{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T18:03:56Z","timestamp":1775066636880,"version":"3.50.1"},"reference-count":57,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2022,3,13]],"date-time":"2022-03-13T00:00:00Z","timestamp":1647129600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"VC Research","award":["VCR 0000162"],"award-info":[{"award-number":["VCR 0000162"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>The rapid advancement of internet technologies has dramatically increased the number of connected devices. This has created a huge attack surface that requires the deployment of effective and practical countermeasures to protect network infrastructures from the harm that cyber-attacks can cause. Hence, there is an absolute need to differentiate boundaries in personal information and cloud and fog computing globally and the adoption of specific information security policies and regulations. The goal of the security policy and framework for cloud and fog computing is to protect the end-users and their information, reduce task-based operations, aid in compliance, and create standards for expected user actions, all of which are based on the use of established rules for cloud computing. Moreover, intrusion detection systems are widely adopted solutions to monitor and analyze network traffic and detect anomalies that can help identify ongoing adversarial activities, trigger alerts, and automatically block traffic from hostile sources. This survey paper analyzes factors, including the application of technologies and techniques, which can enable the deployment of security policy on fog and cloud computing successfully. The paper focuses on a Software-as-a-Service (SaaS) and intrusion detection, which provides an effective and resilient system structure for users and organizations. Our survey aims to provide a framework for a cloud and fog computing security policy, while addressing the required security tools, policies, and services, particularly for cloud and fog environments for organizational adoption. While developing the essential linkage between requirements, legal aspects, analyzing techniques and systems to reduce intrusion detection, we recommend the strategies for cloud and fog computing security policies. The paper develops structured guidelines for ways in which organizations can adopt and audit the security of their systems as security is an essential component of their systems and presents an agile current state-of-the-art review of intrusion detection systems and their principles. Functionalities and techniques for developing these defense mechanisms are considered, along with concrete products utilized in operational systems. Finally, we discuss evaluation criteria and open-ended challenges in this area.<\/jats:p>","DOI":"10.3390\/fi14030089","type":"journal-article","created":{"date-parts":[[2022,3,13]],"date-time":"2022-03-13T22:29:43Z","timestamp":1647210583000},"page":"89","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":97,"title":["A Survey on Intrusion Detection Systems for Fog and Cloud Computing"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8012-5852","authenticated-orcid":false,"given":"Victor","family":"Chang","sequence":"first","affiliation":[{"name":"Cybersecurity, Information Systems and AI Research Group, School of Computing, Engineering and Digital Technologies, Teesside University, Middlesbrough TS1 3BX, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2189-335X","authenticated-orcid":false,"given":"Lewis","family":"Golightly","sequence":"additional","affiliation":[{"name":"Cybersecurity, Information Systems and AI Research Group, School of Computing, Engineering and Digital Technologies, Teesside University, Middlesbrough TS1 3BX, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2523-1847","authenticated-orcid":false,"given":"Paolo","family":"Modesti","sequence":"additional","affiliation":[{"name":"Cybersecurity, Information Systems and AI Research Group, School of Computing, Engineering and Digital Technologies, Teesside University, Middlesbrough TS1 3BX, UK"}]},{"given":"Qianwen Ariel","family":"Xu","sequence":"additional","affiliation":[{"name":"Cybersecurity, Information Systems and AI Research Group, School of Computing, Engineering and Digital Technologies, Teesside