0% found this document useful (0 votes)

4 views

Cloud Network Anomaly Detection Using Machine and

Uploaded by

Sagar Sadake

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

4 views

Cloud Network Anomaly Detection Using Machine and

Uploaded by

Sagar Sadake

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 26

This article has been accepted for publication in IEEE Access.

This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2024.3390844

Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
Digital Object Identifier 10.1109/ACCESS.2022.Doi Number

Cloud Network Anomaly Detection Using

Machine and Deep Learning Techniques
- Recent Research Advancements
Amira Abdallah 1, Aysha Alkaabi 1, Ghaya Alameri 1, Saida Hafsa Rafique 1,
Nura Shifa Musa 1,2 and Thangavel Murugan 1 (Senior Member, IEEE)
1
College of Information Technology, United Arab Emirates University, Al Ain, Abu Dhabi, United Arab Emirates
2
College of Engineering, Al Ain University, Al Ain, Abu Dhabi, United Arab Emirates

Corresponding author: Dr. Thangavel Murugan ([email protected])

ABSTRACT In the rapidly evolving landscape of computing and networking, the concepts of cloud networks
have gained significant prominence. Although the cloud network offers on-demand access to shared
resources, anomalies pose potential risks to the integrity and security of cloud networks. However, protecting
the cloud network against anomalies remains a challenge. Unlike traditional detection techniques, machine
learning (ML) and deep learning (DL) offer new and adaptable methods for detecting anomalies in cloud
networks. The objective of this study is to comprehensively explore existing ML /DL methods for detecting
different anomalies based on distributed denial of service anomaly (DDoS) and intrusion detection systems
(IDS) in cloud networks. The study seeks to address the gaps in anomaly detection for cloud networks,
proposing potential solutions for anomaly detection in these cloud environments. The ultimate goal is to
contribute valuable insights and practical solutions to enhance the security and reliability of cloud networks
through effective anomaly detection by ML/ DL techniques. Methodologies for ML/DL are explained, along
with their advantages, disadvantages, and respective approaches. In addition, a summary of the comparison
between different ML/ DL models is also included.

INDEX TERMS Cloud Network, Cloud computing, Could, Machine learning (ML), Deep learning (DL),
Distributed denial of service (DDoS), Intrusion detection system (IDS), Anomaly detection, Security

I. INTRODUCTION machines (VMs) and operating systems [1], [2]. On the other
Within the expansive field of computing, a cloud network hand, the third layer deals with cloud-hosted applications, such
represents an intricate and advanced distributed infrastructure as web-based applications. This highlights the benefits and
that capitalizes on the functionalities of remote servers and widespread adoption of cloud computing[3]. Although cloud
interconnected networks for the storage, management, and networks include several security measures, their security
processing of data facilitated by internet connectivity. should not be underestimated. The cloud network, like many
Departing from the traditional dependence on local servers or new technologies, is constantly under attack from adversaries
personal devices for computational functions, cloud networks who are always coming up with new ways to get access to end
tap into the extensive resources made available through a users’ devices and data [4]. However, with the benefits and
complex network of interlinked servers housed in strategically wide popularity of cloud services, current studies have
positioned data centers. This paradigm shift in computing highlighted the issues and concerns related to security and
architecture signifies a departure from localized, hardware- service delivery caused by cloud services. Cloud incidents
dependent operations to a globally interconnected, resource- such as failures, losing data, and privacy violations have the
abundant model that has become synonymous with the potential to cost businesses billions of dollars, particularly
modern technological landscape. Cloud computing comprises those who use these services to store important company data
three layers, a system layer, a platform layer, and an and applications. Several examples illustrate this principle.
application layer. The initial two layers focus on virtual For instance, on February 28th, 2017, an Amazon S3 service

VOLUME XX, 2017

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
This article has been accepted for publication in IEEE Access. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2024.3390844

disruption in Northern Virginia affected AWS services, memory (LSTM) networks, and deploying a stochastic
incurring significant costs due unauthorized removal of seq2seq model. Results show significant improvements in
servers due to a command error, impacting a wide range of accuracy and precision, highlighting the effectiveness of DL
customers and end users utilizing those services and leading to in handling complex data.
service disruption and potential data access concerns within However, the use of DL/ ML approaches in anomaly
the affected Amazon S3 subsystems [5]. Furthermore, On detection in cloud systems brings both potential and
March 5th, 2024, thousands of individuals reported challenges, as described in [11]. One of the most significant
experiencing spontaneous logouts from Meta Facebook and issues is the inherent complexity and variety of cloud data,
Instagram platforms, therefore, there was a widespread outage which includes various sources such as network traffic, system
in the global meta-network that appeared to disrupt the entire logs, and user behavior. This heterogeneity complicates
company infrastructure, rendering users their accounts feature extraction and model training since the data may
inaccessible, and they were unable to regain access. However, contain non-linear patterns and minor anomalies that are
there was also inevitable speculation that Meta may have been difficult to detect. Furthermore, the dynamic nature of cloud
experiencing a cyber-attack[6]. Therefore, the most significant systems, which includes rapid scaling, resource allocation, and
challenge that cloud service providers face is controlling the workload changes, complicates the task of maintaining model
occurrence of cloud-related incidents and threats to provide resilience and adaptation over time. Also, the scalability and
consumers with a dependable and high-quality service. processing requirements associated with DL/ML methods.
However, numerous studies on anomaly detection have Moreover, ensuring the privacy and security of sensitive data
employed ML /DL to identify anomalies. used for training DL/ML models in multi-tenant cloud
Ji et al. [7] tackled challenges in anomaly detection in environments remains a paramount concern, necessitating
multivariate time series data, focusing on high dimensionality, robust encryption, access controls, and privacy-preserving
noise, and asynchronous anomalies. They aimed to develop an techniques to mitigate the risk of data breaches and adversarial
efficient space-embedding strategy for anomaly detection attacks. Addressing these challenges requires interdisciplinary
(SES-AD) in multivariate time series, capable of accurately efforts to develop scalable, resource-efficient, and privacy-
identifying abrupt changes without relying on specific signal aware methods. DL/ML algorithms tailored to the unique
distributions. SES-AD utilized a space-embedding strategy to characteristics of cloud environments, while also fostering
project data for dissimilarity calculation, enabling precise collaboration between academia, industry, and regulatory
localization of changes. Experimental results showed SES-AD bodies to establish best practices and standards for secure and
high accuracy on public datasets, outperforming existing effective anomaly detection in the cloud.
models and demonstrating its effectiveness in real-time This paper provides a literature overview of ML/ DL
anomaly detection. models for cloud-based anomaly detection. The article
Hu et al. [8] identified limitations in current anomaly describes ML/DL methods and their applications in detecting
detection techniques for multivariate time series (MTS) data, cloud network anomalies. It focuses on relevant studies
such as lack of continuous learning ability and long learning concerning the utilization of ML /DL for detecting Distributed
times for high-dimensional datasets. They aimed to develop a denial of service (DDoS) attacks and Intrusion detection
novel computational framework, based on local recurrence systems (IDS).
rate-based discord search (LRRDS) to detect anomalies within Our investigation focused on publications meeting standard
MTS data. LRRDS involved generating recurrence plots, criteria, employing "Cloud Networks," "Cloud computing,"
segmenting raw MTS for accurate discord subsequence "Could," "Machine learning (ML)," "Deep learning (DL),"
identification, and evaluating the approach on various "Distributed denial of service (DDoS)," "Intrusion detection
datasets. system (IDS)," "Anomaly detection," and "Security" as
Iqbal et al. [9] focused on addressing challenges in anomaly keywords. Particularly, we find value in the latest cutting-edge
detection and time series forecasting using DL models. Their papers, as they address trending methodologies. This paper
objectives include improving accuracy in anomaly detection, acts as an in-depth academic resource designed for those
enhancing time series forecasting, and exploring interested in exploring anomaly detection in cloud
preprocessing techniques' impact on model performance. environments within the realms of ML/ DL. Therefore,
Their proposed system involves anomaly detection using significant importance is given to providing detailed
various deep learning techniques like long short-term memory explanations of the ML/DL methods, discussing the
(LSTM), LSTM-autoencoder, ensembled models, generative advantages and disadvantages of different proposed systems,
adversarial network (GAN), and transformer architectures. and pinpointing opportunities for future research and
Also, He et al. [10] presented a topology-aware multivariate development. The effectiveness of these systems in
time series anomaly detector (TopoMAD), a deep learning identifying and addressing DDoS attacks and IDS, emphasizes
method that detects anomalies in cloud systems without the need for enhancing detection and mitigation
supervision. Their aims included integrating system topology, methodologies for anomalies in cloud networks. However,
employing graph neural networks (GNN) and long short-term modern strategies for detecting anomalies in cloud networks

commonly involve utilizing state-of-the-art technologies and topic. The overall process for selecting papers, following the
following the best cloud-based anomaly detection methods. creation of search strings, is depicted in Fig.1.
The contributions of this review are: (i) a Detailed review We conducted a rigorous and systematic literature review
and discussion of ML/ DL techniques in DDoS detection and encompassing various reputable digital databases, including
IDS anomaly based are introduced, (ii) Various cloud network IEEE Xplore, Springer, Elsevier, Wiley, Taylor and Frances,
scenarios employing ML / DL for DDoS attack detection and MDPI, and Hindawi chosen for their proven track record in
IDS are analyzed, (iii) Review of cloud network dataset used delivering the latest and most reliable papers addressing issues
to detect anomalies in a cloud network, (iv) Characteristics and in cloud networks and established security solutions.
advantages of each ML/DL model in anomaly detection are Spanning from 2020 to 2024, our chronological scope
summarized, (v) Research gap also discussed, and (vi) Scope aimed to capture the most recent advancements in the field.
of improvements for future research also addressed. Employing a carefully crafted set of search terms such as "
The rest of this review is structured as follows: Section III Cloud Network," "Cloud computing," "Could," "Machine
focuses on security issues in cloud networks. Section IV learning (ML)," "Deep learning (DL)," "Distributed denial of
introduces cloud network-based anomaly detection. Section V service (DDoS)," "Intrusion detection system (IDS),"
describes the data set source. Sections VI and VII described "Anomaly detection," and "Security". We thoroughly
the methods and related papers for ML and DL in DDoS investigated major library repositories.
detection and IDS anomaly-based. Section VIII discusses the As a result, 2702 articles that could be potentially relevant
research gap. Section IX introduced the scope of were identified. Following this, articles published before 2020
improvement. Section X presents conclusions. (372) were eliminated, leading to a focus on 2330 articles
published between 2020 and 2024. To further narrow down
II. RESEARCH METHODOLOGY the selection, articles not related to Machine Learning or Deep
This study uses a literature review to identify papers relevant Learning (863) were removed, along with conference papers,
to the research topic or to address specific research focused on books, workshops, and magazines resulting in 702 articles
cloud anomalies, with a main focus on DDoS attack detection falling within the Artificial Intelligence (AI) domain. Through
and IDS anomaly-based techniques. In this literature review, a review of titles and abstracts, 442 articles were excluded,
we used the most appropriate and reliable way to document leaving 260 articles that were confirmed to be published
and assess existing research studies. The literature review exclusively in peer-reviewed journals. After excluding survey
technique enables researchers to review both the advantages and review articles (82), we also excluded any articles related
and disadvantages of previous research studies, conduct a to SDN, Fog, and Edge environments (114). The final
thorough study to identify prospective research gaps as well as compilation for detailed analysis consisted of 64 articles (refer
future trends and difficulties, and provide an excellent to Fig.1).
structure and starting point in establishing a new research

TABLE 1. SUMMARY OF THE CRITERIA FOR INCLUSION AND EXCLUSION CRITERIA

CRITERIA INCLUSION EXCLUSION REASONING

PUBLICATION 2020 and after it Before 2020 The publication date aligns with the surge in cloud network relevance, emphasizing
DATE analysis and security concerns in the scientific literature

SOURCE Journals articles Conference, The exclusion criteria prioritize straightforward, relevant, and reliable research findings
books, over complex discussions or subjective viewpoints that have not passed the same careful
workshops, review as journal papers
magazines
FOCUS Anomalies in Anomalies in The emphasis on anomalies in cloud computing in the selected publications guarantees
cloud SDN, edge, and that the research remains focused and relevant to the topic at hand
environment fog
environments
AVAILABILITY Authors can The content is Prioritizing accessible publications, the study ensures thorough examination and accurate
access it through either shielded representation of source material, enhancing review accountability and encouraging
open access or or inaccessible finding replication
other ways.
LANGUAGE English Other than This allows for a more precise and efficient analysis, while also minimizing the possibility
English of misunderstandings or inaccuracies related to language during the review process. Also,
most peer-reviewed papers published in the top journals written in the English language
OTHER - Duplicate We only counted a paper's first appearance in multiple sources

VOLUME XX, 2017

FIGURE 1. Paper selection process

III. SECURITY ISSUES IN CLOUD NETWORKS Recent cyber threats highlight the appeal of cloud providers as
The architecture of cloud computing comprises two primary targets, requiring users to scrutinize provider security [12].
components, the front end, and the back end. The front end DDoS attacks pose a significant threat to SaaS
serves as the interface through which users interact with the implementations, impacting both providers and users. SaaS,
system. Meanwhile, the back end encompasses various cloud being a prominent model in cloud computing, attracts attention
service models, namely Infrastructure as a Service (IaaS), from malicious actors seeking to disrupt services. With SaaS,
Platform as a Service (PaaS), and Software as a Service the software is centrally hosted and accessed remotely, making
(SaaS). Fig.2 illustrates the user types associated with each it susceptible to DDoS attacks aimed at overwhelming servers
model, alongside examples of applications utilized within and rendering services unavailable to legitimate users. These
them. attacks can disrupt business operations, cause financial losses,
and tarnish the reputation of SaaS providers. Implementing
A. Software-as-a-service (SaaS) robust security measures, including IDS, firewalls, and
This is the first layer of the service model. In this cloud model, encryption protocols, is crucial to mitigate the risk of DDoS
providers offer database and software access, but Software-as- attacks. Additionally, continuous monitoring and prompt
a-service (SaaS) faces security challenges, putting response mechanisms are essential to detect and thwart such
responsibility on users. Users must be cautious about shared attacks effectively, safeguarding the integrity and availability
information and access. of SaaS platforms for users [13]. Meanwhile, Intrusion
detection in SaaS setups is vital for safeguarding both the

service provider and its users. SaaS involves multiple users them a prime target for DDoS attacks, which seek to
sharing the same application instance, posing unique security overwhelm the infrastructure and render it inaccessible to
challenges. Traditional IDS may not fit SaaS due to limited legitimate users. DDoS attacks are defended against using a
control over infrastructure. Thus, tailored multi-tenant IDS variety of processes and countermeasures, such as intrusion
frameworks are necessary. These frameworks should enable prevention, intrusion detection, and intruder response [18].
providers to offer IDS as a service, monitoring network traffic Because of the security risks connected to IaaS in cloud
and system activities to spot and counter malicious actions in computing, there is a significant need to install IDS to address
real-time. Effective intrusion detection mechanisms help SaaS these issues. There is also a need for strong security measures
providers enhance platform security, shielding sensitive data to secure cloud-based infrastructure services, and IaaS-
from unauthorized access [14]. focused IDS is recognized as important [19].

