Indian Journal of Science and Technology

Open Access Open Access  Restricted Access Subscription Access

Integrated Intrusion Detection Approach for Cloud Computing


Affiliations
1 Sathyabama University, Chennai, Tamil Nadu, India
2 Prathyusha Institute of Technology and Management, Chennai, Tamil Nadu, India
 

Objectives: Intrusion Detection System (IDS) models and methods are integrated for better detection of intruders and mitigation of false alarms. Integrated IDS is proposed to provide security in a cloud environment. Methods: The distributed and dynamic nature of cloud environment leads to critical issues like huge log analysis, heterogeneous traffic aggregation and scalability, etc. Intrusion specific data classification and false alarms degrades performance. This integrated model integrates both IDS models and IDS methodologies. Host-based IDS (H-IDS) model integrates with network-based IDS (N-IDS) model, as well as signature and anomaly based IDS methods are integrated to get the best of each. Findings: Whenever a Virtual Machine (VM) is created, H-IDS is in-built into its operating system to monitor the activities within that VM. N-IDS is deployed at strategic locations within the cloud network to monitor the traffic between the virtual machines and from the outside environment. Any malicious activity initiated by a cloud user using their virtual machine is detected by H-IDS. The packets flowing through the cloud network are captured and analyzed by N-IDS to detect infected packets send by hackers. The weakness of one methodology is compromised by the other during integration, but if the methods are used separately they are ineffective. Known attacks can be detected by signature based IDS and the new/unknown attack patterns are identified by anomaly based IDS. The major drawback of anomaly based IDS is high false alarm rate. It can be overcome by signature based IDS. This proposed work is implemented using Opennebula, for constructing a cloud environment and tested with IDS tools. Improvements: This integration leads to improve cloud security and trust among consumers. IDS specific issues are also rectified such as false alarms, heterogeneity etc.

Keywords

Anomaly Based Detection, Cloud Computing, Intrusion Detection System, Signature Based Detection, Virtualization.
User

Abstract Views: 174

PDF Views: 0




  • Integrated Intrusion Detection Approach for Cloud Computing

Abstract Views: 174  |  PDF Views: 0

Authors

C. Ambikavathi
Sathyabama University, Chennai, Tamil Nadu, India
S. K. Srivatsa
Prathyusha Institute of Technology and Management, Chennai, Tamil Nadu, India

Abstract


Objectives: Intrusion Detection System (IDS) models and methods are integrated for better detection of intruders and mitigation of false alarms. Integrated IDS is proposed to provide security in a cloud environment. Methods: The distributed and dynamic nature of cloud environment leads to critical issues like huge log analysis, heterogeneous traffic aggregation and scalability, etc. Intrusion specific data classification and false alarms degrades performance. This integrated model integrates both IDS models and IDS methodologies. Host-based IDS (H-IDS) model integrates with network-based IDS (N-IDS) model, as well as signature and anomaly based IDS methods are integrated to get the best of each. Findings: Whenever a Virtual Machine (VM) is created, H-IDS is in-built into its operating system to monitor the activities within that VM. N-IDS is deployed at strategic locations within the cloud network to monitor the traffic between the virtual machines and from the outside environment. Any malicious activity initiated by a cloud user using their virtual machine is detected by H-IDS. The packets flowing through the cloud network are captured and analyzed by N-IDS to detect infected packets send by hackers. The weakness of one methodology is compromised by the other during integration, but if the methods are used separately they are ineffective. Known attacks can be detected by signature based IDS and the new/unknown attack patterns are identified by anomaly based IDS. The major drawback of anomaly based IDS is high false alarm rate. It can be overcome by signature based IDS. This proposed work is implemented using Opennebula, for constructing a cloud environment and tested with IDS tools. Improvements: This integration leads to improve cloud security and trust among consumers. IDS specific issues are also rectified such as false alarms, heterogeneity etc.

Keywords


Anomaly Based Detection, Cloud Computing, Intrusion Detection System, Signature Based Detection, Virtualization.



DOI: https://doi.org/10.17485/ijst%2F2016%2Fv9i22%2F134386