A Framework for Providing Security for Cloud SaaS Model through an Enhanced Sea Lion Optimization Algorithm

The Cloud paradigm is increasing very rapidly due to its on-demand services. Software-as-a Service (SaaS) is one amongst the most outstanding and fastest-growing fields in the era of Cloud computing. Organizations are adopting SaaS solutions, which offer several advantages, mostly in minimizing cost and time. Over all the excitement around SaaS, security is one of the foremost critical issues for its growth in Cloud computing. Hence this paper introduces a novel framework for detecting the DoS attacks using an enhanced Sea Lion Optimization Algorithm (SLnO) known as Fitness updated Sea Lion Optimization Algorithm (FSLnO). The proposed work has two stages (i) feature selection using FSLnO and (ii) classification through Recurrent Neural Network (RNN). It ensures the separation of normal and compromised date. For evaluation KDD cup 99 dataset is used and evaluated in terms of Precision, Accuracy, False Positive and Negative rates. Results prove that the proposed work outperformed the other conventional models.


I. Introduction
The Cloud paradigm is increasing very rapidly due to its on-demand services [1]. Software-as-a Service (SaaS) is one amongst the fastest-growing fields in the era of Cloud computing. Organizations are adopting SaaS solutions, which offer several advantages mostly with respect to finance and time management. The key ingredient in the success of Software-as-a-Service (SaaS) is based upon client's satisfaction [2]. Security is found to be one of the foremost critical issue for SaaS in Cloud computing [3], [4], [5], [6]. SaaS provides software licenses, modest tools, centralized management of data, multi-tenant solutions, minimal maintenance, and scalability.
The existing works on security focuses on multifactor authentication, verifying the access control, monitoring the data access, verifying the data deletion, controlling the consumer access devices, security check events, etc. [7], [8], [9]. These services are totally delayed due to a lot of attacks [10]. Worms, DoS attacks or botnets are the subsets of threats that frequently occur in the networks [11]. Further, there is a need to implement a holistic solution for detecting the attacks.
Some of the optimization techniques for investigating the attacks are as follows. In [18] Optimization-Back Propagation (MPSOBP). Initially, dimensionality is reduced using LE, for selecting the features MPSO-BP is used. The DDoS attack detection system is developed in [19] using C.4.5 algorithm, coupled with signature detection. Decision tree is used for attack detection. The existing algorithms lacks local optima and excessive time for computation. There is a need to implement solution for attack detection.
This paper introduces an attack detection system to provide security for SaaS. An enhanced machine learning algorithm called Fitness updated Sea Lion Optimization Algorithm is designed and developed for feature selection. Further for classification RNN is accomplished, which separates the normal and attack data and sends the normal data to Cloud Service Provider (CSP). The rest of the paper is organized as follows. The proposed work is explained in section 2. Experimental results are discussed in section 3. Finally, section 4 offers a conclusion.

Architecture of the proposed work
This work is classified into three stages viz, (i) Data Pre-processing (ii) Selecting the features through FSLnO and (iii) Classification with RNN. As a benchmark, we employed the KDD cup 99 dataset [20]. It is an intrusion detector learning dataset consists of 41 features. Initially, the features are pre-processed. After pre-processing, the best features are selected using the FSLnO algorithm to increase the accuracy of the detection.
Further, the behaviour of the data is predicted from the best attributes that use RNN. The entire process is divided into testing and training. For training, we have considered 80% of data and the remaining 20% for testing. Figure 1 depicts the architecture of the proposed work.

