Intrusion Detection Systems in Cloud Computing: A Contemporary Review of Techniques and Solutions

Rapid growth of resources and escalating cost of infrastructure is leading organizations to adopt cloud computing. Cloud computing provides high performance, efficient utilization, and on-demand availability of resources. However, the cloud environment is vulnerable to different kinds of intrusion attacks which involve installing malicious software and creating backdoors. In a cloud environment, where businesses have hosted important and critical data, the security of underlying technologies becomes crucial. To mitigate the threat to cloud environments, Intrusion Detection Systems (IDS) are a layer of defense. The aim of this survey paper is to review IDS techniques proposed for the cloud. To achieve this objective, the first step is defining the limitations and unique characteristics of each technique. The second step is establishing the criteria to evaluate IDS architectures. In this paper, the criteria used is derived from basic characteristics of cloud. Next step is a comparative analysis of various existing intrusion detection techniques against the criteria. The last step is on the discussion of drawbacks and open issues, comprehended from the evaluation, due to which implementation of IDS in cloud environment face hurdles.

[1]  Shashikala Tapaswi,et al.  Virtual machine introspection: towards bridging the semantic gap , 2014, Journal of Cloud Computing.

[3]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[4]  R. Chitra,et al.  Securing cloud from ddos attacks using intrusion detection system in virtual machine , 2013 .

[5]  Roberto Bifulco,et al.  Integrating a network IDS into an open source Cloud Computing environment , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[6]  S. Vogl Secure Hypervisors , 2009 .

[7]  Min-Woo Park,et al.  Multi-level Intrusion Detection System and log management in Cloud Computing , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[8]  Jennifer Rexford,et al.  NoHype: virtualized cloud infrastructure without the virtualization , 2010, ISCA.

[9]  Wenke Lee,et al.  Secure and Flexible Monitoring of Virtual Machines , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[10]  Zhi Wang,et al.  DKSM: Subverting Virtual Machine Introspection for Fun and Profit , 2010, 2010 29th IEEE Symposium on Reliable Distributed Systems.

[11]  Stephen Taylor,et al.  A survey on securing the virtual cloud , 2013, Journal of Cloud Computing: Advances, Systems and Applications.

[12]  O. K. Sahingoz,et al.  Attack Types and Intrusion Detection Systems in Cloud Computing , .

[13]  Yogita A. More,et al.  Intrusion Detection System for Cloud Computing , 2014 .

[14]  Xuxian Jiang,et al.  Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction , 2007, CCS '07.

[15]  Carlos Maziero,et al.  Intrusion detection in virtual machine environments , 2004 .

[16]  Yasir Mehmood,et al.  Intrusion Detection System in Cloud Computing: Challenges and opportunities , 2013, 2013 2nd National Conference on Information Assurance (NCIA).

[17]  Ajith Abraham,et al.  A Profile Based Network Intrusion Detection and Prevention System for Securing Cloud Environment , 2013, Int. J. Distributed Sens. Networks.

[18]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[19]  Mohammad Hammoudeh,et al.  Intrusion Detection and Countermeasure of Virtual Cloud Systems - State of the Art and Current Challenges , 2015 .

[20]  Weiqing Sun,et al.  Collabra: A Xen Hypervisor Based Collaborative Intrusion Detection System , 2011, 2011 Eighth International Conference on Information Technology: New Generations.

[21]  Aman Bakshi,et al.  Securing Cloud from DDOS Attacks Using Intrusion Detection System in Virtual Machine , 2010, 2010 Second International Conference on Communication Software and Networks.

[22]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[23]  Athanasios V. Vasilakos,et al.  Security in cloud computing: Opportunities and challenges , 2015, Inf. Sci..

[24]  Jie He,et al.  3D-IDS: IaaS User-oriented Intrusion Detection System , 2012, 2012 Fourth International Symposium on Information Science and Engineering.

[25]  Stephen D. Wolthusen,et al.  Anomaly Detection for Ephemeral Cloud IaaS Virtual Machines , 2013, NSS.

