CloudIDS: Cloud Intrusion Detection Model Inspired by Dendritic Cell Mechanism

Cloud Computing Security is a new era of computer technology and opens a new research area and creates a lot of opportunity of exploration. One of the new implementation in Cloud is Intrusion Detection System (IDS).There are problems with existing IDS approach in Cloud environment. Implementing traditional IDS need a lot of self-maintenance and did not scale with the customer security requirements. In addition, maintenance of traditional IDS in Cloud Computing system requires expertise and consumes more time where not each Cloud user has. A decentralized traditional IDS approach where being deployed in current Cloud Computing infrastructure will make the IDS management become complicated. Each user's IDS will not be the same in term of type and configurations and each user may have outdated signatures. Inter VM's communication also become a big concern when we implementing Cloud Computing system where communication between Clouds are not monitored and controlled by the traditional IDS. A specific IDS model for Cloud computing is required to solve these problems. In this paper, we develop a prototype of Cloud IDS inspired by Dendritic Cell mechanism. Experiment result proved that Cloud IDS was able to detect any attempt to attack the Cloud environment. The experiments show that the Cloud IDS model based on Dendritic Cell algorithm able to identify and detect novel threat that targeting Cloud environment

Assessing the Capability and Priority of Enterprise Architecture Implementation in Malaysian Public Sector

Enterprise Architecture (EA) is an integrated approach of information systems, processes, organisation and people in aligning business and information technology together. However, there is a discrepancy in public sector EA implementation whereby the developing countries are still grappling with issues in the implementation while those developed countries are already harvesting the EA benefits and value. Hence, this study aims to investigate the capability and priority of public sector of the developing countries in implementing the EA by proposing an assessment model. The assessment model is based on Balanced Scorecard (BSC) and Analytic Hierarchy Process (AHP) approach. There are 27 EAI capability and priority criteria identified and grouped into six categories according to BSC perspectives namely Internal Process, Learning and Growth, Authority Support, Cost, Technology and Talent Management. Followed by AHP pairwise comparison in calculating the rank of each criterion which is presented via three case studies from Malaysian Public Sector agencies

RSA authentication mechanisms in control grid computing environment using Gridsim toolkit

There are security concerns when our sensitive data is placed in the third party infrastructure such as in the Grid Computing environment. As such, it is difficult to be assured that our data is in the safe hands.Thus, authentication has become the most critical factor pertaining to this.There are several approaches has been discussed in the grid computing environment on the safeguard, scalable and efficient authentication that are either Virtual Organization centric or Resource centric.Most of the grid computing uses public key infrastructure (PKI) to secure the identification, but the vulnerability are still cannot be avoid. In order to satisfy the security need of grid computing environment, we design an alternative authentication mechanism using RSA algorithm to ensure the user identification, and carry out the experiment in the Gridsim toolkit simulator

Cloud denial of service detection by dendritic cell mechanism

The term cloud computing is not new anymore in computing technology. This form of computing technology previously considered only as marketing term, but today cloud computing not only provides innovative improvements in resource utilization but it also creates a new opportunities in data protection mechanisms where the advancement of intrusion detection technologies are blooming rapidly. From the perspective of security, cloud computing also introduces concerns about data protection and intrusion detection mechanism especially cloud computing are exposed to Denial of Service (DoS) attacks. This paper aims to provide DoS detection mechanism for cloud computing environment. As a result, we provide an experiment to examine the capability of the proposed system. The result shows that the proposed system was able to detect DoS attacks that conducted during the experiment with 94.4% detection rate. We conclude the paper with a discussion on the results, then we include together with a graphical summary of the experiment's result

Implicit thinking knowledge injection framework for Agile requirements engineering

Agile has become commonly used as a software development methodology and its success depends on face-to-face communication of software developers and the faster software product delivery. Implicit thinking knowledge has considered as a very significant for organization self-learning. The main goal of paying attention to managing the implicit thinking knowledge is to retrieve valuable information of how the software is developed. However, requirements documentation is a challenging task for Agile software engineers. The current Agile requirements documentation does not incorporate the implicit thinking knowledge with the values it intends to achieve in the software project. This research addresses this issue and introduce a framework assists to inject the implicit thinking knowledge in Agile requirements engineering. An experiment used a survey questionnaire and case study of real project implemented for the framework evaluation. The results show that the framework enables software engineers to share and document their implicit thinking knowledge during Agile requirements documentation

