Model Aggregation for Distributed Content Anomaly Detection

Cloud computing offers a scalable, low-cost, and resilient platform for critical applications. Securing these applications against attacks targeting unknown vulnerabilities is an unsolved challenge. Network anomaly detection addresses such zero-day attacks by modeling attributes of attack-free application traffic and raising alerts when new traffic deviates from this model. Content anomaly detection (CAD) is a variant of this approach that models the payloads of such traffic instead of higher level attributes. Zero-day attacks then appear as outliers to properly trained CAD sensors. In the past, CAD was unsuited to cloud environments due to the relative overhead of content inspection and the dynamic routing of content paths to geographically diverse sites. We challenge this notion and introduce new methods for efficiently aggregating content models to enable scalable CAD in dynamically-pathed environments such as the cloud. These methods eliminate the need to exchange raw content, drastically reduce network and CPU overhead, and offer varying levels of content privacy. We perform a comparative analysis of our methods using Random Forest, Logistic Regression, and Bloom Filter-based classifiers for operation in the cloud or other distributed settings such as wireless sensor networks. We find that content model aggregation offers statistically significant improvements over non-aggregate models with minimal overhead, and that distributed and non-distributed CAD have statistically indistinguishable performance. Thus, these methods enable the practical deployment of accurate CAD sensors in a distributed attack detection infrastructure

Cloud computing adoption framework:A security framework for business clouds

This paper presents a Cloud Computing Adoption Framework (CCAF) security suitable for business clouds. CCAF multi-layered security is based on the development and integration of three major security technologies: firewall, identity management and encryption based on the development of Enterprise File Sync and Share technologies. This paper presents our motivation, related work and our views on security framework. Core technologies have been explained in details and experiments were designed to demonstrate the robustness of the CCAF multi-layered security. In penetration testing, CCAF multi-layered security could detect and block 99.95% viruses and trojans and could maintain 85% and above of blocking for 100 hours of continuous attacks. Detection and blocking took less than 0.012 second per trojan and viruses. A full CCAF multi-layered security protection could block all SQL injection providing real protection to data. CCAF multi-layered security had 100% rate of not reporting false alarm. All F-measures for CCAF test results were 99.75% and above. How CCAF multi-layered security can blend with policy, real services and blend with business activities have been illustrated. Research contributions have been justified and CCAF multi-layered security can offer added value for volume, velocity and veracity for Big Data services operated in the Cloud

DaaS: Dew Computing as a Service for Intelligent Intrusion Detection in Edge-of-Things Ecosystem

Edge of Things (EoT) enables the seamless transfer of services, storage, and data processing from the cloud layer to edge devices in a large-scale distributed Internet of Things (IoT) ecosystems (e.g., Industrial systems). This transition raises the privacy and security concerns in the EoT paradigm distributed at different layers. Intrusion detection systems (IDSs) are implemented in EoT ecosystems to protect the underlying resources from attackers. However, the current IDSs are not intelligent enough to control the false alarms, which significantly lower the reliability and add to the analysis burden on the IDSs. In this article, we present a Dew Computing as a Service (DaaS) for intelligent intrusion detection in EoT ecosystems. In DaaS, a deep learning-based classifier is used to design an intelligent alarm filtration mechanism. In this mechanism, the filtration accuracy is improved (or sustained) by using deep belief networks. In the past, the cloud-based techniques have been applied for offloading the EoT tasks, which increases the middle layer burden and raises the communication delay. Here, we introduce the dew computing features that are used to design the smart false alarm reduction system. DaaS, when experimented in a simulated environment, reflects lower response time to process the data in the EoT ecosystem. The revamped DBN model achieved the classification accuracy up to 95%. Moreover, it depicts a 60% improvement in the latency and 35% workload reduction of the cloud servers as compared to edge IDS

Understand Your Chains: Towards Performance Profile-based Network Service Management

