EICIDS-Elastic and Internal Cloud-based Intrusion Detection System

The elasticity and abundant availability of computational resources are attractive to intruders exploit vulnerabilities of the cloud, thus being able to launch attacks against legitimate users to gain access to private and privileged information. The Intrusion Detection Systems are presented as a possible solution for protection; however, to effectively protect cloud users, it must have the ability to expand, rapidly increased or decreased the amount of sensors, according to the provisioning resources, and isolate the access to infrastructure and system levels. Protection against internal threats should also be planned, as most of the protection systems do not identify them properly. In order to solve these problems, we present the EICIDS - Elastic and Internal Cloud-based Intrusion Detection System, which monitors the internal environment of the cloud, entering sensor data capture in the local network of user´s VMs, thus being able to detect suspicious behavior of users. For this, the EICIDS uses the characteristics of virtual machines (such as fast boot, quick recovery, stop, migrate between different hosts and execution across multiple platforms) in order to monitor and protect the environment of cloud computing, with the growth or reduction of the cloud in order to save resources

A survey of intrusion detection techniques in Cloud

Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks

Wireless and Physical Security via Embedded Sensor Networks

Wireless Intrusion Detection Systems (WIDS) monitor 802.11 wireless frames (Layer-2) in an attempt to detect misuse. What distinguishes a WIDS from a traditional Network IDS is the ability to utilize the broadcast nature of the medium to reconstruct the physical location of the offending party, as opposed to its possibly spoofed (MAC addresses) identity in cyber space. Traditional Wireless Network Security Systems are still heavily anchored in the digital plane of "cyber space" and hence cannot be used reliably or effectively to derive the physical identity of an intruder in order to prevent further malicious wireless broadcasts, for example by escorting an intruder off the premises based on physical evidence. In this paper, we argue that Embedded Sensor Networks could be used effectively to bridge the gap between digital and physical security planes, and thus could be leveraged to provide reciprocal benefit to surveillance and security tasks on both planes. Toward that end, we present our recent experience integrating wireless networking security services into the SNBENCH (Sensor Network workBench). The SNBENCH provides an extensible framework that enables the rapid development and automated deployment of Sensor Network applications on a shared, embedded sensing and actuation infrastructure. The SNBENCH's extensible architecture allows an engineer to quickly integrate new sensing and response capabilities into the SNBENCH framework, while high-level languages and compilers allow novice SN programmers to compose SN service logic, unaware of the lower-level implementation details of tools on which their services rely. In this paper we convey the simplicity of the service composition through concrete examples that illustrate the power and potential of Wireless Security Services that span both the physical and digital plane.National Science Foundation (CISE/CSR 0720604, ENG/EFRI 0735974, CIES/CNS 0520166, CNS/ITR 0205294, CISE/ERA RI 0202067

On the Fly Orchestration of Unikernels: Tuning and Performance Evaluation of Virtual Infrastructure Managers

Network operators are facing significant challenges meeting the demand for more bandwidth, agile infrastructures, innovative services, while keeping costs low. Network Functions Virtualization (NFV) and Cloud Computing are emerging as key trends of 5G network architectures, providing flexibility, fast instantiation times, support of Commercial Off The Shelf hardware and significant cost savings. NFV leverages Cloud Computing principles to move the data-plane network functions from expensive, closed and proprietary hardware to the so-called Virtual Network Functions (VNFs). In this paper we deal with the management of virtual computing resources (Unikernels) for the execution of VNFs. This functionality is performed by the Virtual Infrastructure Manager (VIM) in the NFV MANagement and Orchestration (MANO) reference architecture. We discuss the instantiation process of virtual resources and propose a generic reference model, starting from the analysis of three open source VIMs, namely OpenStack, Nomad and OpenVIM. We improve the aforementioned VIMs introducing the support for special-purpose Unikernels and aiming at reducing the duration of the instantiation process. We evaluate some performance aspects of the VIMs, considering both stock and tuned versions. The VIM extensions and performance evaluation tools are available under a liberal open source licence

Issues and Challenges for Network Virtualisation

In recent years, network virtualisation has been of great interest to researchers, being a relatively new and major paradigm in networking. This has been reflected in the IT industry where many virtualisation solutions are being marketed as revolutionary and purchased by enterprises to exploit these promised performances. Adversely, there are certain drawbacks like security, isolation and others that have conceded the network virtualisation. In this study, an investigation of the different state-of-the-art virtualisation technologies, their issues and challenges are addressed and besides, a guideline for a quintessential Network Virtualisation Environment (NVE) is been proposed. A systematic review was effectuated on selectively picked research papers and technical reports. Moreover a comparative study is performed on different Network Virtualisation technologies which include features like security, isolation, stability, convergence, outlay, scalability, robustness, manageability, resource management, programmability, flexibility, heterogeneity, legacy Support, and ease of deployment. The virtualisation technologies comprise Virtual Private Network (VPN), Virtual Local Area Network (VLAN), Virtual Extensible Local Area Network (VXLAN), Software Defined Networking (SDN) and Network Function Virtualisation (NFV). Conclusively the results exhibited the disparity as to the gaps of creating an ideal network virtualisation model which can be circumvented using these as a benchmark

Cooperative Trust Framework for Cloud Computing Based on Mobile Agents

Cloud computing opens doors to the multiple, unlimited venues from elastic computing to on demand provisioning to dynamic storage, reduce the potential costs through optimized and efficient computing. To provide secure and reliable services in cloud computing environment is an important issue. One of the security issues is how to reduce the impact of for any type of intrusion in this environment. To counter these kinds of attacks, a framework of cooperative Hybrid intrusion detection system (Hy-IDS) and Mobile Agents is proposed. This framework allows protection against the intrusion attacks. Our Hybrid IDS is based on two types of IDS, the first for the detection of attacks at the level of virtual machines (VMs), the second for the network attack detection and Mobile Agents. Then, this framework unfolds in three phases: the first, detection intrusion in a virtual environment using mobile agents for collected malicious data. The second, generating new signatures from malicious data, which were collected in the first phase. The third, dynamic deployment of updates between clusters in a cloud computing, using the newest signatures previously created. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively. In this paper, we develop a collaborative approach based on Hy-IDS and Mobile Agents in Cloud Environment, to define a dynamic context which enables the detection of new attacks, with much detail as possible

Host-Based Virtual Networks Management in Cloud Datacenters

Infrastructure management is of key importance in a wide array of computer and network environments. The use of virtualization in cloud datacenters has driven the communications and computing convergence to a common operational entity. Failure to effectively manage the involved infrastructure results as impediments in provisioning a successful service. Information models facilitate the infrastructure management and current solutions can be effectively applied in most datacenter scenarios, apart from cases where the networking architecture relies heavily on systems virtualization. In this paper we propose an information model for managing virtual network architectures, where hypervisors and computing server resources are deployed as the basis of the networking layer. We provide a successful proof of concept by managing a virtual machine-based network infrastructure acting as an IP routing platform using statistical methods. Our proposal enables a dynamic reconfiguration of allocated infrastructure resources adapting, in real-time, to variations in the imposed workload