Scalable Network Intrusion Detection in Cloud Environments Through Parallelized Swarm-Optimized Neural Networks

Cloud computing (CC) offers on-demand, flexible resources and services over the internet, to secure cloud assets and resources, privacy and security remain a difficult challenge. To overcome this problem, we proposed a Modified Dove Swarm Optimization Based Enhanced Feed Forward Neural Network (MDSO-EFNN) to examine the network traffic flow that targets a cloud environment. Network Intrusion detection systems (NIDSs) are crucial in identifying assaults in the cloud environment, which helps to reduce the problem. In this study, we gather an NSL-KDD network traffic dataset. Secondly, collected data is preprocessed using Z-Score normalization to clean the data. Thirdly, Continuous wavelet transform (CWT) is employed to extract the unwanted data. Ant colony optimization (ACO) is used to choose the appropriate data. The selected appropriate data is used to test the process using MDSO-EFNN. The simulation findings of the result use a Python tool. As a result, our proposed method achieves significant outcomes with classification of accuracy (95%), precision rate (97%), sensitivity (98%), and specificity (96%).


INTR
Cloud computing (CC) offers on-demand, flexible resources and services over the internet, to secure cloud assets and resources, privacy and security remain a difficult challenge.To overcome this problem, we proposed a Modified Dove Swarm Optimization Based Enhanced Feed Forward Neural Network (MDSO-EFNN) to examine the network traffic flow that targets a cloud environment.Network Intrusion detection systems (NIDSs) are crucial in i dentifying assaults in the cloud environment, which helps to reduce the problem.In this s tudy, we gather an NSL-KDD network traffic dataset.Secondly, collected data is preprocessed using Z-Score normalization to clean the data.Thirdly, Continuous wavelet transform (CWT) is employed to extract the unwanted data.Ant colony optimization (ACO) is used to choose the appropriate data.The selected appropriate data is used to test the process using MDSO-EFNN.The simulation findings of the result use a Python tool.As a result, our proposed method achieves significant outcomes with classification of accuracy (95%), precision rate (97%), sensitivity (98%), and spec -ificity (96%).

ODUTION
Cloud computing (CC) paradigm is a cutting edge approach to computing that offers the consumers access to resources and applications as a service over the Internet, meeting their computing needs. 1 It offers Infrastructure as a Service (IaaS) and Software as a Service (SaaS), Platform as a Service (PaaS) influences the availability, confidentiality and integrity of cloud resources, major cloud providers such as Windows Azure, Rack Space, Eucalyptus, Open Nebula, and Amazonetc.Implements a firewall to guard against the incursions on cloud services. 2Comparing network security in cloud computing and self-defense depends on the intrusion detection systems.Network Intrusion Detection Systems (NIDS) which is based on data collected from the network.The system analyzing traffic captures and general data acquired to identify malicious activity and intrusion attempts inside network. 3These are examined and contrasted with a set of guidelines for recognizing attack signatures.Recorded traffic or security logs may contain patterns of traffic that indicates certain types of assaults.An intrusion detection system analyzes this data to detect assaults and harmful activity.Enormous amounts of data analyzed to identify patterns that match the signature stored in database. 4,5The process requires rapid access to data storage and significant computational power in effective execution throughout extensive networks.The intrusion detection system (IDS) is spread over a vast area which includes many IDSs such as HIDS, NIDS or a combination of network and collaborating to observe and detect its occur-rences. 6According to the method used for intrusion detection occurs, three detection techniques exist, hybrid, and signature and anomaly-based, IDS detects intrusions using an anomaly approach by examining the system's aberrant behavior patterns events on a network or activity. 7In the case of signature based ID, an IDS searches for known attack patterns by matching signatures.NIDS is configured at the entry point of a cloud network and connected to the switches that link the networks of the cloud servers or virtual machines. 8NIDS audits updated the flow of traffic that enters into the cloud networks.Figure 1 shows a cloud environment.
Finding anomalies: The identification of deviations in traffic is the foundation of approach to optimizing transportation systems.This approach measures the deviation of observed traffic from its typical profile and there have been many implementations of this method using various parameters to quantify the divergence in the traffic profile.
A paradigm of shared responsibility is used for cloud computing security. 9The security of the cloud's underlying infrastructure, which includes physical data centers, network infrastructure and hypervisors is the responsibility of cloud service providers (CSPs) also known as cloud service providers. 10Concurrently, consumers of cloud services are responsible for ensuring the safety of their data, app and configurations to store in the cloud.
The main objective is to detect possible security risks inside cloud-based infrastructures, such as cyber-attacks and illegal access and to reduce the impact of threats.To improve the overall security posture of companies that depend on cloud services and resources, it is necessary to

