A New Distributed Intrusion Detection System Based on Multi-Agent System for Cloud Environment

Cloud computing, like any distributed computing system, is continually exposed to many threats and attacks of various origins. Thus, cloud security is now a very important concern for both providers and users. Intrusion detection systems (IDSs) are used to detect attacks in this environment. The goal of security administrators (for both customers and providers) is to prevent and detect attacks while avoiding disruption of the smooth operation of the cloud. Making IDSs efficient is not an easy task in a distributed environment such as the cloud. This problem remains open, and to our knowledge, there are no satisfactory solutions for the automated evaluation and analysis of cloud security. The features of the multi-agent system paradigm, such as adaptability, collaboration, and distribution, make it possible to handle this evolution of cloud computing in an efficient and controlled manner. As a result, multi-agent systems are well suited to the effective management of cloud security. In this paper, we propose an efficient, reliable and secure distributed IDS (DIDS) based on a multi-agent approach to identify and prevent new and complex malicious attacks in this environment. Moreover, some experiments were conducted to evaluate the performance of our model

Performance Comparison Analysis of Classification Methodologies for Effective Detection of Intrusions

Intrusion detection systems (IDS) are critical in many applications, including cloud environments. The intrusion poses a security threat and extracts privacy data and information from the cloud. The user has an Internet function that allows him to store personal information in the cloud environment. The cloud can be affected by various issues such as data loss, data breaches, lower security and lack of privacy due to some intruders. A single intrusion incident can result in data within computer and network systems being quickly stolen or deleted. Additionally, intrusions can cause damage to system hardware, resulting in significant financial losses and exposing critical IT infrastructure to risk. To overcome these issues, the study employs the performance comparison analysis of Autoencoder Convolutional neural network (AE+CNN), Random K-means clustering assisted deep neural network (RF+K-means+DNN), Autoencoder K-means clustering assisted long short term memory (AE+K-means+LSTM), Alexnet+Bi-GRU, AE+Alexnet+Bi-GRU and Wild horse AlexNet assisted Bi-directional Gated Recurrent Unit (WABi-GRU) models to choose the best methodology for effective detection of intrusions. The data needed for the analysis is collected from CICIDS2018, UNSW-NB15 and NSL-KDD datasets. The collected data are pre-processed using data normalization and data cleaning. Finally, through this research, the best model suitable for effective intrusion detection can be identified and used for further processes. The proposed models, such as RF+K-means+DNN, AE+K-Means+LSTM, AlexNet Bi-GRU, AE+Alexnet+Bi-GRU and WABi-GRU can obtain an accuracy of 99.278%, 99.33%, 99.45%, 99.50%, 99.65% for the CICIDS dataset 2018 for binary classification. In multi-class classification, the AlexNet Bi-GRU, AE+Alexnet+Bi-GRU and WABi-GRU can attain accuracy of 99.819%, 99.852% and 99.890%. In NSL-KDD, the AlexNet Bi-GRU, AE+Alexnet+Bi-GRU and WABi-GRU achieve accuracy of 99.34%, 99.546% and 99.7%. In UNSW-NB 15 dataset, AlexNet Bi-GRU, AE+Alexnet+Bi-GRU and WABi-GRU achieve accuracy of 99.313%, 99.399% and 99.53%. AlexNet Bi-GRU-based models can obtain better performances than other existing models

INTRUSION PREDICTION SYSTEM FOR CLOUD COMPUTING AND NETWORK BASED SYSTEMS

Cloud computing offers cost effective computational and storage services with on-demand scalable capacities according to the customers’ needs. These properties encourage organisations and individuals to migrate from classical computing to cloud computing from different disciplines. Although cloud computing is a trendy technology that opens the horizons for many businesses, it is a new paradigm that exploits already existing computing technologies in new framework rather than being a novel technology. This means that cloud computing inherited classical computing problems that are still challenging. Cloud computing security is considered one of the major problems, which require strong security systems to protect the system, and the valuable data stored and processed in it. Intrusion detection systems are one of the important security components and defence layer that detect cyber-attacks and malicious activities in cloud and non-cloud environments. However, there are some limitations such as attacks were detected at the time that the damage of the attack was already done. In recent years, cyber-attacks have increased rapidly in volume and diversity. In 2013, for example, over 552 million customers’ identities and crucial information were revealed through data breaches worldwide [3]. These growing threats are further demonstrated in the 50,000 daily attacks on the London Stock Exchange [4]. It has been predicted that the economic impact of cyber-attacks will cost the global economy $3 trillion on aggregate by 2020 [5]. This thesis focused on proposing an Intrusion Prediction System that is capable of sensing an attack before it happens in cloud or non-cloud environments. The proposed solution is based on assessing the host system vulnerabilities and monitoring the network traffic for attacks preparations. It has three main modules. The monitoring module observes the network for any intrusion preparations. This thesis proposes a new dynamic-selective statistical algorithm for detecting scan activities, which is part of reconnaissance that represents an essential step in network attack preparation. The proposed method performs a statistical selective analysis for network traffic searching for an attack or intrusion indications. This is achieved by exploring and applying different statistical and probabilistic methods that deal with scan detection. The second module of the prediction system is vulnerabilities assessment that evaluates the weaknesses and faults of the system and measures the probability of the system to fall victim to cyber-attack. Finally, the third module is the prediction module that combines the output of the two modules and performs risk assessments of the system security from intrusions prediction. The results of the conducted experiments showed that the suggested system outperforms the analogous methods in regards to performance of network scan detection, which means accordingly a significant improvement to the security of the targeted system. The scanning detection algorithm has achieved high detection accuracy with 0% false negative and 50% false positive. In term of performance, the detection algorithm consumed only 23% of the data needed for analysis compared to the best performed rival detection method

