Security remains one of the most critical concerns in all types and sizes of networks. Among the various strategies and policies designed to protect networks and systems, intrusion detection systems (IDSs) are paramount in identifying and preventing attacks. As security threats evolve, next-generation security solutions are progressively incorporating artificial intelligence (AI) to enhance their effectiveness. Consequently, the building of an effective and intelligent intrusion detection system remains one of the most significant research challenges. This study proposes a novel hybrid IDS model that combines anomaly detection and supervised learning to improve attack detection in Cloud Computing (CC) environments. Our approach utilizes the CICIDS2018 dataset, noted for its large scale, recency, inclusion of diverse real-world attack scenarios, and suitability for CC contexts. Our methodology first employs Isolation Forest for anomaly detection. Then, the anomaly results are added as a new feature to the dataset. Subsequently, the eXtreme Gradient Boosting (XGBoost) model is employed on this enriched dataset. This two-stage hybrid approach enhances the model's learning capabilities and leads to more accurate threat detection. The experimental results indicate that the proposed model achieves superior performance, with high recall, F1-score, precision, and accuracy. Moreover, a comparative analysis with existing literature further confirms these strong results. The findings indicate that combining anomaly detection with supervised learning can provide a more robust approach for enhancing IDS, particularly in demanding environments such as CC.
Loughmari et al. (Sat,) studied this question.