IV. CLOUD NETWORKS BASED ANOMALY DETECTION

Anomalies in a cloud network signify deviations from
expected patterns, behaviors, and occurrences, potentially
indicating security threats, operational irregularities, or
performance issues. Categorized into types such as security,
network traffic, resource utilization, application behavior,
data, and user behavior anomalies, they encompass
unauthorized access, unusual data transmission, and abnormal
resource use. Recognizing and addressing these anomalies is
crucial for preserving the cloud network's integrity, security,
and reliability, safeguarding against cyber threats, and
ensuring optimal performance. In the realm of research,
diverse anomalies have been recognized, presenting
formidable obstacles to the security infrastructure of cloud
networks Include the following:
FIGURE 2. Cloud Service Models

B. Platform-as-a-service (PaaS) A. DISTRIBUTED DENIAL OF SERVICE (DDOS)

ATTACK
This second layer of the service model[12] Platform as a
Service (PaaS) offers a computing platform that includes basic Distributed Denial of Service (DDoS) attack is a type of cyber-
resources like operating systems, programming languages, attack in which multiple systems or devices are used to flood
databases, and web servers. These resources automatically a targeted server or network with traffic, making it unavailable
adapt to handle changes in application demands. In this setup, to legitimate users[20].
developers use specific Application interfaces (APIs) to build
applications meant for a particular environment. PaaS also
allows control over software deployment and configuration Millions
settings [15]. However, Habib et al. [16] implemented a
DDoS detection system for PaaS and Infrastructure-as-a-
15.4

service (IaaS) cloud architectures employing a pretrained

13.9

hybrid ML classifier incorporating models such as Random

12.1

Forest, Decision Tree, Support Vector Machine, and

10.8

XGBoost.
9.5

C. Infrastructure-as-a-service (IaaS)
7.9

Infrastructure as a Service (IaaS) is a cloud computing model

that allows customers to utilize virtualized computing
resources such as virtual machines, storage, and networking
via the Internet. This service enables organizations to rent IT
infrastructure on a flexible pay-as-you-go basis, facilitating
resource scaling based on their needs without the necessity of
investing in or handling physical hardware[17]. IaaS, one of
2018 2019 2020 2021 2022 2023
the three cloud service models, is highly susceptible to DDoS
attacks. The shared nature of these cloud resources makes
FIGURE 3. DDoS Total Attacks History and Predictions

VOLUME XX, 2017

In cloud computing, DDoS attacks can cause significant

damage to cloud service providers and their customers,
Datasets
leading to downtime, loss of revenue, and reputational
damage. Therefore, it is important to have effective detection
and prevention mechanisms in place to mitigate the impact of
4%
DDoS attacks in cloud computing environments. DDoS types 7%
of attacks according to the exploited vulnerability might be
categorized as flooding attacks, protocol exploit attacks, 24%
5%
amplification attacks, and malformed packet attacks [21].
According to Fig. 3, the number of DDoS attacks is predicted
to more than double, reaching 15.4 million by 2023, as
reported by Cisco in 2020[22]. However, to enhance DDoS 11%
attack detection and prevention researchers have used ML/ Dl
methods, which will be discussed in Section VI.
2%

B. ANOMALY-BASED INTRUSION DETECTION 5%

SYSTEMS (IDS) 19%
Intrusions encompass a sequence of interconnected malicious
activities executed by internal or external attackers, aiming to
12%
compromise the targeted system [23]. Moreover, Intrusion
detection is the process of monitoring computer systems and 2%
9%
network traffic and analyzing activity to detect potential
system threats [24]. In recent times, IDS have become integral
components of many organizations' security frameworks,
owing to the increased frequency and severity of network NSL-KDD CICIDS 2017 ISCX IDS
attacks. Detecting a security breach involves monitoring and
analyzing the target machine or network for indications of UNSW-NB15 CICDDoS 2019 CSE-CIC-IDS2018
unauthorized access. Such breaches are defined as attempts to CICD2018 KDDCUP99 KDD cup
compromise the confidentiality, integrity, or availability of a
BoT-IoT DARPA IDS
computer system or network, or to bypass its security
measures[25]. However, the most common intrusion detection FIGURE 4. Frequency – Usage of Datasets Collected Research
approaches are signature-based and anomaly-based. They are Articles.
often used together, whether integrated or individually, to
enhance detection accuracy. In terms of anomaly-based VI. ML AND DL BASED FOR DDoS DETECTION IN
detection different types of anomaly detection techniques are CLOUD NETWORKS
categorized based on the method employed to identify Due to the time-consuming nature of developing, testing, and
anomalies, such as ML/ DL, fuzzy logic, support vector deploying cloud-based anomaly detection systems after each
machine (SVM), and data mining. Over the past decade, unexpected attack, there is an urgent need for less human-
numerous studies have investigated these methods, as dependent solutions in anomaly detection. Cloud-based
evidenced in Section VII. As will be explained further in this anomaly detection utilizing ML technology addresses this
survey. issue by providing a system capable of learning from data and
detecting anomalies based on the learned patterns [35]. On the
V. SOURCE OF DATASETS other hand, DL is a sophisticated subset of ML that consists of
In this section, we explain and categorize the datasets utilized numerous layers of neurons that reflect the learning process.
in the reviewed literature based on the cloud network traffic DL is capable of handling vast amounts of data and has shown
data. The frequency of use of datasets in the reviewed effectiveness in a variety of fields [36]. This section will cover
literature is shown in Fig. 4. Therefore, the careful selection of the most common use of ML/ DL techniques, followed by a
a dataset is crucial to ensuring efficient detection and detailed description of each approach used in DDoS detection
classification of anomalies in cloud environments. However, along with recent relevant publications. Tables 3 and 4 provide
in cloud computing security, different datasets are utilized to a detailed overview of different ML/ DL methods and
train ML /DL models. Table 2 presents a description of the advantages to detect and mitigate DDoS in cloud
most used datasets in cloud computing security used in this environments.
review.

TABLE 2. COMMON CLOUD SECURITY DATASETS

DATASET DESCRIPTION

NSL-KDD A refined version of the KDD Cup 99 dataset to reduce redundancy and enhance data quality for intrusion detection research.
comprises samples with 41 features that were trained with 20,000 samples and tested with 5,000 samples [26].
CICIDS 2017 This traffic mix includes both benign and malicious threats, including DoS, DDoS, and brute force attacks, suitable for network
intrusion detection systems. The total number of traffic packets in the log file was reported to be 225,746 traffic packets [27].

ISCX IDS 2012 Used for evaluating intrusion detection systems, encompassing various types of attacks like DoS, port scans, and data
exfiltration attempts. The dataset includes samples with 18 characteristics and was used for training (19,200 samples) and t
(4,800) testing samples[28].
UNSW-NB15 Moustafa et al. [29] produced this dataset at the University of New South Wales. It comprises 49 features and approximately
2.5 million occurrences. Total number of samples is 2,540,044, with a subset of 257,673 samples used for training and testing.
CICDDOS 2019 Designed primarily to identify DDoS assaults in IoT environments. It comprises a variety of DDoS attacks as well as typical
IoT traffic. One file from this dataset contains 1,209,961 instances and 84 input features. The class attribute is a binary class
label with two classes: benign and DDoS [30].
IOT DOS AND DDOS Includes data on DoS and DDoS attacks in IoT environment.
ATTACK
CSE-CIC-IDS2018 This dataset is constructed based on user behavior using various protocols such as HTTPS, HTTP, SMTP, POP3, IMAP, SSH,
and FTP. It contains different classes of network traffic, including benign traffic and various types of network attacks [48].
HTTP CSIC 2010 This dataset was developed at the Information Security Institute of CSIC and contains both normal and anomalous requests. It
includes URL templates and features related to HTTP requests. contains 36,000 normal requests, more than 25,000 anomalous
requests, and 22 features [48].
CICD2018 Contains traffic data from different days, including normal traffic and various types of attacks, such as DOS, Web-attacks,
DDOS, infiltration, Botnet, and Brute force. It includes 80 attributes representing the dataset feature [31].
SLOWLORIS The new dataset was created from scratch using two Android D2D devices to emulate Slowloris attacks. The dataset contains
83 columns and records for Slowloris DDoS attacks with 55,600 entries. This dataset was specifically created for the D2D
communication environment [51].
KDDCUP99 To evaluate intrusion detection systems. It consists of both normal and attacks traffic, including many sorts of attacks [26]
KDD CUP Standard database for anomaly detection, used to identify nodes under attack in network connections [32]
CICIDS 2017 KNN Contains 78 features with 225,746 records. The dataset includes attack classes such as Benign and DDoS. It is utilized for
training and testing the proposed DDoS detection model in the article [65].
CAIDA "DDOS 2007" Contains 225,746 instances with 79 attributes, including IP addresses, source ports, protocol types, and destination ports. The
dataset undergoes preprocessing steps like normalization, discretization, and feature selection before training and testing the
M-DBNN [66].
BOT-IOT Contains network traffic data with details such as packet sequence ID, time, flags, protocol, source and destination addresses,
source and destination ports, packets, bytes, duration, mean, and standard deviation. It is used for assessing DDoS attack
detection methods in cloud computing [68].
ISCX-2016-SLOWDOS Contains information about Slow DoS assaults, which are designed to drain server resources over time, experiments, and
evaluation of the proposed asynchronous federated learning model for Low-Rate DDoS Attack Detection [71].
CSE-CIC-IDS2018- A variation of the CSE-CIC-IDS2018 dataset that focuses on attacks against AWS settings [74].
AWS
CIC DOS Contains data related to DoS attacks from the CIC project [74].
CIDDS-001 Consists of various features such as source and destination IP addresses, port numbers, transport protocols, timestamps,
duration, data volume, TCP flags, class labels, attack types, and unique identifiers for attacks [76].

WEB APPLICATION Contains web application logs that can be utilized to do security analysis and discover anomalies [33].
LOGS
KYOTO Created in real-time by Song et al. at [34] Kyoto University in Japan between 2006 and 2015. It comprises 19,683 MB of
network traffic collected from darknet sensors, honeypots, web crawlers, email servers, and other servers. The dataset includes
24 statistical attributes, 14 of which are taken from the KDD Cup99 dataset, while the remaining 10 are modern attributes.
CIC BELL DNS EXF A significant component in the development of the cloud-IDS. It encompasses 270.8 MB of DNS traffic generated through the
2021 exfiltration of various file types of diverse sizes. The dataset includes 42 features extracted from the DNS traffic [90].
MQTT-IOT-IDS2020 Designed for detecting intrusions in IoT environments that use the Message Queuing Telemetry Transport (MQTT) protocol
[93].
CSIC-2010 The CSIC project provides data on web application security analysis [97].

VOLUME XX, 2017

A. DDoS ANOMALY BASED ON ML - EXISTING outcomes of the study revealed enhanced accuracy in
RESEARCH WORKS detecting DDoS attacks compared to conventional methods,
Kushwah et al. [37] focused on the essential difficulty of along with improved precision, recall, and F1-score metrics.
detecting DDoS attacks in cloud computing, emphasizing the Additionally, the approach led to reduced false positives and
importance of increased security and reliability in cloud-based increased efficiency in the real-time identification of DDoS
applications. Their research offered a novel system based on attacks in cloud environments.
the Voting Extreme Learning Machine (V-ELM) algorithm, to Alshammari et al. [41] research tackled two main issues,
overcome limitations in existing DDoS detection systems in first, identifying abnormal patterns in network traffic data to
terms of accuracy, speed, and work handling ease. distinguish between malicious and normal behavior; and
Impressively, the system outperforms a variety of recognized second, developing an ML model capable of training IDS to
systems. Experimental evaluation demonstrated high recognize different types of anomalies such as DDoS in cloud
detection accuracy, sensitivity, specificity, and minimal computing networks. The solutions proposed in the research
training time, further emphasizing the effectiveness of the included building a comprehensive model that combines
proposed approach. various ML techniques such as g K‑nearest Neighbor (KNN),
Sambangi et al.[38] employed ML techniques for detecting Support Vector Machine (SVM), Random Forest (RF), Naive
DDoS attacks in cloud computing environments. They Bayes (NB), Decision Tree (DTREE), and Artificial Neural
addressed the challenges associated with DDoS detection in Network (ANN) to select the most accurate classifier and
these environments, emphasizing the need for efficient and employing supervised machine learning methods. The results
accurate detection mechanisms to tackle security threats in demonstrated the effectiveness of the model in detecting
network infrastructure. The research aims to design an ML malicious traffic patterns and improving overall network
model based on multiple linear regression analysis for DDoS security.
attack detection, utilizing data visualization and feature The research [42] focused on detecting DDoS attacks in
selection techniques to enhance prediction accuracy. Results cloud computing environments using an optimized extreme
from experiments include performance metrics such as learning machine. It aimed to address the challenges of
accuracy, precision, recall, F1-score, and confusion matrix, developing an effective system for DDoS detection in cloud
showcasing promising outcomes with the proposed multiple computing while enhancing accuracy and efficiency. The
linear regression analysis approach compared to existing proposed solutions include utilizing an optimized extreme
methods. learning machine and implementing a Self-adaptive
Abubakar et al. [39]focused on the escalating frequency and Evolutionary Extreme Learning Machine (SaE-ELM) model
diversity of attacks on computer networks, predominantly to improve detection accuracy. The objectives involve
DDoS attacks, which presented a significant challenge due to proposing the optimized extreme learning machine and
their evolving nature and mechanisms. Solutions proposed introducing the SaE-ELM model to enhance detection
aimed at developing a mechanism capable of promptly accuracy. The research evaluated the proposed system
detecting DDoS attacks, identifying their origin, and initiating performance using metrics like accuracy, sensitivity,
mitigation procedures at the early stages of detection. This specificity, precision, and F-score, demonstrating significant
approach integrated an optimized Support Vector Machine improvements over existing methods in detecting DDoS
(SVM) classification algorithm with the SNORT Intrusion attacks in cloud computing environments.
Prevention System (IPS) to provide preventive measures Sachdeva et al. [43] research addressed the classification of
during DDoS attacks. Experimental results included attacks in cloud network environments, employing ML and
evaluating the proposed IPS method in both single and digital forensics. It addresses challenges in detecting and
multiple-source attack scenarios and comparing performance classifying DDoS attacks in cloud networks amidst the
metrics such as CPU load, latency, average packets, accuracy, increasing complexity of cyber threats and limitations of
detection rate, specificity, and false positive rate. These existing detection methods. Proposed solutions involve
experiments demonstrated the effectiveness of the proposed developing a fusion algorithm that combines ML techniques
method in detecting and mitigating DDoS attacks when with digital forensics, utilizing evidential artifacts for analysis.
compared to existing solutions. Experimental setups involve performance metrics like Kappa
The research [40] addressed various issues concerning Statistic, False Positive Rate (FPR), True Positive Rate (TPR),
cloud computing, particularly the vulnerability to DDoS Root Mean Squared Error (RMSE), Precision, and Recall are
attacks which could disrupt access to information. It considered for validation. Results indicate high accuracy,
emphasized the necessity for a reliable intrusion detection precision, and True Negative Rate in attack classification,
system to promptly identify and counter such attacks in cloud along with improved performance in detecting and classifying
platforms. The proposed solutions involved creating a attacks in cloud networks, validating the fusion algorithm's
classification model utilizing Random Harmony Search effectiveness across multiple performance metrics.
optimization (RHS) and Restricted Boltzmann Machines The research [44] focused on detecting DDoS attacks in
(RBM) to improve DDoS attack detection in cloud setups. The cloud computing environments using an efficient Support

Vector Machine-based discrete elephant herding optimization The study [48]addressed cloud security in E-government,
(SVM-DEHO) classifier. It addressed significant including the detection and mitigation of network intrusion,
cybersecurity issues posed by DDoS attacks, which rapidly specifically DDoS attacks. It focused on critical security
exhaust victim communication and computation resources. challenges in cloud computing, concentrating on the
Objectives involve proposing an SVM-DEHO classifier for vulnerable nature of cloud-based E-government systems to
DDoS detection, with experimental results demonstrating high attacks from nodes that are compromised and the significance
accuracy, sensitivity, specificity, precision, and F-measure of monitoring internal as well as external traffic in the cloud
values. Results illustrate the superiority of the proposed network for security purposes. The proposed solutions include
approach over existing methods, affirming its effectiveness in introducing an ML method for accurate clustering of network
mitigating DDoS attacks in cloud environments. data to detect DDoS attacks, utilizing feature selection
Mishra et al. [45] research focused on detecting DDoS techniques to improve data clustering efficiency, and using
vulnerability in cloud computing using the Perplexed Bayes clustering algorithms such as Principal Component Analysis
Classifier. It addressed challenges in identifying and (PCA), Density-Based Spatial Clustering of Applications with
exploiting vulnerabilities in cloud computing, particularly Noise DBSCAN, Agglomerative Clustering, and k-means.
emphasizing the severity of DDoS attacks and their impact on The experimental results show that the proposed PCA +
cloud infrastructure. Solutions involve implementing ML DBSCAN outperforms standard algorithms.
techniques, specifically the Perplexed Bayes Classifier, to Sokkalingam et al. [49] research addressed the escalating
detect and mitigate DDoS attacks in cloud environments. frequency and complexity of DDoS attacks aimed at cloud
Performance metrics such as accuracy, sensitivity, and computing services and the inadequacies of traditional
specificity are used to evaluate the effectiveness of the intrusion detection systems in effectively identifying and
proposed approach in identifying DDoS attacks. Overall, the addressing these attacks. To tackle these challenges, the study
results showed that the Perplexed Bayes Classifier can proposed solutions such as developing an intelligent intrusion
successfully detect and mitigate DDoS vulnerabilities in the detection system that utilized ML techniques to enhance
cloud environment. DDoS attack detection and employing a Support Vector
The use of ML in cloud computing to identify DDoS attacks Machine (SVM) with hybrid Harris Hawks Optimization
is the subject of research [46]. Reducing misclassification (HHO) and Particle Swarm Optimization (PSO) algorithm
mistakes in DDoS detection is the primary issue, as it impacts approach to improve accuracy and efficiency in cloud
the availability of services for authorized users. Reducing environments. The experimental evaluation utilized
misclassification errors, evaluating ML techniques for DDoS performance metrics including precision, sensitivity,
attack detection, analyzing misclassifications for more precise selectivity, F1 score, accuracy, and Area Under the Curve
measurements, and selecting important features using Mutual (AUC) to evaluate the effectiveness of the proposed system,
Information (MI) and Random Forest Feature Importance revealing enhanced detection capabilities and efficiency in
(RFFI) approaches are the main objectives of the research. countering DDoS attacks within cloud computing
However, the Random Forest method performed the best in environments.
terms of detecting DDoS attacks compared to other The study [50] aimed to enhance the efficacy of the
techniques. F1 score, recall, accuracy, and precision were Gaussian Naïve Bayes classifier to detect DDOS attacks in
among the performance metrics. cloud computing. It discussed the prevalence of DDOS and
The study [47] focused on detecting DDoS attacks in DOS attacks against cloud services, as well as the difficulty in
modern network infrastructures for Industry 4.0, using ML detecting these attacks due to their distributed character and
models and feature transformation methods. It addressed potential for catastrophic consequences. Proposed solutions
security and data availability issues in modern networking, for detecting DDOS attacks include using ML techniques,
notably in cloud computing, focusing on the detection of especially the Gaussian Naïve Bayes classifier, pre-processing
DDoS attacks in cloud networks, which provide new data to address zero-probability issues, and selecting highly
difficulties to the network community. Novel Gaussian-based independent features to improve accuracy. The proposed
traffic attribute-pattern similarity functions for evolution framework improves the accuracy of the Gaussian Naïve
feature clustering, as well as Gaussian-based network traffic Bayes classifier in detecting DDOS attacks, mitigates the zero-
similarity functions for evaluating similarities between probability problem through data pre-processing, improves
network traffic instances, are proposed as solutions. feature selection efficiency, and measures classifier
Furthermore, the study creates the SWASTHIKA machine performance using precision, recall, and F1-score.
learning model to detect both low-rate and high-rate network The study [51] employed ML to detect DDoS attacks in
threats. Experimental results show that SWASTHIKA has device-to-device (D2D) connections. Solutions include using
much higher attack detection rates than state-of-the-art ML ML techniques such as Random Forest, XG Boost, Ada Boost,
classifiers, as measured by performance measures such as and Light Gradient Boosting Machine (LGBM) to detect and
accuracy, precision, detection rate, and F-score. prevent DDoS attacks in D2D communication systems. The
objectives include providing considerable improvement in