Analisis Performa Network Intrusion Detection System (Nids) Menggunakan Metode Signature Based dalam Mendeteksi Serangan Denial Of Service (Dos) Berbasis Udp Flooding

Cloud computing telah menjadi tren teknologi yang digunakan oleh berbagai kalangan terutama para pelaku startup dan Perusahaan besar. Beberapa kelebihan yang ditawarkan cloud computing seperti kemudahan untuk membuat layanan cloud sendiri, hemat biaya infrastruktur dan fleksibel dalam menambah atau mengurangi kapasitas layanan sesuai dengan kebutuhan. Terlepas dari kelebihan-kelebihan tersebut, aspek keamanan cloud computing menjadi salah satu faktor yang harus diperhatikan oleh Perusahaan. Penggunaan antivirus dan firewall belum menjamin sistem cloud sepenuhnya aman. Selain itu keterbatasan administrator dalam memonitor traffic dan serangan di seluruh bagian jaringan cloud menjadi kendala dalam pengelolaan cloud computing. Salah satu solusi untuk meningkatkan keamanan jaringan, memonitor serta mengawasi traffic serangan pada cloud computing adalah Network-based Intrusion Detection System (NIDS). NIDS merupakan salah satu jenis Intrusion Detection System (IDS) yang dapat melakukan pemantauan terhadap serangan serta traffic pada seluruh bagian jaringan. Signature based adalah salah satu metode yang dapat digunakan NIDS dalam mengidentifikasi setiap paket data yang keluar dan masuk ke jaringan. Pada penelitian ini, penulis melakukan uji performa NIDS dengan metode Signature Based dalam mendeteksi serangan DoS berbasis UDP Flooding. Penelitian ini juga melakukan analisis terhadap hasil dan evaluasi performa NIDS untuk mengetahui kinerja diterapkannya NIDS dan keakuratan NIDS dalam mengklasifikasikan serangan. Kata Kunci : IDS, Network Intrusion Detection System, NIDS, Cloud Computing, Signature Based Nowadays, cloud computing has become a new trend technology used in various areas, especially in startup and big companies. Cloud computing offers some advantages such as the easiness to create their own cloud services, cost-effective infrastructure and flexible to increase or decrease the capacity of the service in accordance with the requirements. Apart from these advantages, the security aspects of cloud computing is becoming one of the factors that must be considered by the company. The use of antivirus and firewall doesn't guarantee the cloud system is fully secure. Besides that, the limitation of administrator to monitor traffic and attacks throughout the cloud network become a constraint in cloud computing management. One solution to improve network security, traffic monitoring and overseeing attacks on cloud computing using Network-based Intrusion Detection System (NIDS). NIDS is one type of Intrusion Detection System (IDS) which can monitor the attacks and traffic throughout the network. Signature Based is one method that can be used NIDS to identify each packet of data in or out to the network. In this research, the author conducted performances test NIDS with Signature Based method based on UDP Flooding. This research also perform conducted analysis of the result and performance evaluation of NIDS on cloud computing. The aim to determine the performance of NIDS and the accuracy of NIDS in classifying attacks. Kata Kunci : IDS, Network Intrusion Detection System, NIDS, Cloud Computing, Signature Based DAFTAR PUSTAKA R. Eka, “Tren Penggunaan Teknologi Cloud Di Kalangan UKM Indonesia Terus Bertumbuh,” Korpora.net, 7 Februari 2015. [Online]. Available: http://www.korpora.net/post/tren-penggunaan-teknologi-cloud-di-kalangan-ukm-Indonesia-terus-bertumbuh/. [Diakses 15 Februari 2015]. J. Enterprise, “Jenis Layanan Cloud Computing,” dalam Trik Mengoperasikan PC Tanpa Software, Jakarta, PT Elex Media Komputindo, 2010, p. 3. Deliusno, “Cloud Computing Cocok untuk Startup,” Kompas Tekno, 5 Oktober 2012. [Online]. Available: http://tekno.kompas.com/read/2012/10/05/18554681/quotcloud.computing.cocok.untuk.startupquot. [Diakses 20 Februari 2015]. Omegasoft, “Keuntungan Cloud Computing bagi Perusahaan dan Individu,” 18 Maret 2014. [Online]. Available: http://omegasoft.co.id/2014/03/18/2001/keuntungan-cloud-computing-bagi-Perusahaan-dan-individu/. [Diakses 4 Maret 2015]. A. S. Pillai dan L. Swasthimathi, “A Study On Open Source Cloud Computing Platforms,” EXCEL International Journal of Multidisciplinary Management Studies, vol. 2, no. 7, pp. 31-40, 2012. O. Sefraoui, M. Aissaoui dan M. Eleuldj, “ Applications OpenStack: Toward an Open-Source Solution for Cloud Computing,” International Journal of Computer, vol. 55, no. 3, pp. 38-42, 2012. Z. Tan, U. T. Nagar, X. He, P. Nanda, R. P. Liu, S. Wang dan J. Hu, “Enhancing Big Data Security with Collaborative Intrusion Detection,” IEEE Cloud Computing, pp. 27-33, 2014. R. A. Wibowo, “Analisis Dan Implementasi IDS Menggunakan Snort,” (Skripsi), 2014. L. Putri, “Implementasi Intrusion Detection System (IDS) Menggunakan Snort Pada Jaringan Wireless (Studi Kasus : SMK Triguna Ciputat),” (Skripsi), 2011. J. T. Rodfoss, “Comparison of Open Source Network Intrusion Detection Systems,” p. 2011. M. Pihelgas, “A Comparative Analysis of Opensource Intrusion Detection Systems,” 2012. V. Kumar dan O. P. Sangwan, “Signature Based Intrusion Detection System using SNORT,” International Journal of Computer Applications & Information Technology, vol. I, no. III, pp. 35-41, 2012. R. U. Rehman, Intrusion Detection Systems with Snort - Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID, New Jersey: Prentice Hall PTR, 2003. Sukirmanto, “Rancang Bangun dan Implementasi Keamanan Jaringan Komputer Menggunakan Metode Intrusion Detection System (IDS) pada SMP ISLAM TERPADU PAPB,” 2012. P. Mell dan T. Grance, “The NIST Definition of Cloud Computing,” Computer Security, 2011. D. Rani dan R. K. Ranjan, “Comparative Study of SaaS, PaaS and IaaS in Cloud Computing,” International Journal of Advanced Research in Computer Science and Software Engineering Research, vol. 4, no. 6, pp. 158-161, 2014. Alex, “Apa itu Public Cloud, Private Cloud dan Hybrid Cloud?,” 28 April 2012. [Online]. Available: http://www.cloudindonesia.or.id/apa-itu-public-cloud-private-cloud-dan-hybrid-cloud.html. [Diakses 6 Maret 2015]. S. Singh dan T. Jangwal, “Cost breakdown of public cloud computing and private cloud computing and security issues,” International Journal of Computer Science & Information Technology (IJCSIT), vol. 4, no. 2, pp. 17-31, 2012. E. Kurniawan, “Perbandingan antara private & public cloud computing,” 27 September 2013. [Online]. Available: http://www.ekurniawan.net/it-articles/internet/159-perbandingan-antara-private-a-public-cloud-computing.html. [Diakses 20 February 2015]. A. Sehgal, “Introduction to OpenStack - Running a Cloud Computing Infrastructure with OpenStack,” dalam 6th International Conference on Autonomous Infrastructure, Management and Security, 2012. OpenStack, “About OpenStack,” 2015. [Online]. Available: http://www.openstack.org/. [Diakses 22 Februari 2015]. OpenStack, “OpenStack Compute,” 2015. [Online]. Available: http://www.openstack.org/software/openstack-compute/. [Diakses 22 Februari 2015]. OpenStack, “OpenStack Network,” 2015. [Online]. Available: http://www.openstack.org/software/openstack-networking/. [Diakses 22 Februari 2015]. R. Alvianus, “OpenStack Overview,” 25 Januari 2015. [Online]. Available: http://alvianus.com/2015/01/25/openstack-overview/. [Diakses 22 Februari 2015]. OpenStack, “Chapter 1. Get started with OpenStack,” 2015. [Online]. Available: http://docs.openstack.org/admin-guide-cloud/content/ch_getting-started-with-openstack.html. [Diakses 22 Februari 2015]. R. Alvianus, “Instalasi OpenStack Menggunakan Devstack,” 13 Jannuari 2015. [Online]. Available: http://alvianus.com/2015/01/13/instalasi-openstack-menggunakan-devstack/. [Diakses 25 Februari 2015]. K. Scarfone dan P. Mell, “Guide to Intrusion Detection and Prevention Systems (IDPS),” 2007. I. Susanto, “Penerapan Easy Intrusion Detection System (EASYIDS) Sebagai Pemberi Peringatan Dini Kepada Administrator Sistem Jaringan,” 2010. D. Ariyus, Intrusion Detection System, Sistem Pendeteksi Penyusup Pada Jaringan Komputer, Yogyakarta: Penerbit