State of the Art Intrusion Detection System for Cloud Computing

The term Cloud computing is not new anymore in computing technology. This form of computing technology previously considered only as marketing term, but today Cloud computing not only provides innovative improvements in resource utilisation but it also creates a new opportunities in data protection mechanisms where the advancement of intrusion detection technologies  are blooming rapidly. From the perspective of security, Cloud computing also introduces concerns about data protection and intrusion detection mechanism. This paper surveys, explores and informs researchers about the latest developed Cloud Intrusion Detection Systems by providing a comprehensive taxonomy and investigating possible solutions to detect intrusions in cloud computing systems. As a result, we provide a comprehensive review of Cloud Intrusion Detection System research, while highlighting the specific properties of Cloud Intrusion Detection System. We also present taxonomy on the key issues in Cloud Intrusion Detection System area and discuss the different approaches taken to solve the issues. We conclude the paper with a critical analysis of challenges that have not fully solved

Data analysis using MapReduce in Hadoop environment

Data is growing at every moment which makes it almost impossible to process all of it. More than a decade ago, researchers from big company in IT industry such as Google and Yahoo introduce Hadoop and MapReduce as a solution for big volume of data processing. Now, by running on a free and open platform both method had gain popularity among the industry and academicians in the academic world. Thus, this paper will use MapReduce method in Hadoop environment and apply it on a sample dataset as a way to analyse the given data. The purpose of study is to gain understanding of using MapReduce in Hadoop environment

The development of a commercially viable database encryption tool for Oracle8i Rdbms

In database security, access control is a major research issue. Discretionary access controls have been handled well by many database management systems through user roles and privileges. Mandatory access controls, on the other hand, remains a big problem when users with lower security clearance accessing data of higher security class. Data with classifications and users have clearances developed multilevel access controls, thus the problem of multilevel security. Many researches have been conducted using methods like object labeling, trusted systems, security filters, database views and etc. Many a times the problem remains unsolved due to either too theoretical or not practical to be implemented. Recent developments in research showed cryptography to be the promising solution to the multilevel security problem. With appropriate key management and good multilevel security scheme design, the problem can be solved in both theory and implemented in practice. This research endeavor is one such effort. It presents an investigation into the applications of modern cryptography for the security of databases. The investigation yields a new multilevel security scheme based on indigenous cryptographic primitives and supported by a new key management technique. The cryptographic primitives include enhanced block cipher and a new stream cipher design successfully implemented in a commercial database. The system yields a new approach in accessing and processing encrypted data using Initialization Vectors and provides solutions for hierarchical and direct access controls. The novel scheme allows the encryption of data at the tuple, attribute, and data element levels of a relation. The security of the scheme is guaranteed with no keys present in the system but stored securely in smartcards. The outcome from this research is realized in OraCrypt application which is implemented by usign Oracle 8i RDBMS

Tracking and mitigating classic buffer overflow during software design phase using the attack-based security analysis model

Regardless that the classic buffer overflow is a known and simple threat against software systems; security agencies still consider this threat as one of the most common software vulnerabilities. Aiming to increasing security resistance against this software threat, emphasize on software design phase is highly reasonable where cost and time required for fixing error in design level is several times lesser than coding or implementation levels. In this purpose, we use the Attack-based security analysis model for tracking and mitigating the classic buffer overflow during the software design phase. Through this model, we use known properties and behaviors of the buffer overflow to determine system vulnerabilities and address required security aspects. In this paper, we describe how to apply the Attack-based security analysis model for increasing security resistance against the classic buffer overflow. The main contribution of this work refers to showing capability of the Attack-based security analysis model in tracking and mitigating the classic buffer overflow into the software design phase in such a way that additional cost and time are not required for system analyzing and defining threat scenario