Cloud Services Usage Profile Based Intruder Detection and Prevention System: Intrusion Meter
Keywords:Cloud Computing, Cloud Usage Profile Based Technique, Intrusion Detection and Prevention Systems
With the emerging usage of cloud computing services, the misuse of possible vulnerabilities grows at the same speed. The distributed nature, on demand services, wide usage of the cloud computing makes it an attractive target for potential intruders. Intruders are the network security attackers intend to breach cloud security. Despite security issues delaying cloud adoption, cloud computing has already become an inescapable needs and ready industry solutions. Thus, security mechanisms to ensure its secure adoption are in demand. One security mechanism is intrusion detection and prevention systems (IDPS). IDPS have been used widely to detect malicious behaviors in network communication and hosts. Here, we focus on IDPS to defend against the cloud intruders. We propose a technique called cloud service usage profile based IDPS technique. This technique is to detect and prevent intruders in cloud service intrusion based on the cloud service usage profile. In turn, this usage profile helps to detect unusual usage and prevent intrusion.
C. B. Westphall and F. R. Lamin. SLA Perspective in Security Management for Cloud Computing. In Proc. of the Int. Conf. on Networking and Services (ICNS), 2010. Pp. 212-217.
Hisham A. Kholidy, Fabrizio Baiardi CIDS: A framework for Intrusion Detection in Cloud Systems, 2012 Ninth International Conference on Information Technology- New Generations, 978-0-7695-4654-4/12 $26.00 © 2012,pp 379-385.
Karen Scarfone and Peter Mell, “Guide to Intrusion Detection and Prevention Systems (IDPS)”, National Institute of Standards and Technology(NIST), Special Publication 800-94, Feb. 2007.
. J.H. Lee, M.W. Park, J.H. Eom, T.M. Chung, "Multi-level Intrusion Detection System and Log Management in Cloud Computing", In 13th International Conference on Advanced Communication Technology, pp.552-555, 2011.
. H. Jin, G. Xiang, D. Zou et al., “A VMM-based intrusion prevention system in cloud computing environment,” The Journal of Supercomputing, pp. 1–19, 2011
.T. Udaya, V. Vijay, and A. Naveen, “Intrusion detection techniques for infrastructure as a service cloud,” in Proceedings of the 9th IEEE International Conference on Dependable, Autonomic and Secure Computing, IEEE Computer Society, pp. 744–751, Sydney, Australia, 2011.
. W. Cong, W. Qian, R. Kui, and L. Wenjing, “Ensuring data storage security in cloud computing,” in Proceedings of the 17th International Workshop on Quality of Service (IWQoS '09), pp. 1–9, July 2009
.J. Arshad, P. Townend, and J. Xu, “An automatic intrusion diagnosis approach for clouds,” International Journal of Automation and Computing, vol. 8, pp. 286–296, 2011.
. P. Angin, B. Bhargava, R. Ranchal et al., “An entity-centric approach for privacy and identity management in cloud computing,” in Proceedings of the 29th IEEE Symposium on Reliable Distributed Systems (SRDS '10), pp. 177–183, November 2010.
. Bharadwaja, S. Weiqing, M. Niamat, and S. Fangyang, “Collabra: a xen hypervisor based collaborative intrusion detection system,” in Proceedings of the 8th International Conference on Information Technology: New Generations (ITNG '11), pp. 695–700, Las Vegas, Nev, USA, 2011.
Borisaniya, A. Patel, D. Patel et al., “Incorporating honeypot for intrusion detection in cloud infrastructure,” in Trust Management VI, vol. 374, pp. 84–96, Springer, Boston, Mass, USA, 2012.
L. Flavio and P. Roberto Di, “Secure virtualization for cloud computing,” Journal of Network and Computer Applications, vol. 34, no. 4, pp. 1113–1122, 2011.
Gupta, S. Horrow, and A. Sardana, “IDS based defense for cloud based mobile infrastructure as a service,” in Proceedings of the 8th IEEE World Congress on Services (SERVICES), pp. 199–202, Honalulu, Hawaii, USA, 2012.
R. Ranchal, B. Bhargava, L. B. Othmane et al., “Protection of identity information in cloud computing without trusted third party,” in Proceedings of the 29th IEEE Symposium on Reliable Distributed Systems (SRDS '10), pp. 368–372, November 2010.
A. S. Ibrahim, J. Hamlyn-Harris, J. Grundy, and M. Almorsy, “CloudSec: a security monitoring appliance for Virtual Machines in the IaaS cloud model,” in Proceedings of the 5th International Conference on Network and System Security (NSS '11), pp. 113–120, 2011.
.T. J. Arshad and J. Xu, “A novel intrusion severity analysis approach for Clouds,” Future Generation Computer Systems, vol. 28, pp. 965–1154, 2011.
F.Rocha,M. Correia,2011,Lucy in the sky without diamonds: Stealing confidential data in the cloud.
Anup ghosh, Chrish greamo, page 79-82, 2011, “Sandboxing and Virtualization”, Security and privacy,IEEE.
Islam M. Hegazy, Taha Al-Arif, Zaki.,T. Fayed, and Hossam M. Faheem ,Oct-Nov 2003,”Multi-agent based system for intrusion Detection” ,Conference Proceedings of ISDA03, IEEE.
Hisham A. Kholidy, Fabrizio Baiardi, 2012 CIDS: “A Framework for Intrusion and Detection in cloud Systems”, 9th International Conference on Inform- ation Technology- New Generations,IEEE.
Frank Doelitzscher∗, Christoph Reich∗, MartinKnahl and Nathan Clarke, p197-204, 2011,”An autonomous agent based incident detection system for cloud environments”, 3rd IEEE International Conference
Modi, C., Patel, D., Patel, H., Borisaniya, B., Patel, A. & Rajarajan. (2012). A survey of intrusion detection techniques in Cloud. Journal of Network and Computer Applications, doi: 10.1016/j.jnca.2012.05.003
C. B. W. C. M. W. K. M. VIEIRA, A. SCHULTER, “Intrusion detection techniques in grid and cloud computing environment,” IEEE IT Professional Magazine, 2010.
S. Roschke, C. Feng, and C. Meinel, “An Extensible and Virtualization Compatible IDS Management Architecture,” Fifth International Conference on Information Assurance and Security, vol. 2, 2009, pp.130-134.
A.bakshi, and B. Yogesh, “Securing Cloud from DDOS Attacks Using Intrusion Detection System in Virtual Machine,” Second International Conference on Communication Software and Networks, 2010, pp. 260-264
L. Fagui Liu, S. Xiang Su, and L. Wenqianl, "The Design and Application of Xen-based Host System Firewall and its Extension," in The 2009 International Conference on Electronic Computer Technology,2009, pp. 392-395.
C. C. Lo, C. C. Huang, and J. Ku, “Cooperative Intrusion Detection System Framework for Cloud Computing Networks,” First IEEE International Conference on Ubi-Media Computing, 2008, pp. 280-284.
K. A. B. A. V. Dastjerdi, and S. G. H. Tabatabaei, “Distributed intrusion detection in clouds using mobile agents,” in Third International Conference on Advanced Engineering Computing and Applications in Sciences, 2009. ADVCOMP ’09, 2009, pp. 175 – 180.
Y. Guan, and J. Bao, “A CP Intrusion Detection Strategy on Cloud Computing,” In International Symposium on Web Information Systems and Applications (WISA), pp. 84–87, 2009.
C. Mazzariello, R. Bifulco, and R. Canonoco, “Integrating a network IDS into an Open source Cloud computing,” Sixth International conference on Information Assurance and Security (IAS), 2010, pp. 265-270.