Intrusion Detection System in Cloud Computing: Challenges and opportunities

Today, Cloud Computing is the preferred choice of every IT organization since it provides flexible and pay-per-use based services to its users. However, the security and privacy is a major hurdle in its success because of its open and distributed architecture that is vulnerable to intruders. Intrusion Detection System (IDS) is the most commonly used mechanism to detect attacks on cloud. This paper provides an overview of different intrusions in cloud. Then, we analyze some existing cloud based intrusion detection systems (IDS) with respect to their type, positioning, detection time, detection technique, data source and attacks they can detect. The analysis also provides limitations of each technique to evaluate whether they fulfill the security requirements of cloud computing environment or not. We emphasize the deployment of IDS that uses multiple detection methods to cope with security challenges in cloud.

[1]  Ueman Oktay,et al.  Proxy Network Intrusion Detection System for cloud computing , 2013, 2013 The International Conference on Technological Advances in Electrical, Electronics and Computer Engineering (TAEECE).

[2]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[3]  A. N. Zincir-Heywood,et al.  Intrusion Detection Systems , 2008 .

[4]  Weiqing Sun,et al.  Collabra: A Xen Hypervisor Based Collaborative Intrusion Detection System , 2011, 2011 Eighth International Conference on Information Technology: New Generations.

[5]  Carla Merkle Westphall,et al.  Intrusion Detection for Grid and Cloud Computing , 2010, IT Professional.

[6]  Petra Perner,et al.  Data Mining - Concepts and Techniques , 2002, Künstliche Intell..

[7]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[8]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[9]  Min-Woo Park,et al.  Multi-level Intrusion Detection System and log management in Cloud Computing , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[10]  Kamalrulnizam Abu Bakar,et al.  Distributed Intrusion Detection in Clouds Using Mobile Agents , 2009, 2009 Third International Conference on Advanced Engineering Computing and Applications in Sciences.

[11]  C. N. Modi,et al.  Bayesian Classifier and Snort based network intrusion detection system in cloud computing , 2012, 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12).

[12]  Shubhangi L. Vaikole,et al.  Intrusion Detection System in Cloud Computing Environment , 2012 .

[13]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[14]  Chi-Chun Lo,et al.  A Cooperative Intrusion Detection System Framework for Cloud Computing Networks , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[15]  Jian Pei,et al.  Data Mining: Concepts and Techniques, 3rd edition , 2006 .

[16]  A. D. Gawande,et al.  INTRUSION DETECTION SYSTEM FOR CLOUD COMPUTING , 2012 .

[17]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..

[18]  I. Ramesh Babu Intrusion Detection Using Data Mining Along Fuzzy Logic and Genetic Algorithms , 2008 .

[19]  Roberto Bifulco,et al.  Integrating a network IDS into an open source Cloud Computing environment , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[20]  L. Ibrahim ANOMALY NETWORK INTRUSION DETECTION SYSTEM BASED ON DISTRIBUTED TIME-DELAY NEURAL NETWORK (DTDNN) , 2010 .

[21]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[22]  R. Chitra,et al.  Securing cloud from ddos attacks using intrusion detection system in virtual machine , 2013 .

[23]  Zhi Wang,et al.  DKSM: Subverting Virtual Machine Introspection for Fun and Profit , 2010, 2010 29th IEEE Symposium on Reliable Distributed Systems.

[24]  Terrence P. Fries,et al.  A fuzzy-genetic approach to network intrusion detection , 2008, GECCO '08.

[25]  Ahmed Patel,et al.  Autonomic Agent-Based Self-Managed Intrusion Detection and Prevention System , 2010, SAISMC.

[26]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..