A survey of intrusion detection techniques in Cloud

Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks

CyberGuarder: a virtualization security assurance architecture for green cloud computing

Cloud Computing, Green Computing, Virtualization, Virtual Security Appliance, Security Isolation

State of the Art Intrusion Detection System for Cloud Computing

The term Cloud computing is not new anymore in computing technology. This form of computing technology previously considered only as marketing term, but today Cloud computing not only provides innovative improvements in resource utilisation but it also creates a new opportunities in data protection mechanisms where the advancement of intrusion detection technologies  are blooming rapidly. From the perspective of security, Cloud computing also introduces concerns about data protection and intrusion detection mechanism. This paper surveys, explores and informs researchers about the latest developed Cloud Intrusion Detection Systems by providing a comprehensive taxonomy and investigating possible solutions to detect intrusions in cloud computing systems. As a result, we provide a comprehensive review of Cloud Intrusion Detection System research, while highlighting the specific properties of Cloud Intrusion Detection System. We also present taxonomy on the key issues in Cloud Intrusion Detection System area and discuss the different approaches taken to solve the issues. We conclude the paper with a critical analysis of challenges that have not fully solved

Cooperative Trust Framework for Cloud Computing Based on Mobile Agents

Cloud computing opens doors to the multiple, unlimited venues from elastic computing to on demand provisioning to dynamic storage, reduce the potential costs through optimized and efficient computing. To provide secure and reliable services in cloud computing environment is an important issue. One of the security issues is how to reduce the impact of for any type of intrusion in this environment. To counter these kinds of attacks, a framework of cooperative Hybrid intrusion detection system (Hy-IDS) and Mobile Agents is proposed. This framework allows protection against the intrusion attacks. Our Hybrid IDS is based on two types of IDS, the first for the detection of attacks at the level of virtual machines (VMs), the second for the network attack detection and Mobile Agents. Then, this framework unfolds in three phases: the first, detection intrusion in a virtual environment using mobile agents for collected malicious data. The second, generating new signatures from malicious data, which were collected in the first phase. The third, dynamic deployment of updates between clusters in a cloud computing, using the newest signatures previously created. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively. In this paper, we develop a collaborative approach based on Hy-IDS and Mobile Agents in Cloud Environment, to define a dynamic context which enables the detection of new attacks, with much detail as possible

A Taxonomy of Virtualization Security Issues in Cloud Computing Environments

Objectives: To identify the main challenges and security issues of virtualization in cloud computing environments. It reviews the alleviation techniques for improving the security of cloud virtualization systems. Methods/ Statistical Analysis: Virtualization is a fundamental technology for cloud computing, and for this reason, any cloud vulnerabilities and threats affect virtualization. In this study, the systematic literature review is performed to find out the vulnerabilities and risks of virtualization in cloud computing and to identify threats, and attacks result from those vulnerabilities. Furthermore, we discover and analyze the effective mitigation techniques that are used to protect, secure, and manage virtualization environments. Findings: Thirty vulnerabilities are identified, explained, and classified into six proposed classes. Furthermore, fifteen main virtualization threats and attacks ar defined according to exploited vulnerabilities in a cloud environment. Application/Improvements: A set of common mitigation solutions are recognized and discovered to alleviate the virtualization security risks. These reviewed techniques are analyzed and evaluated according to five specified security criteria

Intrusion detection and prevention of web service attacks for software as a service:Fuzzy association rules vs fuzzy associative patterns

Cloud computing inherits all the systems, networks as well asWeb Services’ security vulnerabilities, in particular for software as a service (SaaS), where business applications or services are provided over the Cloud as Web Service (WS). Hence, WS-based applications must be protected against loss of integrity, confidentiality and availability when they are deployed over to the Cloud environment. Many existing IDP systems address only attacks mostly occurring at PaaS and IaaS. In this paper, we present our fuzzy association rule-based (FAR) and fuzzy associative pattern-based (FAP) intrusion detection and prevention (IDP) systems in defending against WS attacks at the SaaS level. Our experimental results have validated the capabilities of these two IDP systems in terms of detection of known attacks and prediction of newvariant attacks with accuracy close to 100%. For each transaction transacted over the Cloud platform, detection, prevention or prediction is carried out in less than five seconds. For load and volume testing on the SaaS where the system is under stress (at a work load of 5000 concurrent users submitting normal, suspicious and malicious transactions over a time interval of 300 seconds), the FAR IDP system provides close to 95% service availability to normal transactions. Future work involves determining more quality attributes besides service availability, such as latency, throughput and accountability for a more trustworthy SaaS

Intrusion Detection Systems in Cloud Computing: A Contemporary Review of Techniques and Solutions

Rapid growth of resources and escalating cost of infrastructure is leading organizations to adopt cloud computing. Cloud computing provides high performance, efficient utilization, and on-demand availability of resources. However, the cloud environment is vulnerable to different kinds of intrusion attacks which involve installing malicious software and creating backdoors. In a cloud environment, where businesses have hosted important and critical data, the security of underlying technologies becomes crucial. To mitigate the threat to cloud environments, Intrusion Detection Systems (IDS) are a layer of defense. The aim of this survey paper is to review IDS techniques proposed for the cloud. To achieve this objective, the first step is defining the limitations and unique characteristics of each technique. The second step is establishing the criteria to evaluate IDS architectures. In this paper, the criteria used is derived from basic characteristics of cloud. Next step is a comparative analysis of various existing intrusion detection techniques against the criteria. The last step is on the discussion of drawbacks and open issues, comprehended from the evaluation, due to which implementation of IDS in cloud environment face hurdles

A Federated Architecture for Heuristics Packet Filtering in Cloud Networks

The rapid expansion in networking has provided tremendous opportunities to access an unparalleled amount of information. Everyone connects to a network to gain access and to share this information. However when someone connects to a public network, his private network and information becomes vulnerable to hackers and all kinds of security threats. Today, all networks needs to be secured, and one of the best security policies is firewall implementation. Firewalls can be hardware or cloud based. Hardware based firewalls offer the advantage of faster response time, whereas cloud based firewalls are more flexible. In reality the best form of firewall protection is the combination of both hardware and cloud firewall. In this thesis, we implemented and configured a federated architecture using both firewalls, the Cisco ASA 5510 and Vyatta VC6.6 Cloud Based Firewall. Performance evaluation of both firewalls were conducted and analyzed based on two scenarios; spike and endurance test. Throughputs were also compared, along with some mathematical calculations using statistics. Different forms of packets were sent using a specialized tool designed for load testing known as JMeter. After collecting the results and analyzing it thoroughly, this thesis is concluded by presenting a heuristics method on how packet filtering would fall back to the cloud based firewall when the hardware based firewall becomes stressed and over loaded, thus allowing efficient packet flow and optimized performance. The result of this thesis can be used by Information Security Analyst, students, organizations and IT experts to have an idea on how to implement a secured network architecture to protect digital information