Advertisement

Sādhanā

, 43:114 | Cite as

A feasible approach to intrusion detection in virtual network layer of Cloud computing

  • Chirag ModiEmail author
  • Dhiren Patel
Article

Abstract

Intrusion detection/prevention is the greatest security challenge at virtual network layer of Cloud computing. To address this challenge, there have been several security frameworks reported. However, still there is a scope of addressing newer challenges. Here, we propose a security framework to detect network intrusions in Cloud computing. This framework uses Snort and combination of different classifiers, viz Bayesian, Associative and Decision tree. We deploy our intrusion detection system (IDS) sensors on each host machine of Cloud. These sensors correlate intrusive alerts from each region of Cloud in order to identify distributed attacks. For feasibly analysis and functional validation of this framework, we perform different experiments in real time and offline simulation.

Keywords

Intrusion detection network security Cloud computing virtualization classifier 

References

  1. 1.
    Mell P, Grance T and Gentry C 2011 The NIST definition of cloud computing (draft). National Institute of Standards and Technology (NIST), http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
  2. 2.
    Popovic K and Hocenski Z 2010 Cloud computing security issues and challenges. In: Proceedings of the 33rd International Convention MIPRO, pp. 344–349Google Scholar
  3. 3.
    Gens F 2008 IT Cloud services user survey, pt.2: top benefits and challenges. International Data Corporation, http://blogs.idc.com/ie/?p=210
  4. 4.
    Biggs S and Vidalis S 2009 Cloud computing: the impact on digital forensic investigations. In: Proceedings of the International Conference on Internet Technology and Secured Transactions, pp. 1–6Google Scholar
  5. 5.
    Modi C, Patel D, Borisaniya B, Patel H, Patel A and Muttukrishnan R 2013 A survey on security issues and solutions at different layers of Cloud computing. The Journal of Supercomputing 63(2): 561–592CrossRefGoogle Scholar
  6. 6.
    Modi C, Patel, D, Borisaniya B, Patel A and Muttukrishnan R 2013 A survey of intrusion detection techniques in Cloud. Journal of Network and Computer Applications 36(1): 42–57CrossRefGoogle Scholar
  7. 7.
    Martin L 2010 Awareness, trust and security to shape Government Cloud adoption. Lockheedmartin, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/Cloud-Computing-White-Paper.pdf
  8. 8.
    Gupta S, Kumar P and Abraham A 2013 A profile based network intrusion detection and prevention system for securing Cloud environment. International Journal of Distributed Sensor Networks 9(3): 1–12CrossRefGoogle Scholar
  9. 9.
    Roschke S, Feng C and Meinel C 2009 An extensible and virtualization-compatible IDS management architecture. In: Proceedings of the Fifth International Conference on Information Assurance and Security, pp. 130–134Google Scholar
  10. 10.
    Cox P 2010 Intrusion detection in a cloud computing environment. Techtarget, http://searchcloudcomputing.techtarget.com/tip/Intrusion-detection-in-a-cloud-computing-environment
  11. 11.
    Patel A, Taghavi M, Bakhtiyari K and Jnior J C 2013 An intrusion detection and prevention system in cloud computing: a systematic review. Journal of Network and Computer Applications 36(1): 25–41CrossRefGoogle Scholar
  12. 12.
    NVD 2009 Vulnerability summary for CVE-2009-1542. National Vulnerability Database, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1542
  13. 13.
    NVD 2007 Vulnerability summary for CVE-2007-4993. National Vulnerability Database, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4993
  14. 14.
    Dastjerdi A V, Bakar K A and Tabatabaei S G H 2009 Distributed intrusion detection in Clouds using mobile agents. In: Proceedings of the Third International Conference on Advanced Engineering Computing and Applications in Sciences, pp. 175–180Google Scholar
  15. 15.
    Lo C C, Huang C C and Ku J 2010 A cooperative intrusion detection system framework for Cloud computing networks. In: Proceedings of the 39th International Conference on Parallel Processing Workshops (ICPPW), pp. 280–284Google Scholar
  16. 16.
    Ram S 2012 Secure Cloud computing based on mutual intrusion detection system. International Journal of Computer Application 2(1): 57–67Google Scholar
  17. 17.
    Bakshi A and Yogesh B 2010 Securing Cloud from DDOS attacks using intrusion detection system in virtual machine. In: Proceedings of the Second International Conference on Communication Software and Networks, pp. 260–264Google Scholar
  18. 18.
    Mazzariello C, Bifulco R and Canonico R 2010 Integrating a network IDS into an open source Cloud Computing environment. In: Proceedings of the 2010 Sixth International Conference on Information Assurance and Security (IAS), pp. 265–270Google Scholar
  19. 19.
    Gul I and Hussain M 2011 Distributed Cloud intrusion detection model. International Journal of Advanced Science and Technology 34: 71–82Google Scholar
  20. 20.
    Dhage S N and Meshram B B 2012 Intrusion detection system in Cloud Computing environment. International Journal of Cloud Computing 1(2): 261–282CrossRefGoogle Scholar
  21. 21.
    Kholidy H A and Baiardi F 2012 CIDS: a framework for intrusion detection in Cloud systems. In: Proceedings of the 2012 Ninth International Conference on Information Technology: New Generations (ITNG), pp. 379–385Google Scholar
  22. 22.
    Idrees F, Rajarajan M and Memon A Y 2013 Framework for distributed and self-healing hybrid intrusion detection and prevention system. In: Proceedings of the International Conference on ICT Convergence (ICTC), pp. 277–282Google Scholar
  23. 23.
    Snort 2014 Snort-home page. Snort Tool, https://www.snort.org/
  24. 24.
    Modi C N, Patel D R, Patel A and Rajarajan M 2012 Integrating Signature Apriori based Network Intrusion Detection System (NIDS) in Cloud Computing. In: Proceedings of the 2nd International Conference on Communication, Computing & Security [ICCCS-2012], pp. 905–912Google Scholar
  25. 25.
    Modi C N, Patel D R, Patel A and Rajarajan M 2012 Bayesian classifier and Snort based network intrusion detection system in cloud computing. In: Proceedings of the 2012 Third International Conference on Computing Communication Networking Technologies (ICCCNT), pp. 1–7Google Scholar
  26. 26.
    Han J 2005 Data mining: concepts and techniques. Morgan Kaufmann Publishers Inc, San Francisco, CA, USAGoogle Scholar
  27. 27.
    Modi C, Patel, D, Borisaniya B, Patel A and Muttukrishnan R 2012 A novel framework for intrusion detection in Cloud. In: Proceedings of the Fifth International Conference on Security of Information and Networks, pp. 67–74Google Scholar
  28. 28.
    NSL-KDD Data Set 2014 NSL-KDD intrusion dataset. NSL-KDD, http://nsl.cs.unb.ca/NSL-KDD/
  29. 29.
    Carstens T 2014 The Sniffer’s guide to raw traffic. A libpcap tutorial, http://yuba.stanford.edu/~casado/pcap/section1.html
  30. 30.
    KDD Cup Data 1999 KDD intrusion dataset. KDD, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
  31. 31.
    Chan A P F, Ng W W Y, Yeung D S and Tsang E C C 2005 Comparison of different fusion approaches for network intrusion detection using ensemble of RBFNN. In: Proceedings of the 2005 International Conference on Machine Learning and Cybernetics, pp. 3846–3851Google Scholar
  32. 32.
    Oza N C and Tumer K 2008 Classifier ensembles: select real-world applications. Information Fusion 9(1): 4–20CrossRefGoogle Scholar
  33. 33.
    Modi C N and Patel D 2013 A novel hybrid-network intrusion detection system (H-NIDS) in cloud computing. In: Proceedings of the 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 23–30Google Scholar
  34. 34.
    Bidakhvidi M A 2015 Net tools. Net Tools, http://users.telenet.be/ahmadi/nettools.htm
  35. 35.
    Pachghare S V 2011 SYN flooding using SCAPY and prevention using iptables. Linux forum, http://www.linuxforu.com/2011/10/syn-flooding-using-scapy-and-prevention-using-iptables/
  36. 36.
    Moon S 2009 SYN flood DOS attack with C source code (Linux). Binary tides, http://www.binarytides.com/syn-flood-dos-attack/
  37. 37.
    Nmap 2014 Nmap—the network mapper. Nmap, http://nmap.org/
  38. 38.
    Arora H 2011 C socket programming for Linux with a server and client example code. The Geek Stuff, http://www.thegeekstuff.com/2011/12/c-socket-programming/
  39. 39.
    DARPA dataset 1999 DARPA intrusion detection data sets. DARPA, http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/
  40. 40.
    Hick P 2007 The CAIDA DDoS attack 2007 dataset. CAIDA Datasets, https://data.caida.org/datasets/security/ddos-20070804/
  41. 41.
    Sathya S S, Ramani R G and Sivaselvi K 2011 Discriminant analysis based feature selection in KDD intrusion dataset. International Journal of Computer Applications 31(11): 1–7Google Scholar
  42. 42.
    Singh S and Silakari S 2009 An ensemble approach for feature selection of Cyber Attack Dataset. International Journal of Computer Science and Information Security 6(2): 297–302Google Scholar
  43. 43.
    Kayacik N and Heywood M 2005 Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the The 3rd Annual Conference on Privacy, Security and Trust (PST) Google Scholar
  44. 44.
    Ibrahim L M, Basheer D T and Mahmod M S 2013 A comparison study for intrusion database (KDD99, NSL-KDD) based on self organization map (SOM) artificial neural network. Journal of Engineering Science and Technology 8(1): 107–119Google Scholar
  45. 45.
    Wang L, Zhang S, Li Y, Wu R and Yu Y 2013 An attribute-weighted clustering intrusion detection method. Journal of Engineering Science and Technology 8(6): 1278–1284Google Scholar
  46. 46.
    Long Y, Ouyang J and Sun X 2013 Network intrusion detection model based on fuzzy support vector machine. Journal of Networks 8(6): 1387–1394Google Scholar
  47. 47.
    Kannan A, Maguire G Q, Sharma A and Schoo P 2012 Genetic algorithm based feature selection algorithm for effective intrusion detection in Cloud networks. In: Proceedings of the International Conference on Data Mining, pp. 416–423Google Scholar
  48. 48.
    Hubballi N, Biswas S and Nandi S 2013 Towards reducing false alarms in network intrusion detection systems with data summarization technique. Security and Communication Networks 6(3): 275–285CrossRefGoogle Scholar
  49. 49.
    Naidu R C A and Avadhani P S 2012 A comparison of data mining techniques for intrusion detection. In: Proceedings of the 2012 IEEE International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), vol. 6(3), pp. 41–44Google Scholar

Copyright information

© Indian Academy of Sciences 2018

Authors and Affiliations

  1. 1.National Institute of Technology GoaFarmagudiIndia
  2. 2.National Institute of Technology SuratSuratIndia

Personalised recommendations