Taxonomy and Proposed Architecture of Intrusion Detection and Prevention Systems for Cloud Computing

  • Ahmed Patel
  • Mona Taghavi
  • Kaveh Bakhtiyari
  • Joaquim Celestino Júnior
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7672)


The distributed and open structure of cloud computing and services becomes an attractive target for potential cyber-attacks by intruders. The traditional Intrusion Detection and Prevention Systems (IDPS) are deemed largely inefficient to be deployed in cloud computing environments due to their openness, dynamicity and virtualization in offered services. This paper surveys and explores the possible solutions to detect and prevent intrusions in cloud computing systems by providing a comprehensive taxonomy of existing IDPS. It discusses the key features of IDPS that are challenging and crucial for choosing the right security measures for designing an IDPS. The paper further reviews the current state of the art of developed IDPSs for cloud computing which uses advanced techniques in overcoming the challenges imposed by cloud computing requirements for more resilient, effective and efficient IDPSs, abbreviated as CIPDS.


Intrusion detection intrusion prevention cloud computing taxonomy architecture autonomic techniques 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cloud-Security-Alliance, Top Threats to Cloud Computing V1.0 (2010),
  2. 2.
    Galante, J., Kharif, O., Alpeyev, P.: Sony Network Breach Shows Amazon Cloud’s Appeal for Hackers (2011),
  3. 3.
    Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: A comprehensive security assessment. IEEE Security & Privacy 8, 35–44 (2010)CrossRefGoogle Scholar
  4. 4.
    Bringas, P.G., Penya, Y.K.: Next-Generation Misuse and Anomaly Prevention System. In: Filipe, J., Cordeiro, J. (eds.) ICEIS 2008. LNBIP, vol. 19, pp. 117–129. Springer, Heidelberg (2009)Google Scholar
  5. 5.
    Elshoush, H.T., Osman, I.M.: Alert correlation in collaborative intelligent intrusion detection systems—A survey. Applied Soft Computing 11, 4349–4365 (2011)CrossRefGoogle Scholar
  6. 6.
    Klüft, S.: Alarm management for intrusion detection systems - Prioritizing and presenting alarms from intrusion detection systems. MSc Thesis, University of Gothenburg (2012),
  7. 7.
    Lippmann, R., Webster, S., Stetson, D.: The Effect of Identifying Vulnerabilities and Patching Software on the Utility of Network Intrusion Detection. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 307–326. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Maggi, F., Matteucci, M., Zanero, S.: Reducing false positives in anomaly detectors through fuzzy alert aggregation. Information Fusion 10, 300–311 (2009)CrossRefGoogle Scholar
  9. 9.
    Leitner, M., Leitner, P., Zach, M., Collins, S., Fahy, C.: Fault management based on peer-to-peer paradigms; a case study report from the celtic project madeira. In: 10th IFIP/IEEE International Symposium on Integrated Network Management, pp. 697–700 (2007)Google Scholar
  10. 10.
    Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Computers & Amp; Security 29, 124–140 (2010)CrossRefGoogle Scholar
  11. 11.
    Arshad, J., Townend, P., Xu, J.: A novel intrusion severity analysis approach for Clouds. Future Generation Computer Systems (2011),
  12. 12.
    Grobauer, B., Walloschek, T., Stocker, E.: Understanding cloud computing vulnerabilities. IEEE Security & Privacy 9, 50–57 (2011)CrossRefGoogle Scholar
  13. 13.
    Viega, J.: Cloud computing and the common man. Computer 42, 106–108 (2009)CrossRefGoogle Scholar
  14. 14.
    Dastjerdi, A.V., Bakar, K.A., Tabatabaei, S.G.H.: Distributed intrusion detection in clouds using mobile agents. In: Third International Conference on Advanced Engineering Computing and Applications in Sciences, Sliema, pp. 175–180 (2009)Google Scholar
  15. 15.
    Wang, C., Wang, Q., Ren, K., Lou, W.: Ensuring data storage security in cloud computing. In: 17th International Workshop on Quality of Service (IWQoS 2009), Charleston, SC, pp. 1–9 (2009)Google Scholar
  16. 16.
    Foster, I., Zhao, Y., Raicu, I., Lu, S.: Cloud computing and grid computing 360-degree compared. In: Grid Computing Environments Workshop, GCE 2008, Austin, TX, pp. 1–10 (2008)Google Scholar
  17. 17.
    Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34, 1–11 (2011)CrossRefGoogle Scholar
  18. 18.
    Tupakula, U., Varadharajan, V., Akku, N.: Intrusion Detection Techniques for Infrastructure as a Service Cloud. In: IEEE International Conference on Dependable, Autonomic and Secure Computing, pp. 744–751 (2011)Google Scholar
  19. 19.
    Gustavo, N., Miguel, C.: Anomaly-based intrusion detection in software as a service. In: Dependable Systems and Networks Workshops, pp. 19–24 (2011)Google Scholar
  20. 20.
    Vieira, K., Schulter, A., Westphall, C.: Intrusion Detection for Grid and Cloud Computing. IT Professional 12, 38–43 (2010)CrossRefGoogle Scholar
  21. 21.
    Xin, W., Ting-lei, H., Xiao-yu, L.: Research on the Intrusion detection mechanism based on cloud computing. In: 2010 International Conference on Intelligent Computing and Integrated Systems (ICISS), Guilin, pp. 125–128 (2010)Google Scholar
  22. 22.
    Dhage, S., Meshram, B., Rawat, R., Padawe, S., Paingaokar, M., Misra, A.: Intrusion detection system in cloud computing environment. In: International Conference & Workshop on Emerging Trends in Technology, New York, NY, USA, pp. 235–239 (2011)Google Scholar
  23. 23.
    Kholidy, H.A., Baiardi, F.: CIDS: A Framework for Intrusion Detection in Cloud Systems. In: Ninth International Conference on Information Technology: New Generations (ITNG), Las Vegas, NV, pp. 379–385 (2012)Google Scholar
  24. 24.
    Patel, A., Qassim, Q., Shukor, Z., Nogueira, J., Júnior, J., Wills, C.: Autonomic Agent-Based Self-Managed Intrusion Detection and Prevention System. In: South African Information Security Multi-Conference (SAISMC 2010), Port Elizabeth, South Africa, pp. 223–224 (2009)Google Scholar
  25. 25.
    Smith, D., Guan, Q., Fu, S.: An Anomaly Detection Framework for Autonomic Management of Compute Cloud Systems. In: 34th Annual Computer Software and Applications Conference Workshops (COMPSACW), Seoul, pp. 376–381 (2010)Google Scholar
  26. 26.
    Martínez, C.A., Echeverri, G.I., Sanz, A.G.C.: Malware detection based on cloud computing integrating intrusion ontology representation. In: IEEE Latin-American Conference on Communications (LATINCOM), Bogota, pp. 1–6 (2010)Google Scholar
  27. 27.
    Azmandian, F., Moffie, M., Alshawabkeh, M., Dy, J., Aslam, J., Kaeli, D.: Virtual machine monitor-based lightweight intrusion detection. SIGOPS Oper. Syst. Rev. 45, 38–53 (2011)CrossRefGoogle Scholar
  28. 28.
    Lee, J.H., Park, M.W., Eom, J.H., Chung, T.M.: Multi-level Intrusion Detection System and log management in Cloud Computing. In: 13th International Conference on Advanced Communication Technology (ICACT), Seoul, pp. 552–555 (2011)Google Scholar
  29. 29.
    Takahashi, T., Kadobayashi, Y., Fujiwara, H.: Ontological approach toward cybersecurity in cloud computing. In: 3rd International Conference on Security of Information and Networks, Taganrog, Rostov-on-Don, Russian Federation (2010)Google Scholar
  30. 30.
    Jin, H., Xiang, G., Zou, D., Wu, S., Zhao, F., Li, M., Zheng, W.: A VMM-based intrusion prevention system in cloud computing environment. The Journal of Supercomputing, 1–19 (2011)Google Scholar
  31. 31.
    Masud, M.M., Al-Khateeb, T.M., Hamlen, K.W., Gao, J., Khan, L., Han, J., Thuraisingham, B.: Cloud-based malware detection for evolving data streams. ACM Trans. Manage. Inf. Syst. 2, 1–27 (2008)Google Scholar
  32. 32.
    Zargar, S.T., Takabi, H., Joshi, J.B.D.: Dcdidp: A Distributed, Collaborative, and Data-Driven Intrusion Detection and Prevention Framework for Cloud Computing Environments. In: International Conference on Collaborative Computing: Networking, Applications and Worksharing CollaborateCom, Orlando, Florida, USA (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Ahmed Patel
    • 1
    • 2
  • Mona Taghavi
    • 1
  • Kaveh Bakhtiyari
    • 1
  • Joaquim Celestino Júnior
    • 3
  1. 1.School of Computer Science, Faculty of Information Science and TechnologyUniversiti Kebangsaan MalaysiaBangiMalaysia
  2. 2.School of Computing and Information Systems, Faculty of Science, Engineering and ComputingKingston UniversityKingston upon ThamesUnited Kingdom
  3. 3.Vieira Computer Networks and Security Laboratory (LARCES)State University of Ceará (UECE)FortalezaBrazil

Personalised recommendations