%0 Conference Proceedings
%T Arguments Against Using the 1998 DARPA Dataset for Cloud IDS Design and Evaluation and Some Alternative
%+ University of Victoria [Canada] (UVIC)
%+ Department of Electrical & Computer Engineering [Victoria] (ECE Department)
%+ Ryerson University [Toronto]
%+ Qassim University [Kingdom of Saudi Arabia]
%A Faria Quinan, Paulo
%A Traore, Issa
%A Woungang, Isaac
%A Aldribi, Abdulaziz
%A Nwamuo, Onyekachi
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 2nd International Conference on Machine Learning for Networking (MLN)
%C Paris, France
%Y Selma Boumerdassi
%Y Éric Renault
%Y Paul Mühlethaler
%I Springer International Publishing
%3 Machine Learning for Networking
%V LNCS-12081
%P 315-332
%8 2019-12-03
%D 2019
%R 10.1007/978-3-030-45778-5_21
%K Cloud IDS
%K Cloud security
%K Machine learning
%K IDS evaluation
%K Hypervisor-based IDS
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X Due to the lack of adequate public datasets, the proponents of many existing cloud intrusion detection systems (IDS) have relied on the DARPA dataset to design and evaluate their models. In the current paper, we show empirically that the DARPA dataset by failing to meet important statistical characteristics of real world cloud traffic data center is inadequate for evaluating cloud IDS. We present, as alternative, a new public dataset collected through a cooperation between our lab and a non-profit cloud service provider, which contains benign data and a wide variety of attack data. We present a new hypervisor-based cloud IDS using instance-oriented feature model and supervised machine learning techniques. We investigate 3 different classifiers: Logistic Regression (LR), Random Forest (RF), and Support Vector Machine (SVM) algorithms. Experimental evaluation on a diversified dataset yields a detection rate of 92.08% and a false positive rate of 1.49% for random forest, the best performing of the three classifiers.
%G English
%Z TC 6
%2 https://inria.hal.science/hal-03266464/document
%2 https://inria.hal.science/hal-03266464/file/487577_1_En_21_Chapter.pdf
%L hal-03266464
%U https://inria.hal.science/hal-03266464
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC6
%~ IFIP-LNCS-12081
%~ IFIP-MLN