University, Middlesbrough TS1 3BX, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9656-7287","authenticated-orcid":false,"given":"Le Minh Thao","family":"Doan","sequence":"additional","affiliation":[{"name":"Cybersecurity, Information Systems and AI Research Group, School of Computing, Engineering and Digital Technologies, Teesside University, Middlesbrough TS1 3BX, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2863-3312","authenticated-orcid":false,"given":"Karl","family":"Hall","sequence":"additional","affiliation":[{"name":"Cybersecurity, Information Systems and AI Research Group, School of Computing, Engineering and Digital Technologies, Teesside University, Middlesbrough TS1 3BX, UK"}]},{"given":"Sreeja","family":"Boddu","sequence":"additional","affiliation":[{"name":"Cybersecurity, Information Systems and AI Research Group, School of Computing, Engineering and Digital Technologies, Teesside University, Middlesbrough TS1 3BX, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3501-2840","authenticated-orcid":false,"given":"Anna","family":"Kobusi\u0144ska","sequence":"additional","affiliation":[{"name":"Institute of Computing Science, Poznan University of Technology, 60-965 Poznan, Poland"}]}],"member":"1968","published-online":{"date-parts":[[2022,3,13]]},"reference":[{"key":"ref_1","first-page":"52","article-title":"A survey of Cloud Computing Security challenges and solutions","volume":"14","author":"Hussein","year":"2016","journal-title":"J. Comput. Sci. Inf. Secur."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"2263","DOI":"10.1016\/j.jss.2012.12.025","article-title":"Cloud computing security: The scientific challenge, and a survey of solutions","volume":"86","author":"Ryan","year":"2013","journal-title":"J. Syst. Softw."},{"key":"ref_3","first-page":"247","article-title":"Cloud Computing Security Issues and Challenges","volume":"3","author":"Kuyoro","year":"2011","journal-title":"Int. J. Comput. Netw."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Tripathi, A., and Mishra, A. (2011, January 14\u201316). Cloud computing security considerations. Proceedings of the 2011 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC), Xi\u2019an, China.","DOI":"10.1109\/ICSPCC.2011.6061557"},{"key":"ref_5","unstructured":"(2022, February 18). Soa. Available online: https:\/\/www.ibm.com\/nl-en\/cloud\/learn\/soa."},{"key":"ref_6","unstructured":"Chen, Y. (2017). Service-Oriented Computing and System Integration: Software, IoT, Big Data, and AI as Services, Kendall Hunt Publishing. [6th ed.]."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"221852","DOI":"10.1109\/ACCESS.2020.3043070","article-title":"An Overview of Automotive Service-Oriented Architectures and Implications for Security Countermeasures","volume":"8","author":"Rumez","year":"2020","journal-title":"IEEE Access"},{"key":"ref_8","first-page":"164","article-title":"Enterprise integration using Service-Oriented Architecture","volume":"22","author":"Grant","year":"2021","journal-title":"Issues Inf. Syst."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"252","DOI":"10.1016\/j.future.2021.01.019","article-title":"Future generation of service-oriented computing systems","volume":"118","author":"Yangui","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"107208","DOI":"10.1016\/j.comnet.2020.107208","article-title":"An effective service-oriented networking management architecture for 5G-enabled internet of things","volume":"173","author":"Huang","year":"2020","journal-title":"Comput. Netw."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"719","DOI":"10.1016\/j.cose.2011.08.004","article-title":"The cyber threat landscape: Challenges and future research directions","volume":"30","author":"Choo","year":"2011","journal-title":"Comput. Secur."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"570","DOI":"10.1109\/JIOT.2014.2366120","article-title":"An Efficient and Lightweight Intrusion Detection Mechanism for Service-Oriented Vehicular Networks","volume":"1","author":"Sedjelmaci","year":"2014","journal-title":"IEEE Internet Things J."