21 research outputs found
A profile based network intrusion detection and prevention system for securing cloud environment
Cloud computing provides network based access to computing and data storage services on a pay per usage model. Cloud provides better utilization of resources and hence a reduced service access cost to individuals. Cloud services include software as a service, platform as a service, and infrastructure as a service. Cloud computing virtually and dynamically distributes the computing and data resources to a variety of users, based on their needs, with the use of virtualization technologies. As Cloud computing is a shared facility and is accessed remotely, it is vulnerable to various attacks including host and network based attacks (Brown 2012, and Grance 2009) and hence requires immediate attention. This paper identifies vulnerabilities responsible for well-known network based attacks on cloud and does a critical analysis on the security measures available in cloud environment. This paper focuses on a nonconventional technique for securing cloud network from malicious insiders and outsiders with the use of network profiling. With network profiling, a profile is created for each virtual machine (VM) in cloud that describes network behavior of each cloud user (an assigned VM). The behavior gathered is then used for determination (detection) of network attacks on cloud. The novelty of the approach lies in the early detection of network attacks with robustness and minimum complexity. The proposed technique can be deployed with minimal changes to existing cloud environment. An initial prototype implementation is verified and tested on private cloud with a fully functional implementation under progressWeb of Scienceart. no. 36457
Recommended from our members
A system for distributed intrusion detection
The study of providing security in computer networks is a rapidly growing area of interest because the network is the medium over which most attacks or intrusions on computer systems are launched. One approach to solving this problem is the intrusion-detection concept, whose basic premise is that not only abandoning the existing and huge infrastructure of possibly-insecure computer and network systems is impossible, but also replacing them by totally-secure systems may not be feasible or cost effective. Previous work on intrusion-detection systems were performed on stand-alone hosts and on a broadcast local area network (LAN) environment. The focus of our present research is to extend our network intrusion-detection concept from the LAN environment to arbitarily wider areas with the network topology being arbitrary as well. The generalized distributed environment is heterogeneous, i.e., the network nodes can be hosts or servers from different vendors, or some of them could be LAN managers, like our previous work, a network security monitor (NSM), as well. The proposed architecture for this distributed intrusion-detection system consists of the following components: a host manager in each host; a LAN manager for monitoring each LAN in the system; and a central manager which is placed at a single secure location and which receives reports from various host and LAN managers to process these reports, correlate them, and detect intrusions. 11 refs., 2 figs