VOLUME XX, 2017

terms of detection and prevention time, needed resources, and BaysFusCNN approach improves DDoS detection accuracy,
device battery usage, as well as presenting a useful technique reliability, and performance metrics, and how the proposed
for combating DDoS attacks in D2D communication. The models compare to existing methods in terms of accuracy and
proposed system used ML techniques to classify and detect efficiency. The results demonstrated that the BaysCNN model
DDoS attacks, with an emphasis on SYN and Slowloris obtains an average accuracy rate of 99.66% across 13 multi-
attacks. The research employed evaluation metrics such as class attacks, while the Data Fusion BaysFusCNN model gets
accuracy, precision, recall, Area Under the Curve (AUC), and an even higher average accuracy of 99.79%. The study offered
F1 score to evaluate the performance of ML classification useful insights into the development of robust ML-based
approaches in detecting DDoS attacks within the D2D intrusion detection systems, as well as improving the
network communication environment. The results reliability and scalability of IDS in cloud computing
demonstrated significant performance improvements and environments.
provided comprehensive evaluations of ML models, Talpur et al. [55] investigated the application of ML and
contributing to the effectiveness of DDoS attack detection evolutionary algorithms to DDoS attacks in cloud computing
methodologies in real-world scenarios. systems. The study showed that modern society is becoming
Authors in [52] focused on protecting virtual cloud increasingly vulnerable to cyberattacks, particularly DDoS
computing environments from DDOS attacks using the Naive attacks, and emphasizes the need for greater detection and
Bayes ML algorithm. They tackled challenges stemming from cybersecurity measures. The system detected DDoS attacks
the growing number of users accessing cloud-based using TOPT with the genetic algorithm GA. Also, ML
applications, which has led to an increase in DDOS attacks methods such as Extreme Gradient Boosting (XGB), Random
targeting cloud services. Additionally, there is a lack of Forest (RF), and Support Vector Machine (SVM) propose
reliable methods for detecting and filtering these attacks, XGB-GA Optimization, RF-GA Optimization, and SVM-GA
making them a preferred weapon for cyber attackers. To Optimization methods considered. The technology reached
address these issues, the research explores ML techniques and high accuracy levels, considerably boosting cybersecurity
specifically applies the Naive Bayes algorithm to prevent and measures. The suggested XGB-GA optimization approach
detect DDOS attacks in virtual cloud environments. outperformed other methods for identifying DDoS attacks in
Remarkably, the Naive Bayes model showed improved terms of accuracy, precision, recall, and F1 score. Achieving a
accuracy, recall, specificity, and F-score. 99.00% testing accuracy and a best pipeline test accuracy of
Researchers in [53] focused on using ML to detect DDoS 1.000%.
attacks in Vehicular ad-hoc Network (VANE)T cloud The research [56] focused on detecting and categorizing
environments, aimed to address the challenges of identifying DDoS attacks in distributed networks using hierarchical ML
and mitigating such attacks in vehicular networks. They and hyperparameter optimization methods. It tackled the
proposed solutions such as employing ML models like growing threat of DDoS attacks in distributed networks and
Logistic Regression (LR), Decision Tree (DT), Random the challenge of swiftly identifying and preventing them to
Forest (RF), K-Nearest Neighbors (KNN), Naive Bayes (NB), protect network infrastructure and data. Solutions include
and kernel Support Vector Machine (SVM) to classify employing hierarchical ML models such as Extreme Gradient
"Normal" and "DDoS" scenarios and implementing Boosting (XGBoost), Light Gradient Boosting Machine
fuzzification to categorize correlation degrees in attribute (LGBM), CatBoost, Random Forest (RF), and Decision Tree
value ranges. Objectives include improving security and (DT) for better attack classification and optimizing
safety in vehicular networks by detecting DDoS attacks, using hyperparameters to improve intrusion detection system
a structured methodology comprising NS2 simulation and accuracy and efficiency. The objectives involve proposing a
ML-driven detection phases. Performance metrics such as LASSO feature selection method with hierarchical ML
accuracy score and precision score are calculated for various models, dividing the process into pre-processing, feature
classification algorithms, demonstrating the successful selection, and hyperparameter-optimized tuning classification
application of ML especially DT and RF in addition to stages, and evaluating performance using metrics like recall,
fuzzification techniques in enhancing DDoS detection precision, accuracy, and F1-score. The study found the LGBM
capabilities in VANET cloud environments. classifier to be the most effective, achieving 99.77% accuracy,
AlSaleh et al. [54] research focused on the use of ML to highlighting the success of hierarchical ML techniques in
detect DDoS threats in cloud computing settings. It discussed accurately predicting DDoS attacks.
the cybersecurity threats associated with cloud technology
implementation, including DDoS attacks, and emphasized the B. DDoS ANOMALY BASED ON DL - EXISTING
limits of standard IDS in detecting DDoS attacks in dynamic RESEARCH WORKS
network environments. The study sought to answer questions Velliangiri et al. [57] research focused on DDoS attack
about the effectiveness of the proposed Bayesian-based detection within cloud computing environments, aiming to
Convolutional Neural Network (BaysCNN) model in address the pressing need for effective detection methods and
detecting DDoS attacks, the extent to which the Data Fusion overcome the limitations of existing algorithms. The
10

objectives involve developing a novel Fuzzy and Taylor The study [61] focused on detecting DDoS and economic
Elephant Herd Optimization (FT-EHO) and Deep Belief denial of service (EDoS) attacks within cloud computing by
Network (DBN) classifier specifically designed for DDoS combining Deep Belief Network (DBN) and Support Vector
attack detection and comparing its performance against state- Machine (SVM) technologies. It tackled challenges such as
of-the-art algorithms like Support Vector Machine (SVM), accurately recognizing different forms of EDoS and DDoS
Neural Network (NN), EHO, and TEHO-based DBN. The attacks, preventing attacks from moving between Virtual
proposed system utilizes three databases, including the KDD Machines (VMs) and the hypervisor, and estimating attack
cup database, to detect DDoS attacks and employs a fuzzy and percentages while determining sensitivity thresholds based on
TEHO-based approach within the FT-EHO Deep Belief system requirements. Proposed solutions involve devising a
Network classifier for classification. Experimental evaluation comprehensive method for identifying both EDoS and DDoS
focused on performance metrics such as accuracy, detection attacks, utilizing a global approach to improve threat
accuracy, precision, and recall. The results showcased the detection. However, when identifying DDoS and EDoS
efficacy of the proposed FT-EHO-DBN classifier across attacks in cloud computing, some common performance
varying numbers of users and highlighted its strengths in metrics to evaluate such as attack reporting time, request-
achieving high accuracy, detection accuracy, precision, and response time, victim service downtime, defensive cost/hour,
recall, thereby contributing significantly to enhancing DDoS True Positive Rate (TPR), True Negative Rate (TNR) and
detection in cloud environments. accuracy are considered. The results obtained regarding the
Bhardwaj et al. [58] focused on enhancing the detection of fusion of DBN and SVM for detecting DDoS and EDoS
DDoS attacks in cloud computing environments using a attacks in the cloud demonstrate several significant outcomes.
Hyperband Tuned Deep Neural Network coupled with a These include superior accuracy in identifying DDoS attack
stacked sparse Autoencoder. This methodology addressed traffic, resulting in shorter attack reporting and response times,
critical challenges such as limited training data, imbalanced as well as reduced downtime for victim services. Moreover,
datasets, and the complex task of selecting optimal features. the approach leads to lower costs associated with attack
While traditional methods and ML approaches struggle with detection and mitigation. Notably, the classification accuracy
evolving attack vectors and noisy data, the proposed system achieved is exceptionally high, reaching 99.78%. Overall,
aims to mitigate these limitations. Experimental validation these results highlighted the effectiveness of the proposed
showcased the system's superior performance compared to method in enhancing the security and resilience of cloud
existing methods, with notable improvements in accuracy, environments against DDoS and EDoS attacks.
precision, recall, and F1-Score. Almiani et al [62] investigated network security in
In research [59] Mishra et al. focused on cloud computing, containerized cloud computing platforms using a Resilient
particularly examining, and addressing vulnerabilities to Back Propagation Neural Network. They aimed to address
DDoS attacks in cloud environments, alongside concerns such vulnerabilities such as DDoS attacks on containerized
as network errors and intrusions, and load balancing issues. microservices and the need for intelligent intrusion detection
Proposed solutions involve using Neural Networks (NN) to in cloud-native environments. The proposed solution involves
evaluate training performance and detect accurately and an IDS based on Neural Networks (NN) to detect and mitigate
employing Swarm optimization to minimize errors and ensure Reflective DDoS attacks. Objectives include proposing the
response stability. Results demonstrated reduced network system, evaluating its performance against DDoS attacks, and
errors, enhanced detection accuracy, and better identification ensuring it meets the delay requirements of containerized
of intrusions, with metrics including mean square error rate, microservices architectures. Experimental results demonstrate
detection accuracy, and precision. efficient processing times and high accuracy in detecting
Velliangiri et al. [60] focused on DDoS attacks in cloud reflective DDoS attacks, as evaluated using performance
computing using optimization-based deep networks. The key metrics including accuracy, sensitivity, F1-score, specificity,
problems addressed include detecting DDoS attacks in cloud precision, and false positive rate.
environments, improving cloud platform security against such Akgun et al. [63] focused on developing intrusion detection
attacks, and improving the detection technique's accuracy and systems for DDoS attacks. They addressed the escalating
efficiency. The solutions consist of creating a Taylor-Elephant frequency and complexity of such attacks, as well as the
Herd Optimization based Deep Belief Network (TEHO-DBN) limitations of traditional detection methods. Existing solutions
classifier for DDoS detection, using DL for anomaly detection encompass signature-based and anomaly-based intrusion
in clouds, and using an optimization-based strategy to improve detection systems, along with ML approaches for identifying
detection system performance. A variety of evaluation metrics unknown malware threats. The research objectives involve
such as detection rate, accuracy, recall, computational time, proposing a DL-based intrusion detection model, assessing
and precision are considered when simulating the TEHO- various DL architectures such as Deep Neural Networks
DBN classifier. However, the proposed system demonstrated (DNN), Convolutional Neural Networks (CNN), and Long
improved performance metrics compared to existing Short-Term Memory (LSTM), benchmarking the proposed
techniques. models against baseline approaches using the CIC-DDoS2019

VOLUME XX, 2017

dataset. Performance evaluation against baseline models weights tuned optimally Using Harmonic Mean Based Poor
reveals improved accuracy, precision, recall, F1-score, and and Rich Optimization (HMPRO) algorithm. The results
Area Under Curve (AUC), demonstrating enhanced DDoS include the superior performance of the RBF-NN + HMPRO
attack detection capability. Additionally, security metrics like approach when considering specificity, False Negative Rate
detection accuracy, false positive rate, and false negative rate (FNR), sensitivity, precision, False Positive Rate (FPR),
are considered. Matthew correlation coefficient (MCC), net predictive value
Aydın et al. [64] aimed to create a Long Short Time (NPV), and accuracy.
Memory (LSTM)-based DDoS detection and defense system Emil Selvan et al. [68] work focused on detecting and
in a public cloud setting, emphasizing the urgent need for preventing DDoS attacks in cloud computing environments,
precise and prompt identification and prevention of DDoS addressing challenges in identifying such attacks within real-
attacks, especially during the COVID-19 era. The goals world traffic flows while minimizing identification time,
involve crafting an LSTM-based solution for DDoS detection reducing computational complexity, and enhancing detection
and defense, incorporating autonomous defense components models to handle diverse attack types. Its objectives involve
to counter detected anomalies, and ultimately improving cloud developing a Fractional Anti Corona Virus optimization
system cybersecurity. The proposed approach utilized (FACVO)-based on a Deep Neuro-Fuzzy Network (DNFN)
network traffic analysis, digital signatures, and autonomous system specifically tailored for DDoS attack detection in the
defense strategies to identify and counteract DDoS attacks. cloud, incorporating feature fusion, data augmentation, and
The system demonstrated notable accuracy in classifying DL techniques to enhance detection accuracy, True Positive
attacks, competitive performance in training and testing Rate (TPR), True Negative Rate (TNR), and precision. The
durations compared to prior studies, and thorough assessment proposed system operated by utilizing log files generated from
using vital performance and security metrics like accuracy, simulated cloud environments and employing the DNFN
precision, recall, F1-score, and the efficacy of defense trained by FACVO to identify DDoS attacks. Experimental
mechanisms. evaluation conducted using the NSL-KDD and BoT-IoT
Samsu Aliar et al. [65] research focused on detecting DDoS datasets includes comparison with existing techniques, with a
attacks in cloud environments by employing optimized focus on testing accuracy, TPR, TNR, and precision metrics,
weighted fused features and a hybrid Deep Belief Network showcasing the efficacy of the developed FACVO-based
with the Gated Recurrent Unit DBN-GRU architecture. It DNFN system in robustly detecting DDoS attacks in cloud
addressed performance degradation resulting from these environments.
attacks in cloud computing, along with the challenge of Balasubramaniam et al. [69] addressed the challenges posed
maintaining data security and privacy. Solutions entail by insider DDoS attacks impacting cloud performance and
developing a DL-based approach for automated detection, service availability. Objectives involve developing a Gradient
utilizing optimized features and the hybrid architecture. The Hybrid Leader Optimization algorithm (GHLBO) for efficient
experimental setup involves evaluating performance metrics attack detection, incorporating a Deep Maxout Network
such as accuracy, sensitivity, specificity, precision, F-1 score, (DMN) for feature fusion, oversampling for data
Mathews correlation coefficient, false positive rate, false augmentation, and integrating gradient descent with hybrid
negative rate, and false discovery rate. leader-based optimization HLBO for enhanced performance.
Agrawal et al. [66]goal was detecting and mitigating DDoS The experimental evaluation compares the GHLBO-based
attacks in cyber environments using a Modified Deep Belief approach with existing methods using metrics like testing
Neural Network (M-DBNN) system. The main goal was the accuracy, TPR, and TNR, with results 0.917, 0.909, and 0.909
protection of user personal information against intrusion or respectively, indicating improved performance metrics across
DDoS attacks. Agrawal et al. goals include employing different datasets.
MDBNN to detect adverse behaviors, preprocessing dataset in [70] Pasha et al. research targeted how to detect low-rate
features to improve detection, optimizing the classifier DDoS attacks in cloud computing using the Low-Rate DDoS
performance with the Chimp optimization algorithm, and Attack Detection Framework (LRDADF), integrating AI
comparing the suggested method to existing techniques. technologies like DL. It proposes a Hybrid approach for Low-
Results demonstrated the superior performance of M-DBNN Rate DDoS detection HA-LRDD algorithm, combining deep
in terms of accuracy, error rate, F1 score, false positive rate, Convolutional Neural Networks (CNN) and Autoencoders for
kappa, Matthew correlation coefficient, precision, sensitivity, enhanced accuracy. Existing methods such as attack filtering
and specificity values. are discussed, highlighting the need for improved detection
Varghese et al. [67]focused on intrusion detection in cloud mechanisms. Experimental results demonstrated HA-LRDD
systems, notably DDoS attacks, addressing the security effectiveness compared to other algorithms in ensuring cloud
difficulties faced by such attacks and protecting data in cloud service quality showing a high detection rate of 95.32% and a
computing. The proposed solutions include the introduction of low false positivity rate of 0.56943%.
a novel intrusion detection model based on an optimized Liu et al. [71] focused on detecting low-rate DDoS attacks
Radial Bias Function Neural Network (RBF-NN) with using an asynchronous federated learning arbitration model

