 103236

Contents lists available at ScienceDirect

Advances in Engineering Software

journal homepage: www.elsevier.com/locate/advengsoft

An efficient optimal security system for intrusion detection in cloud

computing environment using hybrid deep learning technique
M. Mayuranathan *, S.K. Saravanan, B. Muthusenthil, A. Samydurai
Department of Computer Science and Engineering, SRM Valliammai Engineering College, SRM Nagar, Kattankulathur, Chengalpattu 603203, Tamil Nadu, India

A R T I C L E I N F O A B S T R A C T

Keywords: Users have been urged to embrace a cloud-based environment by recent technologies and advancements. Because
Attacks of the dispersed nature of cloud solutions, security is a major problem. Because it is highly exposed to intruders
Intrusion for any kind of assault, security and privacy are major roadblocks to the on-demand service’s success. A massive
IDS
increase in network traffic has opened the ground for increasingly difficult and pervasive security vulnerabilities.
Data Preprocessing
Clustering
Several intrusion detection systems (IDS) for cloud computing environments have recently been suggested.
Detection and Classification Current IDS may display over-fitting, low classification accuracy, and a high false positive rate when given with a
large volume of variety of network data (FPR). We provide an effective optimal security solution for intrusion
detection in a cloud computing environment using a hybrid deep learning algorithm in this study (EOS-IDS).
Preprocessing is done using the improved heap optimization (IHO) technique, which assures data quality by
removing unnecessary data from the dataset. Then, for optimum feature selection, we offer a chaotic red deer
optimization (CRDO) technique, which is responsible for dimensionality reduction owing to large data. Then, for
cloud attacks and intrusion detection and classification, a deep Kronecker neural network (DKNN) is shown. To
illustrate its effectiveness, the proposed EOS-IDS strategy is evaluated against two benchmark datasets, DARPA
IDS and CSE-CIC-IDS2018, and the results are compared to different existing IDS strategies.

1. Introduction cloud computing infrastructure performance and QoS needs [7].

In recent years, cloud computing has emerged as the most popular
Internet-based technology in the information technology (IT) industry
[1]. A system layer, a platform layer, and an application layer are the
three levels that make up cloud computing. The first two levels are
concerned with virtual machines (VM) and operating systems [2,3],
whereas the third layer is concerned with cloud-based applications such
as web-based apps. Along with the advantages and popularity of cloud
computing [4], it faces significant challenges that function as roadblocks
to its growth. One of them is cloud security, which is seen as a key
barrier to cloud adoption by most enterprises. This is due to the open and
completely dispersed nature of the cloud environment, which makes it
more vulnerable to security threats and vulnerabilities [5,6]. As a result,
intruders are more likely to conduct attacks against the cloud or
cloud-connected devices. Another weakness of cloud security is that
users access their data on distant servers in the cloud, with the cloud
fully responsible for data storage and maintenance. Cloud cyber attacks
and services, on the other hand, might have a detrimental influence on
Furthermore, cloud computing clients are concerned about security is­
sues that might jeopardise data availability or cause data loss. As cyber
attacks [8] become increasingly sophisticated, developing attacks to
prevent them and ensure the security of data stored and processed in
cloud computing is crucial. Cloud computing now encompasses all
components, including end-users, networks, access control, and in­
frastructures [9,10]. Security communities contend with issues ranging
from data duplication to failing to discover security risks in a timely
manner without a clear perspective of the cloud architecture, as well as a
loss of control over data protection and access to meet regulatory
compliance.
We anticipate fast new growth in the computational demands offered
by cloud computing paradigms as cloud computing becomes more in­
tegrated into our daily lives and digital environments [11,12]. Cloud
computing presents several security problems due to data transfer and
apps outside of customers’ administrative domains. Investigation of
security risks, vulnerabilities, and threats across multiple network levels
is vital due to the crucial necessity of security in cloud computing.

* Corresponding author.
E-mail addresses: [email protected] (M. Mayuranathan), [email protected] (S.K. Saravanan), muthusenthilb.cse@
srmvalliammai.ac.in (B. Muthusenthil), [email protected] (A. Samydurai).

https://doi.org/10.1016/j.advengsoft.2022.103236
Received 9 July 2022; Received in revised form 29 July 2022; Accepted 5 August 2022
Available online 17 August 2022
0965-9978/© 2022 Published by Elsevier Ltd.
M. Mayuranathan et al. Advances in Engineering Software 173 (2022) 103236

Table 1 4 Finally, the efficacy of our proposed EOS-IDS approach is assessed

Summary of literature review. using two benchmark datasets: DARPA IDS and CSE-CIC-IDS2018,
Ref. Type of Methodology Algorithm Problem solved and the findings are compared to several current IDS strategies.
IDS used