RELATED WORK
The research 11 described GL based cloud intrusion detection solution to solve neural network challenges.Through training efficiency, the proposed intrusion detection model enhances detection accuracy.The suggested model outperformed standard methods with 97% detection rate, 92% accuracy, and 91% precision.The study 12 explained intrusion detection model was built using the random forest technique.Real time network traffic data of each cloud server's various network levels has gathered using the tcp dump tool and data mining technologies.The experimental findings, device was capable of reducing the training and test times for intrusion detection and its detection accuracy can reach up to 93%.The article 13 described to development of the DNN architecture, which aims to develop the protection of cloud IDS systems.The effectiveness of the proposed DNN has assessed using the present approach.The results of the simulation test shows that the recommended terms of F-Score, AUC, FPR, accuracy, detection rate, and precision.The article 14 identified an intruders and neutralized assaults in the cloud paradigm proposed the improved invasive weed optimization .It was more practical to detect with a maximum accuracy 97% respectively.The study 15 described SVM classifier has applied and its approach for the purpose of classifying network data into normal and pathological patterns of activity determining the proposed system.The findings of the experiments demonstrated that the proposed system has capable of identifying aberrant behaviors with high degree of accuracy.
The research 16 proposed a lambda based edge cloud deep IDS approach for IoT security.Solution decreases training phase time and increases true positive assault detection accuracy compared to standard ML System detects real-time suspicious behavior and classifies it using batch analysis of historical data.The research 17 proposed a unique hybrid intrusion recognition structure based on ML and genetic algorithm approaches were integrated with a novel suitability created to assess system accuracy.The results indicated as 87% ofthe recommended model performed in comparison to standards.An anticipated is a higher level degree of symmetry in relation to identification of invasions and information securityof harmful activity, which makes this system successful in cloud computing.The article 18 explained to convolutional deep learning approach in addition to supervised the methods such as SVM and KNN models, the development of class methods is known as intrusion detection systems (IDSs) which aims to monitor and safeguard a network's resources.
The study 19 presented effective cluster-based IDS to resist online and cloud computing attacks setting accuracy, recall and F1-score was evaluated between suggested and current systems.The study 20 proposed approach detects cloud invasions using a sparse auto encoder, Bi-directional LSTM, dropout layer, and attention mechanism.Based on simulations, the proposed model has 98% precision, 99% recall, and above 98% accuracy.The article 21  (97%).The paper 22 suggested a novel IDS used k means clustering and optimum fuzzy logic.The input dataset is grouped into clusters; recall and F-measure are evaluated.The proposed strategy outperformed others based on the findings.The article 23 explained strategy for network intrusion detection that is based on DL proposed method makes use of many different classification algorithms, such as the Auto Encoder, Long-short-term-memory Multi-Layer Perceptron, finding results are proposed approach detects abnormalities with great precision and minimal incidence of false alarms.The study 24 explained the design of Software networking defensive organization for online attack recognition and improvement.Anomaly detection and mitigation comprise the defense system.The detection model detects traffic abnormalities using CNN.By sending flow rule directives from the controller, the mitigation model filters abnormal traffic and traces the attacker through IP.Experimental results prove the SDN defense system's real-time DDoS attack flow detection and mitigation accuracy.

METHODOLOGY
The suggested techniques are used to fulfill the list of activities that follows: First we collected the dataset and preprocessed the data using Z-score normalization.Then we utilize continuous wavelet transform to extract features from the preprocessed data, and finally, we perform feature selection using Ant colony optimization (ACO).To detect the network traffic by using Modified Dove Swarm Optimization based Enhanced Feed Forward Neural Network (MDSO-EFNN).Figure 2 demonstrates the flow of the suggested approach.

DATASET
The data instances' observed labels were tested using the NSL-KDD test dataset.Performance is evaluated by comparing observed labels to the anticipated labels after classification. 25Attacks against networks are very frequent, since the users has weak usernames and combinations of passwords to use nine algorithms, for the purpose of categorization.To NSL-KDD recommended as a way to address the issues in the original dataset KDD99.The high number of duplicate records in the KDD data collection is one of the biggest faults, since it favors frequent records, it influences the learning algorithms.