Andi, 2007. P. K. Shelke, S. Sontakke dan A. D. Gawande, “Intrusion Detection System for Cloud Computing,” International Journal of Scientific & Technology Research, vol. I, no. 4, 2012. Snorby, “Ruby On Rails Application For Network Security Monitoring,” 2015. [Online]. Available: https://www.snorby.org/. [Diakses 27 Februari 2015]. R. B. Adi, “Keamanan Jaringan Menggunakan SNORT,” Kompasiana, 10 July 2013. [Online]. Available: http://teknologi.kompasiana.com/terapan/2013/07/10/keamanan-jaringan-menggunakan-snort-575520.html. [Diakses 26 Februari 2015]. G. L. Indonesia, “GPL,” 20 Juni 2013. [Online]. Available: http://gudanglinux.com/glossary/gpl/. [Diakses 6 Maret 2015]. Snort, “Oikcodes,” 2015. [Online]. Available: https://www.snort.org/oinkcodes. [Diakses 27 Februari 2015]. Professionals, “Module 10: Denial-of-Service,” dalam Ethical Hacking and Countermeasures v8, EC-Council, p. 1403. T. Gunasekhar, K. T. Rao, P. Saikiran dan P. V. Lakshmi, “A Survey on Denial of Service Attack,” International Journal of Computer Science and Information Technologies, vol. 5, no. 2, pp. 2373-2376, 2014. M. Kusumawati, “Implementasi IDS (Intrusion Detection System) Serta Monitoring Jaringan Dengan Interface Web Berbasis BASE Pada Jaringan,” 2010. P. Shankdhar, “DOS Attacks and Free DOS Attacking Tools,” Infosec Institute, 29 Oktober 2013. [Online]. Available: http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/. [Diakses 24 Maret 2015]. J. Ellingwood, “How To Use Top, Netstat, Du, & Other Tools to Monitor Server Resources,” DigitalOcean Inc, 28 Agustus 2013. [Online]. Available: https://www.digitalocean.com/community/tutorials/how-to-use-top-netstat-du-other-tools-to-monitor-server-resources. [Diakses 29 Mei 2015]. “top – display tasks and system status in Unix,” UNIX TUTORIAL COMMUNITY, [Online]. Available: http://www.unixtutorial.org/commands/top/. [Diakses 29 Mei 2015]. S. Pillai, “Linux iptraf and iftop: Monitor,Analyse Network Traffic and Bandwidth,” 25 Maret 2013. [Online]. Available: http://www.slashroot.in/linux-iptraf-and-iftop-monitor-and-analyse-network-traffic-and-bandwidth. [Diakses 25 Mei 2015]. G. Kumar, “Evaluation Metrics for Intrusion Detection Systems - A Study,” International Journal of Computer Science and Mobile Applications, vol. 2, no. 11, pp. 11-17, 2014. N. Dietrich, “Snort 2.9.7.x on Ubuntu 12 and 14 with Barnyard2, PulledPork, and BASE,” 14 January 2015. L. Xiaoming, V. Sejdini dan H. Chowdhury, “Denial of service (dos) attack with udp flood,” School of Computer Science, University of Windsor, Canada, 2010. S. M. Specht dan R. M. Lee, “Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures,” dalam Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems, 2004. V. Gite, “Linux Kernel Security (SELinux vs AppArmor vs Grsecurity),” NixCraft Community, 29 Mei 2009. [Online]. Available: http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html. [Diakses 05 Agustus 2015]

A survey of intrusion detection techniques in Cloud

Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks

DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments

With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST

A survey of intrusion detection system technologies

This paper provides an overview of IDS types and how they work as well as configuration considerations and issues that affect them. Advanced methods of increasing the performance of an IDS are explored such as specification based IDS for protecting Supervisory Control And Data Acquisition (SCADA) and Cloud networks. Also by providing a review of varied studies ranging from issues in configuration and specific problems to custom techniques and cutting edge studies a reference can be provided to others interested in learning about and developing IDS solutions. Intrusion Detection is an area of much required study to provide solutions to satisfy evolving services and networks and systems that support them. This paper aims to be a reference for IDS technologies other researchers and developers interested in the field of intrusion detection