Cloud denial of service detection by dendritic cell mechanism

The term cloud computing is not new anymore in computing technology. This form of computing technology previously considered only as marketing term, but today cloud computing not only provides innovative improvements in resource utilization but it also creates a new opportunities in data protection mechanisms where the advancement of intrusion detection technologies are blooming rapidly. From the perspective of security, cloud computing also introduces concerns about data protection and intrusion detection mechanism especially cloud computing are exposed to Denial of Service (DoS) attacks. This paper aims to provide DoS detection mechanism for cloud computing environment. As a result, we provide an experiment to examine the capability of the proposed system. The result shows that the proposed system was able to detect DoS attacks that conducted during the experiment with 94.4% detection rate. We conclude the paper with a discussion on the results, then we include together with a graphical summary of the experiment's result

State of the Art Intrusion Detection System for Cloud Computing

The term Cloud computing is not new anymore in computing technology. This form of computing technology previously considered only as marketing term, but today Cloud computing not only provides innovative improvements in resource utilisation but it also creates a new opportunities in data protection mechanisms where the advancement of intrusion detection technologies  are blooming rapidly. From the perspective of security, Cloud computing also introduces concerns about data protection and intrusion detection mechanism. This paper surveys, explores and informs researchers about the latest developed Cloud Intrusion Detection Systems by providing a comprehensive taxonomy and investigating possible solutions to detect intrusions in cloud computing systems. As a result, we provide a comprehensive review of Cloud Intrusion Detection System research, while highlighting the specific properties of Cloud Intrusion Detection System. We also present taxonomy on the key issues in Cloud Intrusion Detection System area and discuss the different approaches taken to solve the issues. We conclude the paper with a critical analysis of challenges that have not fully solved

A fictitious play‐based response strategy for multistage intrusion defense systems

The recent developments of advanced intrusion detection systems in the cyber security field provide opportunities to proactively protect the computer network systems and minimize the impacts of attackers on network operations. This paper is intended to assist the network defender find its best actions to defend against multistage attacks. The possible sequences of interactions between the attackers and the network defender are modeled as a two‐player non‐zero‐sum non‐cooperative dynamic multistage game with incomplete information. The players are assumed to be rational. They take turns in making decisions by considering previous and possible future interactions with the opponent and use Bayesian analysis after each interaction to update their knowledge about the opponents. We propose a Dynamic game tree‐based Fictitious Play (DFP) approach to describe the repeated interactive decisions of the players. Each player finds its best moves at its decision nodes of the game tree by using multi‐objective analysis. All possibilities are considered with their uncertain future interactions, which are based on learning of the opponent's decision process (including risk attitude and objectives). Instead of searching the entire game tree, appropriate future time horizons are dynamically determined for both players. In the DFP approach, the defender keeps tracking the opponent's actions, predicts the probabilities of future possible attacks, and then chooses its best moves. Thus, a new defense algorithm, called Response by DFP (RDFP), is developed. Numerical experiments show that this approach significantly reduces the damage caused by multistage attacks and it is also more efficient than other related algorithms. Copyright © 2013 John Wiley & Sons, Ltd. In the cybersecurity field, the possible sequences of interactions between the attackers and the network defender are modeled as a two‐player non‐zero‐sum non‐cooperative dynamic multi‐stage game with incomplete information. Based on the recent developments of advanced intrusion detection systems, a new defense algorithm, called Response by Dynamic game tree‐based Fictitious Play (RDFP), is developed for the defender to consider previous and possible future interactions with the attackers, update his/her knowledge about the opponents, and find the best defending strategies quickly.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/106062/1/sec730.pd

Outbound Network Traffic Monitring

The objective of this research is to begin the task of identifying the purpose of outbound traffic of a computer network. In this study, resources available on the Internet were used to find the probable location and the owner of observed destination IP addresses as the first step of this long term research goal. JAVA code was written which uses Internet search engines to get the required owner and location information. To test the code, headers of outbound Oklahoma State University traffic were collected using TCP Dump during four time intervals over a 24 hour period. By using the available information in Internet, the percentage of known IP Locations was approximately 99.7 % at all different times. The majority of IP destination address locations were in the United States. Traffic patterns were observed to change over time with most non-U.S. traffic headed for Asia and Europe.School of Electrical & Computer Engineerin

Uma arquitetura de computação autônoma e cognitiva para monitoramento de nuvens

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2014.Em um curto espaço de tempo, a computação em nuvem evoluiu de mais um buzzword do mercado para um paradigma e modelo de serviço e entrega de recursos amplamente consolidado e aceito. Mesmo que ainda existam lacunas e divergências sobre conceitos e padrões, fato inegável é a expansão e utilização da Nuvem como modelo computacional. Neste contexto novos desafios surgem, entre eles a necessidade de monitorar tais infraestruturas complexas e heterogêneas, de forma a possibilitar a análise de grandes volumes de dados gerados, para tarefas de importância primordial para este modelo, como faturamento de recursos utilizados, identificação de falhas e predição de comportamentos. Tendo em vista este universo dinâmico e de rápidas mudanças, a presente arquitetura é apresentada, propondo um modelo de monitoramento não intrusivo, cujo foco está no armazenamento e recuperação de dados para a construção de sistemas autônomos utilizando aprendizado de máquina. Este trabalho visa evoluir o estado da arte ao propor uma arquitetura autônoma para o monitoramento de Nuvens, tanto privadas quanto híbridas e públicas.Abstract : In a very short timespan, Cloud Computing has evolved from another market buzzword to a widely accepted and consolidated computing model. Even though there are still gaps and disagreements about concepts and patterns, an undeniable fact is the expansion and wide use of the Cloud as a computing model. In this context there are new challenges, including the need to monitor such complex and heterogeneous infrastructures, in order to enable the analysis of large volumes of data generated for tasks of paramount importance like billing, consolidated reports, detect failures and predict future issues. Given this dynamic and rapidly changing universe, the proposed architecture is presented, proposing a non-intrusive monitoring model, whose focus is the information storage and retrieval allowing the construction of autonomous systems using machine learning. This work aims to advance the state of the art by proposing an autonomous architecture for Clouds monitoring

Autonomic Intrusion Detection System

International audienceAbstract. We propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection in unlabeled audit data streams. The framework owns ability of self-managing: self-labeling, self-updating and self-adapting. Affinity Propagation (AP) uses the framework to learn a subject's behavior through dynamical clustering of the streaming data. The testing results with a large real HTTP log stream demonstrate the effectiveness and efficiency of the method