[21] FCM FG-SAR ANN Packet delivery ratio, validity The remainder of the paper is organised like this: Section 2 sum­
index marises relevant research on IDS in cloud computing, whereas Section 3
[22] MLIDS VM DBSCAN Accuracy describes the issues and system model of the proposed EOS-IDS
[23] SDAE- MLP GA-SPO Accuracy, error rate approach. The suggested EOS-IDS approach is described in Section 4
IDS
[24] GA LAF ILU Flow time, span time
along with the appropriate mathematical model. Section 5 examines the
[25] IMVO SLA GA,PSO, Response time, reliability proposed EOS-IDS approach as well as a comparison of planned and
MFO current cloud computing IDS frameworks. Section 6 brings the paper to a
[26] GA- Task WOA,GWO Average turn around, close.
WOA scheduling response time
[27] HBI Wamp server PSO Response time, accuracy
[28] Cross FRON GA Cross border limit, Time 2. Related works
border complexity
[29] CI-IDS CC MCC Accuracy, processing time This section reviews recent literature concerning intrusion detection
[30] SFGA CDM SFLA, GA Energy consumption,
system for cloud computing environments. The literature is compiled in
response time, cost
[31] Fuzzy- IDS SMO Precision, recall, f-measure,
various aspects and presented in Table 1.
ANN accuracy, sensitivity, Chenet al. [21] presented a fuzzy cluster for detecting whether
specificity MANET should be introduced in a deep storage system. To boost per­
[32] OCSA DoS RNN Precision, recall, f-measure, formance, this document includes logic modelling and testing. On mo­
accuracy, processing time
bile terminals or mobile temporary networks, several terminals have
been performed (MANET). The most significant benefit of MANET is that
Using deep-Q network logic, a deep reinforcement learning-based it does not need a pre-defined infrastructure, such as a router connection
IDS discovers and classifies complex network attacks in various and a hub. It has the capacity to construct a time-dependent network,
dispersed agents and attention techniques [13]. Density peak (DPeak) but there is no permanent communication block. MANET may be
[14] is a clustering algorithm that converts data of any dimension into severely damaged by road attacks. Dey et al. [22] suggested machine
two dimensions and automatically detects density centres and noise. A learning software for multi-client networks in mobile clouds. There is no
MapReduce-based intelligent model [15] is presented to intelligently need to update individual project rules, and they may be adjusted to
automate intrusion detection. MR-IMID is a network intrusion detection meet the demands of client networks. The proposed idea comprises two
system that uses commodity hardware to consistently perform a range of steps from a technological standpoint: Multi-Layer Traffic Screening and
data categorization tasks. An intelligent and effective network intrusion Virtual Machine Decision Making. A new notion in cloud computing for
detection system (NIDS) based on deep learning [16] uses a mobile emerges from the mix of mobile computing with conventional
non-symmetric deep auto-encoder to give complete functionality and cloud computing. Because of the mobility of mobile phone cloud
performance for network intrusion detection concerns. The long computing network nodes, security is critical. Client networks for mo­
short-term memory (LSTM-CLOUD) [17] is a system designed to identify bile clients, such as car networks and wireless touch networks, have
and mitigate DDoS attacks in a public cloud network. An effective cloud variable security needs based on system complexity, power consump­
IDS that improves the overall security of a cloud-based computing tion, and security level, making the security problem more challenging.
environment by using sandpiper-based feature selection and extended To securely combine and integrate information from diverse client
equilibrium deep transfer learning (EEDTL) classification [18]. To networks, such complex systems need the development of novel security
detect attacks at the fog node, a lightweight support vector machine IDS approaches. In moving clouds, which incorporate numerous client net­
model based on cloud-fog cooperation is deployed [19]. Distributed works, detection of infiltration is one of the most critical safety pro­
Denial of Service (DDoS) attacks are one of the most dangerous types of cedures. Abusitta et al. [23] suggested a Joint IDS that is machine
hostile invasions. DDoS attacks are difficult to counteract because they learning-based and gives active feedback on past feedback data. The
are high-level, difficult-to-absorb threats with a wide range of forms, denonising auto coder (DA) is based on a particular model that is utilized
attacks, and complexity. Machine learning techniques are used in cloud as a foundation for deep neural networks. An crucial aspect of DA is
computing to provide an accurate and comprehensive strategy [20] for learning how to produce IDS feedback from feedback. This helps us to
detecting and preventing attacks. make rapid judgements on suspected infiltration even when we don’t
have entire IDS input.
1.1. Our contributions Aldwyan et al. [24] presented a container-based IDS solution for
categorising attacks and preventing cloud overlays. We are performing
For further enhancement in cloud computing, an efficient optimal experiments on National Instruments for electrical research cooperation
security system is proposed for intrusion detection using hybrid deep and resource research clouds throughout Australia to assess our speci­
learning technique (EOS-IDS). The main contributions of our proposed alised strategy. Yaghoubi et al. [25] proposed the IMVO method, an
work are summarized as follows: expanded multivariate optimization technique for a web service system
that improves QoS while meeting service level agreements (SLA). In the
1 An improved heap optimization (IHO) algorithm is used for data pre- cloud, several web services offer identical capabilities (QoS). To guar­
processing which ensures the data quality through removal of un­ antee optimum customer service integration, an adequate service system
wanted data’s from dataset. is required. Furthermore, a service provider’s anticipated SLA should be
2 A chaotic red deer optimization (CRDO) algorithm used for optimal enforced by insufficient service agreements. The introduction of an
feature selection process which selects best optimal features among adequate web-service system algorithm that produces high QAS while
multiple features. fulfilling SLA control is the key difficulty of Cloud Computing. Sanaj
3 The hybrid deep Kronecker neural network (DKNN) is illustrated for et al. [26] have presented an effective method for conveying cloud jobs
cloud attacks and intrusion detection and classification. using the GAP-WOA MAP reduction framework. The task was originally
part of the client’s job. The characteristics are then decreased using the
MRQFLDA approach. The map reduction law is then used to allocate

2
M. Mayuranathan et al.
Fig. 1. System architecture of our proposed work.
large jobs. Sharma et al. [27] published a study recommending a
modified bee-inspired algorithm to help with the load balancing plan.
According to Wangfi et al. [28], the influence of aggressive trade
talks on the advance sketch led to wider usage of electrical services. It
provides a variety of advantages in terms of Internet development in the
context of a cross-border E-commerce model, including complete
exposure, a partial cross-border logistics system, and quick cross-border
compensation. Cloud computing is included into the 5G network design
via essential networking elements. Cloud memory, network use, envi­
ronment, objects, or data source are all examples of lease source oper­
ating systems. Shamshirband et al. [29] suggested that cyber-attacks
will be used more often to stifle the rising Internet and its documenta­
tion and information services. These security vulnerabilities can be
solved using IDS. The hybrid frog leap method suggested by Ibrahim
et al. [30] employs an energy-sensitive system to enhance the mobile
cloud system utilizing the evolutionary algorithm (SFGA). The compo­
nents provide a broad variety of passive quality of service services (QoS).
In accordance with the issue of mobile energy security, the growth of
variety of energy sources in mobile energy clouds is becoming a greater
difficulty. In infiltration detection systems, Samriya et al. [31] devel­
oped a hybrid strategy to increase the overall security of cloud-based
computer environments. Theja et al. [32] have proposed DoS attack
detection system using oppositional crow search algorithm (OCSA),
which combines crow search algorithm (CSA) and opposition based
training (OBL) system to solve such problems.
3. Problem methodology and system architecture
3.1. Problem methodology
Integrating powerful machine learning algorithms into IDSs is
becoming more important in safeguarding mobile edge computing sys­
tems. However, our current society’s mobility necessitates increasingly
complex IDSs to strike a fair balance between dealing with the enormous
rise of traffic data and reacting to attacks. For intrusion detection, the
Ant Lion optimization technique is combined with a novel optimized
custom recurrent convolutional neural network (RC-NN) [33]. CNN is
combined with LSTM. As a result, all attacks detected at the cloud’s
network layer are effectively categorized. The experimental results
below demonstrate how the IDS classification model provides high ac­
curacy while boosting detection rates and minimizing mistake rates. The
revised custom RC-NN-IDS model increased classification accuracy by
3
Advances in Engineering Software 173 (2022) 103236
94% while lowering error rate by 0.0012. Performance measures
including true positive rate, true negative rate, and accuracy are also
evaluated. Data is subject to a range of attacks during network
communication. The importance of detecting network communications
breaches is growing. Researchers use machine learning methodologies
to construct effective intrusion detection systems. However, their usage
increases the risk of security attacks, making cloud computing in­
frastructures vulnerable to a wide range of threats. As a consequence, to
avoid attacks, IDS for cloud computing systems must be developed. The
fundamental issues in IDS are attaining high detection accuracy while
lowering training time. In contrast, traditional IDS are ineffectual in
dealing with them. Traditional IDS models utilize deep learning ap­
proaches for categorization in the output layer. The training model often
leads to a low detection rate of attacks in the face of large
high-dimensional data due to the effect of data dimensions, decreasing
overall detection efficiency. To overcome the problems described above,
the following research aims were used:
1 To introduce optimal preprocessing algorithm for unwanted artifacts
removal from the original dataset. Moreover, preprocessing phase is
optional for proposed EOS-IDS model which only required us
possible to use real-time data’s.
2 2. Develop an efficient feature selection technique to reduce the IDS
model’s complexity by avoiding overfitting due to the high dimen­
sional feature space.
3 To create a hybrid classifier that can detect/classify the kind of
attack/intrusion with high accuracy and low error rate.
4 To validate our proposed EOS-IDS model through the two standard
benchmark DARPA and CSE-CIC-IDS2018 datasets to prove the
effectiveness.
3.2. System architecture
In the domain of IDS model in cloud computing, we present a deep
Kronecker neural network (DKNN) for IDS detection and categorization
of cloud intrusion. This provides it an edge when dealing with material
that has statistical consistency and local significance. Fig. 1 depicts the
basic system architecture of our proposed EOS-IDS model. The method
for a suggested model may be broken down into four steps: The data type
format used in the following phase is preprocessed for each entry in the
IDS data collection. The processed data is sent into an optimal feature
selection algorithm, which accurately isolates the distinguishing traits
M. Mayuranathan et al. Advances in Engineering Software 173 (2022) 103236

