Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Privacy in Digital Business

TrustBus 2015: Trust, Privacy and Security in Digital Business pp 136–149Cite as

Till All Are One: Towards a Unified Cloud IDS

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9264))

Abstract

Recently there is a trend to use cloud computing on service deployment, enjoying various advantages that it offers with emphasis on the economy which is achieved in the era of the financial crisis. However, along with the transformation of technology, several security issues are raised and especially the threat of malicious insiders. For instance, insiders can use their privileged position to accomplish an attack against the cloud infrastructure. In this paper we introduce a practical and efficient intrusion detection system solution for cloud based on the advantages of CUDA technology. The proposed solution audits the deployed virtual machines operation, and correlates the collected information to detect uncommon behavior based on Smith-Waterman algorithm. To do so, we collect the system calls of cloud virtual machines and compare them with pre-defined attack signatures. We implement the core of the detection module both sequentially and in parallel on CUDA technology. We evaluate our solution on experimental CUDA enabled cloud system in terms of performance using well known attack patterns. Results indicate that our approach improve highly the efficiency of detection in terms of processing time compared to a sequential implementation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Spring, J.: Monitoring cloud computing by layer, part 1. Secur. Priv. IEEE 9(2), 66–68 (2011)

    Article  Google Scholar 

  2. Strace command. http://unixhelp.ed.ac.uk/CGI/man-cgi?strace+1. Accessed 24 May 2015

  3. AlZain, M.A., et al.: Cloud computing security: from single to multi-clouds. In: 2012 45th Hawaii International Conference on System Science (HICSS). IEEE (2012)

    Google Scholar 

  4. Krutz, R.L., Vines, R.D.: Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Wiley, Indianapolis (2010)

    Google Scholar 

  5. Enisa: Cloud Computing – Benefits, Risks and Recommendations for Information Security (2009)

    Google Scholar 

  6. Sandhu, R., et al.: Towards a discipline of mission-aware cloud computing. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop. ACM (2010)

    Google Scholar 

  7. Kandias, M., Virvilis, N., Gritzalis, D.: The insider threat in cloud computing. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds.) CRITIS 2011. LNCS, vol. 6983, pp. 93–103. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  8. CUDA technology. http://www.nvidia.com/object/cuda_home_new.html. Accessed 24 May 2015

  9. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: ACM CCS, Chicago (2009)

    Google Scholar 

  10. Roschke, S., Cheng, F., Meinel, C.: An advanced IDS management architecture. J. Inf. Assur. Secur. 5, 246–255 (2010)

    Google Scholar 

  11. Magklaras, G., Furnell, S., Papadaki, M.: LUARM: an audit engine for insider misuse detection. Int. J. Digit. Crime Forensics 3(3), 37–49 (2011)

    Article  Google Scholar 

  12. Tripathi, A., Mishra, A.: Cloud computing security considerations. In: 2011 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC). IEEE (2011)

    Google Scholar 

  13. Stolfo, S.J., Salem, M.B., Keromytis, A.D.: Fog computing: mitigating insider data theft attacks in the cloud. In: 2012 IEEE Symposium on Security and Privacy Workshops (SPW). IEEE (2012)

    Google Scholar 

  14. Hoang, C.: Protecting Xen hypercalls. MSC thesis, University of British Columbia, July 2009

    Google Scholar 

  15. XEN Hypervisor. http://www.xenproject.org/developers/teams/hypervisor.html. Accessed 24 May 2015

  16. Rawat, S., Gulati, V.P., Pujari, A.K., Vemuri, V.R.: Intrusion detection using text processing techniques with a binary-weighted cosine metric. J. Inf. Assur. Secur. 1(1), 43–50 (2006)

    Google Scholar 

  17. Sundararajan, S., Narayanan, H., Pavithran, V., Vorungati, K., Achuthan, K.: Preventing insider attacks in the cloud. In: Abraham, A., Lloret Mauri, J., Buford, J.F., Suzuki, J., Thampi, S.M. (eds.) ACC 2011, Part I. CCIS, vol. 190, pp. 488–500. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  18. Xiao, Z., Xiao, Y.: Security and privacy in cloud computing. IEEE Commun. Surv. Tutorials PP(99), 1–17 (2012)

