A Hybrid Unsupervised Learning Approach to Enhance Intrusion Detection and Prevention Using MITRE ATT and CK In Cloud Computing

Abstract

Cloud computing systems are extensively utilized for running parallel applications with varying computational requirements, catering to diverse computing demands efficiently and effectively. Through the Internet, cloud computing offers users desirable features and efficient computing facilities, enabling convenient access to resources and services. The sensitive nature of user data poses a significant challenge in public cloud computing, emphasizing the criticality of robust maintenance practices for ensuring security and privacy. Various attacks pose threats to the security of cloud computing systems, highlighting the importance of robust protective measures and vigilance in safeguarding sensitive data and resources. Such attacks degrade system performance, compromising integrity, confidentiality, and security, underscoring the imperative for robust defense mechanisms and proactive security measures. To address these challenges, an Intrusion Detection System is deployed, aimed at identifying various attacks including Denial of Service (DoS), Distributed Denial of Service (DDoS), Botnet, Brute force, Probe, Flooding, Infiltration, Heartbleed, Remote-to Local (R2L), and User-to-Root (U2R) attacks, bolstering system security and resilience. Various intrusion detection techniques, including signature-based, anomaly-based, and hybrid approaches, are employed to detect suspicious activities within cloud computing systems. Historically, researchers have increasingly turned to Machine Learning (ML) and Deep Learning (DL) techniques to develop Intrusion Detection Systems (IDS) capable of handling emerging attacks within network systems. However, contemporary Intrusion Detection Systems (IDS) face challenges in recognizing emerging threats due to insufficient trend analysis. Traditional models often grapple with identifying malicious activities, hindered by imbalanced data and ineffective miss rate management. Moreover, the lack of real-time response mechanisms leads to delayed actions,