and selects the best features from them. Finally, the IDS detection and where R is a random number generated using the uniform distribution
classification phase receives the ideally selected best characteristics. from the range [0, 1]. In Eq. (1), c is a determined parameter, and it is
calculated as follows:
4. Proposed methodology ⃒ ⃒
⃒ ⃒
⃒ s mod Sc ⃒⃒
The working method of our suggested IDS model for cloud ⃒
γ = ⃒2 − S ⃒ (3)
⃒ ⃒
computing environment employing hybrid deep learning approach is ⃒ 4c ⃒
described in this part (EOS-IDS). The working process is divided as three
steps as follows: where s stands for the current iteration, S stands for the total number of
iterations, and C stands for a user-defined parameter that will be dis­
1 Preprocessing using improved heap optimization (IHO) algorithm cussed later. During iterations, γ decreases linearly from 2 to 0 and then
2 Feature selection using chaotic red deer optimization (CRDO) begins to increase back to 2 with successive iterations. The c parameter,
algorithm on the other hand, specifies how many cycles γ completes in S repeats.
3 Intrusion detection and classification using a deep Kronecker neural After doing this experiment for a variety of functions, we decided to
network (DKNN) calculate the balanced value of c as follows:
c = ⌊S / 25⌋ (4)

4.1. Preprocessing Colleagues are officials who are of the same rank. They communicate
with one another in order to carry out official duties. We assume that
Preprocessing the initial data collection with procedures like data nodes on the same level in the heap are colleagues, and that each search
cleaning and data transformation is required to build an IDS detection agent →
̅→
y travels in respect to a randomly chosen colleague T , as shown
j R
and classification model. Filthy data is information that is missing, in the equation below:
noisy, or inconsistent. Internal laws of the original data are lost, ⎧ ⃒ ⃒ ( ̅→) (→ )
resulting in poor data analysis and processing performance. As a result, ⎪ ⃒ ⃒
⎨ TRK + γλK ⃒TRK − yKj (s)⃒, F TR < F Yj (s)
filthy data must be cleaned and transformed into data that fulfils data yKj (s + 1) = ⃒ ⃒ ( ) (→ ) (5)
quality standards. Missing values, erroneous data, outliers, and noise are ⎩ yKj + γλK ⃒⃒TRK − yKj (s)⃒⃒, F ̅→
⎪ TR ≥ F Yj (s)
the most common data cleaning issues. The aim is to fill in the missing
data set with the same constant while clearing or modifying the existing F is the objective function that determines the fitness of the search
special symbols and garbled codes. The improved heap optimization agent. Eq. (5) uses a position update technique similar to Eq. (1), but it
(IHO) approach was utilized for preprocessing in this research, which also allows the search agent to explore the area surrounding TRK if
̅→
assures data quality by removing extraneous data from the dataset. F(T ) > F(→
R y (s)) is present, and the region around yK if N is not.
j j
Corporate titles are awarded to firm or business executives (designa­ Exploration and exploitation are both encouraged by this behavior. The
tions). Work descriptions and duties are specified in employee titles. haphazard selection of coworkers creates variety, and the continual hunt
Although the titles vary from company to company and business to for exceptional answers fosters exploitation. We’ll duplicate this
business, they are always structured in a hierarchy and are known as behaviour in the upcoming release by keeping the employee’s old po­
corporate rank hierarchy, organizational chart tree, or corporate hier­ sition, as seen below.
archy structure, among other things. Subordinates obey their immediate
supervisor as upper-level laws and policies are executed in a centralized yKj (s + 1) = yKj (s) (6)
organizational structure. To demonstrate this behavior, change the po­
In successive iterations of Eq, the search agent →yj does not modify its
sition of each search agent → yj in relation to its parent node A.
location for its Kth design variable (6). This feature enables us to control
⃒ ⃒
⃒
yKj (s + 1) = AK + γλK ⃒AK − yKj (s)⃒
⃒
(1) how often a search agent changes. The next section shows how this
equation may be used to direct research. To balance these options,
which are separated into three proportions: q1,q2,andq3, → yj , and q1, a
where s is the current iteration, K denotes the vector’s Kth component,
roulette wheel is employed. A search agent may use Eq. to update its
and | | denotes the absolute value. λK is the Kth component of vector →
y,
location by selecting the percentageq1. (6). The q1 limit is calculated as
and it is created at random:
follows:
λK = 2r − 1 (2) s
q1 = 1 − (7)
S

Algorithm 1 where S signifies the maximum number of iterations and s denotes the
Data pre-processing using HBO algorithm. current iteration. When percentage q2 is chosen, a search agent may use
Input: component of vector → y, →
yj Eq. to update its location (1). q2’s limit is calculated as follows:
Output: q1,q2,andq3
1 − q1
1 Initialize the best population
⃒ ⃒ q2 = q1 + 1 − (8)
2 ⃒ ⃒ 2
Reference to parent node A by yKj (s + 1) = AK + γλK ⃒AK − yKj (s)⃒
3 While do Finally, using Eq. (5), the selection of q3 symbolizes updating posi­
4 If j=0, i=1 tion, and the limit of q3 3 is calculated as follows:
⃒ ⃒
5 ⃒ ⃒ ̅→ →
TKR + γλK ⃒TRK − yKj (s)⃒, F( TR ) < F(Yj (s))
̅→
Colleague TR yKj (s + 1) = {
1 − q1
⃒
⃒
⃒
⃒ ̅→ → q3 = q2 + 1 − =1 (9)
yKj + γλK ⃒TRK − yKj (s)⃒, F( TR ) ≥ F(Yj (s)) 2
6 1 − q1
Limit of q2 is compute byq2 = q1 + 1 − The following equation depicts HBO’s general position update
2
7 Next iteration is compute by yKj (s + 1) = yKj (s) mechanism:
8 Update HBO
9 End else
10 End