based on Bidirectional Long Short-Term Memory (bi-LSTM) various performances including False Positive Rate (FPR),
and mechanism of attention. Liu et al. [71] addressed sensitivity, precision, accuracy, specificity, F1 score, error,
challenges associated with these attacks, emphasizing the and Kappa. However, Bi-LSTM obtained 95% sensitivity,
necessity for effective detection mechanisms and highlighting 94% precision, 88% kappa, 5% FPR, and 87% F1 score.
limitations in existing models. Objectives entail designing an Arango-López et al. [75] focused on enhancing real-time
equal time step sliding window method for data preprocessing, detection and prediction of DDoS cyber-attacks using a cloud-
developing a local model based on bi-LSTM and attention based DL architecture. They addressed challenges such as
mechanism for attack detection, and proposing a leader node achieving real-time detection, reducing evaluation metrics
election algorithm alongside an asynchronous federated with standard datasets, and focusing on specific attack
learning framework. Experimental evaluation involves categories amidst network noise. Solutions involve analyzing
comparing the proposed model with various classifiers and DL attack categories using tools like Wireshark, applying filters to
models and evaluating performance metrics like accuracy, isolate specific attack types, and developing a cloud-based DL
precision, recall, and time complexity. architecture such as Deep Neural Networks (DNN) and
The study [72] focused on detecting DDoS attacks within Convolutional Neural Networks (CNN). The proposed system
cloud environments using an AI-based IDS framework, with a continuously inserts new data for each DDoS attack class to
primary goal of improving accuracy while minimizing false improve real-time detection, carefully analyzes each attack
alarms. Proposed solutions involve employing ensemble category, and focuses on attacks affecting the HTTP protocol
feature selection to identify key features and constructing a port 80. Experimental results demonstrated optimal accuracy
Deep Neural Network (DNN) model for precise DDoS metrics achieved by the DNN, considering accuracy,
detection. Results indicate the effectiveness of the proposed precision, F1 score, and sensitivity as performance metrics.
FEwDN model, demonstrating superior accuracy compared to Ouhssini et al. [76] addressed DDoS attack detection and
conventional machine learning techniques and surpassing prevention in cloud environments through the DeepDefend
existing methods in various performance metrics. The framework, addressing challenges such as resource efficiency
research highlighted the efficiency of the AI-based IDS and limitations of existing systems. Solutions involve
framework with performance evaluation metrics such as components like traffic collection, entropy forecasting, and
accuracy, precision, recall, F1 score, Area Under the Curve attack prediction. Objectives include presenting a strategy for
(AUC), and Receiver Operating Characteristic (ROC) used for detection and prevention, utilizing entropy forecasting, and
evolution. improving, Autoencoders, Neural Networks (CNN), and
The study[73] focused on predicting cyber-attacks such as Decision Tree (DT) model. The system processes data through
Brute_Force, DDoS, ICMP Flood, Port_Scan, and Web various stages and employs DL methods such as CNNs, Long
Crawling in cloud computing environments using an Short-Term Memory (LSTM) networks, Autoencoders, and
extremely boosted neural network. It aimed to automate the transformers for tasks like entropy forecasting and feature
detection and identification of multistage cyber-attack extraction. Experimentation with the CICIDS-001 dataset and
scenarios while enhancing prediction accuracy and efficiency. performance metrics such as accuracy, precision, recall, and
Proposed solutions involve utilizing the boosted Neural F1-score are used to evaluate the effectiveness of the
Network (NN) for more precise prediction and implementing DeepDefend framework in detecting and preventing DDoS
advanced ML techniques to improve cybersecurity measures attacks. The outcomes highlighted the DeepDefend
in cloud systems. The system operated by training the neural framework's efficacy and precision in detecting and
network on historical attack data, employing sophisticated preventing DDoS attacks in cloud environments.
algorithms for real-time analysis and prediction, and
continuously improving through adaptive learning and
feedback mechanisms. Monitoring various performance
metrics allows assessment of accuracy, sensitivity, specificity,
and overall effectiveness. Results demonstrated improved
accuracy in predicting multi-stage cyber-attacks, enhanced
efficiency in threat detection and mitigation, and validation of
the boosted NN effectiveness through experimental
simulations and evaluations.
Pandithurai et al. [74] focused on predicting DDoS attacks
in a cloud environment using a combination of honey badger
optimization algorithm and Bidirectional Long Short-Term
Memory (Bi-LSTM) technology. They addressed challenges
associated with cloud adoption such as privacy issues and data
leakage, highlighting existing detection system limitations.
Experiments showcased superior accuracy. Results present

VOLUME XX, 2017

TABLE 3. DDoS DETECTION IN CLOUD NETWORK USING ML

REFERENCES PROBLEM SOLUTIONS RESULTS ADVANTAGES DISADVANTAGES DATA SOURS YEAR

[37] DDoS V-ELM Accuracy of Ability to detect Real-time detection NSL-KDD 2020
Detection 99.18% with both known and challenges
the NSL- unknown attacks
KDD

[38] DDoS Multiple linear Accuracy of Using Assumption of CICIDS 2017 2020
Detection regression 97.86% visualization Linearity
analysis
[39] Mitigate real- SVM+ SNORT Accuracy Route Packet processing KDD, CUP99, 2020
time DDoS rate of 97% identification DAPRA,
a
[40] Improve RHS- RBM Accuracy of Feature learning RBMS can be KDD 99 2021
DDoS 99.92% complex models
detection
[41] Detect RF-NB- Highest Encouraging Real network ISOT-CID 2021
malicious DTREE- ANN- accuracy of results challenges
network SVM- KNN 100%
traffic.

[42] DDoS SaE-ELM Highest The system is Training time NSL-KDD, 2021
Detection in accuracy of evaluated on ISCX IDS 2012,
the Cloud 99.99% with multiple datasets, UNSW-NB15,
NSL-KDD and CICIDS
2017.

[43] Detecting and ML techniques Average Real-time Adaptability NSLKDD 2022

classifying with digital accuracy detection
(DDoS) forensic method 99.36%
attacks
[44] Detection of SVM-DEHO Accuracy of Efficient Real-time detection NSL-KDD, 2022
DDoS 99.34% detection UNSW-NB15,
ISCX ID and
CIC-IDS2017

[45] Detection of Perplexed Accuracy of Efficient feature Optimization NSL-KDD 2022

DDoS Bayes Classifier 99% selection challenges

[46] DDoS RFFI + MI RF accuracy Reduction in Real-time detection CICIDS 2017 - 2022
detection 0.999977 Misclassification CICDDoS 2019
Errors

[47] DDoS attack SWASTHIKA Accuracy of Adoption of the Sensitivity to IoT DoS and 2022
detection +ML model 90.74 standard dataset Parameter Tuning DDoS attack
dataset from
IEEE Dataport

[48] DDoS in E- PCA- High Efficient Dependency on CSE-CIC- 2022

government DBSCAN- accuracy of clustering labeled data IDS2018, NSL-
Agglomerative 100% for KDD, and HTTP
Clustering PCA + CSIC 2010
DBSCAN
[49] DDoS SVM+ HHO- Accuracy of Hybrid K- value needs to NSL-KDD 2022
detection PSO 97.05% optimization increase
algorithms

[50] DDoS Gaussian Naïve Accuracy of Handling zero- Sensitivity to feature CICD2018 2023
detection Bayes classifier 96.15% probability issue Independence
Assumption
[51] DDoS RFe, XG Boost, Higher Capability to Limited dataset CICDDoS2019 - 2023
detection Ada Boost, and accuracy detect various coverage Slowloris dataset
(LGBM) with types of DDoS
Random attacks
Forest
Between
99.5% and
99.8%

[52] Prevention Naive Bayes Success rate Efficacy of ML Real-time monitoring KDDCUP99 2024
and detection model 99.78 % methodologies in challenges.
of DDOS detecting DDoS

TABLE 3. DDoS DETECTION IN CLOUD NETWORK USING ML (CONTINUED)

REFERENCES PROBLEM SOLUTIONS RESULTS ADVANTAGES DISADVANTAGES DATA SOURS YEAR

[53] Detecting and LR, DT, RF, Accuracy of Adaptable to Scalability - 2024
mitigating KNN, NB, and 99.59% for real-world challenges
DDoS attacks SVM DT and RF systems
in VANET
cloud settings

[54] DDoS Cloud BaysCNN - Baysfuscnn Groundbreaking Real-world Scenarios CICDDoS2019 2024
Detection BaysFusCNN with the solution
highest
accuracy
rate of
99.79%

[55] DDoS XGB-GA, RF- Best pipeline Enhanced Challenges in real- NSL-KDD 2024
Detection GA, SVM-GA accuracy of accuracy and world
1.000% with efficiency implementation
XGB-GA

[56] Detection and XGboost, LGBM with Early threat Scalability issues CICIDS 2017 2024
classification LGBM, the highest identification
of DDoS CatBoost, RF, accuracy
and DT rate of
99.77%

TABLE 4. DDoS DETECTION IN CLOUD NETWORK USING DL

REFERENCES PROBLEM SOLUTIONS RESULTS ADVANTAGES DISADVANTAGES DATA SOURS YEAR
[57] DDoS attack novel FT-EHO accuracy Enhanced Computational cost KDD cup 2020
detection DBN classifier 93.811% performance database,
Database 1, and
Database 2
[58] Detection of DNN using a well- accuracy > Effective feature Scalability for real- NSL-KDD and 2020
(DDoS) posed stacked 98% representation world deployment CICIDS2017
sparse AutoEncoder
[59] DDoS NN High Utilization of Dataset limitation 2020
vulnerabilities accuracy advanced
analysis techniques

[60] DDoS TEHO-DBN Accuracy Optimization- Limited scalability KDD cup 2021
detection rates 0.830 based approach database,
for efficient Database 1, and
DDoS detection Database 2

[61] DDoS and DBN and SVM High Reduced Dependency on SMD 2021
EDoS accuracy downtime dataset
detection 99.78%
[62] DDoS attack NN-based IDS highest supports the Performance Trade- CICDDoS 2019 2022
detection accuracy delays required offs
97.07% by containerized
cloud computing.

[63] IDS for DDoS DNN- CNN- LSTM CNN Enhancing Feature selection CIC-DDoS2019 2022
achieved cybersecurity
high against DDoS
accuracy > attacks
99.99%
[64] DDoS LSTM High Using datasets Scalability CCIC- DDoS 2022
detection in accuracy with real-world considerations for 2019
public cloud rates > 99 DDoS attacks large-scale cloud
environments

[65] DDoS Hybrid DBN-GRU High Improved Model tuning CICIDS 2017 2022
detection architecture accuracy Sensitivity challenges KNN, NSL-
97.05%. KDD, and
KDDcup99
[66] Mitigation M-DBNN 87% Improved Model CAIDA "DDoS 2022
DDoS attack accuracy performance adaptability 2007"

VOLUME XX, 2017

TABLE 4. DDoS DETECTION IN CLOUD NETWORK USING DL (CONTINUED)

REFERENCES PROBLEM SOLUTIONS RESULTS ADVANTAGES DISADVANTAGES DATA SOURS YEAR

[67] DDoS RBF-NN + Accuracy > Optimal Weight Real-time detection CICDDoS2019 2022
detection HMPRO 90 for both Tuning for better UNSW-NB_15
datasets performance
[68] DDoS attack FACVO- Accuracy Maximum detection Real-time detection NSL-KDD and 2023
detection DNFN 0.9304 for efficiency BoT-IoT
NSL-KDD datasets.
and 0.9200,
for BOT-
IOT

[69] DDoS GHLBO - High Feature fusion and Limited evaluation NSL-KDD and 2023
detection DMN accuracy data augmentation metrics BoT-IoT
0.917
[70] Detection of LRDADF and A high Maintaining quality of Resource intensive CIC-DDoS2019 2023
low-rate DDoS HA-LRDD detection rate Service
g of 95.32%
[71] Low-Rate syncFL-bLAM Highest Decentralized data Training data bias ISCX-2016- 2023
DDoS accuracy is handling SlowDos
detection 98.68%,
[72] DDoS FEwDN high Reduced False Adaptability to CICDDoS2019 2023
detection accuracy Alarms dynamic threats
value 99.67%
[73] Cyber attack Boosted NN 99.72% Real-time monitoring Adaptability to Zero- MSCAD 2023
prediction accuracy Day Attacks

[74] DDoS attack Bi-LSTM High Efficient feature Model Interpretability Kaggle website- 2024
prediction accuracy selection CSE-CIC-
value 97% IDS2018-AWS,
CICIDS2017,
and CIC DoS

[75] DDoS DNN -CNN DNN Real-time detection Scalability concerns CICIDS 2017 2024
prediction achieved the
highest
accuracy at
98.86%

[76] Enhancing AutoCNN-DT CNN-DT Real-time detection FP and FN affect the CIDDS-001 2024
DDoS achieved the capabilities overall accuracy
detection highest
accuracy
0.9997

VII. ML AND DL BASED FOR IDS IN CLOUD NETWORKS

comprehensive explanation of each method employed in IDS
Since a signature-based IDS takes considerable time to build, will be provided, along with recent related studies in this
test, and deploy each time an unexpected attack occurs. An section. Tables 5 and 6 describe the method and advantages of
anomaly-based IDS based on ML technology offers a system IDS based on ML/ DL in detail.
that can learn from data and make predictions about unseen
A. IDS ANOMALY BASED ON ML - EXISTING
data by applying the learned data [77]. However, Early ML- RESEARCH WORKS
based intrusion detection techniques were criticized for having
limited throughput and high false positive rates. Hodo et al. The study [79] focused on using ML for log-based intrusion
[78] study on intrusion detection methods found that DL detection in cloud web applications, aiming to enhance cloud
methods such as deep networks outperform typical ML-based security. It addressed challenges such as the need for adaptable
detection approaches. A technique is employed to train security systems in the complex cloud environment, the
hierarchical network layers using unsupervised learning in a complexity of deploying multiple platform-specific IDS, and
step-by-step manner, drawing inspiration from the structure of the demand for simpler, easier-to-update detection models.
the human brain. Furthermore, ML/ DL algorithms use The research aimed to introduce a flexible ML approach such
autonomous learning to predict final outputs. For instance, as Random Tree, REP tree, J48, bagging, boosting, Random
IDS can employ these algorithms to safeguard cloud networks Forest, and Neural Networks for attack detection using web
from various attacks, such as DDoS attacks. Additionally, a application logs, proposing configurations of ML algorithms