DATA PREPROCESSING
Z-score describes the procedures carried out to prepare a dataset for utilization the statistical process of standardization.This process also known as Z-score normalization itused to fix a dataset mean and standard deviation to 0 and 1 respectively.There is a bias toward the certain network properties over others, since network connections have numerous attributes with a wide range of values.Addressing the bias issue in Network Intrusion Detection System (NIDS) can be achieved by normalizing the characteristics using a specific normalization technique, which scales the feature values of connection instances to a predetermined range.This process enhances the NIDS's by transf

Fig. 2. Flow Diagram of Methodological design
orming the data into a standard form.Raw data gathered from various input sources can be challenging.As a result, specific techniques are utilized to turn data into a dataset.This technique is known as data pre-processing when normalized data is used without performing a value analysis to improve the results.
In the pre-processing of a normalized database, missing values can be substituted using Z-scores.Normalization with the same standard deviation is employed to reduce rating variances with databases.This provides the amount of standard deviations given a data point deviates from the mean.The patient data is organized into a vector matrix with'm' columns and 'n' rows, where'm' is the number of features and 'n' is the number of patients.Commonly, it is used to standardizethe variables with various scales or measurement units.The Z-score normalizing entails deducting the dataset's normal from each data point and dividing the outcome by the normative variation.
According to the aforementioned equation the maximum allowable Z-score is calculated as the difference between the mean of the features and their standard deviation.

FEATURE EXTRACTION
In feature extraction using CWT, the signal is first converted into a time-scale representation and then the relevant information for the transformation is extracted from this representation.

CONTINUOUS WAVELET TRANSFORM
A CWT is referred as CWT;itis an effective method for analyzing temporal and frequency information.CWT is capable of localized decomposition in the use of techniques, such as the short-time Fourier transform.In addition, the mother wavelet function has a scale parameter that can be modified and it has a translation parameter, which enables it to divide a signal into multiple resolutions.The time-scale waveform family is made up of two parameters that have been adjusted, and it is represented by the following: Translation parameter and c for the analytic function known as the mother wavelet function, provided signal G(s) wavelet transform.Thewavelet coefficients at scale and translation b are represented by w (s) and ψ * indicates the complex conjunction of ψ.

FEATURE SELECTION
An intelligent technique called ACO is used in NIDS to enhance the detection accuracy and minimize while boosting security.

ANT COLONY OPTIMIZATION (ACO)
To identify intrusions using clustering-based ACO (Ant Colony Optimization), network data records, which consist of various properties, must be treated as objects.Based on ACO these items are categorized into distinct types by intrusion detection.They vary in kind and typical intrusions.In the process training stage data is clustered and predetermined, number of clusters according to the similarity index.Every cluster's center is determined by averaging the items, that is a part of the group and hub of the courses inside data that embody the model is determined as the cluster centers average for the class.Considering a single class may include several clusters.These types of model are used as intrusion detection classifiers.

MODIFIED DOVE SWARM OPTIMIZATION (MDSO)
The cooperative behavior of doves in nature serves the novel method, which is modified to optimize the design and parameters of EFNN, during the training phase, MDSO-EFNN uses a population-based method inspired on thedove swarms, to adjust neural network architectures and improve the biased and weighted characteristics of its neurons The doves graze in public areas when crumbs are scattered about and how hunts for crumbs dove.Not all doves are content.Unsatisfied doves may fly ahead in search of more crumbs.It notices that feed doves may inhabit crumb rich places.Proposed a whole different ideal algorithm as a result of the dove eating patterns, the optimization goal function in this approach is .The number of bread crumbs at given location, denoted by the symbol , in a data collection is indicated by the symbol .The MDSO algorithm's flowchart is shown in Figure 3. Assume that N is the predetermined number of doves; it is recommended to arrange the doves in a regular square or rectangular design.

THE MDSO ALGORITHM
Step 1: Select the quantity of doves to release onto the solution area.Let assume that N is the prescribed amount of doves.While arranged in any random pattern around the area, to advise placing the doves consistently around a rectangle area.
Step 2: The position vector of dove d to be initialized using one of two techniques, Initializing Lattice Initialized is an alternative method.To streamline the process of creating a topologically ordered feature map, two effective influence initializations and suggested to set the weight vectors.Assume that the parameter space's smallest hyper rectangle, which includes all of the parameters' valid values.
Step 2.1 Initializing of the cells on the four vertices: each corner of the network's weight vectors are initialized as (1)   Step 2.2 .To initialize the cell values along the four edges as follows: (2) It collects the difference value and highest number for each neuron in order to assess the training performance.The following represents the learning rate's decreasing rate from its original value of 0.1.
Step 3: Determine each dove's fitness function, total number of crumbs at the dove's position.
Step 4:Using the greatest criteria at epoch, find the dove closest to the most crumbs.
Step 5:Utilizing the following formula, update the degree of satiety for each dove.Step 6:Using the following maximum criteria, choose the dove that is the most pleased and has reached the greatest level of satiety.
Step 7:Utilizing the following maximum criteria, update the position vector of each dove.
Step 8:Proceed to step 3 and keep the number of epochs one ( +1) until the termination clause is satisfied.The following is the terminate clause.