},{"key":"ref_13","first-page":"359","article-title":"Measures to Mitigate Cybersecurity Risks and Vulnerabilities in Service-Oriented Architecture","volume":"27","author":"Vevera","year":"2018","journal-title":"Stud. Inform. Control"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"7051","DOI":"10.1007\/s12652-020-02370-8","article-title":"Analysis of security issues of cloud-based web applications","volume":"12","author":"Mishra","year":"2020","journal-title":"J. Ambient Intell. Humaniz. Comput."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1016\/j.jpdc.2020.11.002","article-title":"Toward security as a service: A trusted cloud service architecture with policy customization","volume":"149","author":"Huang","year":"2021","journal-title":"J. Parallel Distrib. Comput."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"20717","DOI":"10.1109\/ACCESS.2021.3054129","article-title":"Machine Learning for Cloud Security: A Systematic Review","volume":"9","author":"Nassif","year":"2021","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1016\/j.jpdc.2021.06.005","article-title":"Fog Computing: A Taxonomy, Systematic Review, Current Trends and Research Challenges","volume":"157","author":"Singh","year":"2021","journal-title":"J. Parallel Distrib. Comput."},{"key":"ref_18","unstructured":"(2022, January 28). White Paper. Fog Computing and the Internet of Things: Extend the Cloud to Where the Things Are. Available online: http:\/\/www.cisco.com\/c\/dam\/en_us\/solutions\/trends\/iot\/docs\/computing-overview.pdf."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Chang, W., and Wu, J. (2021). Industrial Internet of Things (IIoT) Applications of Edge and Fog Computing: A Review and Future Directions. Fog\/Edge Computing For Security, Privacy, and Applications, Springer International Publishing.","DOI":"10.1007\/978-3-030-57328-7"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"162","DOI":"10.1016\/j.icte.2021.05.004","article-title":"A Review on Fog Computing: Architecture, Fog with IoT, Algorithms and Research Challenges","volume":"7","author":"Sabireen","year":"2021","journal-title":"ICT Express"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"100421","DOI":"10.1016\/j.cosrev.2021.100421","article-title":"Security in fog computing: A systematic review on issues, challenges and solutions","volume":"41","author":"Rezapour","year":"2021","journal-title":"Comput. Sci. Rev."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Tamrakar, M., Jain, S., and Doriya, R. (2021, January 6\u20138). Security Issues in Fog Computing. Proceedings of the 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS), Madurai, India.","DOI":"10.1109\/ICICCS51141.2021.9432317"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"18209","DOI":"10.1109\/ACCESS.2018.2820162","article-title":"Data Security and Privacy-Preserving in Edge Computing Paradigm: Survey and Open Issues","volume":"6","author":"Zhang","year":"2018","journal-title":"IEEE Access"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"249","DOI":"10.1186\/s13638-018-1267-2","article-title":"Hypergraph clustering model-based association analysis of DDOS attacks in fog computing intrusion detection system","volume":"2018","author":"An","year":"2018","journal-title":"EURASIP J. Wirel. Commun. Netw."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"2730","DOI":"10.1002\/sec.588","article-title":"Application of artificial bee colony for intrusion detection systems","volume":"8","author":"Aldwairi","year":"2012","journal-title":"Secur. Commun. Networks"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"266","DOI":"10.1109\/SURV.2013.050113.00191","article-title":"A Survey of Intrusion Detection Systems in Wireless Sensor Networks","volume":"16","author":"Butun","year":"2013","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"e1306","DOI":"10.1002\/widm.1306","article-title":"Machine learning in cybersecurity: A review","volume":"9","author":"Handa","year":"2019","journal-title":"WIREs Data Min. Knowl. Discov."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Gupta, H., and Sharma, S. (2021, January 18\u201319). Security Challenges in Adopting Internet of Things for Smart Network. Proceedings of the 2021 10th IEEE International Conference on Communication Systems and Network Technologies (CSNT), Bhopal, India.","DOI":"10.1109\/CSNT51715.2021.9509698"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1186\/s42400-019-0038-7","article-title":"Survey of intrusion detection systems: Techniques, datasets and challenges","volume":"2","author":"Khraisat","year":"2019","journal-title":"Cybersecurity"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Sarnovsky, M., and Paralic, J. (2020). Hierarchical Intrusion Detection Using Machine Learning and Knowledge Model. Symmetry, 12.","DOI":"10.3390\/sym12020203"},{"key":"ref_31","unstructured":"Thorarensen, C. (2022, February 18). A Performance Analysis of Intrusion Detection with Snort and Security Information Management. Available online: http:\/\/urn.kb.se\/resolve?urn=urn:nbn:se:liu:diva-177602."