with high performance and minimal time overhead. The study Stacked Contractive Autoencoder (SCAE) and Support
demonstrated the effectiveness of ML algorithms like Vector Machine (SVM). The study addressed challenges such
Decision Trees and Neural Networks in detecting attacks on as the surge in network traffic within cloud environments, the
cloud-based applications. The results, measured through, rise of malicious attacks targeting cloud networks, and the
highlight the potential of ML techniques in enhancing pressing need for robust IDS to protect cloud computing
intrusion detection for cloud web applications, offering a more resources. To tackle these issues, the research proposed
adaptable and efficient approach compared to traditional rule- employing the SCAE method for feature extraction and
based systems. dimensionality reduction, along with integrating the SVM
Jaber et al. [80] research focused on improving IDS for algorithm for classification, aiming to enhance the detection
cloud computing environments, aiming to improve detection performance of cloud intrusion detection systems. The results
accuracy through a hybrid Fuzzy C Means clustering (FCM) of the experiments included the evaluation of various metrics
algorithm with the Support Vector Machine (SVM) method. like accuracy rate, precision rate, recall rate, F-measure,
The research addressed the pressing need for enhanced confusion matrix, and Receiver Operating Characteristic
detection systems in the face of rising cyber threats in cloud (ROC) to assess the effectiveness of the SCAE-SVM model.
setups. It tackled challenges in effectively identifying and Comparative analysis with other approaches demonstrated the
thwarting different attack types like denial-of-service (DoS), superiority of the proposed model in feature extraction,
Remote to Local (R2L), User to Root (U2R), and normal dimensionality reduction, and intrusion detection in cloud
traffic within cloud networks. Results include various environments.
performance metrics such as accuracy, incorrect classification Yang et al. [84]focused on cybersecurity, particularly the
rate, false negative rate, true positive rate, precision, recall, and development of IDS using ML techniques. They addressed the
F1 score across different attack types. The hybrid FCM-SVM increasing volume and destructiveness of cyber-attacks in
system demonstrated impressive accuracy rates and low false modern networks, the limited availability of public and
negative rates outperforming other IDS methods. complete code for ML-based IDSs, and the challenge of
The research [81] focused on enhancing IDS in the effectively detecting both known and zero-day attacks. The
cybersecurity domain by addressing the challenges posed by objectives include developing IDS-ML, an open-source code
high-dimensional datasets, including computational repository for IDS development, providing solutions to the
complexity, time complexity, system learning complexity, general process of IDS development, demonstrating how ML
resource consumption, and alert delays. The objectives of the algorithms can be used to design different types of IDSs, and
study involve introducing a feature selection method based on improving intrusion detection performance with advanced
Rough set theory and Bayes theorem to improve IDS techniques such as ensemble learning, Transfer Learning (TL),
performance. The proposed system involves data and Hyper-Parameter Optimization (HPO). The experimental
normalization, feature selection based on estimated setup involves utilizing IDS-ML, implementing various ML
probabilities, and classification using Bayesian Rough set algorithms and techniques, and evaluating IDS performance
methods to achieve a high detection rate and low false alarm using relevant metrics such as accuracy, precision, recall, F1-
rate. Results indicated a reduction in time and space score, Area Under Curve (AUC), and Receiver Operating
complexity, high detection rates, and low false alarm rates, Characteristic (ROC), considering detection rates for different
with statistical parameters from confusion matrices used to types of cyber-attacks.
evaluate system performance. The study [85] focused on IDS within distributed cloud
The research[82] addressed cybersecurity, specifically computing, aiming to improve security through hybrid
focusing on IDS in cloud computing, utilizing ML techniques. clustering and classification methods. Key challenges
It focused on the growing vulnerability of cloud systems to included the need to enhance IDS detection accuracy in
cyberattacks, given their widespread adoption by distributed cloud setups and the limitations of traditional IDS
organizations, banks, and governments, and the pressing need models in identifying both known and unknown attacks
for robust security measures to safeguard sensitive data like effectively. To address these issues, the research proposed
healthcare records from unauthorized access. The study using ML-based hybrid models to improve IDS accuracy and
proposed an effective IDS leveraging ML algorithms such as implementing anomaly-based IDS with hybrid clustering and
Genetic Algorithms (GA) and Support Vector Machines classification techniques such as K-Means clustering and
(SVM) to improve security in cloud computing environments. Gaussian Mixture Model (GMM) and Random Forest (RF).
Experiment results showcased high accuracy rates in Experiment results demonstrated significant enhancements in
classifying normal and abnormal traffic across various attack overall accuracy, detection rate, and false alarm ratio
types, highlighting the system's efficacy in reducing false compared to traditional IDS models, showcasing improved
positives and improving detection rates in cloud computing performance in detecting various types of intrusions.
setups. Bakro et al. [86] focused on enhancing IDS within cloud
Wang et al. [83] study focused on cloud computing, security, addressing concerns about data privacy and security
particularly in developing IDS using DL techniques like the in cloud environments amidst increasing cyber threats. By

VOLUME XX, 2017

leveraging ML models, the proposed system classified The study [90] addressed cybersecurity, particularly
network packets accurately to identify intrusions and preserve focusing on constructing IDS tailored for cloud environments
user data efficiently. Key contributions included integrating using bio-inspired feature selection algorithms in conjunction
the Synthetic Minority Over-Sampling Technique (SMOTE) with a Random Forest (RF) model. The primary objectives
to handle imbalanced data, utilizing a hybrid feature selection were to develop a cloud-IDS utilizing hybrid bio-inspired
approach combining Information Gain (IG), Chi-Square (CS), feature selection algorithms alongside an RF model and to
and Particle Swarm Optimization (PSO) for optimal feature tackle the challenges associated with dataset development and
subset selection, and employing the Random Forest (RF) feature selection in the realm of intrusion detection systems
model for attack detection. Experimental results demonstrated while showcasing enhanced performance and effectiveness
high accuracies exceeding 98% and 99% in multi-class compared to existing methodologies. Results from the
classification scenarios, outperforming existing approaches. experiments indicated improved performance in accuracy,
The results also showcased high detection rates and low false recall, and false alarm rate.
alarm rates, indicating the efficacy of the proposed system.
The research [87] explored intrusion detection in cloud B. IDS ANOMALY BASED ON DL - EXISTING
computing, with a focus on identifying anomalies in time RESEARCH WORKS
series data using ML techniques. It addressed concerns such The research[91] focused on enhancing IDS within cloud
as the susceptibility of cloud systems to attacks due to their computing environments to address cybersecurity challenges.
open nature, as well as challenges related to privacy and It proposed a Fuzzy Min-Max Neural Networks-based IDS
security critical for cloud computing success. The solutions (FMMNN-IDS) to detect diverse network attacks, such as
proposed involved leveraging IDS to safeguard cloud denial of service (DoS) attacks and malware infections. The
environments, introducing time series anomaly detection as a FMMNN-IDS operated by processing network traffic data
viable solution, and integrating ML for enhanced anomaly through hyperbox expansion and contraction stages to
detection and security measures. The results encompassed accurately detect intrusions. It demonstrated superior
performance evaluations based on metrics like Dynamic Time performance in accuracy and detection rates compared to
Warping (DTW), Mean Absolute Error (MAE), Mean existing approaches.
Squared Error (MSE), Root Mean Squared Error (RMSE), The study [92] developed an efficient IDS for cloud
Mean Absolute Percentage Error (MAPE), Median Absolute computing, aiming to address security vulnerabilities and
Percentage Error (MdAPE). However, the proposed system mitigate overfitting. It employed a hybrid DL technique,
showcased improved performance in detecting and preventing integrating Improved Heap Optimization (IHO) for data
security threats in cloud computing environments. preprocessing and Chaotic Red Deer Optimization (CRDO)
Attou et al. [88] research focused on addressing the for feature selection. The proposed deep Kronecker Neural
challenges associated with the detection of intrusions in cloud- Network (DKNN), named EOS-IDS, enhanced intrusion
based environments by proposing an innovative model that detection and classification accuracy. Through rigorous
combines the Random Forest algorithm (RF) with feature testing on benchmark datasets, EOS-IDS demonstrated
engineering techniques. The study aimed to enhance security competitive performance against state-of-the-art classifiers.
in cloud networks, considering issues of precision, scalability, Evaluation metrics such as accuracy, true positive rate (TPR),
and adaptability faced by conventional IDS and ML-driven true negative rate (TNR), precision, and f-measure were used
IDS. The model exhibits commendable performance, to evaluate the IDS in cloud computing environments.
achieving high accuracy, precision, and recall outperforming Notably, the EOS-IDS model offered significant
established solutions. contributions, achieving high accuracy rates of 97.221% for
In research [89] Vashishtha et al. focused on developing a DARPA IDS datasets and 97.118% for CSE-CIC-IDS2018
Hybrid Intrusion Detection Model (HIDM) for cloud-based datasets.
healthcare systems, aiming to address the challenges of high Pandey et al. [93] research focused on intrusion detection
detection rates for known attacks, the inability to detect new within the realm of big data in cloud computing, addressing
unknown attacks, and increased false alarm rates for the limitations of traditional IDS in countering external attacks
unidentified or new attacks. The proposed model contributes affecting network behavior. It aimed to enhance network
by offering a hybrid approach that combines signature-based security through an Exponential Shuffled Shepherd
and anomaly-based detection methods, enabling the detection Optimization Algorithm (ExpSSOA)-based deep maxout
of both known and unknown attacks. The experimental setup network for intrusion detection, integrating Exponentially
involves evaluating performance based on accuracy and Weighted Moving Average (EWMA) and Shuffled Shepherd
efficiency metrics. Results showed the proposed HIDM Optimization Algorithm (SSOA) for improved performance.
outperformed other models in terms of accuracy, with By utilizing information from big data sources like the Internet
performance metrics including accuracy rates and security of Things (IoT) and Apache web server data. Experimental
metrics focusing on the ability to detect known and unknown evaluation using the Apache web server dataset showcased
attacks. superior accuracy, F-measure, precision, and recall compared

to established methods like Multilayer Perceptron MLP, and positive rate, false negative rate, accuracy, precision, recall,
Long-Short Term Memory LSTM+Spark. specificity, and F-measure when compared to existing IDS
The research [94] focused on presenting a new intelligent approaches.
IDS model utilizing DL algorithms for enhancing cloud The research [98] focused on addressing several challenges
computing security. It aimed to tackle the difficulties of related to cybersecurity in IoT-cloud systems, including their
improving intrusion detection in cloud environments and susceptibility to cyberattacks due to widespread connectivity
optimizing feature selection to accurately identify evolving and the critical need for robust security measures to safeguard
threats. The objectives involved introducing a novel IDS IoT devices and cloud services. To tackle these issues, the
model that merged the Radial Basis Function Neural Network study proposed solutions such as utilizing Swarm intelligence
(RBFNN) and Random Forest (RF) to enhance accuracy and algorithms combined with Deep Neural Networks (DNN) for
efficiency in intrusion detection. However, the research efficient intrusion detection, employing DNN to extract
utilized performance metrics in the intelligent intrusion optimal features from IoT IDS data, and introducing a feature
detection system to identify malicious activities in cloud selection technique based on the Capuchin search algorithm
computing, such as accuracy, precision, recall, and Matthew (CapSA) to enhance intrusion detection capabilities. The
correlation coefficient. The model efficiently identified results of the experiments included performance metrics such
intrusions, demonstrating its ability to accurately detect and as average accuracy, average recall, average precision, and
classify malicious activities, and indicating its potential to performance improvement rate, along with comparisons of the
improve cybersecurity in cloud-based systems. CNN-CapSA model with other optimization algorithms,
The research [95] aimed to improve the performance of IDS ultimately concluding on the competitive performance of the
in cloud settings by employing Deep Neural Networks (DNN), proposed approach across various datasets.
backpropagation, and Particle Swarm Optimization (PSO) The research [99]aimed to enhance IDS for cloud
algorithms. It sought to address existing literature gaps, computing security, addressing issues like privacy,
conduct a detailed analysis of the CSE-CIC-IDS-2018 dataset, confidentiality, and availability in cloud systems, as well as
and compare the proposed models with prior approaches. The detecting new intrusion types and mitigating quantum
objectives included conducting an extensive empirical computing attacks. The proposed Ensemble intrusion
investigation on IDSs using multi-layer perceptron (MLP) and detection model for cloud computing using deep learning
backpropagation MLP-BP and MLP with PSO techniques to (EICDL) focused on improving accuracy and efficiency in
enhance performance metrics in cloud environments. The intrusion detection. It analyzed the drawbacks of existing IDS,
results of the experiments showed enhanced performance introduced an accuracy enhancement model, and compared
metric scores, including accuracy, and precision. EICDL performance with modern ML methods and existing
The research[82], [96] addressed various challenges IDS. The system preprocessed input data, extracted features,
encountered in cloud computing environments, including the classified using DL models like Gated Recurrent Units (GRU)
increasing incidence of intrusions, security breaches in the and Convolutional Neural Network (CNN), and provided
virtual enterprise layer, limitations of conventional intrusion predictions. Evaluation metrics included accuracy, precision,
detection systems, and the necessity for enhanced architecture recall, and F1 score across datasets. The study compared
in distributed computing settings. Its objectives involved the EICDL performance with other algorithms, consistently
development of Filter-Based Ensemble Feature Selection demonstrating higher precision, accuracy, and recall.
(FEFS) and DL Model (DLM) for intrusion detection in cloud The article [100] discussed applying intrusion detection in
computing. DLM is a combined approach of Recurrent Neural online music education using Deep Neural Networks (DNN)
Network (RNN) and Tasmanian Devil Optimization (TDO). on public cloud networks. The research aimed to tackle the
Performance evaluation utilized metrics like F-measure, challenges of detecting intrusions in this domain. The
specificity, sensitivity, and accuracy to evaluate the proposed framework involved fuzzy logic-based feature
effectiveness of the proposed strategy. The results from the selection, optimization using the Salp Swarm algorithm,
research demonstrated the efficacy of the proposed approach integration of Gated Recurrent Unit (GRU), and
in improving security measures for intrusion detection in Convolutional Neural Network (CNN). Evaluation metrics
cloud computing environments. included accuracy, precision, recall, and F1 score across
Maheswari et al. [97]research examined challenges datasets. The results indicated higher accuracy in detecting
associated with improving security in cloud computing intrusions with the proposed models.
environments and enhancing the performance of IDS. Its aims The research [101] tackled intrusion detection in computer
include introducing a hybrid approach combining Teacher networks within network security, focusing on challenges like
Learning optimization with Deep Recurrent Neural Networks the rising complexity of network attacks and the limitations of
(TL-DRNN) for IDS, employing Modified Manta-Ray traditional firewalls. The aim was to develop an optimization-
Foraging Optimization (MMFO) for feature selection, and enabled DL model Rat Swarm Hunter Prey Optimization-
validating the proposed method using standard datasets. Deep Maxout Network (RSHPO-DMN) to address intrusion
Results indicated enhanced performance concerning false detection issues. This involved tasks such as preprocessing

VOLUME XX, 2017

data, Conventional Neural Network (CNN) -based feature detection in system call sequences and images derived from
extraction, utilizing DMN for intrusion detection, and these calls. Results from the experimental assessment of the
enhancing performance through RSHPO optimization. The DL-based Host Intrusion Detection System DL-(HIDS)
evaluation demonstrated the superior performance of RSHPO- encompasses comparisons of detection accuracy, false
DMN over other methods concerning accuracy, precision, positive rate, and false negative rate with existing methods,
recall, and F1-score. along with analyzing the impact of varying image sizes,
Joraviya et al. [102] investigated several key issues, system call parameters, and CNN architectures on detection
including addressing security challenges arising from performance. Furthermore, the evaluation assesses the
containerization in cloud settings and improving the efficacy system's capability to detect both known and unknown attacks
of intrusion detection systems for monitoring and identifying in containerized cloud environments, ultimately aiming to
attacks within containerized environments. The proposed implement DL-HIDS to improve security in such
solutions involve employing DL methods, specifically environments.
Convolutional Neural Networks (CNNs), for anomaly

TABLE 5. IDS ANOMALY BASED IN CLOUD NETWORK USING ML

REFERENCES PROBLEM SOLUTIONS RESULTS ADVANTAGES DISADVANTAGES DATA SOURS YEAR

[79] Log-based DT, NN, and NN with the Minimal time Dependency on Log Web application 2020
intrusion ensemble meta- highest overhead in quality logs
detection. algorithms accuracy of performance
98.47%
[80] Enhancing hybrid FCM- High accuracy Low false alarm Scalability NSL-KDD 2020
intrusion SVM rates
detection
accuracy
[81] Improving IDS Rough set Accuracy of Enhanced Manual CICIDS2017 2020
theory and 0.97958 detection rate preprocessing
Bayes theorem
[82] IDS to secure GA and SVM Accuracy rate Scalability and Access to real Data CICIDS2017, 2021
data of 99.3 Adaptability for government KDD CUP 99
sectors
[83] Cloud IDS SCAE + SVM Highest Efficient feature Need for further KDD Cup 99 and 2022
accuracy with extraction. optimization of the NSL-KDD
5- class SVM
97.87%
[84] IDS IDS-ML Improved Open-source Interpretability CICIDS2017 2022
development detection of availability
cyber attacks
[85] IDS Clustering and Highest Comparative Threshold sensitivity NSL-KDD and 2023
classification accuracy of Analysis KDDcup99
models 99.85%

[86] Cloud IDS RF Highest Balanced Datasets Overfitting risk UNSW-NB15 2023
accuracy of dataset and the
99% Kyoto dataset

[87] Cloud IDS Time series Enhanced Novel technique Generalizability of CSE-CIC-IDS2018 2023
anomalies accuracy based on time the proposed method
detection and series anomalies
ML

[88] intrusions in RF 99.99% Execution time Enhancement is Bot-IoT and NSL- 2023
cloud accuracy on needed in the aspect KDD
environments NSL-KDD of recall.

