State of the Art Intrusion Detection System for Cloud Computing

The term Cloud computing is not new anymore in computing technology. This form of computing technology previously considered only as marketing term, but today Cloud computing not only provides innovative improvements in resource utilisation but it also creates a new opportunities in data protection mechanisms where the advancement of intrusion detection technologies  are blooming rapidly. From the perspective of security, Cloud computing also introduces concerns about data protection and intrusion detection mechanism. This paper surveys, explores and informs researchers about the latest developed Cloud Intrusion Detection Systems by providing a comprehensive taxonomy and investigating possible solutions to detect intrusions in cloud computing systems. As a result, we provide a comprehensive review of Cloud Intrusion Detection System research, while highlighting the specific properties of Cloud Intrusion Detection System. We also present taxonomy on the key issues in Cloud Intrusion Detection System area and discuss the different approaches taken to solve the issues. We conclude the paper with a critical analysis of challenges that have not fully solved

Arquitetura de autoproteção para internet das coisas baseada no Laço MAPE-K

The Internet of Things is a new paradigm based on Ubiquitous Computing or Pervasive Computing. Ubiquitous Computing and Pervasive Computing are terms used to describe the omnipresence of information technology in people’s daily lives. Its main goal is to create the possibility of communication between people and things and also between things without the need of human intervention. The Internet of Things environment has enough restrictions and the main one is the little computational resource of the devices. The little computational resource of the devices ends up resulting in a very insecure environment and conducive to various types of attacks, be they physical or logical. To make the Internet of Things environment more receptive and well-liked by all, it is important to invest in security. For this it is very interesting to associate security mechanisms with autonomic properties, considering the exponential growth of connected devices. This work proposes a security architecture focused on the Internet of Things environment. The proposed architecture has autonomic characteristics and is based on the MAPE-K Control Loop. In order to verify the effectiveness of the proposed architecture, it was approached some of the main attacks that occurred in the environment in question (Selective Forward, Blackhole, Sinkhole and Flooding). The impact of these attacks and their interference on the network operation created by the RPL routing protocol were analyzed.A Internet das Coisas é um novo paradigma baseado na Computação Ubíqua ou Computação Pervasiva. Computação Ubíqua e Computação Pervasiva que são termos utilizados para descrever a onipresença da informática no cotidiano das pessoas. O principal objetivo da Internet das Coisas é fazer com que as pessoas se comuniquem com as coisas e que as coisas também criem comunicação entre si sem necessidade da intervenção humana. O ambiente da Internet das Coisas possui bastantes restrições e a principal delas é o pouco recurso computacional dos dispositivos. O pouco recurso computacional dos dispositivos termina resultando em um ambiente muito inseguro e propício a diversos tipos de ataques, sejam eles físicos ou lógicos. Para tornar o ambiente da Internet das Coisas mais receptivo e bem visto por todos é importante investir em segurança. Para isso é muito interessante associar mecanismos de segurança com propriedades autonômicas, considerando o crescimento exponencial de dispositivos conectados. Este trabalho propõe uma arquitetura de segurança voltada ao ambiente da Internet das Coisas. A arquitetura proposta possui características autonômicas e é baseada no Laço de Controle MAPEK. Para poder verificar a eficácia da arquitetura proposta foram abordados alguns dos principais ataques ocorridos no ambiente em questão (Selective Forward, Blackhole, Sinkhole e Flooding). Analisou-se o impacto causado por esses ataques e a interferência deles no funcionamento da rede criada a partir do protocolo de roteamento RPL.São Cristóvão, S