FEED FORWARD NEURAL NETWORK
The term feed forward neural network refers to a basic artificial neural network that lacks a cycle in the connections between its nodes.The data flows in the direction of the output, from input to intermediate and intermediate to theoutcome layer.
Except for the central neuron (node), each layer in this network is directly linked.The ability of the Multilayer Feed-forward NN to categorize non-linear input through back propagation is one of its advantages.Error functions for every input were computed by the training algorithm rule, which sent the errors from one layer to one before it in each link that was weighted by the learning process that came before it.

CONCLUSION
In the research, securing the CC concept is crucial for its success.We discuss several intrusions affecting cloud environment, it explained cloud NIDS kinds environment.Details on various intrusions detecting methods are included.The main drawback of NIDS is the need for sufficient time and training to effective.To overcome this problem, we proposed a MDSO-EFNN in the cloud environment to have presented a solution in the form of the security concerns in cloud computing are critical.Our method is centered on the analysis of network traffic flows in cloud computing environments.We use the NSL-KDD network traffic dataset to preprocess the data using Z-score normalization and extract pertinent information using the CWT and then to perform feature selection using ACO.The relative accuracy of the different proposed and present techniques is shown in figures and tables shows our MDSO-EFNN has a much better sensitivity score of 98.00% when compared SVM, BP, KNN.The result was positive, and we determined that this to explored in the future with numerous more improvements and performance evaluations.Research will focus on selecting other ideal network features and the use of additional evolutionary ap-

• Classification Accuracy
Classification Accuracy is a statistical metric that assesses in NIDS accurate the forecasts the relative classification accuracy of the different proposed and present techniques is shown in Figure 5 and Table 1.

• Precision Rate
Precision is defined as the proportion of cases that are classified to all instances of data that are accurately positive.The relativeprecision rate of the different proposed and present techniques is shown in Figure 6 and Table 2. Our recommended MDSO-EFNN method has a much better score of 97%, when compared to SVM (81.2%),BP (85.4%), and KNN (88.1%).
• Sensitivity Parameter sensitivity indicates to changing one or more network parameters affect the probability of a variable.The relative sensitivity of the different proposed and present techniques is shown in Figure 7 and Table 3.Our recommended MDSO-EFNN method has a much better score of 98%, when compared to SVM (85%), BP (88%), and KNN (84%) • Specificity Specificity involves rule patterns, signatures and anomaly detection criteria to recognize and classify particular network threats.Specificity improves threat detection and reduces false positives.The relative sensitivity of the different proposed and present techniques is shown in Figure 8 and Table 4.

Fig. 1 .
Fig. 1.Structure of Cloud Environment described a technique for cloud computing DDoS attack detection.Reducing misclassification errors in DDoS detection is the main goal of this paper.The mutual information of RF importance approaches are two feature selection strategies that use in the proposed study to choose the most relevant features.The experimental findings demonstrated that the random forest with 19 characteristics have an accuracy Scalable Network Intrusion Detection in Cloud Environments through Parallelized Swarm-Optimized Neur… Yanbu Journal of Engineering and Science

Scalable
Network Intrusion Detection in Cloud Environments through Parallelized Swarm-Optimized Neur… Yanbu Journal of Engineering and Science

Scalable
Network Intrusion Detection in Cloud Environments through Parallelized Swarm-Optimized Neur… Yanbu Journal of Engineering and Science

. Result of Precision rate Table 2. Numerical outcomes of Precision rate Methods Precision Rate (%)
Scalable Network Intrusion Detection in Cloud Environments through Parallelized Swarm-Optimized proaches to optimize the control parameters of the classification algorithm.
Neur…Yanbu Journal of Engineering and Science

Table 4 . Numerical outcomes of specificit Fig. 8. Result of specificity y
This is an open-access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CCBY-4.0).View this license's legal deed at http://creativecommons.org/licenses/by/4.0 and legal code at http://creativecommons.org/licenses/by/4.0/legalcodefor more information.Scalable Network Intrusion Detection in Cloud Environments through Parallelized Swarm-Optimized Neur… Yanbu Journal of Engineering and Science