94 research outputs found
State of the Art Intrusion Detection System for Cloud Computing
The term Cloud computing is not new anymore in computing technology. This form of computing technology previously considered only as marketing term, but today Cloud computing not only provides innovative improvements in resource utilisation but it also creates a new opportunities in data protection mechanisms where the advancement of intrusion detection technologies are blooming rapidly. From the perspective of security, Cloud computing also introduces concerns about data protection and intrusion detection mechanism. This paper surveys, explores and informs researchers about the latest developed Cloud Intrusion Detection Systems by providing a comprehensive taxonomy and investigating possible solutions to detect intrusions in cloud computing systems. As a result, we provide a comprehensive review of Cloud Intrusion Detection System research, while highlighting the specific properties of Cloud Intrusion Detection System. We also present taxonomy on the key issues in Cloud Intrusion Detection System area and discuss the different approaches taken to solve the issues. We conclude the paper with a critical analysis of challenges that have not fully solved
Arquitetura de autoproteção para internet das coisas baseada no Laço MAPE-K
The Internet of Things is a new paradigm based on Ubiquitous Computing or Pervasive Computing. Ubiquitous Computing and Pervasive Computing are terms used to describe the omnipresence of information technology in people’s daily lives. Its main goal is to create the possibility of
communication between people and things and also between things without the need of human
intervention. The Internet of Things environment has enough restrictions and the main one is the
little computational resource of the devices. The little computational resource of the devices ends
up resulting in a very insecure environment and conducive to various types of attacks, be they
physical or logical. To make the Internet of Things environment more receptive and well-liked
by all, it is important to invest in security. For this it is very interesting to associate security
mechanisms with autonomic properties, considering the exponential growth of connected devices.
This work proposes a security architecture focused on the Internet of Things environment. The
proposed architecture has autonomic characteristics and is based on the MAPE-K Control Loop.
In order to verify the effectiveness of the proposed architecture, it was approached some of
the main attacks that occurred in the environment in question (Selective Forward, Blackhole,
Sinkhole and Flooding). The impact of these attacks and their interference on the network
operation created by the RPL routing protocol were analyzed.A Internet das Coisas é um novo paradigma baseado na Computação Ubíqua ou Computação
Pervasiva. Computação Ubíqua e Computação Pervasiva que são termos utilizados para descrever
a onipresença da informática no cotidiano das pessoas. O principal objetivo da Internet das
Coisas é fazer com que as pessoas se comuniquem com as coisas e que as coisas também
criem comunicação entre si sem necessidade da intervenção humana. O ambiente da Internet
das Coisas possui bastantes restrições e a principal delas é o pouco recurso computacional
dos dispositivos. O pouco recurso computacional dos dispositivos termina resultando em um
ambiente muito inseguro e propício a diversos tipos de ataques, sejam eles físicos ou lógicos.
Para tornar o ambiente da Internet das Coisas mais receptivo e bem visto por todos é importante
investir em segurança. Para isso é muito interessante associar mecanismos de segurança com
propriedades autonômicas, considerando o crescimento exponencial de dispositivos conectados.
Este trabalho propõe uma arquitetura de segurança voltada ao ambiente da Internet das Coisas. A
arquitetura proposta possui características autonômicas e é baseada no Laço de Controle MAPEK. Para poder verificar a eficácia da arquitetura proposta foram abordados alguns dos principais
ataques ocorridos no ambiente em questão (Selective Forward, Blackhole, Sinkhole e Flooding).