Autonomicidade em uma rede definida por software utilizando teoria do perigo

Data centers have evolved in increasingly complex scenarios, making network management a difficult task for administrators, particularly in the area of information security. The need to make autonomous computing environments evident is due to the complexity and ubiquity of technology in almost every aspect of human life. In addition to bringing business dynamism and new services to users, it also brings risks and complexity in management. In this scenario, several types of research have been carried out in search of methods to make these complex networks self-manageable. Inspired by the concepts of autonomic networks and the human immune system, this work uses dendritic cell algorithm in the MAdPE-K management model and the characteristics of programmability, centralized management, and decentralization of data planes and control of software-defined networks to provide autonomy. Considering that most attacks to a computer network start with the recognition of the assets, in the experiments Port Scan port scanning attacks were used as an anomalous event. This type of attack was used to prove the efficacy of detecting the anomalous process with the approach of the dendritic cells in a host. In the experiments, the whole cycle of the MAdPE-K model was followed and the reaction results were considered satisfactory, with an average time of 1.2 seconds between the detection of the anomalous event and the reaction with the isolation of the origin of the attack.Os data centers evoluíram em cenários cada vez mais complexos, tornando a gerência da rede uma tarefa difícil para os administradores, sobretudo no aspecto da segurança da informação. A necessidade de tornar os ambientes computacionais autonômicos é evidente devido à complexidade e a onipresença da tecnologia em quase todos os aspectos da vida humana. Além de trazer dinamismo aos negócios e novos serviços para os usuários, também traz riscos e complexidade na gestão. Neste cenário, várias pesquisas têm sido realizadas em busca de métodos a tornar estas complexas redes autogerenciáveis. Inspirado nos conceitos de redes autonômicas e no sistema imunológico humano, este trabalho utiliza algoritmo das células dendríticas no modelo de gerenciamento MAdPE-K e as características de programabilidade, gestão centralizada e descentralização dos planos de dados e controle das redes definidas por software para prover autonomicidade. Considerando que a maioria dos ataques a uma rede de computadores inicia-se com o reconhecimento dos ativos, nos experimentos utilizou-se ataques de varredura de portas Port Scan como evento anômalo. Este tipo de ataque foi utilizado para comprovar a eficácia da detecção do processo anômalo com abordagem das células dendríticas em um host. Nos experimentos é seguido todo o ciclo do modelo MAdPE-K e os resultados de reação foram considerados satisfatório, com tempo médio de 1,2 segundos entre a detecção do evento anômalo e reação com isolamento da origem do ataque.São Cristóvão, S

INTRUSION PREDICTION SYSTEM FOR CLOUD COMPUTING AND NETWORK BASED SYSTEMS

Cloud computing offers cost effective computational and storage services with on-demand scalable capacities according to the customers’ needs. These properties encourage organisations and individuals to migrate from classical computing to cloud computing from different disciplines. Although cloud computing is a trendy technology that opens the horizons for many businesses, it is a new paradigm that exploits already existing computing technologies in new framework rather than being a novel technology. This means that cloud computing inherited classical computing problems that are still challenging. Cloud computing security is considered one of the major problems, which require strong security systems to protect the system, and the valuable data stored and processed in it. Intrusion detection systems are one of the important security components and defence layer that detect cyber-attacks and malicious activities in cloud and non-cloud environments. However, there are some limitations such as attacks were detected at the time that the damage of the attack was already done. In recent years, cyber-attacks have increased rapidly in volume and diversity. In 2013, for example, over 552 million customers’ identities and crucial information were revealed through data breaches worldwide [3]. These growing threats are further demonstrated in the 50,000 daily attacks on the London Stock Exchange [4]. It has been predicted that the economic impact of cyber-attacks will cost the global economy $3 trillion on aggregate by 2020 [5]. This thesis focused on proposing an Intrusion Prediction System that is capable of sensing an attack before it happens in cloud or non-cloud environments. The proposed solution is based on assessing the host system vulnerabilities and monitoring the network traffic for attacks preparations. It has three main modules. The monitoring module observes the network for any intrusion preparations. This thesis proposes a new dynamic-selective statistical algorithm for detecting scan activities, which is part of reconnaissance that represents an essential step in network attack preparation. The proposed method performs a statistical selective analysis for network traffic searching for an attack or intrusion indications. This is achieved by exploring and applying different statistical and probabilistic methods that deal with scan detection. The second module of the prediction system is vulnerabilities assessment that evaluates the weaknesses and faults of the system and measures the probability of the system to fall victim to cyber-attack. Finally, the third module is the prediction module that combines the output of the two modules and performs risk assessments of the system security from intrusions prediction. The results of the conducted experiments showed that the suggested system outperforms the analogous methods in regards to performance of network scan detection, which means accordingly a significant improvement to the security of the targeted system. The scanning detection algorithm has achieved high detection accuracy with 0% false negative and 50% false positive. In term of performance, the detection algorithm consumed only 23% of the data needed for analysis compared to the best performed rival detection method

Security in Computer and Information Sciences

This open access book constitutes the thoroughly refereed proceedings of the Second International Symposium on Computer and Information Sciences, EuroCybersec 2021, held in Nice, France, in October 2021. The 9 papers presented together with 1 invited paper were carefully reviewed and selected from 21 submissions. The papers focus on topics of security of distributed interconnected systems, software systems, Internet of Things, health informatics systems, energy systems, digital cities, digital economy, mobile networks, and the underlying physical and network infrastructures. This is an open access book