Designing an efficient security framework for detecting intrusions in virtual network of cloud computing

Abstract Cloud computing has grown for various IT capabilities such as IoTs, Mobile Computing, Smart IT, etc. However, due to the dynamic and distributed nature of cloud and vulnerabilities existing in the current implementations of virtualization, several security threats and attacks have been reported. To address these issues, there is a need of extending traditional security solutions like firewall, intrusion detection/prevention systems which can cope up with high-speed network traffic and dynamic network configuration in the cloud. In addition, identifying feasible network traffic features is a major challenge for an accurate detection of the attacks. In this paper, we propose a hypervisor level distributed network security (HLDNS) framework which is deployed on each processing server of cloud computing. At each server, it monitors the underlying virtual machines (VMs) related network traffic to/from the virtual network, internal network and external network for intrusion detection. We have extended a binary bat algorithm (BBA) with two new fitness functions for deriving the feasible features from cloud network traffic. The derived features are applied to the Random Forest classifier for detecting the intrusions in cloud network traffic and intrusion alerts are generated. The intrusion alerts from different servers are correlated to identify the distributed attack and to generate new attack signature. For the performance and feasibility analysis, the proposed security framework is tested on the cloud network testbed at NIT Goa and using recent UNSW-NB15 and CICIDS-2017 intrusion datasets. We have performed a comparative analysis of the proposed security framework in terms of fulfilling the cloud network security needs.

[1]  Devesh Kumar Srivastava,et al.  A Comparative Evolution of Unsupervised Techniques for Effective Network Intrusion Detection in Hadoop , 2018 .

[2]  Chirag N. Modi,et al.  Virtualization layer security challenges and intrusion detection/prevention systems in cloud computing: a comprehensive review , 2017, The Journal of Supercomputing.

[3]  Bin Yang,et al.  Feature Selection Based on Modified Bat Algorithm , 2017, IEICE Trans. Inf. Syst..

[4]  Raouf Boutaba,et al.  Network virtualization: state of the art and research challenges , 2009, IEEE Communications Magazine.

[5]  Dinesh Singh,et al.  Collaborative IDS Framework for Cloud , 2016, Int. J. Netw. Secur..

[6]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[7]  R. Vijayanand,et al.  Intrusion detection system for wireless mesh network using multiple support vector machine classifiers with genetic-algorithm-based feature selection , 2018, Comput. Secur..

[8]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[9]  Muttukrishnan Rajarajan,et al.  A survey on security issues and solutions at different layers of Cloud computing , 2013, The Journal of Supercomputing.

[10]  Chaouki Khammassi,et al.  A GA-LR wrapper approach for feature selection in network intrusion detection , 2017, Comput. Secur..

[11]  Rajendra Patil,et al.  Protocol Specific Multi-Threaded Network Intrusion Detection System (PM-NIDS) for DoS/DDoS Attack Detection in Cloud , 2018, 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT).

[12]  Hossein Gharaee,et al.  A new feature selection IDS based on genetic algorithm and SVM , 2016, 2016 8th International Symposium on Telecommunications (IST).

[13]  Gavin Watson,et al.  A Comparison of Header and Deep Packet Features when Detecting Network Intrusions , 2018 .

[14]  Basabi Chakraborty,et al.  A new penalty-based wrapper fitness function for feature subset selection with evolutionary algorithms , 2018, J. Inf. Telecommun..

[15]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[16]  Xin-She Yang,et al.  A New Metaheuristic Bat-Inspired Algorithm , 2010, NICSO.

[17]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[18]  Xin-She Yang,et al.  Binary bat algorithm , 2013, Neural Computing and Applications.

[19]  V. Balamurugan,et al.  Enhanced intrusion detection and prevention system on cloud environment using hybrid classification and OTS generation , 2017, Cluster Computing.

[20]  Arafat Awajan,et al.  Experimental Evaluation of a Multi-layer Feed-Forward Artificial Neural Network Classifier for Network Intrusion Detection System , 2017, 2017 International Conference on New Trends in Computing Sciences (ICTCS).

[21]  Xin-She Yang,et al.  Bat algorithm: literature review and applications , 2013, Int. J. Bio Inspired Comput..

[22]  Rocco Aversa,et al.  Intrusion Detection in Cloud Computing , 2013, 2013 Eighth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[23]  Mohamed Rida,et al.  A Cooperative and Hybrid Network Intrusion Detection Framework in Cloud Computing Based on Snort and Optimized Back Propagation Neural Network , 2016, ANT/SEIT.

[24]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[25]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[26]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[27]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[28]  El-Sayed M. El-Alfy,et al.  A multiclass cascade of artificial neural network for network intrusion detection , 2017, J. Intell. Fuzzy Syst..

[29]  Vijay Varadharajan,et al.  Out-VM monitoring for Malicious Network Packet Detection in cloud , 2017, 2017 ISEA Asia Security and Privacy (ISEASP).

[30]  Huan Liu,et al.  Feature Selection for High-Dimensional Data: A Fast Correlation-Based Filter Solution , 2003, ICML.

[31]  Elena Sitnikova,et al.  Collaborative anomaly detection framework for handling big data of cloud computing , 2017, 2017 Military Communications and Information Systems Conference (MilCIS).

[32]  Mohsen Rezvani,et al.  Assessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing , 2018 .

[33]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[34]  C. A. Murthy,et al.  Unsupervised Feature Selection Using Feature Similarity , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[35]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[36]  Wei-Yin Loh,et al.  Classification and regression trees , 2011, WIREs Data Mining Knowl. Discov..

[37]  Valentin Sgarciu,et al.  Intelligent feature selection method rooted in Binary Bat Algorithm for intrusion detection , 2015, 2015 IEEE 10th Jubilee International Symposium on Applied Computational Intelligence and Informatics.

[38]  Chirag N. Modi,et al.  An enhanced intrusion detection framework for securing network layer of cloud computing , 2017, 2017 ISEA Asia Security and Privacy (ISEASP).

[39]  Seyed Mojtaba Hosseini Bamakan,et al.  Ramp loss K-Support Vector Classification-Regression; a robust and sparse multi-class approach to the intrusion detection problem , 2017, Knowl. Based Syst..

[40]  Aida Mustapha,et al.  Naive Bayes-Guided Bat Algorithm for Feature Selection , 2013, TheScientificWorldJournal.

[41]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[42]  Xin-She Yang,et al.  BBA: A Binary Bat Algorithm for Feature Selection , 2012, 2012 25th SIBGRAPI Conference on Graphics, Patterns and Images.

[43]  Hossein Nezamabadi-pour,et al.  BGSA: binary gravitational search algorithm , 2010, Natural Computing.