    Google Scholar 

  19. Bates, A.: Dtecting cloud co-residency with network flow watermarking techniques. MSC thesis, University of Oregon, September 2012

    Google Scholar 

  20. Nmap command. http://nmap.org/. Accessed 24 May 2015

  21. Hping command. http://www.hping.org/. Accessed 24 May 2015

  22. Wget command. http://www.gnu.org/software/wget/. Accessed 24 May 2015

  23. Mundada, Y., Ramachndran, A., Feamster, N.: SilverLine: data and network isolation for cloud services. In: Proceedings of the USENIX Workshop on Hot Topics in Cloud Computing (HotCloud) (2011)

    Google Scholar 

  24. Zhang, Y., Juels, A., Oprea, A., Reiter, A.: HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis. In: IEEE Symposium on Security and Privacy (2011)

    Google Scholar 

  25. Mazzariello, C., Bifulco, R., Canonico, R.: Integrating a network IDS into an open source cloud computing environment. In: Sixth International Conference on Information Assurance and Security (2010)

    Google Scholar 

  26. Schulter, A., Vieira, K., Westphal, C., Westaphal, C., Abderrrahim, S.: Intrusion detection for computational grids. In: Proceedings of the 2nd Int’l Conference New Technologies Mobility, and Security. IEEE Press (2008)

    Google Scholar 

  27. Cheng, F., Roschke, S., Meinel, C.: Implementing IDS management on lock-keeper. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 360–371. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  28. Cheng, F., Roschke, S., Meinel, C.: An advanced IDS management architecture. J. Inf. Assu. Secur. 51, 246–255 (2010)

    Google Scholar 

  29. Cheng, F., Roschke, S., Meinel, C.: Intrusion detection in the cloud. In: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, China (2009)

    Google Scholar 

  30. Bharadwaja, S., Sun, W., Niamat, M., Shen, F.: Collabra: axen hypervisor based collaborative intrusion detection system. In: Proceedings of the 8th International Conference on Information Technology: New Generations (ITNG 2011), Las Vegas, Nev, USA, pp. 695–700 (2011)

    Google Scholar 

  31. Bakshi, A., Yogesh, B.: Securing cloud from ddos attacks using intrusion detection system in virtual machine. In: Second International Conference on Communication Software and Networks, ICCSN 2010. IEEE (2010)

    Google Scholar 

  32. Alarifi, S.S., Wolthusen, S.D.: Detecting anomalies in IaaS environments through virtual machine host system call analysis. In: 2012 International Conferece for Internet Technology and Secured Transactions. IEEE (2012)

    Google Scholar 

  33. KVM Hypervisor. http://www.linux-kvm.org/. Accessed 24 May 2015

  34. Rawat, S., et al.: Intrusion detection using text processing techniques with a binary-weighted cosine metric. J. Inf. Assur. Secur. 1(1), 43–50 (2006)

    MathSciNet  Google Scholar 

  35. Sharma, A., Pujari, A.K., Paliwal, K.K.: Intrusion detection using text processing techniques with a kernel based similarity measure. Comput. Secur. 26(7), 488–495 (2007)

    Article  Google Scholar 

  36. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151–180 (1998)

    Google Scholar 

  37. Kang, D.-K., Fuller, D., Honavar, V.: Learning classifiers for misuse and anomaly detection using a bag of system calls representation. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005. IEEE (2005)

    Google Scholar 

  38. Azmandian, F., et al.: Securing cloud storage systems through a virtual machine monitor. In: Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems. ACM (2012)

    Google Scholar 

  39. Eskin, E., Lee, W., Stolfo, S.J.: Modeling system calls for intrusion detection with dynamic window sizes. In: Proceedings of the DARPA Information Survivability Conference and Exposition II, DISCEX 2001, vol. 1. IEEE (2001)

    Google Scholar 

  40. Azmandian, F., et al.: Virtual machine monitor-based lightweight intrusion detection. ACM SIGOPS Operating Syst. Rev. 45(2), 38–53 (2011)