Allocating resources to virtualized network functions and services to meet service level agreements is a challenging task for NFV management and orchestration systems. This becomes even more challenging when agile development methodologies, like DevOps, are applied. In such scenarios, management and orchestration systems are continuously facing new versions of functions and services which makes it hard to decide how much resources have to be allocated to them to provide the expected service performance. One solution for this problem is to support resource allocation decisions with performance behavior information obtained by profiling techniques applied to such network functions and services. In this position paper, we analyze and discuss the components needed to generate such performance behavior information within the NFV DevOps workflow. We also outline research questions that identify open issues and missing pieces for a fully integrated NFV profiling solution. Further, we introduce a novel profiling mechanism that is able to profile virtualized network functions and entire network service chains under different resource constraints before they are deployed on production infrastructure.Comment: Submitted to and accepted by the European Workshop on Software Defined Networks (EWSDN) 201

Risk management and architecture design in securing cloud platforms: Case study of cloud models

Utilization of cloud environment has become more relevant for different companies and industries and should be considered when building new projects and migrating service from different service providers. As companies are trying to utilize cloud environments the knowledge about these might be lacking and thus increasing knowledge and introducing possible solutions is essential. This means that increasing knowledge about different approaches possible in cloud also different issues can be identified. Based on this kind of knowledge can the discussion about the possibility for utilizing cloud environments be improved. The use case for this study is the risk management and architecture design comparing of different cloud types and models based on a case study. Also, based on these different kinds of cloud types and models the security issues and countermeasures are discussed in a way that these measures could help to control or mitigate issues from happening. For finding feasible architecture designs these measures are to be considered alongside the responsibilities for different cloud models with the help of risk management. Risk management itself introduces risks and issues that are identified from cases and discussed as of how to control them within different cases. This thesis studies the possible issues and risks through a literature review that are associated with different cloud types and models. Also, introducing case study of three different cases that utilize these approaches and introduces such issues and risks associated with those cases. For identified issues and risks also relevant security methods and measures are studied through literature review and introduced to be utilized in risk management and architecture design. Based on these reviews a risk management is conducted to introduced cases where issues and risks are introduced with identification of real-world use case. Also, architecture design is introduced in a way that utilizes identified risks, control, and mitigation measures for protecting resources. What different possibilities and components to consider depending on different cases are also discussed as not all the risks can be mitigated with certain measures and would need more thought on as of what cloud type and model to utilize. Thesis also discusses about the three identified topics of risks, security measures and architecture and identifies relevant information from them for consideration. Thesis discusses about three different cases that were studied in a way as of how they differentiate from each other in the common field of risks, security measures and architecture design as they utilize the cloud in a different way. Discussion introduces the results and more detailed discussion that were identified from these three main topics. Detailed discussion itself contains similarities and differences identified from different cases and introduces more discussions based on those topics

Detailed Review on The Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs) and Defense Strategies

The development of Software Defined Networking (SDN) has altered the landscape of computer networking in recent years. Its scalable architecture has become a blueprint for the design of several advanced future networks. To achieve improve and efficient monitoring, control and management capabilities of the network, software defined networks differentiate or decouple the control logic from the data forwarding plane. As a result, logical control is centralized solely in the controller. Due to the centralized nature, SDNs are exposed to several vulnerabilities such as Spoofing, Flooding, and primarily Denial of Service (DoS) and Distributed Denial of Service (DDoS) among other attacks. In effect, the performance of SDN degrades based on these attacks. This paper presents a comprehensive review of several DoS and DDoS defense/mitigation strategies and classifies them into distinct classes with regards to the methodologies employed. Furthermore, suggestions were made to enhance current mitigation strategies accordingly

A novel autonomous management distributed system for cloud computing environments

This paper describes a novel modular design of an autonomous management distributed system (AMDS) for cloud computing environments and it presents its implementation with the Scala programming language. The AMDS was designed from the ground up with distributed deployment, modularity and security in mind, using a full object oriented approach. A key feature of this system is the ability to gather and store information from various networking and monitoring devices from within the same computing cluster. Another key feature is the ability to intelligently control VMWare vSphere local instances based on analysis of collected data and predefined parameters. vSphere in turn, once it receives commands from the AMDS, proceeds to issue instructions to multiple locally monitored ESXi severs in order to maximize energy efficiency, reduce the carbon footprint and minimize running costs. The predefined parameters are based on results from a previous paper written by the authors. The AMDS has been deployed on the authors’ test bed and is currently running successfully. Test results show highly potential industrial applications in datacenter energy management and lowering of operating costs