A survey of intrusion detection techniques in Cloud

Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks

Adaptive conflict-free optimization of rule sets for network security packet filtering devices

Packet filtering and processing rules management in firewalls and security gateways has become commonplace in increasingly complex networks. On one side there is a need to maintain the logic of high level policies, which requires administrators to implement and update a large amount of filtering rules while keeping them conflict-free, that is, avoiding security inconsistencies. On the other side, traffic adaptive optimization of large rule lists is useful for general purpose computers used as filtering devices, without specific designed hardware, to face growing link speeds and to harden filtering devices against DoS and DDoS attacks. Our work joins the two issues in an innovative way and defines a traffic adaptive algorithm to find conflict-free optimized rule sets, by relying on information gathered with traffic logs. The proposed approach suits current technology architectures and exploits available features, like traffic log databases, to minimize the impact of ACO development on the packet filtering devices. We demonstrate the benefit entailed by the proposed algorithm through measurements on a test bed made up of real-life, commercial packet filtering devices

Reusable Annotations for Matching of Event Sequences to Construct Firewall Policies

Organizations of all types use firewall systems to protect their networks from threats. Those firewalls are governed by the policies used to configure them. The PEACE (Policy Enforcement and Access Control for End-points) system is a new combination, network-plus-host based firewall that gives analysts a novel new set of data to build policy attributes for. This data are semi-structured strings that represent the hierarchy of graphical user interface components that have been interacted with around the time that host sent a network request. The multivariate, hierarchical, semi-structured nature of this data can make it a laborious or non-intuitive task to create the string matching rules that are used by the firewall policies. We present a targeted, interactive, event-sequence based \cite{cappers2017exploring} tool for the purpose of building policies for the PEACE firewall system\u27s graphical user interface data