Analisou-se o impacto causado por esses ataques e a interferência deles no funcionamento da
rede criada a partir do protocolo de roteamento RPL.São Cristóvão, S
Autonomicidade em uma rede definida por software utilizando teoria do perigo
Data centers have evolved in increasingly complex scenarios, making network management a
difficult task for administrators, particularly in the area of information security. The need to
make autonomous computing environments evident is due to the complexity and ubiquity of
technology in almost every aspect of human life. In addition to bringing business dynamism
and new services to users, it also brings risks and complexity in management. In this scenario,
several types of research have been carried out in search of methods to make these complex
networks self-manageable. Inspired by the concepts of autonomic networks and the human
immune system, this work uses dendritic cell algorithm in the MAdPE-K management model
and the characteristics of programmability, centralized management, and decentralization of data
planes and control of software-defined networks to provide autonomy. Considering that most
attacks to a computer network start with the recognition of the assets, in the experiments Port
Scan port scanning attacks were used as an anomalous event. This type of attack was used to
prove the efficacy of detecting the anomalous process with the approach of the dendritic cells
in a host. In the experiments, the whole cycle of the MAdPE-K model was followed and the
reaction results were considered satisfactory, with an average time of 1.2 seconds between the
detection of the anomalous event and the reaction with the isolation of the origin of the attack.Os data centers evoluíram em cenários cada vez mais complexos, tornando a gerência da rede
uma tarefa difícil para os administradores, sobretudo no aspecto da segurança da informação. A
necessidade de tornar os ambientes computacionais autonômicos é evidente devido à complexidade
e a onipresença da tecnologia em quase todos os aspectos da vida humana. Além de trazer
dinamismo aos negócios e novos serviços para os usuários, também traz riscos e complexidade
na gestão. Neste cenário, várias pesquisas têm sido realizadas em busca de métodos a tornar
estas complexas redes autogerenciáveis. Inspirado nos conceitos de redes autonômicas e no
sistema imunológico humano, este trabalho utiliza algoritmo das células dendríticas no modelo
de gerenciamento MAdPE-K e as características de programabilidade, gestão centralizada e
descentralização dos planos de dados e controle das redes definidas por software para prover
autonomicidade. Considerando que a maioria dos ataques a uma rede de computadores inicia-se
com o reconhecimento dos ativos, nos experimentos utilizou-se ataques de varredura de portas
Port Scan como evento anômalo. Este tipo de ataque foi utilizado para comprovar a eficácia
da detecção do processo anômalo com abordagem das células dendríticas em um host. Nos
experimentos é seguido todo o ciclo do modelo MAdPE-K e os resultados de reação foram
considerados satisfatório, com tempo médio de 1,2 segundos entre a detecção do evento anômalo
e reação com isolamento da origem do ataque.São Cristóvão, S
INTRUSION PREDICTION SYSTEM FOR CLOUD COMPUTING AND NETWORK BASED SYSTEMS
Cloud computing offers cost effective computational and storage services with on-demand scalable capacities according to the customers’ needs. These properties encourage organisations and individuals to migrate from classical computing to cloud computing from different disciplines. Although cloud computing is a trendy technology that opens the horizons for many businesses, it is a new paradigm that exploits already existing computing technologies in new framework rather than being a novel technology. This means that cloud computing inherited classical computing problems that are still challenging. Cloud computing security is considered one of the major problems, which require strong security systems to protect the system, and the valuable data stored and processed in it. Intrusion detection systems are one of the important security components and defence layer that detect cyber-attacks and malicious activities in cloud and non-cloud environments. However, there are some limitations such as attacks were detected at the time that the damage of the attack was already done. In recent years, cyber-attacks have increased rapidly in volume and diversity. In 2013, for example, over 552 million customers’ identities and crucial information were revealed through data breaches worldwide [3]. These growing threats are further demonstrated in the 50,000 daily attacks on the London Stock Exchange [4]. It has been predicted that the economic impact of cyber-attacks will cost the global economy $3 trillion on aggregate by 2020 [5]. This thesis focused on proposing an Intrusion Prediction System that is capable of sensing an attack before it happens in cloud or non-cloud environments. The proposed solution is based on assessing the host system vulnerabilities and monitoring the network traffic for attacks preparations. It has three main modules. The monitoring module observes the network for any intrusion preparations. This thesis proposes a new dynamic-selective statistical algorithm for detecting scan activities, which is part of reconnaissance that represents an essential step in network attack preparation. The proposed method performs a statistical selective analysis for network traffic searching for an attack or intrusion indications. This is achieved by exploring and applying different statistical and probabilistic methods that deal with scan detection. The second module of the prediction system is vulnerabilities assessment that evaluates the weaknesses and faults of the system and measures the probability of the system to fall victim to cyber-attack. Finally, the third module is the prediction module that combines the output of the two modules and performs risk assessments of the system security from intrusions prediction. The results of the conducted experiments showed that the suggested system outperforms the analogous methods in regards to performance of network scan detection, which means accordingly a significant improvement to the security of the targeted system. The scanning detection algorithm has achieved high detection accuracy with 0% false negative and 50% false positive. In term of performance, the detection algorithm consumed only 23% of the data needed for analysis compared to the best performed rival detection method
Security in Computer and Information Sciences
This open access book constitutes the thoroughly refereed proceedings of the Second International Symposium on Computer and Information Sciences, EuroCybersec 2021, held in Nice, France, in October 2021. The 9 papers presented together with 1 invited paper were carefully reviewed and selected from 21 submissions. The papers focus on topics of security of distributed interconnected systems, software systems, Internet of Things, health informatics systems, energy systems, digital cities, digital economy, mobile networks, and the underlying physical and network infrastructures. This is an open access book
- …