Skip to main content
SpringerLink
Log in

Profile and Back Off Based Distributed NIDS in Cloud

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Cloud security is a major concern these days. Out of the various attacks over Cloud the one which is very specific and consistently launched is DDoS. Current state of art solutions for detection of DDoS attacks in Cloud consume a lot of computational resources in performing per packet attack signature detection. As and when Cloud scales this will result in more resources being utilized for providing DDoS attack detection in Cloud eventually decreasing the amount of resources from the effective pool that can be allocated to its clients. We have utilized the underlying fact that during DDoS, attack packets are sent at a very heavy rate and hence proposed a profiling and back off based detection strategy for detecting DDoS attacks in Cloud. The solution provides lowest resource requirements at the same detection speed. The proposed solution is validated using DARPA dataset and has been thoroughly tested in multiple set of experimentations at client VM’s in Cloud. It has provided a 100 % accuracy in DDoS attack detection with almost 32 times savior of computational resources at near to same detection speed compared to traditional per packet based NIDS at a back off detection value of T = 32.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Gupta, S., & Kumar, P. (2013). Taxonomy of cloud security. International Journal of Computer Science, Engineering and Applications, 3(5), 20.

    Article  Google Scholar 

  2. Buyya, R., Chee Shin, Y., & Venugopal, S. (2008). Market-oriented cloud computing: Vision, hype, and reality for delivering IT services as computing utilities. In 10th IEEE international conference on high performance computing and communications. HPCC ‘08, Dallan (pp. 5–13).

  3. Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 25(6), 599–616.

    Article  Google Scholar 

  4. Mazzariello, C., Bifulco, R., & Canonico, R. (2010). Integrating a network IDS into an open source Cloud Computing environment. In 2010 Sixth international conference on information assurance and security (IAS), Atlanta, GA (pp. 265–270).

  5. Jansen, W., & Grance, T. (2011). NIST issues cloud computing guidelines for managing security and privacy (Vol. 800-144). Gaithersburg, MD: Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.

    Google Scholar 

  6. Katz, S. (2011). Tackling the insider threat. http://www.bankinfosecurity.com/blogs.php?postID=140.

  7. Holt, A., & Weiss, K. (2011). Cloud Computing takes off (Vol. 1). New York: Morgan Stanley.

    Google Scholar 

  8. Stephen, C., Tyler, B., Mukul, G., & Patrick, S. (2013). Targeted attacks and opportunistic hacks (Vol. 1). Report, Alert Logic, Yorktown.

  9. Stallings, W. (2007). Network security essentials: Applications and standards (pp. 26–351). Noida: Pearson Education India.

    Google Scholar 

  10. Lei, Z., Shui, Y., Di, W., & Watters, P. (2011). A survey on latest botnet attack and defense. In 2011 IEEE 10th international conference on trust, security and privacy in computing and communications (TrustCom), Changsha (pp. 53–60).

  11. Metz, C. (2011). Attack on Amazon Cloud Services, Bitbucket’s servers down. http://www.theregister.co.uk/2009/10/05/amazon_bitbucket_outage/.

  12. Gupta, S., Kumar, P., Sardana, A., & Abraham, A. (2012). A secure and lightweight approach for critical data security in cloud. In 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN), Sao Carlos (pp. 315–320).

  13. Hubballi, N., Biswas, S., & Nandi, S. (2013). Towards reducing false alarms in network intrusion detection systems with data summarization technique. Security and Communication Networks, 6(3), 275–285.

    Article  Google Scholar 

  14. Husain, M. I. (2012). A holistic approach to lightweight data security in embedded cloud computing. New York, NY: State University of New York at Buffalo.

    Google Scholar 

  15. Qin, L., Guojun, W., & Jie, W. (2009). An efficient privacy preserving keyword search scheme in cloud computing. In International Conference on Computational Science and Engineering, 2009. CSE ‘09, Vancouver, BC (pp. 715–720).

  16. Chi-Chun, L., Chun-Chieh, H., & Ku, J. (2010). A cooperative intrusion detection system framework for cloud computing networks. In 2010 39th international conference on parallel processing workshops (ICPPW), San Diego, CA (pp. 280–284).

  17. Cisco. (2014). Welcome to the new Snort.org. https://www.snort.org/.

  18. Qi, C., Wenmin, L., Wanchun, D., & Shui, Y. (2011). CBF: A packet filtering method for DDoS attack defense in cloud environment. In 2011 IEEE Ninth international conference on dependable, autonomic and secure computing (DASC), Sydney, NSW (pp. 427–434).

  19. Jin, H., Xiang, G., Zou, D., Wu, S., Zhao, F., Li, M., et al. (2011). A VMM-based intrusion prevention system in cloud computing environment. The Journal of Supercomputing, 1, 1–19.