    Article  Google Scholar 

  41. Nslookup command. http://www.computerhope.com/unix/unslooku.htm. Accessed 24 May 2015

  42. Backtrack Linux. http://www.backtrack-linux.org/. Accessed 24 May 2015

  43. Kali Linux. http://www.kali.org/. Accessed 24 May 2015

  44. Backbox Linux. http://www.backbox.org/. Accessed 24 May 2015

  45. Our CUDA parallel implementation. https://code.google.com/p/smith-waterman-cuda-syscall/. Accessed 24 May 2015

  46. GNU Operating System. http://www.gnu.org/software/wget/. Accessed 24 May 2015

  47. Hping command. http://www.hping.org/. Accessed 24 May 2015

  48. Maybury, M., et al.: Analysis and Detection of Malicious Insiders. MITRE Corp., Bedford (2005)

    Google Scholar 

  49. Smurf attack. http://www.ciscopress.com/articles/article.asp?p=1312796. Accessed 24 May 2015

  50. Ping6 attack. http://www.tldp.org/HOWTO/Linux%2BIPv6-HOWTO/x811.html. Accessed 24 May 2015

  51. Agarwal, A., Agarwal, A.: The security risks associated with cloud computing. Int. J. Comput. Appl. Eng. Sci. 1 (2011)

    Google Scholar 

  52. Smith, T., Waterman, M.: Identification of common molecular subsequences. J. Mol. Biol. 147, 195–197 (1981)

    Article  Google Scholar 

  53. Krutz, R.L., Vines, R.D.: Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Wiley, Indianapolis (2010)

    Google Scholar 

  54. Jose, G., Arul, J., Sanjeev, C., Suyambulingom, C.: Implementation of data security in cloud computing. Int. J. P2P Netw. Trends Technol. 1(1) (2011)

    Google Scholar 

  55. Labib, K., Vemuri, V.R.: An application of principal component analysis to the detection and visualization of computer network attacks. Annales des Télécommunications 61(1–2), 218–234 (2006)

    Article  Google Scholar 

  56. Coull, S., Branch, J., Szymanski, B., Breimer, E.: Intrusion detection: a bioinformatics approach. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 24–33. IEEE, December 2003

    Google Scholar 

  57. Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., Ioannidis, S.: Gnort: high performance network intrusion detection using graphics processors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 116–134. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  58. Snort IDS. https://www.snort.org/. Accessed 24 May 2015

  59. Cudasw parallel SW CUDA implementation. http://cudasw.sourceforge.net/homepage.htm#latest. Accessed 24 May 2015

  60. Pitropakis, N., Pikrakis, A., Lambrinoudakis, C.: Behaviour reflects personality: detecting co-residence attacks on Xen-based cloud environments. Int. J. Inf. Secur. 1–7 (2014)

    Google Scholar 

  61. Pitropakis, N., et al.: If you want to know about a hunter, study his prey: detection of network based attacks on KVM based cloud environments. J. Cloud Comput. Adv. Syst. Appl. 3(1), 20 (2014)

    Article  Google Scholar 

  62. Maier, D.: The complexity of some problems on subsequences and supersequences. J. ACM (JACM) 25(2), 322–336 (1978)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Acknowledgements

This work has been partially supported by the Research Center of the University of Piraeus.

Author information

Authors and Affiliations

  1. Department of Digital Systems, University of Piraeus, 18534, Piraeus, Greece

    Nikolaos Pitropakis & Costas Lambrinoudakis

  2. Electrical and Computer Engineering Department, Aristotle University of Thessaloniki, 541 24, Thessaloniki, Greece

    Dimitris Geneiatakis

Authors
  1. Nikolaos Pitropakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Costas Lambrinoudakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dimitris Geneiatakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nikolaos Pitropakis .

Editor information

Editors and Affiliations

  1. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  2. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  3. University of Malaga, Málaga, Spain

    Javier López

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Pitropakis, N., Lambrinoudakis, C., Geneiatakis, D. (2015). Till All Are One: Towards a Unified Cloud IDS. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22906-5_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22905-8

  • Online ISBN: 978-3-319-22906-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation