Open Access

ARTICLE

Intrumer: A Multi Module Distributed Explainable IDS/IPS for Securing Cloud Environment

by Nazreen Banu A^*, S.K.B. Sangeetha

Department of Computer Science and Engineering, SRM Institute of Science and Technology, Vadapalani Campus, Chennai, 600026, Tamil Nadu, India

* Corresponding Author: Nazreen Banu A. Email:

Computers, Materials & Continua 2025, 82(1), 579-607. https://doi.org/10.32604/cmc.2024.059805

Received 17 October 2024; Accepted 05 December 2024; Issue published 03 January 2025

Abstract

The increasing use of cloud-based devices has reached the critical point of cybersecurity and unwanted network traffic. Cloud environments pose significant challenges in maintaining privacy and security. Global approaches, such as IDS, have been developed to tackle these issues. However, most conventional Intrusion Detection System (IDS) models struggle with unseen cyberattacks and complex high-dimensional data. In fact, this paper introduces the idea of a novel distributed explainable and heterogeneous transformer-based intrusion detection system, named INTRUMER, which offers balanced accuracy, reliability, and security in cloud settings by multiple modules working together within it. The traffic captured from cloud devices is first passed to the TC&TM module in which the Falcon Optimization Algorithm optimizes the feature selection process, and Naïve Bayes algorithm performs the classification of features. The selected features are classified further and are forwarded to the Heterogeneous Attention Transformer (HAT) module. In this module, the contextual interactions of the network traffic are taken into account to classify them as normal or malicious traffic. The classified results are further analyzed by the Explainable Prevention Module (XPM) to ensure trustworthiness by providing interpretable decisions. With the explanations from the classifier, emergency alarms are transmitted to nearby IDS modules, servers, and underlying cloud devices for the enhancement of preventive measures. Extensive experiments on benchmark IDS datasets CICIDS 2017, Honeypots, and NSL-KDD were conducted to demonstrate the efficiency of the INTRUMER model in detecting network traffic with high accuracy for different types. The proposed model outperforms state-of-the-art approaches, obtaining better performance metrics: 98.7% accuracy, 97.5% precision, 96.3% recall, and 97.8% F1-score. Such results validate the robustness and effectiveness of INTRUMER in securing diverse cloud environments against sophisticated cyber threats.

---

Keywords

---