[26]  Ahmed Patel,et al.  Autonomic Agent-Based Self-Managed Intrusion Detection and Prevention System , 2010, SAISMC.

[27]  Nalaka Arjuna Premathilaka,et al.  Review on state of art intrusion detection systems designed for the cloud computing paradigm , 2013, 2013 47th International Carnahan Conference on Security Technology (ICCST).

[28]  Eddy Caron,et al.  Smart Resource Allocation to Improve Cloud Security , 2014 .

[29]  Sudhir N. Dhage,et al.  Intrusion detection system in cloud computing environment , 2011, ICWET.

[30]  Kamalrulnizam Abu Bakar,et al.  Distributed Intrusion Detection in Clouds Using Mobile Agents , 2009, 2009 Third International Conference on Advanced Engineering Computing and Applications in Sciences.

[31]  Fabrizio Baiardi,et al.  CIDD: A Cloud Intrusion Detection Dataset for Cloud Computing and Masquerade Attacks , 2012, 2012 Ninth International Conference on Information Technology - New Generations.

[32]  Vijay Varadharajan,et al.  Intrusion detection techniques for virtual domains , 2012, 2012 19th International Conference on High Performance Computing.

[33]  Stefan Axelsson Research in Intrusion-Detection Systems: A Survey , 1998 .

[34]  Chi-Chun Lo,et al.  A Cooperative Intrusion Detection System Framework for Cloud Computing Networks , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[35]  Andrea C. Arpaci-Dusseau,et al.  VMM-based hidden process detection and identification using Lycosid , 2008, VEE '08.

[36]  Stefan Axelsson,et al.  The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.

[37]  Vamsi Popuri Intrusion detection for grid and cloud computing , 2011 .

[38]  Jonathon T. Giffin,et al.  2011 IEEE Symposium on Security and Privacy Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection , 2022 .

[39]  John E. Gaffney,et al.  Evaluation of intrusion detectors: a decision theory approach , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[40]  Christoph Meinel,et al.  An Extensible and Virtualization-Compatible IDS Management Architecture , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[41]  J. Dale Prince,et al.  Introduction to Cloud Computing , 2011 .

[42]  Wenke Lee,et al.  Lares: An Architecture for Secure Active Monitoring Using Virtualization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[43]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..

[44]  Zhi Wang,et al.  HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity , 2010, 2010 IEEE Symposium on Security and Privacy.

[45]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[46]  Wasim A. Al-Hamdani,et al.  Who can you trust in the cloud?: a review of security issues within cloud computing , 2011, InfoSecCD.

[47]  Khaled Salah,et al.  EDoS-Shield - A Two-Steps Mitigation Technique against EDoS Attacks in Cloud Computing , 2011, 2011 Fourth IEEE International Conference on Utility and Cloud Computing.

[48]  José A. B. Fortes,et al.  Cloud Computing Security: What Changes with Software-Defined Networking? , 2014, Secure Cloud Computing.

[49]  Mostapha Zbakh,et al.  A multi-criteria analysis of intrusion detection architectures in cloud environments , 2015, 2015 International Conference on Cloud Technologies and Applications (CloudTech).

[50]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[51]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[52]  Naveed Ahmad,et al.  Survey on secure live virtual machine (VM) migration in Cloud , 2013, 2013 2nd National Conference on Information Assurance (NCIA).

[53]  Christopher Krügel,et al.  Stateful intrusion detection for high-speed network's , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[54]  Kevin Borders,et al.  Virtual Machine Security Systems , 2006 .

[55]  Rebecca Gurley Bace,et al.  Intrusion Detection , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[56]  Mohamed Almorsy,et al.  CloudSec: A security monitoring appliance for Virtual Machines in the IaaS cloud model , 2011, 2011 5th International Conference on Network and System Security.

[57]  Salvatore J. Stolfo,et al.  Cost-based modeling for fraud and intrusion detection: results from the JAM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[58]  Mohammad Zulkernine,et al.  DIDMA: a distributed intrusion detection system using mobile agents , 2005, Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Network.