A novel hybrid framework for Cloud Intrusion Detection System using system call sequence analysis.

Cloud Computing offers on-demand infrastructure, platform and software services over the Internet on a pay-as-you-use model. Many e-commerce businesses and social networking sites are moving towards the cloud. Security breaches have also started to grow along with their popularity. The malicious processes can target virtualization-based cloud infrastructure and harm virtual resources, thereby becoming a threat to the cloud. Several Intrusion Detection Systems (IDSs) have been developed to detect attacks based on predefined behavior patterns. However, malicious processes can hide their behavior in the presence of security mechanisms on a Virtual Machine (VM). With the increasing frequency of such attacks, IDSs must be improved using Machine Learning (ML) and Deep Learning (DL) techniques. This study proposes a novel intrusion detection framework that can detect known and unknown attacks by system call sequence analysis. The framework analyzes the system call sequences of VMs with a hybrid model of Long Short Term Memory (LSTM) and system call frequency-based anomaly detection techniques. The proposed framework is evaluated using the Australian Defence Force Academy-Linux Dataset (ADFA-LD) dataset. Compared to the existing frameworks, the highest accuracy of 97.2% and a false positive rate of 2.4% are achieved for our proposed framework. [ABSTRACT FROM AUTHOR]