    Google Scholar 

  20. MIT. (2013). 1998 DARPA intrusion detection evaluation data set. http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/1998data.html.

  21. Smallwood, D., & Vance, A. (2011) Intrusion analysis with deep packet inspection: Increasing efficiency of packet based investigations. In 2011 international conference on cloud and service computing (CSC), Hong Kong (pp. 342–347).

  22. Dhage, S. N., Meshram, B. B., Rawat, R., Padawe, S., Paingaokar, M., & Misra, A. (2011). Intrusion detection system in cloud computing environment. In Proceedings of the International Conference & Workshop on Emerging Trends in Technology, Mumbai, Maharashtra, India (pp. 235–239).

  23. Gul, I., & Hussain, M. (2011). Distributed cloud intrusion detection model. International Journal of Advanced Science and Technology, 34, 71–81.

    Google Scholar 

  24. Joshi, B., Vijayan, A. S., & Joshi, B. K. (2012) Securing cloud computing environment against DDoS attacks. In 2012 international conference on computer communication and informatics (ICCCI), Coimbatore, India (pp. 1–5).

  25. Lanjuan, Y., Tao, Z., Jinyu, S., JinShuang, W., & Ping, C. (2012) Defense of DDoS attack for cloud computing. In 2012 IEEE international conference on computer science and automation engineering (CSAE), Zhangjiajie, China (pp. 626–629).

  26. Zhuang, W., Gui, X., Huang Ru, W., & Yu, S. (2012) TCP DDOS attack detection on the host in the KVM virtual machine environment. In 2012 IEEE/ACIS 11th international conference on computer and information science (ICIS), Shanghai (pp. 62–67).

  27. Borisaniya, B., Patel, A., Patel, D., Patel, H., Dimitrakos, T., Moona, R., et al. (2012). Incorporating honeypot for intrusion detection in cloud infrastructure trust management VI. IFIP Advances in Information and Communication Technology (pp. 84–96). Boston: Springer.

    Google Scholar 

  28. Modi, C. N., Patel, D. R., Patel, A., & Rajarajan, M. (2012). Integrating signature apriori based network intrusion detection system (NIDS) in cloud computing. Procedia Technology, 6(1), 905–912.

    Article  Google Scholar 

  29. Anitha, E., & Malliga, S. (2013). A packet marking approach to protect cloud environment against DDoS attacks. In 2013 international conference on information communication and embedded systems (ICICES), Chennai, India (pp. 367–370).

  30. Ismail, M. N., Aborujilah, A., Musa, S., & Shahzad, A. (2013) “Detecting flooding based DoS attack in cloud computing environment using covariance matrix approach. In Proceedings of the 7th international conference on ubiquitous information management and communication, Kota Kinabalu, Malaysia (pp. 1–6).

  31. Choi, J., Choi, C., Ko, B., & Kim, P. (2014). A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment. Soft Computing, 18(9), 1697–1703.

    Article  Google Scholar 

  32. Rahman, M., & Cheung, W. M. (2014). A novel cloud computing security model to detect and prevent DoS and DDoS attack. International Journal of Advanced Computer Science and Applications, 5(6), 119–122.

    Article  Google Scholar 

  33. Miao, R., Yu, M. & Jain, N. (2014). NIMBUS: Cloud-scale attack detection and mitigation. In Proceedings of the 2014 ACM conference on SIGCOMM, Chicago, Illinois, USA (pp. 121–122).

  34. Shamsolmoali, P., Alam, M. A., & Biswas, R. (2014). C2DF: High rate DDOS filtering method in cloud computing. International Journal of Computer Network and Information Security, 9(2014), 43–50.

    Article  Google Scholar 

  35. Fei, X., Fangming, L., Hai, J., & Vasilakos, A. V. (2014). Managing performance overhead of virtual machines in cloud computing: A survey, state of the art, and future directions. Proceedings of the IEEE, 102(1), 11–31.

    Article  Google Scholar 

  36. Gupta, S., Sardana, A., & Kumar, P. (2012). A light weight centralized file monitoring approach for securing files in cloud environment. In The 7th international conference for internet technology and secured transactions (ICITST-2012) (pp. 382–387). London: UK.

  37. Perl.org. (2013). CPAN, Comprehensive Perl Archive Network. http://www.cpan.org/.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology, Roorkee, Uttarakhand, 247667, India

    Sanchika Gupta & Padam Kumar

Authors
  1. Sanchika Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Padam Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sanchika Gupta.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gupta, S., Kumar, P. Profile and Back Off Based Distributed NIDS in Cloud. Wireless Pers Commun 94, 2879–2900 (2017). https://doi.org/10.1007/s11277-016-3753-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3753-3

Keywords

Search

Navigation