4
M. Mayuranathan et al. Advances in Engineering Software 173 (2022) 103236

⎧
⎪ yKj (s) q ≤ q1 We provide a chaotic red deer optimization (CRDO) technique for
⎪
⎪
⎪
⎪
⎪
⃒ ⃒ optimum feature selection in this paper, which is responsible for
⎪ K⃒ K ⃒
dimensionality reduction owing to large data. There is no metaheuristic
K
⎪
⎨ A + γλ ⃒A − yKj (s)⃒, q > q1 and q ≤ q2
K
yj (s+1) = ⃒ ⃒ ( ̅→) algorithm in the literature that can sustain exploration and exploitation
⃒ ⃒ →
⎪
⎪ TjK + γλK ⃒TRK − yKj (s)⃒, q > q2 and q ≤ q3 and F TR < F(Yj (s)
⎪
⎪
⎪ ⃒ ⃒ ( ) at the same time. It has been attempted in the suggested strategy to
⎪
⎪
⎪ ⃒ ⃒ ̅→ →
⎩ yKj + γλK ⃒TRK − yKj (s)⃒, q > q2 and q ≤ q3 and F TR ≥ F(Yj (s) balance these two qualities almost equally. The following subsections
detail the many phases of the modified version of this method. This
(10) improved version, like the original CRDO method, is designed to identify
global or near-optimal solutions to the given issue. Any viable solution
where q is an integer selected at random from 0 to 1. It’s crucial to talk
defined as follows in a solution space (Q):
about why we’re calculating M the way we are. The influence of
different combinations of N and O on exploitation of these functions is rd = [Q1, Q2, Q3, .....Qd] (12)
investigated using two well-known functions, sphere and grievance. The
pseudo code for our suggested preprocessing utilizing the HBO tech­ where d is the best solution’s dimension. The fitness functions that
nique is described in Algorithm 1. determine a solution’s quality or badness are well-defined and expressed
as

4.2. Feature selection F(rd) = F[Q1, Q2, Q3, .....Qd] (13)

The population is produced in the first step by creating nq red deer
In this part, we address another issue: the potential of over-fitting as solutions. The finest red deer are assigned the letternmale, while the rest
a result of IDS’s high dimensional feature space and model complexity. of the solutions are assigned the letternhind. In this case, the elitism
There are no suitable and well-defined strategies for dealing with property is used to choose the CRDO method in these two sets. The
anomaly detection issues. Fathollahi Fard et al. [33] created the Red number of men is calculated using this characteristic.
Deer (RD) method, a famous meta-heuristic. The authors’ only motiva­
tion for developing the RD algorithm was their careful observation and nmale = round{α1 .nQ} (14)
analysis of red deer behavior during their mating season. When the α1 is a random constant value between 0.2 and 0.5. The number of
commanders mate with the harem’s hinds, kids are produced. Every hinds (nhind) is represented by the letter nhind = nq − nmale. At this stage,
metaheuristic algorithm must fulfil two requirements: exploitation and the placements of male RDs, which are considered superior solutions,
exploration. The step of male RD algorithm roaring improves the are adjusted in order to get better solutions in the area. The original
exploitation property. This phase attempted to enhance local search, and method’s natural observation is preserved, as is the randomization for
the step of commanders and stags battling was also employed in this moving the male RDs’ location. In the initial iteration of the approach,
aim. When commanders created harems based on their authority, this three fixed values were used instead of random values. With those aims
algorithm’s exploration property is met. To maximize the exploratory in mind, the mathematical formula was carefully built, resulting in a
feature, stags mate with hinds at a minimal distance throughout the Gradient in adaptability and a continuously diminishing rate of change
breading season, disregarding the harem constraint. The quality of a in parametric variables. The formulae below are used to update the
segmented picture may be determined using the conventional metric of men’s positions.
correlation coefficient (ρ). The following is the mathematical ⎧
formulation: ⎪
⎪
N
⎨ maleold − (1 − b) ∗ (ua − la) ∗ j2 + N ,
⎪ b < 0.5
1
∑ N (
N ∑ ) malenew = (15)
Hji − H (dji − d) ⎪
⎪ male + b ∗ (ua − la) ∗ N ,
N2 ⎪
⎩ b ≥ 0.5
(11)
j=1 i=1 old
ρ = √̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅√̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅ j2 + N
∑ N ∑ N ( )2 1 ∑ N ∑ N ( 2
The current generation and total number of generations are repre­
1
N2
Hji − H N2
dji − d)
j=1 i=1 j=1 i=1
sented by j and N, respectively, while b is a randomly generated real
The original and segmented pictures areHji, 1 ≤ i, j ≤ n anddji, 1 ≤ j, i value (b ∈ [0, 1]). The CRDO algorithm has been enhanced to look at
≤ N, respectively, with dimensions N × N. H and d are the corresponding two sorts of red deer: Stags and commanders The following formula is
mean intensity levels. A greater ρ value indicates better segmentation used to calculate the number of commander men (nCM):
quality. nCM = round{α2 .nmale } (16)

Algorithm 2
The value of α2 is a random constant between 0.2 and 0.5. As a
Optimal feature selection using CRDO algorithm. consequence, males account for 20 to 50 percent of commanders. The
surviving males are referred to as stags, and the number of stags (nstag) is
Input: correlation coefficient (ρ)
Output: ne1 and ne2
calculated as follows:
1 Initialize the best population
nstag = nmale − ncm (17)
2 Define partial solution ρ =
∑N ∑N
1 j=1 i=1 (Hji − H)(dji − d)
√̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅
The mathematical procedure used in this improved version is based
N 2 √̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅
on a single random constant, the current iteration (j), and the overall
1 ∑N ∑N 1 ∑N ∑N 2
(Hji − H)2 (d − d)
N 2 j=1 i=1 N2 j=1 i=1 ji number of iterations (N). The mathematical representation of the
3 While Do fighting process aims to keep dominant features while reducing reces­
4 Number of males nmale = round{α1.nQ}
sive traits. Two new solutions are found during the battle between the
5 If j=0, i=1
6 Define commander males (nCM) nCM = round{α2.nmale} commander (cm) and the stags (ts), and the mathematical equations are
7 Number of stags are computed as nstag = nmale − ncm as follows:
8 j
N− N − Nj
Define mating process nOF1 = b ∗ Cm + (1 − b) ∗ gN − b ∗ (ua − la) ∗ 2 N, b ne1 = b ∗ Cm + (1 − b) ∗ ts − b ∗ (ua − la) ∗ , b < 0.5 (18)
j ∗N j2 ∗ N
< 0.5
9 Find the best solution of MRDA
10 End

5
M. Mayuranathan et al. Advances in Engineering Software 173 (2022) 103236

N − Nj
ne2 = (1 − b) ∗ Cm + b ∗ ts + (1 − b) ∗ (ua − la) ∗ , b ≤ 0.5 (19) p ∑
∑ p 2
j2 ∗ N ‖ N ‖ 2
F = N , ‖ N ‖ ∞ = max |Nx | (27)
‖x‖ = 1
i=1 i=1
The fighting process has created two new solutions: ne1 and ne2.
ij

