Automatic Reconfiguration of NIDSs in IaaS Clouds with SAIDS

Infrastructure as a Service (IaaS) clouds are very dynamic with at runtime frequent changes at different levels of the virtual infrastructure. For cloud tenants, this affects the ability of a security monitoring framework to successfully detect attacks. In this paper, we propose SAIDS, a self-adaptable intrusion detection system for IaaS clouds that is able to adapt its components based on dynamic events that occur in a cloud infrastructure. We implemented and experimentally evaluated SAIDS, and show that it is a scalable solution that successfully detects attacks even during the adaptation process while imposing negligible overhead to cloud operations and tenant applications.

[1]  Min Sik Kim,et al.  Rule Hashing for Efficient Packet Classification in Network Intrusion Detection , 2008, 2008 Proceedings of 17th International Conference on Computer Communications and Networks.

[2]  David Hutchison,et al.  Assessing the impact of intra-cloud live migration on anomaly detection , 2014, 2014 IEEE 3rd International Conference on Cloud Networking (CloudNet).

[3]  Rocco Aversa,et al.  Intrusion Detection in Cloud Computing , 2013, 2013 Eighth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[4]  Kenichi Kourai,et al.  Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted Clouds , 2016, 2016 IEEE 9th International Conference on Cloud Computing (CLOUD).

[5]  R. Sekar,et al.  Fast Packet Classification for Snort by Native Compilation of Rules , 2008, LISA.

[6]  Roberto Bifulco,et al.  Integrating a network IDS into an open source Cloud Computing environment , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[7]  A. Kivity,et al.  kvm : the Linux Virtual Machine Monitor , 2007 .

[8]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[9]  Hervé Debar,et al.  VESPA: multi-layered self-protection for cloud resources , 2012, ICAC '12.

[10]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[11]  Christine Morin,et al.  Towards Self Adaptable Security Monitoring in IaaS Clouds , 2015, 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[12]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[13]  Kailas Devadkar,et al.  Understanding DDoS Attack & its Effect in Cloud Environment , 2015 .