An Unsupervised Cloud-Centric Intrusion Diagnosis Framework Using Autoencoder and Density-Based Learning

Citation

K. S, Suresh and Elumalai, Thenmozhi and Rajamani, Radhakrishnan and Kumar, Anubhav and Balusamy, Balamurugan and Yogarayan, Sumendra and Prabu, Kaliyaperumal (2026) An Unsupervised Cloud-Centric Intrusion Diagnosis Framework Using Autoencoder and Density-Based Learning. Future Internet, 18 (1). p. 54. ISSN 1999-5903

[img] Text
futureinternet-18-00054.pdf - Published Version
Restricted to Repository staff only

Download (3MB)

Abstract

Cloud computing environments generate high-dimensional, large-scale, and highly dynamic network traffic, making intrusion diagnosis challenging due to evolving attack patterns, severe traffic imbalance, and limited availability of labeled data. To address these challenges, this study presents an unsupervised, cloud-centric intrusion diagnosis framework that integrates autoencoder-based representation learning with density-based attack categorization. A dual-stage autoencoder is trained exclusively on benign traffic to learn compact latent representations and to identify anomalous flows using reconstruction-error analysis, enabling effective anomaly detection without prior attack labels. The detected anomalies are subsequently grouped using density-based learning to uncover latent attack structures and support fine-grained multiclass intrusion diagnosis under varying attack densities. Experiments conducted on the large-scale CSE-CIC-IDS2018 dataset demonstrate that the proposed framework achieves an anomaly detection accuracy of 99.46%, with high recall and low false-negative rates in the optimal latent-space configuration. The density-based classification stage achieves an overall multiclass attack classification accuracy of 98.79%, effectively handling both majority and minority attack categories. Clustering quality evaluation reports a Silhouette Score of 0.9857 and a Davies–Bouldin Index of 0.0091, indicating strong cluster compactness and separability. Comparative analysis against representative supervised and unsupervised baselines confirms the framework’s scalability and robustness under highly imbalanced cloud traffic, highlighting its suitability for future Internet cloud security ecosystems.

Item Type: Article
Uncontrolled Keywords: cloud computing, dual functions, imbalanced traffic, anomaly detection, unsupervised learning, Adaptive IDS
Subjects: L Education > LB Theory and practice of education > LB1060 Learning
Divisions: Faculty of Information Science and Technology (FIST)
Depositing User: Ms Suzilawati Abu Samah
Date Deposited: 09 Feb 2026 08:09
Last Modified: 09 Feb 2026 08:09
URII: http://shdl.mmu.edu.my/id/eprint/15248

Downloads

Downloads per month over past year

View ItemEdit (login required)