The search space’s upper and lower limits are marked by ’ua’ and The (i, j) -component of is N i j. Assume the matrix 1u×t for size u × t
’la,’ respectively. Where b is a random value between 0 and 1, and which has all entries with 1u. Assume fixed +ve integer as K. Define the
Commander mates with a particular percentage of hinds in his harem block bias vector and weight matrix for lth block respectively.
under the original RD system. With no border limits, every commander ⎡ l … ⎤
W Wl
in the CRDO algorithm mates with every hind (gN) in his captivity. The ⎡ l⎤
⎢ ⎥
b
mating process may be mathematically expressed as follows: 1KX l ⊗ bl = ⎣ ⋮ ⎦ ∈ RN1 K 1KXK ⊗ W l = ⎢
⎢ ⎥
(28)
⎢ ⋮ ⋱ ⋮ ⎥ ⎥∈R
N1 K X Nl− 1 K

bl ⎣ ⎦
N − Nj
nOF1 = b ∗ Cm + (1 − b) ∗ gN − b ∗ (ua − la) ∗ , b < 0.5 (20) Wl … Wl
j2 ∗ N
where Kronecker product is denoted by symbol ⊗. A block initiation
N − Nj
nOF2 = (1 − b) ∗ Cm + b ∗ gN − (1 − b) ∗ (ua − la) ∗ , b ≤ 0.5 function →φ is defined that applies block-wise. So, sn ∈ Rm for 1 ≤ n ≤ K,
j2 ∗ N
let s = [s1, ⋅ ⋅ ⋅,sK]T ∈ RmK and
(21) ⎡→ ⎤
φ 1 (s1 )
With the particular goal of achieving a gradient shift in values, the ⎢ ⎥
mathematical expression has been specifically developed to maintain
→φ (s) = ⎢⎣ ⋮
⎥
⎦ (29)
more of the dominant qualities and less of the recessive features. The ̅→
φK (s)K
Algorithm 2 describes the pseudo code of our proposed optimal feature
selection using CRDO algorithm. φjs are initiation functions that are applied to each element indi­
vidually. Then, using the block and block bias vectors’ weight matrices
4.3. Intrusion detection and classification and the equation below, construct a neural network: Let s0 = s is the
input and s1 = (1KXK ⊗ Wl )(1KX1 ⊗ s0 ) + 1KX1 ⊗ b1
For cloud attacks and intrusion detection and classification, we used ( )
sD = (11XK ⊗ WD ) →
φ sD− 1 + bD and sl = (1KXK ⊗ W l ) →
φ (1KX1 ⊗ bl )
a deep Kronecker neural network (DKNN) in this part. In the develop­
ment of the weight matrices, the Kronecker product is utilized by the (30)
D FF
Kronecker neural networks (KNN). In actuality, standard FNN or feed- S is a D-layer KNN with KNl number of neurons and u number of
forward neural networks have similarity with the KNN for having an network parameters at the lth layer. The weight matrices of block and
overall versatile initiation function as follows: block bias vectors are scaled using the scaling parameters αl, ωl ∈ RK,
∑M where αl is the row vector and P is the column vector. The block bias
φα,ω (y) = m=1
αm φm (ωm y), M ∈ N ≥ 1, α = (αm ), ω = ωm (22) vector and scaled block weight matrices are defined as follows:
( ) ( )
where α, ω are trainable parameters andαmis fixed activation functions.
⌢l ⌢l
W = ωl ⊗ αl ⊗ W l , b = ωl ⊗ bl , 1 ≤ l < D (31)
KNN execution doesn’t need the real processing of Kronecker item. Be
that as it may, the Kronecker product permits one to develop a lot more ⌢D ( ) ⌢D
extensive organization than a KNN, while keeping up with practically W = 11XK ⊗ W D ⊗ W l and b = bD (32)
similar number of boundaries. A function definition for an FFN with ( )
⌢l ⌢l
depth D is among a group of numerous layers comprising of input layer,
⌢
sl : = L l sl− 1 = W sl− 1 , + b (33)
hidden-layers D− 1 and a resultant layer. The number of neurons Nl are
available in the lth hidden-layer. Each hidden-layer gets Sl − 1 ∈ RNl – 1 as Representation obtained is as follows:
a result from past layer, in which a relative change is done. (⌢ ⌢ ⌢
)
( ) uKΘ (s) = L D ∘φ ∘ L D− 1 ∘...... ∘φ ∘ L 1 (1KX1 ⊗ s) (34)
Ll sl− 1 = W l Sl− 1 + bl (23)
The DNN network parameter set defines as follows:
bl RN l N N
l is the bias vector associated with the lth layer. W ∈ R l l - 1 is the { }D { }D− 1
weight matrix. Before transmitting the altered vector as a commitment ΘK = W l , bl l=1 U ωl , αl l=1 (35)
to the next layer, apply a nonlinear activation function φ1(•) to each
⌢l
component of it. After a consequent layer, the same function indicates a DKNN may be completed without the block weight matrices {W }l
beginning function. ⌢l
and block bias vectors { b }l . This work features KNN.
uFF (s) = (LD ∘φ 1 ∘LD− 1 ∘..∘φ 1 ∘L1 )(s), (24) ( )
(36)
⌢ ⌢
uK (s) = LD ∘φ LD− 1 ∘...... ∘φ 1 ∘L1 (s )
where ◦ is the composition operator used. Network’s trainable param­
eter denotes as follows: where the lth layer’s initiation function is dependent on the trainable
{ }D parameters {ωl, αl}, but is no longer deterministic.
ΘFF = W l , bl l=1 (25)
(
⌢l ) ∑K
( )
For a vector w = [w1, ⋅ ⋅ ⋅, wn]T ∈ RN, the various norms of w are: φ L1 (s) ; ωl , αl = αlk φk ωlk L1 (s) , l = 1, ...D − 1 (37)
k=1
∑n ∑n
‖ w ‖ 1= i=1
|wi | , ‖ w ‖2 = i=1
|wi | 2 , ‖ w ‖ ∞ = max |wi |
1<i<q
In the proposed deep Kronecker NN (DKNN), the neurons in corre­
sponding hidden-layers are indicated by the yellow circles. The neuron’s
(26)
result passes to multiple initiation function when it is dissimilar to the
For a matrix N ∈ Rpxq, let N be the qth highest singular value of σ conventional neural network design. In this section, DKNN is analyzed
min(N), where p ≥ q. The following are the definitions of the spectral by viewing the the square loss function with the supervised learning.
norm and the Frobenius norm: Assume m-training data points set Tm = {(xi , yi )}m
i=1 . Define the square
loss as follows:

6
M. Mayuranathan et al. Advances in Engineering Software 173 (2022) 103236

2 Table 2
1∑ M
( Type )
L(Θ) = u (xi ) − yi (38) Performance analysis for DARPA-IDS dataset.
2 j=1 Θ
Metric/Classifiers Attacks/Intrusions
uType Accuracy Normal DoS U2R R2L Probe
Θ (xi ) stands for the chosen network, which might be either FF
network uFFΘ (x) or DKNN uΘ (x). Consider the two-layer networks
K LSTM-SGDM 62.020 63.540 62.472 62.441 62.374
described below: LSTM-ADAM 63.300 64.820 63.752 63.721 63.654
CNN 58.110 59.630 58.562 58.531 58.464
∑
N
( ) ∑
N ∑
K
( ) CNN-LSTM 62.970 64.490 63.422 63.391 63.324
uFF
ΘFF (x) = ci φ1 wTi x + bi uKΘK (x) = ci αk φk (ωk wTi x + bi ) RC-NN 94.010 95.530 94.462 94.431 94.364
I=1 I=1 k=1 DKNN 96.780 98.300 97.232 97.201 97.134
(39) Precision Normal DoS U2R R2L Probe
LSTM-SGDM 62.020 63.540 62.472 62.441 62.374
The respective network parameters ΘFF = {ci , wi , bi }Ni=1 andΘK = LSTM-ADAM 62.910 64.430 63.362 63.331 63.264
CNN 61.560 63.080 62.012 61.981 61.914
{ci , wi , bi }Ni=1
U{α K
k , wk }k=1 ,
are denoted correspondingly. The learning CNN-LSTM 62.950 64.470 63.402 63.371 63.304
objective is finding network parameters for loss function reduction. RC-NN 80.450 81.970 80.902 80.871 80.804
DKNN 95.450 96.970 95.902 95.871 95.804
min ΘType L(ΘType) where Type = FF or K (40) Recall Normal DoS U2R R2L Probe
LSTM-SGDM 85.450 86.970 85.902 85.871 85.804
The minimization problem is solved using the gradient descent LSTM-ADAM 86.780 88.300 87.232 87.201 87.134
approach. The technique for boundary initialization starts with Θ (0). CNN 89.540 91.060 89.992 89.961 89.894
Change the boundaries on the kth iteration as follows: CNN-LSTM 87.650 89.170 88.102 88.071 88.004
RC-NN 91.230 92.750 91.682 91.651 91.584
Θ (k) = Θ (k− 1)
− ηk ∇ Θ LΘ | Θ = Θ (k) (41) DKNN 94.780 96.300 95.232 95.201 95.134
F-measure Normal DoS U2R R2L Probe
where ηk > 0 is the learning rate for the kth iteration, which is generally LSTM-SGDM 76.650 78.170 77.102 77.071 77.004
LSTM-ADAM 77.080 78.600 77.532 77.501 77.434
set low to ensure convergence. The network boundary advancement that
CNN 73.420 74.940 73.872 73.841 73.774
changes in time consistently is portrayed by the gradient flow dynamics CNN-LSTM 77.120 78.640 77.572 77.541 77.474
as: RC-NN 89.180 90.700 89.632 89.601 89.534
DKNN 95.114 96.634 95.566 95.535 95.468
Θ̇ (t) = − ∇ Θ (LΘ (t)) , t ≥ 0 , Θ(0) = Θ (0) (42)

where L(t) is loss function with a little notation abuse. The loss function
is written as LK (t) when employed with KNN. LFF(t) is written for the loss
function, when employed with FF network. For the analysis, the
parameter initialization and the activation functions are given as­
sumptions. For comparing two networks fairly, an initialization is
considered that makes LK(0) = LFF(0). The network is as follows for any
FF initialization ΘFF(0):
ΘK (0) = ΘFF (0) U (ω (0), α (0)}
where,
ω (0) = 1 KX1 , α (0) = [1 0 ...... 0]
It gives two similar networks at the initialization, which causes
similar loss value LK (0) = LFF (0). Assume that c and ω are trained and
fixed for the convergence evaluation, only for{wi, bi}Ni=1 U {αk } Kk=1 .
Without loss of generality, from the training data set{(xi , yi )}m
i=1 , assume
√̅̅̅
x̃i= [xi; 1 / 2] such that for 1 ≤ i ≤ m is || x̃i ||= 1. The combination of
initiation functions are selected for the adaptive initiation function for
the general DKNN classifier. It is also known as Rowdy-Net and serves as
a neural network with Rowdy activation characteristics. {φ1} is chosen
as the standard initiation function, such as Tanh, sine, ReLU, ELU, and so
on, while the other {φk }Kk=2 initiation functions are chosen as follows:
φ k (x) = nsin ((k − 1) nx) or cos ((k − 1) nx), ∀ 2 ≤ k ≤ K
0.19.1, and Pandas version 0.23.1. In terms of accuracy, true positive
rate (TPR), true negative rate (TNR), precision, recall, and F-measure,
the proposed DKNN classifier outperformed current state-of-the-art
LSTM-SGDM, LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and DKNN
classifiers.
5.1. Dataset description
(43)
DARPA dataset: It has fewer features and a wider range of threshold
limits, with 22 characteristics recommended for accuracy and sensi­
tivity, which is almost comparable to the 41 attribute dataset. Normal,
(44)
DoS, U2R, R2L, and Probe are the seven intrusion scenarios contained in
the final dataset.
Data set CSE-CIC-IDS2018: Using a realistic cyber defence dataset
from the Canadian Institute for Cyber Security (CIC), we created a DKNN
Classifier model using Amazon Web Services (AWS). The CIC and ISCX
datasets are used for security testing and malware prevention all across
the globe. The dataset, which is kept in Resource type -S3 Bucket with
Amazon resource name (ARN) arn:aws:s3:::cse-cic-ids2018 and AWS
region ca-central-1 under License, requires knowledge of AWS. It con­
tains both a detailed explanation of incursions and abstract distribution
models for applications, protocols, and lower-level network compo­
nents. The final dataset includes seven intrusion scenarios: brute-force,
(45) Heartbleed, Botnet, DoS, DDoS, Web attacks, and internal network

The scaling factor n ≥ 1 is represented by the +ve fixed value. The

Table 3
phrase ’rowdy’ refers to the irregular, noisy, and varied nature of the
Comparative analysis of proposed and existing classifiers.
{φk }Kk=2 starting functions.
Classifiers Performance measures (%)
Accuracy TPR TNR Precision Recall F-
5. Simulation Results measure

LSTM- 62.461 95.650 45.380 62.569 85.999 77.199

We use the benchmark DARPA-IDS and CSE-CIC-IDS2018 datasets to SGDM
verify our proposed EOS-IDS model in this part. The suggested EOS-IDS LSTM- 63.741 94.230 54.680 63.459 87.329 77.629
model includes the processes of data pre-processing with the IHO ADAM
method, optimum feature selection with the CRDO algorithm, and CNN 58.551 90.120 63.250 62.109 90.089 73.969
CNN-LSTM 63.411 85.230 78.950 63.499 88.199 77.669
intrusion detection with the DKNN classifier. To develop this EOS-IDS
RC-NN 94.451 75.210 89.560 80.999 91.779 89.729
model in Jupyter Notebook, we used Anaconda 3.0, Scikit version DKNN 97.221 60.230 94.780 95.999 95.329 95.663