[89] Intrusion HIDM Highest High accuracy Results on UNSW- UNSW-NB15, 2023
detection accuracy of NB15 and CICIDS CICIDS2017 and
99.8 % need improvement. NSL-KDD

[90] Cloud Intrusion hybrid Bio- Highest Utilization of the Algorithms UNSW-NB15, CIC- 2024
Detection Inspired Feature accuracy of latest datasets complexity DDoS2019, and
System Selection - RF 99% CIC Bell DNS EXF
2021

TABLE 6. IDS ANOMALY BASED IN CLOUD NETWORK USING DL

REFERENCES PROBLEM SOLUTIONS RESULTS ADVANTAGES DISADVANTAGES DATA YEAR

SOURS
[91] Cloud IDS FMMNN-IDS High accuracy Capacity for Training time NSL-KDD 2022
> 90 nonlinear class
boundaries

[92] Cloud IDS DKNN Highest Hybrid classifier Complexity DARPA IDS 2022
accuracy of and CSE-CIC-
97.221 % with IDS2018
DARPA IDS
datasets

[93] Cloud Intrusion Deep Maxout Accuracy of Integration of big Performance requires MQTT-IOT- 2023
Detection network trained 0.883 data in intrusion enhancement IDS2020 and
Method with ExpSSOA detection: Apache Web
Server dataset

[94] IDS RBFNN High accuracy Effective detection Feature selection Bot-IoT and 2023
>94% NSL-KDD

[95] IDS DNN, PB, and Highest Detailed analysis Limited exploration of CSE-CIC- 2023
PSO accuracy of and comparison alternative algorithms IDS2018
98.97%

[96] IDS RNN+ TDO High accuracy Comparison with Real-time performance KDDCup-99 2023
95% Conventional and NSL-KDD
Techniques

[97] IDS MMFO-TL- The highest Applied to Computational DARPA LLS 2023
DRNN accuracy of different datasets resources DDoS-1.0,
97.96% with CICIDS-2017,
CICIDS-2017 and CSIC-
2010.

[98] Intrusion CNN-CapSA High accuracy Integration of DL Convergence of NSL-KDD, 2023

detection >99% and Swarm CapSA was slow BoT-IoT,
approach for Intelligence KDD99, and
cloud and IoT CIC2017.
environments

[99] IDS EICDL Highest Leveraging DL Time-consuming KDDcup 1999, 2023

accuracy of UNSW-NB15,
97.88688% and NSL-KDD
with KDDcup
1999

[100] Intrusion GRU-CNN Highest Utilization of High computational NSL-KDD and 2024
detection in accuracy cloud resources for demands CICIDS2017
online music 98.89 % real-time intrusion
education detection

[101] IDS RSHPO-DMN High accuracy Feature Extraction Lack of real-world NSL-KDD, 2024
and CNN 90.88 % with CNN testing CICIDS 2018,
and BoT-IoT
[102] HIDS CNN High accuracy Enhanced Quality and diversity of LIDDS-2019. 2024
98.12 %, detection the dataset
capabilities

VOLUME XX, 2017

VIII. RESEARCH GAP Quantum ML represents an innovative frontier for pushing

Based on the extensive list of research articles provided, anomaly detection capabilities in cloud networks further.
several research gaps and areas for further investigation in the These developments collectively contribute to the ongoing
field of Distributed Denial of Service anomaly (DDoS) and evolution of anomaly detection methodologies, ensuring
Intrusion Detection Systems (IDS) can be identified. Firstly, continual enhancement in cloud environments. On the other
there is a notable gap in real-world testing and validation of hand, Large Language Models (LLMs) can be used effectively
detection methods, with many studies primarily focusing on for anomaly detection by taking advantage of their advanced
development and evaluation using simulated or benchmark abilities in natural language processing. They can analyze text
datasets like NSL-KDD, CICIDS, and KDD Cup, thus lacking data and recognize patterns that are different from what is
extensive validation in real-world cloud computing typically expected. Furthermore, integration of the LLM-
environments or with live network traffic data. Secondly, powered anomaly detection system with existing cloud
scalability concerns persist, particularly in large-scale cloud monitoring and security settings to provide comprehensive
environments warranting exploration into scalable intrusion defense against cyber threats is essential for increasing the
detection techniques capable of efficiently handling increasing reliability of cloud infrastructures in the face of increasing
data volume and network traffic. Thirdly, there is a need for security threats. However, LLM serves as an additional
IDS that can adapt to dynamic threats, as many studies address protection, complementing traditional rule-based or statistical
known attack types but fall short in detecting emerging and anomaly detection methods. For example, Ali et al.
evolving attack patterns. Additionally, while many detection [103]proposed solutions involve integrating LLMs and
methods achieve high accuracy rates, there is room for developing the HuntGPT prototype, which combines ML-
improvement in terms of computational efficiency and based anomaly detection with explainable AI to provide
resource utilization. Moreover, there is a gap in developing actionable insights for threat responders. The system chatbot
IDS robust against evasion techniques employed by attackers responses offer technical cybersecurity knowledge and clear
to bypass detection mechanisms, highlighting the need for explanations for detected anomalies, catering to users with
research focusing on evasion-resistant detection methods. limited cybersecurity experience. Additionally, time series
Additionally, as organizations deploy multiple security analysis can be used efficiently to identify anomalies,
solutions, there is a need for research on interoperability and contributing to the detection and prevention of anomalous
seamless integration between IDS and other security tools to behaviors in cloud environments. Moreover, integrating
enhance overall threat detection and response capabilities. LLMs with time series analytic techniques can provide a more
Finally, addressing privacy concerns and ethical comprehensive solution to anomaly detection by taking
considerations related to data collection, processing, and advantage of the complimentary features of both methods.
sharing in IDS development is imperative, underscoring the This integration can result in improved accuracy and efficacy
importance of developing privacy-preserving IDS techniques of anomaly detection systems. Liu et al. [104] address time
prioritizing user privacy while maintaining effective threat series anomaly detection challenges by proposing
detection. Addressing these research gaps can contribute AnomalyLLM, which uses extracting knowledge from a
significantly to the advancement of DDoS prevention and IDS trained LLM. AnomalyLLM outperforms state-of-the-art
technologies, ultimately enhancing the security posture of approaches, showing LLM's effectiveness in improving time
cloud computing and networked systems. series anomaly identification.

IX. SCOPE OF IMPROVEMENT X. CONCLUSION

The field of Machine Learning (ML) holds extensive potential, This paper addresses the challenges and security threats
especially concerning anomaly detection in cloud networks, encountered by cloud networks and suggests using ML/DL
with ongoing advancements in several key areas. These techniques as a solution. It discusses the prevalence of
include improving data quality and quantity for training robust Distributed Denial of Service (DDoS) attacks in cloud
anomaly detection models, enhancing model interpretability computing, the limitations of current security measures, and
for better understanding decision-making processes, the necessity for advanced security solutions. The proposed
addressing bias and ensuring fairness in algorithms to prevent solutions involve ML/DL techniques for anomaly detection in
discriminatory outcomes, and refining transfer learning cloud networks, specifically through an intrusion detection
capabilities to leverage knowledge from related domains while system (IDS) that combines multiple ML/DL algorithms for
ensuring scalability and efficiency for large-scale deployment accurate threat detection and classification. The paper
in cloud environments. Human-machine collaboration is introduces an innovative security model, enhancing
crucial for refining anomaly detection systems, while AutoML categorization accuracy and demonstrating the effectiveness
solutions accelerate technology adoption. In the realm of Deep of the proposed systems. However, it also highlights research
Learning (DL), progress is focused on architectural gaps that provide opportunities for future studies to enhance
innovations, interpretability, transfer learning, efficiency, anomaly detection in cloud environments, ultimately
robustness, security, and continual learning. Exploring contributing to strengthening cloud network resilience against

evolving cyber threats and safeguarding critical data and Systems, vol. 14, no. 1, pp. 1075–1089, 2023, doi:
services. 10.12785/IJCDS/140184.
[17] D. Gonzales, J. M. Kaplan, E. Saltzman, Z. Winkelman, and D.
Woods, “Cloud-Trust-a Security Assessment Model for
REFERENCES
Infrastructure as a Service (IaaS) Clouds,” IEEE Transactions on
[1] M. Nadeem, A. Arshad, S. Riaz, S. S. Band, and A. Mosavi,
Cloud Computing, vol. 5, no. 3, 2017, doi:
“Intercept the cloud network from brute force and DDoS attacks
10.1109/TCC.2015.2415794.
via intrusion detection and prevention system,” IEEE Access, vol.
[18] S. A. Varma and K. G. Reddy, “A Review of DDoS Attacks and
9, 2021, doi: 10.1109/ACCESS.2021.3126535.
its Countermeasures in Cloud Computing,” in 2021 5th
[2] A. Fatani, M. A. Elaziz, A. Dahou, M. A. A. Al-Qaness, and S.
International Conference on Information Systems and Computer
Lu, “IoT Intrusion Detection System Using Deep Learning and
Networks, ISCON 2021, 2021. doi:
Enhanced Transient Search Optimization,” IEEE Access, vol. 9,
10.1109/ISCON52037.2021.9702388.
2021, doi: 10.1109/ACCESS.2021.3109081.
[19] J. Snehi, M. Snehi, A. Bhandari, V. Baggan, and R. Ahuja,
[3] S. M. Kasongo, “An advanced intrusion detection system for IIoT
“Introspecting Intrusion Detection Systems in Dealing with
Based on GA and tree-based algorithms,” IEEE Access, vol. 9,
Security Concerns in Cloud Environment,” in Proceedings of the
2021, doi: 10.1109/ACCESS.2021.3104113.
2021 10th International Conference on System Modeling and
[4] A. Singh and K. Chatterjee, “Cloud security issues and
Advancement in Research Trends, SMART 2021, 2021. doi:
challenges: A survey,” Journal of Network and Computer
10.1109/SMART52563.2021.9676258.
Applications, vol. 79. 2017. doi: 10.1016/j.jnca.2016.11.027.
[20] M. A. Al-Shareeda, S. Manickam, and M. A. Saare, “DDoS
[5] “Summary of the Amazon S3 Service Disruption in Northern
attacks detection using machine learning and deep learning
Virginia (US-EAST-1) Region,”
techniques: analysis and comparison,” Bulletin of Electrical
https://aws.amazon.com/message/41926/.
Engineering and Informatics, vol. 12, no. 2, 2023, doi:
[6] Ben Lovejoy, “Global meta outage: What do we know, and what
10.11591/eei.v12i2.4466.
was the likely cause?,” https://9to5mac.com/2024/03/06/global-
[21] C. Douligeris and A. Mitrokotsa, “DDoS attacks and defense
meta-outage-what-happened/.
mechanisms: Classification and state-of-the-art,” Computer
[7] Z. Ji, Y. Wang, K. Yan, X. Xie, Y. Xiang, and J. Huang, “A space-
Networks, vol. 44, no. 5, 2004, doi:
embedding strategy for anomaly detection in multivariate time
10.1016/j.comnet.2003.10.003.
series,” Expert Syst Appl, vol. 206, 2022, doi:
[22] Cisco, “Cisco annual internet report (2018–2023) white paper.,”
10.1016/j.eswa.2022.117892.
https://www.cisco.com/c/en/us/solutions/collateral/executive-
[8] M. Hu, X. Feng, Z. Ji, K. Yan, and S. Zhou, “A novel
perspectives/annual-internet-report/white-paper-c11-
computational approach for discord search with local recurrence
741490.html.
rates in multivariate time series,” Inf Sci (N Y), vol. 477, 2019,
[23] Intrusion Detection and Correlation. 2005. doi:
doi: 10.1016/j.ins.2018.10.047.
10.1007/b101493.
[9] A. Iqbal and R. Amin, “Time series forecasting and anomaly
[24] K. Scarfone and P. Mell, “Guide to Intrusion Detection and
detection using deep learning,” Comput Chem Eng, vol. 182, Mar.
Prevention Systems (IDPS),” National Institute of Standards and
2024, doi: 10.1016/j.compchemeng.2023.108560.
Technology, vol. 800–94, no. February, 2007.
[10] Z. He et al., “A Spatiotemporal Deep Learning Approach for
[25] A. Momand, S. U. Jan, and N. Ramzan, “A Systematic and
Unsupervised Anomaly Detection in Cloud Systems,” IEEE
Comprehensive Survey of Recent Advances in Intrusion
Trans Neural Netw Learn Syst, vol. 34, no. 4, 2023, doi:
Detection Systems Using Machine Learning: Deep Learning,
10.1109/TNNLS.2020.3027736.
Datasets, and Attack Taxonomy,” Journal of Sensors, vol. 2023.
[11] M. M. Belal and D. M. Sundaram, “Comprehensive review on
2023. doi: 10.1155/2023/6048087.
intelligent security defenses in the cloud: Taxonomy, security
[26] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed
issues, ML/DL techniques, challenges and future trends,” Journal
analysis of the KDD CUP 99 data set,” in IEEE Symposium on
of King Saud University - Computer and Information Sciences,
Computational Intelligence for Security and Defense
vol. 34, no. 10. 2022. doi: 10.1016/j.jksuci.2022.08.035.
Applications, CISDA 2009, 2009. doi:
[12] A. Shajan and S. Rangaswamy, “Survey of Security Threats and
10.1109/CISDA.2009.5356528.
Countermeasures in Cloud Computing,” United International
[27] “Intrusion detection evaluation dataset (CIC-IDS2017),”
Journal for Research & Technology, vol. 2, no. 7, 2021.
https://www.unb.ca/cic/datasets/ids-2017.html.
[13] A. S. Rumale and D. N. Chaudhari, “Cloud computing: Software
[28] A. Shiravi, H. Shiravi, M. Tavallaee, and A. A. Ghorbani,
as a service,” in Proceedings of the 2017 2nd IEEE International
“Toward developing a systematic approach to generate
Conference on Electrical, Computer and Communication
benchmark datasets for intrusion detection,” Comput Secur, vol.
Technologies, ICECCT 2017, 2017. doi:
31, no. 3, 2012, doi: 10.1016/j.cose.2011.12.012.
10.1109/ICECCT.2017.8117817.
[29] N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data
[14] M. Yassin, H. Ould-Slimane, C. Talhi, and H. Boucheneb, “Multi-
set for network intrusion detection systems (UNSW-NB15
Tenant Intrusion Detection Framework as a Service for SaaS,” in
network data set),” in 2015 Military Communications and
IEEE Transactions on Services Computing, 2022. doi:
Information Systems Conference, MilCIS 2015 - Proceedings,
10.1109/TSC.2021.3077852.
2015. doi: 10.1109/MilCIS.2015.7348942.
[15] S. K. Sowmya, P. Deepika, J. Naren, and # B Tech, “Layers of
[30] “DDoS evaluation dataset (CIC-DDoS2019),”
Cloud-IaaS, PaaS and SaaS: A Survey.” [Online]. Available:
https://www.unb.ca/cic/datasets/ddos-2019.html.
www.ijcsit.com
[31] “CSE-CIC-IDS2018 on AWS: A collaborative project between
[16] B. Habib and F. Khursheed, “REST-API based DDoS Detection
the Communications Security Establishment (CSE) & the
Using Multi-Feature Hybrid Classification in the Cloud
Canadian Institute for Cybersecurity (CIC),”
Architecture,” International Journal of Computing and Digital
https://www.unb.ca/cic/datasets/ids-2018.html.