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Teixeira, D., Assun\u00e7\u00e3o, L., Pereira, T., Malta, S., and Pinto, P. (2019). OSSEC IDS Extension to Improve Log Analysis and Override False Positive or Negative Detections. J. Sens. Actuator Netw., 8.","DOI":"10.3390\/jsan8030046"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"1251","DOI":"10.1016\/j.procs.2020.04.133","article-title":"Performance Analysis of Machine Learning Algorithms in Intrusion Detection System: A Review","volume":"171","author":"Saranya","year":"2020","journal-title":"Procedia Comput. Sci."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"2480","DOI":"10.1109\/TNSM.2020.3024225","article-title":"Experimental Review of Neural-Based Approaches for Network Intrusion Management","volume":"17","author":"Galatro","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Belgrana, F.Z., Benamrane, N., Hamaida, M.A., Chaabani, A.M., and Taleb-Ahmed, A. (2021, January 27\u201328). Network Intrusion Detection System Using Neural Network and Condensed Nearest Neighbors with Selection of NSL-KDD Influencing Features. Proceedings of the 2020 IEEE International Conference on Internet of Things and Intelligence System (IoTaIS), Bali, Indonesia.","DOI":"10.1109\/IoTaIS50849.2021.9359689"},{"key":"ref_36","unstructured":"Carlin, S., and Curran, K. (2013). Cloud Computing Security. Pervasive and Ubiquitous Technology Innovations for Ambient Intelligence Environments, IGI Global. Available online: https:\/\/www.igi-global.com\/chapter\/cloud-computing-security\/www.igi-global.com\/chapter\/cloud-computing-security\/68920."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"1803","DOI":"10.1109\/TNSM.2020.3014929","article-title":"Multi-Stage Optimized Machine Learning Framework for Network Intrusion Detection","volume":"18","author":"Injadat","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"107295","DOI":"10.1016\/j.knosys.2021.107295","article-title":"Effective hierarchical clustering based on structural similarities in nearest neighbor graphs","volume":"228","author":"Wu","year":"2021","journal-title":"Knowledge-Based Syst."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"9206","DOI":"10.1109\/ACCESS.2017.2704100","article-title":"Fog Computing in Healthcare\u2013A Review and Discussion","volume":"5","author":"Kraemer","year":"2017","journal-title":"IEEE Access"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Stojkoska, B.R., and Trivodaliev, K. (2017, January 21\u201322). Enabling internet of things for smart homes through fog computing. Proceedings of the 2017 25th Telecommunication Forum (TELFOR), Belgrade, Serbia.","DOI":"10.1109\/TELFOR.2017.8249316"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Gia, T.N., Jiang, M., Rahmani, A.-M., Westerlund, T., Liljeberg, P., and Tenhunen, H. (2015, January 26\u201328). Fog Computing in Healthcare Internet of Things: A Case Study on ECG Feature Extraction. Proceedings of the 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, Liverpool, UK.","DOI":"10.1109\/CIT\/IUCC\/DASC\/PICOM.2015.51"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"e8819545","DOI":"10.1155\/2020\/8819545","article-title":"Intrusion Detection into Cloud-Fog-Based IoT Networks Using Game Theory","volume":"2020","author":"Pirozmand","year":"2020","journal-title":"Wirel. Commun. Mob. Comput."},{"key":"ref_43","unstructured":"S\u00f6nmez, F.\u00d6., and G\u00fcnel, B. (2018, January 3\u20134). Evaluation of Security Information and Event Management Systems for Custom Security Visualization Generation. Proceedings of the 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), Ankara, Turkey."},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"e4680867","DOI":"10.1155\/2018\/4680867","article-title":"Intrusion Detection System Based on Decision Tree over Big Data in Fog Environment","volume":"2018","author":"Peng","year":"2018","journal-title":"Wirel. Commun. Mob. Comput."