7
M. Mayuranathan et al. Advances in Engineering Software 173 (2022) 103236

current LSTM-SGDM, LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and

DKNN classifiers by 34.823 %, 33.896 %, 35.302 %, 33.855 %, and
15.625 %, respectively.
Current LSTM-SGDM, LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and
DKNN classifiers all outperformed our proposed DKNN classifier by
9.787%, 8.392%, 5.497%, 7.479%, and 3.724%, respectively. The pro­
posed DKNN classifier was outperformed by 19.301 %, 18.852 %,
22.678 %, 18.810 %, and 6.203 percent, respectively, by the current
LSTM-SGDM, LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and DKNN clas­
sifiers. Fig. 2 shows a graphical depiction of planned and existing clas­
Fig. 2. For the DARPA-IDS dataset, we looked at planned and cur­ sifiers for the DARPA-IDS dataset.
rent classifiers.
5.3. Comparative analysis on CSE-CIC-IDS2018 dataset
infiltration. There are 50 computers in the attacking infrastructure. The
victim organisation is divided into five divisions, with 420 workstations The proposed DKNN classifier’s performance on the CSE-CIC-
and 30 servers. Each machine’s network traffic and system logs are IDS2018 dataset is shown in Table 4, which can be analysed using a
included in the collection, as well as 80 characteristics collected from range of performance measures such as accuracy, TPR, TFR, precision,
the traffic using CICFlowMeter-V3. recall, and F-measure. For the CSE-CIC-IDS2018 dataset, Table 5 com­
pares our proposed and current state-of-the-art IDS models. The table
below shows the many performance measures that we utilised to assess
5.2. Comparative analysis on DARPA-IDS dataset the performance. Our new DKNN classifier was outperformed by the
current LSTM-SGDM, LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and
Table 2 shows the results of our proposed DKNN classifier on the DKNN classifiers by 31.645 %, 34.412 %, 39.745 %, 34.772 %, and
DARPA-IDS dataset, which can be analysed using accuracy, TPR, TFR, 2.574 %, respectively. The proposed DKNN classifier outperforms the
precision, recall, and F-measure. For the DARPA-IDS dataset, Table 3 current LSTM-SGDM, LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and
compares our proposed and current state-of-the-art IDS models. The DKNN classifiers by 37.031 %, 36.082 %, 33.167 %, 29.332 %, and
table below shows the many performance measures that we utilised to
assess the performance. The proposed DKNN classifier outperforms the
Table 5
current LSTM-SGDM, LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and
Comparative analysis of proposed and existing classifiers.
DKNN classifiers by 35.753 %, 34.437 %, 39.775 %, 34.776 %, and
Classifiers Accuracy TPR TNR Precision Recall F-measure
2.849 %, respectively. The proposed DKNN classifier outperforms the
current LSTM-SGDM, LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and LSTM-SGDM 66.385 95.65 45.38 66.428 68.958 67.669
DKNN classifiers by 37.031 %, 36.082 %, 33.167 %, 29.332 %, and LSTM-ADAM 63.698 94.23 54.68 63.308 65.838 64.548
CNN 58.518 90.12 63.25 61.948 64.478 63.187
19.918 %, respectively. The proposed DKNN classifier outperforms the CNN-LSTM 63.348 85.23 78.95 63.338 65.868 64.578
current LSTM-SGDM, LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and RC-NN 94.618 75.21 89.56 89.898 92.428 91.145
DKNN classifiers by 52.121 %, 42.309 %, 33.267 %, 16.702 %, and DKNN 97.118 60.23 94.78 95.658 98.188 96.906
5.507 %, respectively. The proposed DKNN classifier outperforms the

Table 4
Performance analysis for CSE-CIC-IDS2018 dataset.
Metric/Classifiers Attacks/Intrusions
Accuracy Normal Brute-force Heart bleed Botnet DoS DDoS Web attacks Infiltration

LSTM-SGDM 66.09 66.21 66.33 66.40 66.44 66.43 66.52 66.67

LSTM-ADAM 63.36 63.48 63.60 63.67 63.71 63.70 63.79 63.94
CNN 58.18 58.30 58.42 58.49 58.53 58.52 58.61 58.76
CNN-LSTM 63.01 63.13 63.25 63.32 63.36 63.35 63.44 63.59
RC-NN 94.28 94.40 94.52 94.59 94.63 94.62 94.71 94.86
DKNN 96.78 96.90 97.02 97.09 97.13 97.12 97.21 97.36
Precision Normal Brute-force Heart bleed Botnet DoS DDoS Web attacks Infiltration
LSTM-SGDM 66.09 66.21 66.33 66.40 66.44 66.43 66.52 66.67
LSTM-ADAM 62.97 63.09 63.21 63.28 63.32 63.31 63.40 63.55
CNN 61.61 61.73 61.85 61.92 61.96 61.95 62.04 62.19
CNN-LSTM 63.00 63.12 63.24 63.31 63.35 63.34 63.43 63.58
RC-NN 89.56 89.68 89.80 89.87 89.91 89.90 89.99 90.14
DKNN 95.32 95.44 95.56 95.63 95.67 95.66 95.75 95.90
Recall Normal Brute-force Heart bleed Botnet DoS DDoS Web attacks Infiltration
LSTM-SGDM 68.62 68.74 68.86 68.93 68.97 68.96 69.05 69.20
LSTM-ADAM 65.50 65.62 65.74 65.81 65.85 65.84 65.93 66.08
CNN 64.14 64.26 64.38 64.45 64.49 64.48 64.57 64.72
CNN-LSTM 65.53 65.65 65.77 65.84 65.88 65.87 65.96 66.11
RC-NN 92.09 92.21 92.33 92.40 92.44 92.43 92.52 92.67
DKNN 97.85 97.97 98.09 98.16 98.20 98.19 98.28 98.43
F-measure Normal Brute-force Heart bleed Botnet DoS DDoS Web attacks Infiltration
LSTM-SGDM 67.33 67.45 67.57 67.64 67.68 67.67 67.76 67.91
LSTM-ADAM 64.21 64.33 64.45 64.52 64.56 64.55 64.64 64.79
CNN 62.85 62.97 63.08 63.16 63.20 63.19 63.27 63.43
CNN-LSTM 64.24 64.36 64.48 64.55 64.59 64.58 64.67 64.82
RC-NN 90.81 90.93 91.04 91.12 91.16 91.15 91.23 91.39