VOLUME XX, 2017

[32] O. Osanaiye, H. Cai, K. K. R. Choo, A. Dehghantanha, Z. Xu, and Network Environments for Industry 4.0,” Computers and
M. Dlodlo, “Ensemble-based multi-filter feature selection method Electrical Engineering, vol. 100, May 2022, doi:
for DDoS detection in cloud computing,” EURASIP J Wirel 10.1016/j.compeleceng.2022.107955.
Commun Netw, vol. 2016, no. 1, 2016, doi: 10.1186/s13638-016- [48] F. J. Abdullayeva, “Distributed denial of service attack detection
0623-3. in E-government cloud via data clustering,” Array, vol. 15, Sep.
[33] Y. Freund and R. E. Schapire, “A Decision-Theoretic 2022, doi: 10.1016/j.array.2022.100229.
Generalization of On-Line Learning and an Application to [49] S. Sokkalingam and R. Ramakrishnan, “An intelligent intrusion
Boosting,” J Comput Syst Sci, vol. 55, no. 1, 1997, doi: detection system for distributed denial of service attacks: A
10.1006/jcss.1997.1504. support vector machine with hybrid optimization algorithm based
[34] “Traffic Data from Kyoto University’s Honeypots,” approach,” Concurr Comput, vol. 34, no. 27, 2022, doi:
https://www.takakura.com/Kyoto_data/. 10.1002/cpe.7334.
[35] A. B. Nassif, M. A. Talib, Q. Nasir, H. Albadani, and F. M. [50] S. Naiem, A. E. Khedr, A. M. Idrees, and M. I. Marie, “Enhancing
Dakalbab, “Machine Learning for Cloud Security: A Systematic the Efficiency of Gaussian Naïve Bayes Machine Learning
Review,” IEEE Access, vol. 9. 2021. doi: Classifier in the Detection of DDOS in Cloud Computing,” IEEE
10.1109/ACCESS.2021.3054129. Access, vol. 11, pp. 124597–124608, 2023, doi:
[36] A. Aldweesh, A. Derhab, and A. Z. Emam, “Deep learning 10.1109/ACCESS.2023.3328951.
approaches for anomaly-based intrusion detection systems: A [51] S. V. J. Rani et al., “Detection of DDoS attacks in D2D
survey, taxonomy, and open issues,” Knowl Based Syst, vol. 189, communications using machine learning approach,” Comput
2020, doi: 10.1016/j.knosys.2019.105124. Commun, vol. 198, pp. 32–51, Jan. 2023, doi:
[37] G. S. Kushwah and V. Ranga, “Voting extreme learning machine 10.1016/j.comcom.2022.11.013.
based distributed denial of service attack detection in cloud [52] Y. Shang, “Prevention and detection of DDOS attack in virtual
computing,” Journal of Information Security and Applications, cloud computing environment using Naive Bayes algorithm of
vol. 53, 2020, doi: 10.1016/j.jisa.2020.102532. machine learning,” Measurement: Sensors, vol. 31, Feb. 2024,
[38] S. Sambangi and L. Gondi, “A Machine Learning Approach for doi: 10.1016/j.measen.2023.100991.
DDoS (Distributed Denial of Service) Attack Detection Using [53] H. Setia et al., “Securing the road ahead: Machine learning-driven
Multiple Linear Regression,” MDPI AG, Dec. 2020, p. 51. doi: DDoS attack detection in VANET cloud environments,” Cyber
10.3390/proceedings2020063051. Security and Applications, vol. 2, Jan. 2024, doi:
[39] R. Abubakar et al., “An Effective Mechanism to Mitigate Real- 10.1016/j.csa.2024.100037.
Time DDoS Attack,” IEEE Access, vol. 8, 2020, doi: [54] I. AlSaleh, A. Al-Samawi, and L. Nissirat, “Novel Machine
10.1109/ACCESS.2020.2995820. Learning Approach for DDoS Cloud Detection: Bayesian-Based
[40] M. Mayuranathan, M. Murugan, and V. Dhanakoti, “Best features CNN and Data Fusion Enhancements,” Sensors, vol. 24, no. 5, p.
based intrusion detection system by RBM model for detecting 1418, Feb. 2024, doi: 10.3390/s24051418.
DDoS in a cloud environment,” Journal of Ambient Intelligence [55] F. Talpur, I. A. Korejo, A. A. Chandio, A. Ghulam, and S. Hussain
and Humanized Computing, vol. 12, no. 3. 2021. doi: Talpur, “ML-Based Detection of DDoS Attacks Using
10.1007/s12652-019-01611-9. Evolutionary Algorithms Optimization,” 2024, doi:
[41] A. Alshammari and A. Aldribi, “Apply machine learning 10.20944/preprints202401.1099.v1.
techniques to detect malicious network traffic in cloud [56] S. Dasari and R. Kaluri, “An Effective Classification of DDoS
computing,” J Big Data, vol. 8, no. 1, 2021, doi: 10.1186/s40537- Attacks in a Distributed Network by Adopting Hierarchical
021-00475-1. Machine Learning and Hyperparameters Optimization
[42] G. S. Kushwah and V. Ranga, “Optimized extreme learning Techniques,” IEEE Access, vol. 12, pp. 10834–10845, 2024, doi:
machine for detecting DDoS attacks in cloud computing,” 10.1109/ACCESS.2024.3352281.
Comput Secur, vol. 105, Jun. 2021, doi: [57] S. Velliangiri and H. M. Pandey, “Fuzzy-Taylor-elephant herd
10.1016/j.cose.2021.102260. optimization inspired Deep Belief Network for DDoS attack
[43] S. Sachdeva and A. Ali, “Machine learning with digital forensics detection and comparison with state-of-the-arts algorithms,”
for attack classification in cloud network environment,” Future Generation Computer Systems, vol. 110, pp. 80–90, Sep.
International Journal of System Assurance Engineering and 2020, doi: 10.1016/j.future.2020.03.049.
Management, vol. 13, pp. 156–165, Mar. 2022, doi: [58] A. Bhardwaj, V. Mangat, and R. Vig, “Hyperband tuned deep
10.1007/s13198-021-01323-4. neural network with well-posed stacked sparse autoencoder for
[44] G. A. MM, J. N. K. S, U. M. R, and M. R. TF, “An efficient SVM detection of DDoS attacks in the cloud,” IEEE Access, vol. 8, pp.
based DEHO classifier to detect DDoS attack in cloud computing 181916–181929, 2020, doi: 10.1109/ACCESS.2020.3028690.
environment,” Computer Networks, vol. 215, Oct. 2022, doi: [59] N. Mishra and R. K. Singh, “DDoS vulnerabilities analysis and
10.1016/j.comnet.2022.109138. mitigation model in cloud computing,” Journal of Discrete
[45] N. Mishra, R. K. Singh, and S. K. Yadav, “Detection of DDoS Mathematical Sciences and Cryptography, vol. 23, no. 2, pp. 535–
Vulnerability in Cloud Computing Using the Perplexed Bayes 545, Feb. 2020, doi: 10.1080/09720529.2020.1729503.
Classifier,” Comput Intell Neurosci, vol. 2022, 2022, doi: [60] S. Velliangiri, P. Karthikeyan, and V. Vinoth Kumar, “Detection
10.1155/2022/9151847. of distributed denial of service attack in cloud computing using
[46] M. Alduailij, Q. W. Khan, M. Tahir, M. Sardaraz, M. Alduailij, the optimization-based deep networks,” Journal of Experimental
and F. Malik, “Machine-Learning-Based DDoS Attack Detection and Theoretical Artificial Intelligence, vol. 33, no. 3, pp. 405–
Using Mutual Information and Random Forest Feature 424, 2021, doi: 10.1080/0952813X.2020.1744196.
Importance Method,” Symmetry (Basel), vol. 14, no. 6, Jun. 2022, [61] J. Britto Dennis and M. Shanmuga Priya, “Deep belief network
doi: 10.3390/sym14061095. and support vector machine fusion for distributed denial of service
[47] S. Sambangi, L. Gondi, and S. Aljawarneh, “A Feature Similarity and economical denial of service attack detection in cloud,”
Machine Learning Model for DDoS Attack Detection in Modern Concurr Comput, vol. 34, no. 1, Jan. 2022, doi: 10.1002/cpe.6543.
24

[62] M. Almiani, A. Abughazleh, Y. Jararweh, and A. Razaque, [77] A. R. Wani, Q. P. Rana, U. Saxena, and N. Pandey, “Analysis and
“Resilient Back Propagation Neural Network Security Model For Detection of DDoS Attacks on Cloud Computing Environment
Containerized Cloud Computing,” Simul Model Pract Theory, using Machine Learning Techniques,” in Proceedings - 2019
vol. 118, 2022, doi: 10.1016/j.simpat.2022.102544. Amity International Conference on Artificial Intelligence, AICAI
[63] D. Akgun, S. Hizal, and U. Cavusoglu, “A new DDoS attacks 2019, 2019. doi: 10.1109/AICAI.2019.8701238.
intrusion detection model based on deep learning for [78] E. Hodo, X. Bellekens, A. Hamilton, C. Tachtatzis, and R.
cybersecurity,” Comput Secur, vol. 118, Jul. 2022, doi: Atkinson, “Shallow and Deep Networks Intrusion Detection
10.1016/j.cose.2022.102748. System: A Taxonomy and Survey.”
[64] H. Aydın, Z. Orman, and M. A. Aydın, “A long short-term [79] J. Fontaine, C. Kappler, A. Shahid, and E. De Poorter, “Log-based
memory (LSTM)-based distributed denial of service (DDoS) intrusion detection for cloud web applications using machine
detection and defense system design in public cloud network learning.”
environment,” Comput Secur, vol. 118, Jul. 2022, doi: [80] A. N. Jaber and S. U. Rehman, “FCM–SVM based intrusion
10.1016/j.cose.2022.102725. detection system for cloud computing environment,” Cluster
[65] A. A. Samsu Aliar, M. Agoramoorthy, and Y. Justindhas, “An Comput, vol. 23, no. 4, pp. 3221–3231, Dec. 2020, doi:
Automated Detection of DDoS Attack in Cloud Using Optimized 10.1007/s10586-020-03082-6.
Weighted Fused Features and Hybrid DBN-GRU Architecture,” [81] M. Prasad, S. Tripathi, and K. Dahal, “An efficient feature
Cybern Syst, 2022, doi: 10.1080/01969722.2022.2157603. selection based Bayesian and Rough set approach for intrusion
[66] A. Agrawal, R. Singh, M. Khari, S. Vimal, and S. Lim, detection,” Applied Soft Computing Journal, vol. 87, Feb. 2020,
“Autoencoder for Design of Mitigation Model for DDOS Attacks doi: 10.1016/j.asoc.2019.105980.
via M-DBNN,” Wirel Commun Mob Comput, vol. 2022, 2022, [82] A. Aldallal and F. Alisa, “Effective intrusion detection system to
doi: 10.1155/2022/9855022. secure data in the cloud using machine learning,” Symmetry
[67] M. Varghese and M. Victor Jose, “An optimized radial bias (Basel), vol. 13, no. 12, Dec. 2021, doi: 10.3390/sym13122306.
function neural network for intrusion detection of distributed [83] W. Wang, X. Du, D. Shan, R. Qin, and N. Wang, “Cloud Intrusion
denial of service attack in the cloud,” Concurr Comput, vol. 34, Detection Method Based on Stacked Contractive Auto-Encoder
no. 27, Dec. 2022, doi: 10.1002/cpe.7321. and Support Vector Machine,” IEEE Transactions on Cloud
[68] G. S. R. Emil Selvan, R. Ganeshan, I. D. J. Jingle, and J. P. Computing, vol. 10, no. 3, pp. 1634–1646, 2022, doi:
Ananth, “FACVO-DNFN: Deep learning-based feature fusion 10.1109/TCC.2020.3001017.
and Distributed Denial of Service attack detection in cloud [84] L. Yang and A. Shami, “IDS-ML: An open source code for
computing,” Knowl Based Syst, vol. 261, Feb. 2023, doi: Intrusion Detection System development using Machine
10.1016/j.knosys.2022.110132. Learning[Formula presented],” Software Impacts, vol. 14, Nov.
[69] S. Balasubramaniam et al., “Optimization Enabled Deep 2022, doi: 10.1016/j.simpa.2022.100446.
Learning-Based DDoS Attack Detection in Cloud Computing,” [85] K. Samunnisa, G. S. V. Kumar, and K. Madhavi, “Intrusion
International Journal of Intelligent Systems, vol. 2023, 2023, doi: detection system in distributed cloud computing: Hybrid
10.1155/2023/2039217. clustering and classification methods,” Measurement: Sensors,
[70] M. J. Pasha, K. P. Rao, A. MallaReddy, and V. Bande, vol. 25, Feb. 2023, doi: 10.1016/j.measen.2022.100612.
“LRDADF: An AI-enabled framework for detecting low-rate [86] M. Bakro et al., “An Improved Design for a Cloud Intrusion
DDoS attacks in cloud computing environments,” Measurement: Detection System Using Hybrid Features Selection Approach
Sensors, vol. 28, Aug. 2023, doi: 10.1016/j.measen.2023.100828. With ML Classifier,” IEEE Access, vol. 11, pp. 64228–64247,
[71] Z. Liu, C. Guo, D. Liu, and X. Yin, “An Asynchronous Federated 2023, doi: 10.1109/ACCESS.2023.3289405.
Learning Arbitration Model for Low-Rate DDoS Attack [87] A. R. Al-Ghuwairi, Y. Sharrab, D. Al-Fraihat, M. AlElaimat, A.
Detection,” IEEE Access, vol. 11, pp. 18448–18460, 2023, doi: Alsarhan, and A. Algarni, “Intrusion detection in cloud computing
10.1109/ACCESS.2023.3247512. based on time series anomalies utilizing machine learning,”
[72] S. Asha Varma and K. Ganesh Reddy, “An AI Based IDS Journal of Cloud Computing, vol. 12, no. 1, Dec. 2023, doi:
Framework For Detecting DDoS Attacks In Cloud Environment,” 10.1186/s13677-023-00491-x.
Information Security Journal, 2023, doi: [88] H. Attou, A. Guezzaz, S. Benkirane, M. Azrour, and Y. Farhaoui,
10.1080/19393555.2023.2279535. “Cloud-Based Intrusion Detection Approach Using Machine
[73] S. Dalal et al., “Extremely boosted neural network for more Learning Techniques,” Big Data Mining and Analytics, vol. 6, no.
accurate multi-stage Cyber attack prediction in the cloud 3, pp. 311–320, Sep. 2023, doi: 10.26599/BDMA.2022.9020038.
computing environment,” Journal of Cloud Computing, vol. 12, [89] L. K. Vashishtha, A. P. Singh, and K. Chatterjee, “HIDM: A
no. 1, Dec. 2023, doi: 10.1186/s13677-022-00356-9. Hybrid Intrusion Detection Model for Cloud-Based Systems,”
[74] O. Pandithurai, C. Venkataiah, S. Tiwari, and N. Ramanjaneyulu, Wirel Pers Commun, vol. 128, no. 4, pp. 2637–2666, Feb. 2023,
“DDoS attack prediction using a honey badger optimization doi: 10.1007/s11277-022-10063-y.
algorithm based feature selection and Bi-LSTM in a cloud [90] M. Bakro et al., “Building a Cloud-IDS by Hybrid Bio-Inspired
environment,” Expert Syst Appl, vol. 241, May 2024, doi: Feature Selection Algorithms Along With Random Forest
10.1016/j.eswa.2023.122544. Model,” IEEE Access, vol. 12, pp. 8846–8874, 2024, doi:
[75] J. Arango-López, G. Isaza, F. Ramirez, N. Duque, and J. Montes, 10.1109/ACCESS.2024.3353055.
“Cloud-based deep learning architecture for DDoS cyber attack [91] A. Kumar et al., “An intrusion identification and prevention for
prediction,” Expert Syst, 2024, doi: 10.1111/exsy.13552. cloud computing: From the perspective of deep learning,” Optik
[76] M. Ouhssini, K. Afdel, E. Agherrabi, M. Akouhar, and A. Abarda, (Stuttg), vol. 270, Nov. 2022, doi: 10.1016/j.ijleo.2022.170044.
“DeepDefend: A comprehensive framework for DDoS attack [92] M. Mayuranathan, S. K. Saravanan, B. Muthusenthil, and A.
detection and prevention in cloud computing,” Journal of King Samydurai, “An efficient optimal security system for intrusion
Saud University - Computer and Information Sciences, vol. 36, detection in a cloud computing environment using hybrid deep
no. 2, Feb. 2024, doi: 10.1016/j.jksuci.2024.101938.