},{"key":"ref_45","first-page":"34","article-title":"An Intrusion Detection System for Fog Computing and IoT based Logistic Systems using a Smart Data Approach","volume":"10","author":"Hosseinpour","year":"2016","journal-title":"Int. J. Digit. Content Technol. Its Appl."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"6882","DOI":"10.1109\/JIOT.2020.2970501","article-title":"Passban IDS: An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge Devices","volume":"7","author":"Eskandari","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"134","DOI":"10.1109\/TCSS.2021.3063538","article-title":"Intrusion Detection for Secure Social Internet of Things Based on Collaborative Edge Computing: A Generative Adversarial Network-Based Approach","volume":"9","author":"Nie","year":"2021","journal-title":"IEEE Trans. Comput. Soc. Syst."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1109\/MCE.2018.2851723","article-title":"Fair Resource Allocation in an Intrusion-Detection System for Edge Computing: Ensuring the Security of Internet of Things Devices","volume":"7","author":"Lin","year":"2018","journal-title":"IEEE Consum. Electron. Mag."},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Mazzariello, C., Bifulco, R., and Canonico, R. (2010, January 23\u201325). Integrating a network IDS into an open source Cloud Computing environment. Proceedings of the 2010 Sixth International Conference on Information Assurance and Security, Atlanta, GA, USA.","DOI":"10.1109\/ISIAS.2010.5604069"},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Mehmood, Y., Shibli, M.A., Habiba, U., and Masood, R. (2013, January 11\u201312). Intrusion Detection System in Cloud Computing: Challenges and opportunities. Proceedings of the 2013 2nd National Conference on Information Assurance (NCIA), Rawalpindi, Pakistan.","DOI":"10.1109\/NCIA.2013.6725325"},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Monshizadeh, M., Khatri, V., and Kantola, R. (2017, January 19\u201322). Detection as a service: An SDN application. Proceedings of the 2017 19th International Conference on Advanced Communication Technology (ICACT), Pyeongchang, Korea.","DOI":"10.23919\/ICACT.2017.7890099"},{"key":"ref_52","first-page":"8","article-title":"Intrusion Detection and Prevention Response based on Signature-Based and Anomaly-Based: Investigation Study","volume":"10","author":"Najjar","year":"2012","journal-title":"Int. J. Comput. Sci. Inf. Secur."},{"key":"ref_53","unstructured":"Chen, H. (2016). Research and Implementation of Information Security System of Campus Network in Branch Campus, Xiamen University."},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1038\/s41746-019-0161-6","article-title":"A retrospective impact analysis of the WannaCry cyberattack on the NHS","volume":"2","author":"Ghafur","year":"2019","journal-title":"NPJ Digit. Med."},{"key":"ref_55","first-page":"21","article-title":"E-HEALTH as a Tool for Strengthening the Role of a Patient in the Process of Providing Health Services","volume":"25","author":"Dymyt","year":"2018","journal-title":"Mod. Manag. Rev."},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Furlepa, K., Tenderenda, A., Koz\u0142owski, R., Marczak, M., Wierzba, W., and \u015aliwczy\u0144ski, A. (2022). Recommendations for the Development of Telemedicine in Poland Based on the Analysis of Barriers and Selected Telemedicine Solutions. Int. J. Environ. Res. Public Health, 19.","DOI":"10.3390\/ijerph19031221"},{"key":"ref_57","first-page":"22","article-title":"Cloud Computing Security Challenges in Higher Educational Institutions\u2014A Survey","volume":"161","author":"Hassan","year":"2017","journal-title":"Int. J. Comput. Appl."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/14\/3\/89\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T22:35:49Z","timestamp":1760135749000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/14\/3\/89"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,13]]},"references-count":57,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2022,3]]}},"alternative-id":["fi14030089"],"URL":"https:\/\/doi.org\/10.3390\/fi14030089","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,3,13]]}}}