DKNN 96.57 96.69 96.80 96.88 96.92 96.91 96.99 97.15

8
M. Mayuranathan et al.
Fig. 3. Analysis of proposed and existing classifiers for
IDS2018 dataset.
19.918 %, respectively. The proposed DKNN classifier outperforms the
current LSTM-SGDM, LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and
DKNN classifiers by 52.121 %, 42.309 %, 33.267 %, 16.702 %, and
5.507 %, respectively.
The proposed DKNN classifier outperforms the current LSTM-SGDM,
LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and DKNN classifiers by 30.557
%, 33.818 %, 35.240 %, 33.787 %, and 6.021 %, respectively. LSTM-
SGDM, LSTM-ADAM, CNN, CNN-LSTM, RC-NN, and DKNN classifiers
now in use outperform our suggested DKNN classifier by 29.769 %,
34.332 %, 32.916 %, and 5.866 %, respectively. Our suggested DKNN
classifier was beaten by 30.17 %, 33.391 %, 34.796 %, 33.360 %, and
5.945 %, respectively, by current LSTM-SGDM, LSTM-ADAM, CNN,
CNN-LSTM, RC-NN, and DKNN classifiers. Fig. 3 shows a graphical
depiction of planned and existing classifiers for the CSE-CIC-IDS2018
dataset.
6. Conclusion
Using a hybrid deep learning method, we suggested an efficient
optimum security solution for IDS in cloud computing (EOS-IDS). The
following are the primary contributions of our suggested EOS-IDS
model: An improved heap optimization (IHO) algorithm is used for
pre-processing which ensures the data quality through removal of un­
wanted data’s from dataset. A chaotic red deer optimization (CRDO)
algorithm is utilized for optimal feature selection which responsible for
dimensionality reduction due to huge data. A deep Kronecker neural
network (DKNN) is used for cloud attacks and intrusion detection and
classification. Finally, the performance of our proposed EOS-IDS tech­
nique has evaluated using two benchmark DARPA IDS and CSE-CIC-
IDS2018 datasets. According to the simulation findings, the accuracy
of our proposed DKNN classifier is 97.221 % for DARPA IDS datasets and
97.118 % for CSE-CIC-IDS2018 datasets, respectively.
Declaration of Competing Interest
The authors declare no conflict of the interest.
References
[1] Ferrag MA, Shu L, Friha O, Yang X. Cyber security intrusion detection for
agriculture 4.0: machine learning-based solutions, datasets, and future directions.
IEEE/CAA J Autom Sin 2021;9(3):407–36.
[2] Nadeem M, Arshad A, Riaz S, Band SS, Mosavi A. Intercept the cloud network from
brute force and DDoS attacks via intrusion detection and prevention system. IEEE
Access 2021;9:152300–9.
[3] Fatani A, Abd Elaziz M, Dahou A, Al-Qaness MA, Lu S. IoT intrusion detection
system using deep learning and enhanced transient search optimization. IEEE
Access 2021;9:123448–64.
[4] Kasongo SM. An advanced intrusion detection system for IIoT based on GA and tree
based algorithms. IEEE Access 2021;9:113199–212.
[5] Mishra P, Aggarwal P, Vidyarthi A, Singh P, Khan B, Alhelou HH, et al. VMShield:
memory introspection-based malware detection to secure cloud-based services
against stealthy attacks. IEEE Trans Ind Inf 2021;17(10):6754–64.
Advances in Engineering Software 173 (2022) 103236
[6] Satam P, Hariri S. WIDS: an anomaly based intrusion detection system for Wi-Fi
(IEEE 802.11) protocol. IEEE Trans Netw Serv Manage 2020;18(1):1077–91.
[7] Balamurugan E, Mehbodniya A, Kariri E, Yadav K, Kumar A, Haq MA. Network
optimization using defender system in cloud computing security based intrusion
detection system withgame theory deep neural network (IDSGT-DNN). Pattern
Recognit Lett 2022;156:142–51.
[8] Singh P, Kaur A, Aujla GS, Batth RS, Kanhere S. DaaS: dew computing as a service
for intelligent intrusion detection in edge-of-things ecosystem. IEEE Internet Things
J 2020;8(16):12569–77.
[9] Alkadi O, Moustafa N, Turnbull B, Choo KKR. A deep blockchain framework-
enabled collaborative intrusion detection for protecting IoT and cloud networks.
IEEE Internet Things J 2020;8(12):9463–72.
[10] Samriya JK, Tiwari R, Cheng X, Singh RK, Shankar A, Kumar M. Network intrusion
detection using ACO-DNN model with DVFS based energy optimization in cloud
CSE-CIC- framework. Sustain Comput Inf Syst 2022:100746.
[11] Imran M, Haider N, Shoaib M, Razzak I. An intelligent and efficient network
intrusion detection system using deep learning. Comput Electr Eng 2022;99:
107764.
[12] Qiu W, Ma Y, Chen X, Yu H, Chen L. Hybrid intrusion detection system based on
Dempster-Shafer evidence theory. Comput Secur 2022:102709.
[13] Sethi K, Madhav YV, Kumar R, Bera P. Attention based multi-agent intrusion
detection systems using reinforcement learning. J Inf Secur Appl 2021;61:102923.
[14] Yan M, Chen Y, Hu X, Cheng D, Chen Y, Du J. Intrusion detection based on
improved density peak clustering for imbalanced data on sensor-cloud systems.
J Syst Arch 2021;118:102212.
[15] Asif M, Abbas S, Khan MA, Ftima A, Khan MA, Lee SW. MapReduce Based
Intelligent Model for Intrusion Detection Using Machine Learning Technique.
J King Saud Univ-Comput Inf Sci 2021.
[16] Imran M, Haider N, Shoaib M, Razzak I. An intelligent and efficient network
intrusion detection system using deep learning. Comput Electr Eng 2022;99:
107764.
[17] Aydın H, Orman Z, Aydın MA. A long short-term memory (LSTM)-based distributed
denial of service (DDoS) detection and defense system design in public cloud
network environment. Comput Secur 2022:102725.
[18] Sreelatha G, Babu AV, Midhunchakkaravarthy D. Improved security in cloud using
sandpiper and extended equilibrium deep transfer learning based intrusion
detection. Cluster Comput 2022:1–16.
[19] Du R, Li Y, Liang X, Tian J. Support vector machine intrusion detection scheme
based on cloud-fog collaboration. Mob Netw Appl 2022:1–10.
[20] Arunkumar M, Ashok Kumar K. Malicious attack detection approach in cloud
computing using machine learning techniques. Soft Comput 2022:1–11.
[21] Chen M, Wang N, Zhou H, Chen Y. FCM technique for efficient intrusion detection
system for wireless networks in cloud environment. Comput Electr Eng 2018;71:
978–87.
[22] Dey S, Ye Q, Sampalli S. A machine learning based intrusion detection scheme for
data fusion in mobile clouds involving heterogeneous client networks. Inf Fusion
2019;49:205–15.
[23] Abusitta A, Bellaiche M, Dagenais M, Halabi T. A deep learning approach for
proactive multi-cloud cooperative intrusion detection system. Future Gener
Comput Syst 2019;98:308–18.
[24] Aldwyan Y, Sinnott RO. Latency-aware failover strategies for containerized web
applications in distributed clouds. Future Gener Comput Syst 2019;101:1081–95.
[25] Yaghoubi M, Maroosi A. Simulation and modeling of an improved multi- verse
optimization algorithm for QoS-aware web service composition with service level
agreements in the cloud environments. Simul Model Pract Theory, 103; 2020,
102090.
[26] Sanaj MS, Prathap PJ. An efficient approach to the map-reduce framework and
genetic algorithm based whale optimization algorithm for task scheduling in cloud
computing environment. Mater Today Proc 2020.
[27] Sharma AK, Upreti K, Vargis B. Experimental performance analysis of load
balancing of tasks using honey bee inspired algorithm for resource allocation in
cloud environment. Mater Today Proc 2020.
[28] Wangfi S, Wang W, Tan Y. Internet cross-border service model based on 5G
environment and cloud computing data platform. Microprocess Microsyst 2020:
103520.
[29] Shamshirband S, Fathi M, Chronopoulos AT, Montieri A, Palumbo F, Pescapè A.
Computational intelligence intrusion detection techniques in mobile cloud
computing environments: review, taxonomy, and open research issues. J Inf Secur
Appl 2020;55:102582.
[30] Ibrahim GJ, Rashid TA, Akinsolu MO. An energy efficient service composition
mechanism using a hybrid meta-heuristic algorithm in a mobile cloud
environment. J Parallel Distrib Comput 2020;143:77–87.
[31] Samriya JK, Kumar N. A novel intrusion detection system using hybrid clustering-
optimization approach in cloud computing. Mater Today Proc 2020.
[32] SaiSindhuTheja R, Shyam GK. An efficient metaheuristic algorithm based feature
selection and recurrent neural network for DoS attack detection in cloud
computing environment. Appl Soft Comput 2021;100:106997.
[33] Fathollahi-Fard AM, Hajiaghaei-Keshteli M, Tavakkoli-Moghaddam R. Red deer
algorithm (RDA): a new nature-inspired meta-heuristic. Soft Comput 2020;24(19):
14637–65.