VOLUME XX, 2017

learning technique,” Advances in Engineering Software, vol. 173, AMIRA MAHAMAT ABDALLAH received her
Nov. 2022, doi: 10.1016/j.advengsoft.2022.103236. BS degree in computer science from Taibah
[93] B. K. Pandey, V. M．R．M．, S. Ahmad, C. Rodriguez, and D. University, Saudi Arabia, in 2018, and is now
pursuing an MS degree in information security
Esenarro, “ExpSSOA-Deep maxout: Exponential Shuffled from United Arab Emirates University, United
shepherd optimization based Deep maxout network for intrusion Arab Emirates. Her research interests include
detection using big data in cloud computing framework,” Comput cloud security, intrusion detection systems, and
Secur, vol. 124, Jan. 2023, doi: 10.1016/j.cose.2022.102975. Artificial intelligence.
[94] H. Attou et al., “Towards an Intelligent Intrusion Detection
System to Detect Malicious Activities in Cloud Computing,”
AYSHA ALKAABI is pursuing a BSc degree in information security from
Applied Sciences (Switzerland), vol. 13, no. 17, Sep. 2023, doi:
United Arab Emirates University, United Arab Emirates. Her research
10.3390/app13179588. interests include cloud security, intrusion detection systems, and Artificial
[95] S. Alzughaibi and S. El Khediri, “A Cloud Intrusion Detection intelligence.
Systems Based on DNN Using Backpropagation and PSO on the
CSE-CIC-IDS2018 Dataset,” Applied Sciences (Switzerland), GHAYA ALAMERI is pursuing a BSc degree in information security from
vol. 13, no. 4, Feb. 2023, doi: 10.3390/app13042276. United Arab Emirates University, United Arab Emirates. Her research
[96] C. Kavitha, M. Saravanan, T. R. Gadekallu, K. Nimala, B. P. interests include cloud security, intrusion detection systems, and Artificial
intelligence.
Kavin, and W. C. Lai, “Filter-Based Ensemble Feature Selection
and Deep Learning Model for Intrusion Detection in Cloud
Computing,” Electronics (Switzerland), vol. 12, no. 3, Feb. 2023, SAIDA HAFSA RAFIQUE received her BSc Degree in Cellular and
doi: 10.3390/electronics12030556. Molecular Biology from the United Arab Emirates University (UAEU),
[97] K. G. Maheswari, C. Siva, and G. Nalinipriya, “Optimal cluster- UAE, in 2019. She attained a MSc Degree in Forensic Science from the
based feature selection for intrusion detection system in web and University of Strathclyde, UK, in 2020, and is now pursuing her second
cloud computing environment using hybrid teacher learning MSc Degree in Information Security in UAEU, UAE. Her research topics
mainly include Cloud Security, IoT Security, Artificial Intelligence, Digital
optimization enables deep recurrent neural network,” Comput Forensics, and Forensic Science.
Commun, vol. 202, pp. 145–153, Mar. 2023, doi:
10.1016/j.comcom.2023.02.003.
[98] M. Abd Elaziz, M. A. A. Al-qaness, A. Dahou, R. A. Ibrahim, and NURA SHIFA MUSA is a Senior Lab Supervisor
A. A. A. El-Latif, “Intrusion detection approach for cloud and IoT at the College of Engineering, Al Ain University
environments using deep learning and Capuchin Search (AAU), UAE. She completed her undergraduate
studies in Computer Engineering at Qatar
Algorithm,” Advances in Engineering Software, vol. 176, Feb.
University (QU), Qatar. Nura attained her
2023, doi: 10.1016/j.advengsoft.2022.103402. Master's degree in Information Security from the
[99] D. B. Salvakkam, V. Saravanan, P. K. Jain, and R. Pamula, College of Information Technology at United
“Enhanced Quantum-Secure Ensemble Intrusion Detection Arab Emirates University (UAEU), UAE, and has
Techniques for Cloud Based on Deep Learning,” Cognit Comput, been awarded Awards and Honors. Demonstrating a profound dedication to
vol. 15, no. 5, pp. 1593–1612, Sep. 2023, doi: 10.1007/s12559- advancing cybersecurity measures, Nura's research focus revolves around
023-10139-2. developing innovative solutions to enhance digital security, investigating
cyber threats, exploring cloud computing technology, and conducting digital
[100] J. Zhang, J. D. Peter, A. Shankar, and W. Viriyasitavat, “Public
forensics investigations.
cloud networks oriented deep neural networks for effective
intrusion detection in online music education,” Computers and
Electrical Engineering, vol. 115, Apr. 2024, doi: Dr. THANGAVEL MURUGAN is a Senior IEEE
10.1016/j.compeleceng.2024.109095. member serving as an Assistant Professor in the
[101] A. Parameswari, R. Ganeshan, V. Ragavi, and M. Shereesha, Department of Information Systems and Security,
“Hybrid rat swarm hunter prey optimization trained deep learning College of Information Technology, United Arab
Emirates University. He received a Doctorate
for network intrusion detection using CNN features,” Comput from Madras Institute of Technology (MIT)
Secur, vol. 139, Apr. 2024, doi: 10.1016/j.cose.2023.103656. Campus, Anna University – Chennai, India
[102] N. Joraviya, B. N. Gohil, and U. P. Rao, “DL-HIDS: deep received Post Graduate degree and an M.E. in
learning-based host intrusion detection system using system calls- Computer Science and Engineering from J.J. College of Engineering and
to-image for containerized cloud environment,” Journal of Technology, Trichy, India under Anna University – Chennai (University
Supercomputing, 2024, doi: 10.1007/s11227-024-05895-3. First Rank Holder & Gold Medalist) and received Bachelor’s degree as B.E.
Computer Science and Engineering from M.A.M College of Engineering,
[103] T. Ali and P. Kostakos, “HuntGPT: Integrating Machine
Trichy, India under Anna University – Chennai (College First Rank Holder
Learning-Based Anomaly Detection and Explainable AI with & Gold Medalist). He presently holds 11+ years of Teaching and Research
Large Language Models (LLMs),” Sep. 2023, [Online]. experience from various academic institutions. He has published 10+
Available: http://arxiv.org/abs/2309.16021 articles in International Journals, 15+ book chapters in International
[104] C. Liu, S. He, Q. Zhou, S. Li, and W. Meng, “Large Language Publishers, 25+ in the proceedings of International Conferences, and 3 in
Model Guided Knowledge Distillation for Time Series Anomaly the proceedings of national conferences /seminars. His academic and
Detection,” Jan. 2024, [Online]. Available: research specialization is Information Security, High-Performance
Computing, Ethical Hacking, Cyberforensics, Blockchain, Cybersecurity
http://arxiv.org/abs/2401.15123
Intelligence, and Educational Technology.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/

SumoLogic - Professional Services - Security Analytics PDF
No ratings yet
SumoLogic - Professional Services - Security Analytics PDF
75 pages
Artificial Intelligence Ai Elementary To Advanced Practices Cyber Defense Mechanisms Security Privacy
100% (1)
Artificial Intelligence Ai Elementary To Advanced Practices Cyber Defense Mechanisms Security Privacy
231 pages
A New Technique To Partition and Manage Data Security in Cloud Databases
No ratings yet
A New Technique To Partition and Manage Data Security in Cloud Databases
6 pages
_Security_The Effect of information security on cloud computing
No ratings yet
_Security_The Effect of information security on cloud computing
9 pages
Synopsis Seminar
No ratings yet
Synopsis Seminar
6 pages
Security and Privacy Challenges in Cloud Computing Environments
No ratings yet
Security and Privacy Challenges in Cloud Computing Environments
8 pages
A Survey On Data Breach Challenges in Cloud Computing Security: Issues and Threats
No ratings yet
A Survey On Data Breach Challenges in Cloud Computing Security: Issues and Threats
8 pages
Secure Framework For Data Storage From Single To Multi Clouds in Cloud Networking
No ratings yet
Secure Framework For Data Storage From Single To Multi Clouds in Cloud Networking
6 pages
Paper 21-Application of Intelligent Data Mining Approach in Securing 2
No ratings yet
Paper 21-Application of Intelligent Data Mining Approach in Securing 2
1 page
Survey On Securing Data Storage in The Cloud
No ratings yet
Survey On Securing Data Storage in The Cloud
18 pages
Research Paper(final-1)
No ratings yet
Research Paper(final-1)
7 pages
A Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
No ratings yet
A Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
5 pages
A Survey of Cloud Computing Security Challenges, Issues and Their Countermeasures
No ratings yet
A Survey of Cloud Computing Security Challenges, Issues and Their Countermeasures
5 pages
Cloud Security Content
No ratings yet
Cloud Security Content
18 pages
A Study On Tools For Cloud Disaster Management
No ratings yet
A Study On Tools For Cloud Disaster Management
5 pages
s11831-021-09573-y
No ratings yet
s11831-021-09573-y
24 pages
An Analysis of The Cloud Computing Security Problem
No ratings yet
An Analysis of The Cloud Computing Security Problem
6 pages
Interconnected Cloud Computing Environments: Challenges, Taxonomy, and Survey
No ratings yet
Interconnected Cloud Computing Environments: Challenges, Taxonomy, and Survey
47 pages
Security in Cloud Computing State-of-the-Art, Key Features, Challenges
No ratings yet
Security in Cloud Computing State-of-the-Art, Key Features, Challenges
5 pages
Exploring Cloud Computing Service and Its Challenges and Innovative Solutions: A General Review
No ratings yet
Exploring Cloud Computing Service and Its Challenges and Innovative Solutions: A General Review
3 pages
Ijet 26263
No ratings yet
Ijet 26263
9 pages
Cloud computing - Esecurity
No ratings yet
Cloud computing - Esecurity
9 pages
Cloud Networking Security Threats
No ratings yet
Cloud Networking Security Threats
5 pages
A Systematic Literature Review On Cloud Computing
No ratings yet
A Systematic Literature Review On Cloud Computing
16 pages
Trust Management Systems in Cloud Services Environment Taxonomy of Reputation Attacks and Defense Mechanisms
No ratings yet
Trust Management Systems in Cloud Services Environment Taxonomy of Reputation Attacks and Defense Mechanisms
19 pages
(IJCST-V10I5P53) :MR D Purushothaman, M Naveen
No ratings yet
(IJCST-V10I5P53) :MR D Purushothaman, M Naveen
8 pages
Secured Cloud Data Migration Technique by Competent Probabilistic Public Key Encryption
No ratings yet
Secured Cloud Data Migration Technique by Competent Probabilistic Public Key Encryption
23 pages
Database Scalability, Elasticity, and Autonomy in The Cloud: (Extended Abstract)
No ratings yet
Database Scalability, Elasticity, and Autonomy in The Cloud: (Extended Abstract)
14 pages
Towards Location-Aware Access Control and Data Privacy in Inter-Cloud Communications
No ratings yet
Towards Location-Aware Access Control and Data Privacy in Inter-Cloud Communications
7 pages
CloudComputingSecurityFromSingletoMulti Clouds PDF
No ratings yet
CloudComputingSecurityFromSingletoMulti Clouds PDF
11 pages
Security in Cloud Computing
No ratings yet
Security in Cloud Computing
7 pages
Achieving Availability - ijaeST
No ratings yet
Achieving Availability - ijaeST
6 pages
Data Security and Privacy Protection Issues in Cloud Computing
No ratings yet
Data Security and Privacy Protection Issues in Cloud Computing
5 pages
Adnan-2019-Big Data Security in The Web-Based PDF
No ratings yet
Adnan-2019-Big Data Security in The Web-Based PDF
13 pages
Array: Kyriakos Kritikos, Kostas Magoutis, Manos Papoutsakis, Sotiris Ioannidis
No ratings yet
Array: Kyriakos Kritikos, Kostas Magoutis, Manos Papoutsakis, Sotiris Ioannidis
21 pages
Building Cloud Based Biometric Services
No ratings yet
Building Cloud Based Biometric Services
8 pages
Cloud Drop: Student Information
No ratings yet
Cloud Drop: Student Information
9 pages
Framework For Secure Cloud Computing
No ratings yet
Framework For Secure Cloud Computing
15 pages
8.IJAEST Vol No 5 Issue No 2 Achieving Availability, Elasticity and Reliability of The Data Access in Cloud Computing 150 155
No ratings yet
8.IJAEST Vol No 5 Issue No 2 Achieving Availability, Elasticity and Reliability of The Data Access in Cloud Computing 150 155
6 pages
Security Issues in Cloud Computing and Risk Assessment: Darshan R, Smitha G R
No ratings yet
Security Issues in Cloud Computing and Risk Assessment: Darshan R, Smitha G R
6 pages
3isbast.2014.7013103
No ratings yet
3isbast.2014.7013103
6 pages
Papper 13 Carcteristicas Escenciale PDF
No ratings yet
Papper 13 Carcteristicas Escenciale PDF
8 pages
Paper 2 CC
No ratings yet
Paper 2 CC
23 pages
Paper 6-An Analysis of Security Challenges in Cloud Computing
No ratings yet
Paper 6-An Analysis of Security Challenges in Cloud Computing
9 pages
A Survey On Security and Privacy in Cloud Computing: Mir Toornaw Islam
No ratings yet
A Survey On Security and Privacy in Cloud Computing: Mir Toornaw Islam
9 pages
Cloudanalyst: A Cloudsim-Based Visual Modeller For Analysing Cloud Computing Environments and Applications
No ratings yet
Cloudanalyst: A Cloudsim-Based Visual Modeller For Analysing Cloud Computing Environments and Applications
7 pages
A Novel Data Authentication and Monitoring Approach Over Cloud
No ratings yet
A Novel Data Authentication and Monitoring Approach Over Cloud
4 pages
Security Threats and Challenges in Cloud Computing
No ratings yet
Security Threats and Challenges in Cloud Computing
9 pages
Big Data Processing in The Cloud - Challenges and Platforms
No ratings yet
Big Data Processing in The Cloud - Challenges and Platforms
8 pages
(IJCST-V12I2P5) :pratik Patil, Prerna Tulsiani, Dr. Sunil Mane
No ratings yet
(IJCST-V12I2P5) :pratik Patil, Prerna Tulsiani, Dr. Sunil Mane
9 pages
10.1007@s11227-020-03213-1
No ratings yet
10.1007@s11227-020-03213-1
40 pages
A Systematic Literature Review On Cloud Computing Security Threats and Mitigation Strategies
No ratings yet
A Systematic Literature Review On Cloud Computing Security Threats and Mitigation Strategies
16 pages
I J E C B S Issn (O) : 2230-8849: Cloud Computing: An Analysis
No ratings yet
I J E C B S Issn (O) : 2230-8849: Cloud Computing: An Analysis
15 pages
JXU Article Applying Diff Stenography Techq in CC
No ratings yet
JXU Article Applying Diff Stenography Techq in CC
6 pages
Cloud Security
No ratings yet
Cloud Security
8 pages
Reaping Cloud by Ensuring Data Storage Security: PG Student (IT) L.D. Engineering College, Ahmedabad-Gujarat
No ratings yet
Reaping Cloud by Ensuring Data Storage Security: PG Student (IT) L.D. Engineering College, Ahmedabad-Gujarat
5 pages
A Study On Invasion Detection Into Deep Packet Inspection For Finding Malware
No ratings yet
A Study On Invasion Detection Into Deep Packet Inspection For Finding Malware
12 pages
Threats and Vulnerabilities of Cloud Computing: A Review
No ratings yet
Threats and Vulnerabilities of Cloud Computing: A Review
7 pages
Security and Privacy (Final)
No ratings yet
Security and Privacy (Final)
7 pages
Cloud computing: Moving IT out of the office
From Everand
Cloud computing: Moving IT out of the office
BCS, The Chartered Institute for IT
No ratings yet
Network Coding and Signcryption for Cloud Data Integrity
From Everand
Network Coding and Signcryption for Cloud Data Integrity
Noah Joan
No ratings yet
Cybersecurity in Cloud Computing
From Everand
Cybersecurity in Cloud Computing
Akula Achari
No ratings yet
Router Forensics Damiris
No ratings yet
Router Forensics Damiris
56 pages
Information Security PDF
No ratings yet
Information Security PDF
13 pages
Module 2: Attacks, Concepts and Techniques: 2.1.1 Types of Malware
100% (1)
Module 2: Attacks, Concepts and Techniques: 2.1.1 Types of Malware
15 pages
All This Tools
No ratings yet
All This Tools
18 pages
Module 13 Quadrant I
No ratings yet
Module 13 Quadrant I
13 pages
Azure 900 Questions
50% (2)
Azure 900 Questions
13 pages
New Microsoft Word Document
No ratings yet
New Microsoft Word Document
8 pages
Networking Assignment
No ratings yet
Networking Assignment
73 pages
Tl260-Tl265 Installation Manual Eng Fre Spa Braz-Port 29007618r002
No ratings yet
Tl260-Tl265 Installation Manual Eng Fre Spa Braz-Port 29007618r002
68 pages
SCADA Security Methods and Techniques in M.P. East Discom: Abstract
No ratings yet
SCADA Security Methods and Techniques in M.P. East Discom: Abstract
11 pages
A Study of Information Security Awareness and Practices in Saudi Arabia
No ratings yet
A Study of Information Security Awareness and Practices in Saudi Arabia
7 pages
Azure Fondamentals Exam
No ratings yet
Azure Fondamentals Exam
11 pages
212 89 Questions
No ratings yet
212 89 Questions
4 pages
Ip Spoofing Seminar Report
No ratings yet
Ip Spoofing Seminar Report
38 pages
Industrial IoT - Threats and Countermeasures - Rambus
No ratings yet
Industrial IoT - Threats and Countermeasures - Rambus
5 pages
WAF Spcec
No ratings yet
WAF Spcec
15 pages
Ethical Hacking Notes
No ratings yet
Ethical Hacking Notes
25 pages
Basics of Machine Learning in Cybersecurity
No ratings yet
Basics of Machine Learning in Cybersecurity
3 pages
Discovering Computers 2016: Digital Security, Ethics, and Privacy
No ratings yet
Discovering Computers 2016: Digital Security, Ethics, and Privacy
47 pages
Nis Imp Q&a
No ratings yet
Nis Imp Q&a
129 pages
Experiment List CNS LAB 11
No ratings yet
Experiment List CNS LAB 11
4 pages
Week2 Module5 PDF
No ratings yet
Week2 Module5 PDF
30 pages
DDBMS Practicals
No ratings yet
DDBMS Practicals
24 pages
1713442552250ethecial Hacking V12
No ratings yet
1713442552250ethecial Hacking V12
5 pages
The Art of Intrusion - IDPS Report
No ratings yet
The Art of Intrusion - IDPS Report
48 pages
IPS 10.1 Product Guide RevO En-Us
No ratings yet
IPS 10.1 Product Guide RevO En-Us
2,272 pages
CTNMLG81A18C351R-Catania_SecurityAndPrivacy5G
No ratings yet
CTNMLG81A18C351R-Catania_SecurityAndPrivacy5G
89 pages
Digital Empowerment
No ratings yet
Digital Empowerment
194 pages