Enhanced intrusion detection and prevention system on cloud environment using hybrid classification and OTS generation

Cloud environment is an assembly of resources for furnishing on-demand services to cloud customers. Here access to cloud environment is via internet services in which data stored on cloud environment are easier to both internal and external intruders. To detect intruders, various intrusion detection systems and authentication systems was proposed in earlier researches which are primarily ineffective. Many existing researchers were concentrated on machine learning approaches for detecting intrusions using fuzzy clustering, artificial neural network, support vector machine, fuzzy with neural network and etc., which are not furnishing predominant results based on detection rate and false negative rates. Our proposed system directed on intrusion detection system and it uses cloudlet controller, trust authority and virtual machine management in cloud environment. We propose two novel algorithms such as (i) packet scrutinization algorithm which examines the packets from the users and (ii) hybrid classification model called “NK-RNN” which is a combination of normalized K-means clustering algorithm with recurrent neural network. For preventing the user from intruders, we propose a one time signature for cloud user in order to access the data on cloud environment. Our proposed classifier effectively detects the intruders which are experimentally proved by comparing with existing classification models. Thus our proposed results are expressed by packet loss ratio, average packet delay, throughput, detection rate, false positive rate and false negative rate.

[1]  Deep Medhi,et al.  SDNIPS: Enabling Software-Defined Networking based intrusion prevention system in clouds , 2014, 10th International Conference on Network and Service Management (CNSM) and Workshop.

[2]  Master Student,et al.  Cloud Computing Intelligent Management by Metaheuristic Algorithm of Intelligent Water Drop , 2016 .

[3]  Dong Seong Kim,et al.  Performance Analysis and Security Based on Intrusion Detection and Prevention Systems in Cloud Data Centers , 2016, HIS.

[4]  Peng-Yu Wang,et al.  Homomorphic Encryption Scheme Based on Elliptic Curve Cryptography for Privacy Protection of Cloud Computing , 2016, 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS).

[5]  B. B. Gupta,et al.  Enhanced CBF Packet Filtering Method to Detect DDoS Attack in Cloud Computing Environment , 2013, ArXiv.

[6]  Abbas Javed,et al.  Comparison of the Robustness of RNN, MPC and ANN Controller for Residential Heating System , 2014, 2014 IEEE Fourth International Conference on Big Data and Cloud Computing.

[7]  Mhamed Zineddine,et al.  Vulnerabilities and mitigation techniques toning in the cloud: A cost and vulnerabilities coverage optimization approach using Cuckoo search algorithm with Lévy flights , 2015, Comput. Secur..

[8]  Sajjad Haider,et al.  Security threats in cloud computing , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[9]  Hongjun Dai,et al.  A Trusted Architecture for Virtual Machines on Cloud Servers with Trusted Platform Module and Certificate Authority , 2017, J. Signal Process. Syst..

[10]  Bashar Nuseibeh,et al.  Adaptive evidence collection in the cloud using attack scenarios , 2016, Comput. Secur..

[11]  Sateesh K. Peddoju,et al.  HIDS: A host based intrusion detection system for cloud computing environment , 2014, International Journal of System Assurance Engineering and Management.

[12]  Yasir Mehmood,et al.  Intrusion Detection System in Cloud Computing: Challenges and opportunities , 2013, 2013 2nd National Conference on Information Assurance (NCIA).

[13]  Xiaowei Yang,et al.  PacketCloud : A Cloudlet-Based Open Platform for In-Network Services , 2015 .

[14]  Howon Kim,et al.  Applying Recurrent Neural Network to Intrusion Detection with Hessian Free Optimization , 2015, WISA.

[15]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..

[16]  Kim-Kwang Raymond Choo,et al.  Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework , 2016, J. Netw. Comput. Appl..

[17]  KeeganNathan,et al.  A survey of cloud-based network intrusion detection analysis , 2016 .

[18]  Sivakami Raja,et al.  An Efficient Fuzzy-Based Hybrid System to Cloud Intrusion Detection , 2016, International Journal of Fuzzy Systems.

[19]  Gamal A. Ebrahim,et al.  A Cloud Computing Security Framework Based on Cloud Security Trusted Authority , 2016, INFOS '16.

[20]  Khaled Labib Computer security and intrusion detection , 2004, CROS.

[21]  Dong Hyun Jeong,et al.  A survey of cloud-based network intrusion detection analysis , 2016, Human-centric Computing and Information Sciences.

[22]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[23]  William H. Allen,et al.  Proactive Approach for the Prevention of DDoS Attacks in Cloud Computing Environments , 2017 .

[24]  Marco Ramilli,et al.  Decentralized detection of network attacks through P2P data clustering of SNMP data , 2015, Comput. Secur..

[25]  Morteza Analoui,et al.  Effect of anti-malware software on infectious nodes in cloud environment , 2016, Comput. Secur..

[26]  Ganesh Kumar,et al.  Anomaly Detection System in Cloud Environment Using Fuzzy Clustering Based ANN , 2015, Mobile Networks and Applications.

[27]  Uttam Kumar,et al.  A Survey on Intrusion Detection Systems for Cloud Computing Environment , 2015 .

[28]  Kannapiran Balasubramanian,et al.  A Fusion of Multiagent Functionalities for Effective Intrusion Detection System , 2017, Secur. Commun. Networks.

[29]  Gunasekaran Manogaran,et al.  MetaCloudDataStorage Architecture for Big Data Security in Cloud Computing , 2016 .

[30]  Muthu Ramachandran Software security requirements management as an emerging cloud computing service , 2016, Int. J. Inf. Manag..

[31]  Mohammad Hammoudeh,et al.  Intrusion Detection and Countermeasure of Virtual Cloud Systems - State of the Art and Current Challenges , 2015 .

[32]  Abhilash Sonker,et al.  Rule-Based Network Intrusion Detection System for Port Scanning with Efficient Port Scan Detection Rules Using Snort , 2016 .

[33]  Narayan Ranjan Chakraborty,et al.  Generation and verification of digital signature with two factor authentication , 2016, 2016 International Workshop on Computational Intelligence (IWCI).

[34]  Hai Jin,et al.  A VMM-based intrusion prevention system in cloud computing environment , 2013, The Journal of Supercomputing.

[35]  Padam Kumar,et al.  Profile and Back Off Based Distributed NIDS in Cloud , 2017, Wirel. Pers. Commun..

[36]  Sven Dietrich,et al.  Detecting zero-day attacks using context-aware anomaly detection at the application-layer , 2017, International Journal of Information Security.

[37]  Jonathan Loo,et al.  A Specification-Based IDS for Detecting Attacks on RPL-Based Network Topology , 2016, Inf..

[38]  Nikita N Chintawar,et al.  Cloud Data Security Enhancing Using Elliptical Curve Cryptography , 2016 .