Received 31 May 2023, accepted 20 June 2023, date of publication 26 June 2023, date of current version 29 June 2023. Digital Object Identifier 10.1109/ACCESS.2023.3289405 An Improved Design for a Cloud Intrusion Detection System Using Hybrid Features Selection Approach With ML Classifier MHAMAD BAKRO 1 , RAKESH RANJAN KUMAR 1 , AMERAH ALABRAH 2 , ZUBAIR ASHRAF 3 , MD NADEEM AHMED 4 , MOHAMMAD SHAMEEM 5 , AND AHMED ABDELSALAM 6 1 Department of Computer Science and Engineering, C. V. Raman Global University, Bhubaneswar, Odisha 752054, India 2 Department of Information Systems, College of Computer and Information Sciences, King Saud University, Riyadh 11543, Saudi Arabia 3 Department of Computer Engineering and Applications, GLA University, Mathura, Uttar Pradesh 281406, India 4 Department of AIT-Computer Science Engineering (CSE), Chandigarh University, Chandigarh, Punjab 140413, India 5 Department of Computer Science and Engineering, Koneru Lakshmaiah Education Foundation, Guntur, Andhra Pradesh 522503, India 6 School of Engineering Science, Department of Software Engineering, LUT University, 53850 Lappeenranta, Finland Corresponding author: Mhamad Bakro (mhwb14794@gmail.com) This work was supported by the King Saud University, Riyadh, Saudi Arabia, through the Researchers Supporting Project under Grant RSP2023R476. ABSTRACT The focus of cloud computing nowadays has been reshaping the digital epoch, in which clients now face serious concerns about the security and privacy of their data hosted in the cloud, as well as increasingly sophisticated and frequent cyberattacks. Therefore, it has become imperative for both individuals and organizations to implement a robust intrusion detection system (IDS) capable of monitoring packets in the network, distinguishing between benign and malicious behavior, and detecting the type of attacks. IDS based on ML are efficient and precise in spotting network threats. Yet, for large dimensional data sizes, the performance of these systems decreases. Thus, it is critical to building a suitable feature selection approach that selects necessary features without having an impact on the classification process or causing information loss. Furthermore, training ML models on unbalanced datasets show a rising false positive rate (FPR) and a lowering detection rate (DR). In this paper, we present an improved cloud IDS designed by incorporating the synthetic minority over-sampling technique (SMOTE) to address the imbalanced data issue, and for feature selection, we propose to use a hybrid approach that includes three techniques: information gain (IG), chi-square (CS), and particle swarm optimization (PSO). Finally, the random forest (RF) model is utilized for detecting and classifying various types of attacks. The suggested system has been verified by the UNSW-NB15 and Kyoto datasets, achieving accuracies of over 98% and 99% in the multi-class classification scenario, respectively. It was noticed that an intrusion detection system with fewer informative features would operate more effectively. The simulation results significantly outperform other methodologies proposed in the related work in terms of different evaluation metrics. INDEX TERMS Improved design for cloud-IDS, feature selection, PSO-based metaheuristic, random forest. I. INTRODUCTION Nowadays, the progress in digital technologies has led to an explosive growth of cloud computing (CC) [1] applications in different fields due to its services (SaaS, PaaS, and IaaS) and its advantages such as expandability, availability, low cost, The associate editor coordinating the review of this manuscript and approving it for publication was Nitin Gupta . and so on [2]. However, this has led to a rising number of threats and created a massive market for cyber security [3]. According to this research [4], companies and organizations faced 50 million cyber assaults in 2010, and by 2019, that figure had increased to 900 million, and the figure is still continuously rising. Both individuals and enterprises have suffered serious damage and big financial losses as a result of these cyberattacks. Based on recent Juniper research [5], 64228 This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/ VOLUME 11, 2023