Feature selection using FSLnO: Training Phase
Selecting the most relevant features plays a vital role in the attack detection system. The complexity and evaluation of the model are reduced with feature selection. After the pre-processing, we use the proposed FSLnO for feature selection. To maximize the searching ability of SLnO, we update the fitness of using precision metric. Increased precision value decreases the falsepositive rates and gives the best search capability of features in the dataset.
The standard SLnO algorithm was developed based on the hunting process of sea lions that come with groups and decides to hunt [21]. Their whiskers generally govern the process of hunting and finding of the prey (target) in sealions. The arithmetical model of FSLnO is as follows: Stage 1-Modified version of Detection and chasing of the prey: Sea lions whiskers help to estimate the position of prey concerning its structure. If there is plenty of prey, then the sealions ask others to come and attack the prey. In this process of hunting, the sea lion that demands others is known as the leader. Eq. (1) and Eq. (2) show the prey update mechanism.
ISSN: 00333077 3491 www.psychologyandeducation.net Initially, the fitness (Fit) is found for the present search agent, and a median of total fitness Fitev is calculated. Further, Fit >= median (Fitev), a midvalue is given. If the solution obtained is greater than these mid-values, then it is evaluated using Eq. (3).
The leader is represented as SLleader, and noise in water, as well as, air is denoted as and .
The new solution is based on the new value. The median of total fitness Fitov is evaluated. If (Fit ≥ median (Fitov)), the solution that has maximum value when compared with mid values are updated using Eq. (7).

= mean(P(t): S(t)) (9)
The variation between SLnO and FSLnO is, in that the current fitness is analyzed with middle value of the complete fitness in each and every phase. If it is larger than mid value then they are discarded and the remaining are selected for further optimization. Additionally, the average is calculated for all the fitness values, and the best value is selected. Thus, this entire process maximizes the convergence speed of the algorithm and selects 11 best features out of 41. Step 1: Initially, the input layer is assigned with selected attributes and weights.

Attack detection using RNN
Step 2: RNN is explained with Eq. (10) and Eq. (11), where qi and Wtij represent the activation state of neuron's i at time t, and weights are optimized. Activation function funi depends on inputs.

funi = (12)
Step 4: In back propagation regarding forward procedure, each neuron's output is computed using Eq. (13), Eq. (14), where Hid, Cn, In, fun denotes: hidden layer, neuron stored at previous network location, input neurons, activation function. Then pj is the jth input of the neuron and Tdij is displacement in recurrent function. (14) Step 5: By using Bayesian Regulation, the back propagation error can be minimized using Eq. (15), which is difference between predicted and actual value. Erm = P target − P actual (15) Step 6: Latest weights, as well as bias, are modified with Eq. (16). (16) Step 7: Weights are updated using Eq. (17), where α and β are two arbitrary values, and Br is the new weight update. Br = βEd + αErm (17) Testing phase: The CSP examines the data whether it is attacked or normal. A score value is obtained in Eq. (18). Using this the decision is taken to determine it as normal or intruded. Accuracy, precision, recall are positive measures that are to be at higher rates. Contrarily, FPR, FNR, FDR are negative measures that should be low to minimize errors. The evaluation is compared with GA [22], PSO [23], FF [24], WOA [25]. Further, NN [26], SVM [27], and CNN [28] are used for classifier evaluation. Table 1 shows the various metrics for evaluation.  It is an error of type I, which inappropriately reject null hypothesis FP/ (TP + FP)    Figure 4 depicts the convergence of FSLnO that selects 11 best features out of 41, whereas GA selects 13 features, FF retrieves 14 features, and WOA retrieves 16 features. One advantage of FSLnO is it has a high convergence speed as the mid-value is taken and the mean is calculated for the entire fitness. In this work we have calculated the fitness based on the precision metric, which minimizes the false-positive rates and results the best feature selection. Figure 4: Convergence proof of FSLnO with respect to feature selection IV.CONCLUSION This paper has introduced a novel framework for DoS attack detection. Initially as a benchmark, KDD cup 99, dataset is considered and applied for pre-processing. After the pre-processing, the features are subjected to FSLnO algorithm to select the best features. For further classification, to separate the standard and attack data RNN is used. On the basis of score value, the usual and unusual data are separated, and usual data is sent to CSP. The proposed work was analyzed over the other conventional models by evaluating accuracy, precision, FPR and FNR. Results show that the proposed work outperformed the other existing works. In the future, we develop the attack mitigation system by considering the dynamic datasets.