CCIPS: A Cooperative Intrusion Detection and Prevention Framework for Cloud Services

With the recent emergence and rapid advancement of cloud computing infrastructure and services, outsourcing Information Technology (IT) and digital services to Cloud Providers (CPs) has become attractive. This will allow for a reduction in IT resources (hardware, software, services, support, and staffing), and provide flexibility and agility in resource allocation, data and resource delivery, fault-tolerance, and scalability. However, the majority of cloud service providers tailor their services to address functionality (such as availability, speed, and utilization) and design requirements (such as integration), rather than protection against cyber-attacks and associated security issues. This paper considers the detection and prevention of security attacks against cloud computing systems. A proactive Cooperative Cloud Intrusion Prevention System (CCIPS) framework is proposed to detect and prevent known and zero-day threats targeting cloud computing networks. This framework provides enhanced threat detection and prevention via behavioral and anomaly data analysis. A multi-layer approach to security is employed to provide a cooperative model cloud which has both high performance and high availability.

[1]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[2]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[3]  Shigeru Chiba,et al.  HyperSpector: virtual distributed monitoring environments for secure intrusion detection , 2005, VEE '05.

[4]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[5]  Lori M. Kaufman Data Security in the World of Cloud Computing , 2009, IEEE Security and Privacy.

[6]  Deris Stiawan,et al.  The trends of Intrusion Prevention System network , 2010, 2010 2nd International Conference on Education Technology and Computer.

[7]  Carlos Becker Westphall,et al.  SLA Perspective in Security Management for Cloud Computing , 2010, 2010 Sixth International Conference on Networking and Services.

[8]  Hassan Takabi,et al.  DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments , 2011, 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[9]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[10]  Hai Jin,et al.  A VMM-based intrusion prevention system in cloud computing environment , 2013, The Journal of Supercomputing.

[11]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[12]  Farzad Sabahi,et al.  Cloud computing security threats and responses , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[13]  Emmanuel Aroms,et al.  NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems , 2012 .

[14]  Nur Izura Udzir,et al.  A Cloud-based Intrusion Detection Service framework , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[15]  Eduardo B. Fernández,et al.  An analysis of security issues for cloud computing , 2013, Journal of Internet Services and Applications.

[16]  Kahina Lazri,et al.  Engineering Intrusion Prevention Services for IaaS Clouds: The Way of the Hypervisor , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.