Cloud-Based Intrusion Detection and Response System: Open Research Issues, and Solutions

Mobile cloud computing (MCC) allows smart mobile devices (SMD) to access the cloud resources in order to offload data from smartphones and to acquire computational services for application processing. A distinctive factor in accessing cloud resources is the communication link. However, the communication links between SMD and cloud resources are weak, which allows intruders to perform malicious activities by exploiting their vulnerabilities. This makes security a key challenge in the MCC environment. Several intrusion detection and response systems (IDRSs) are adapted to address the exploitation of vulnerabilities that affect smartphones, communication links between cloud resources and smartphones, as well as cloud resources. In this article, we discuss the cloud-based IDRS in the context of SMD and cloud resources in the MCC infrastructure. The stringent security requirements are provided as open issues along with possible solutions. The article aims at providing motivations for researchers, academicians, security administrators, and cloud service providers to discover mechanisms, frameworks, standards, and protocols to address the challenges faced by cloud-based IDRS for SMD.

[1]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[2]  Celeste Biever,et al.  Phone viruses: how bad is it? , 2005 .

[3]  Abbass Asosheh,et al.  A comprehensive taxonomy of DDOS attacks and defense mechanism applying in a smart classification , 2008 .

[4]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, S&P 1997.

[5]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[6]  Rajkumar Buyya,et al.  A Review on Distributed Application Processing Frameworks in Smart Mobile Devices for Mobile Cloud Computing , 2013, IEEE Communications Surveys & Tutorials.

[7]  Peng Ning,et al.  Constructing attack scenarios through correlation of intrusion alerts , 2002, CCS '02.

[8]  Ravi Sankar,et al.  A Survey of Intrusion Detection Systems in Wireless Sensor Networks , 2014, IEEE Communications Surveys & Tutorials.

[9]  Hervé Debar,et al.  Correlation of Intrusion Symptoms: An Application of Chronicles , 2003, RAID.

[10]  Yuval Elovici,et al.  Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method , 2010, J. Syst. Softw..

[11]  Michael P. Howarth,et al.  Protection of MANETs from a range of attacks using an intrusion detection and prevention system , 2013, Telecommun. Syst..

[12]  J. Wenny Rahayu,et al.  Mobile cloud computing: A survey , 2013, Future Gener. Comput. Syst..

[13]  A. B. M. Shawkat Ali,et al.  A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing , 2012, Future Gener. Comput. Syst..

[14]  Christopher Krügel,et al.  Intrusion Detection and Correlation - Challenges and Solutions , 2004, Advances in Information Security.

[15]  Alfonso Valdes,et al.  Probabilistic Alert Correlation , 2001, Recent Advances in Intrusion Detection.

[16]  Michael P. Howarth,et al.  An intrusion detection & adaptive response mechanism for MANETs , 2014, Ad Hoc Networks.

[17]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[18]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[19]  Wenke Lee,et al.  Polymorphic Blending Attacks , 2006, USENIX Security Symposium.

[20]  Lam-For Kwok,et al.  Adaptive False Alarm Filter Using Machine Learning in Intrusion Detection , 2011 .

[21]  Zhi Wang,et al.  DKSM: Subverting Virtual Machine Introspection for Fun and Profit , 2010, 2010 29th IEEE Symposium on Reliable Distributed Systems.

[22]  Jason Flinn,et al.  Virtualized in-cloud security services for mobile devices , 2008, MobiVirt '08.

[23]  Felix C. Freiling,et al.  Towards an Intrusion Detection System in Wireless Sensor Networks , 2007 .

[24]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[25]  Stephanie Forrest,et al.  The Evolution of System-Call Monitoring , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[26]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[27]  Ali Ghorbani,et al.  Alert correlation survey: framework and techniques , 2006, PST.

[28]  Dennis G. Shea,et al.  Cloud Service Portal for Mobile Device Management , 2010, 2010 IEEE 7th International Conference on E-Business Engineering.

[29]  Tutut Herawan,et al.  Cloud Computing: Architecture for Efficient Provision of Services , 2012, 2012 15th International Conference on Network-Based Information Systems.

[30]  Fabrizio Baiardi,et al.  CIDS: A Framework for Intrusion Detection in Cloud Systems , 2012, 2012 Ninth International Conference on Information Technology - New Generations.

[31]  Giovanni Vigna,et al.  An experience developing an IDS stimulator for the black-box testing of network intrusion detection systems , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[32]  Kang G. Shin,et al.  Behavioral detection of malware on mobile handsets , 2008, MobiSys '08.

[33]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[34]  Julius Beneoluchi Odili,et al.  Response option for attacks detected by intrusion detection system , 2015, 2015 4th International Conference on Software Engineering and Computer Systems (ICSECS).

[35]  Zolkipli Mohamad Fadli,et al.  A Review Paper on Botnet and Botnet Detection Techniques in Cloud Computing , 2014 .

[36]  Walter D. Potter,et al.  LIDS: Learning Intrusion Detection System , 2003, FLAIRS.

[37]  Klaus Julisch,et al.  Clustering intrusion detection alarms to support root cause analysis , 2003, TSEC.

[38]  Mohamed Cheriet,et al.  Taxonomy of intrusion risk assessment and response system , 2014, Comput. Secur..

[39]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[40]  Thouraya Bouabana-Tebibel,et al.  Instantiated First Order Qualitative Choice Logic for an efficient handling of alerts correlation , 2015, Intell. Data Anal..

[41]  Sanjay P. Ahuja,et al.  Exploring the Convergence of Mobile Computing with Cloud Computing , 2012, Netw. Commun. Technol..

[42]  Wenke Lee,et al.  Statistical Causality Analysis of INFOSEC Alert Data , 2003, RAID.

[43]  Maria Papadaki,et al.  The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset , 2008, TrustBus.

[44]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..

[45]  C. N. Modi,et al.  Bayesian Classifier and Snort based network intrusion detection system in cloud computing , 2012, 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12).

[46]  Giovanni Vigna,et al.  Testing network-based intrusion detection signatures using mutant exploits , 2004, CCS '04.

[47]  Markus Miettinen,et al.  Host-Based Intrusion Detection for Advanced Mobile Devices , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[48]  Bon K. Sy Integrating intrusion alert information to aid forensic explanation: An analytical intrusion detection framework for distributive IDS , 2009, Inf. Fusion.

[49]  Fabio Roli,et al.  Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues , 2013, Inf. Sci..

[50]  Aamir Shahzad,et al.  Detecting flooding based DoS attack in cloud computing environment using covariance matrix approach , 2013, ICUIMC '13.

[51]  Michel Dagenais,et al.  Intrusion Response Systems: Survey and Taxonomy , 2012 .

[52]  Ling Huang,et al.  ANTIDOTE: understanding and defending against poisoning of anomaly detectors , 2009, IMC '09.

[53]  Jie Xu,et al.  A novel intrusion severity analysis approach for Clouds , 2013, Future Gener. Comput. Syst..

[54]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[55]  Samee Ullah Khan,et al.  Future Generation Computer Systems ( ) – Future Generation Computer Systems towards Secure Mobile Cloud Computing: a Survey , 2022 .

[56]  William H. Sanders,et al.  Secloud: A cloud-based comprehensive and lightweight security solution for smartphones , 2013, Comput. Secur..

[57]  Michael P. Howarth,et al.  Adaptive intrusion detection & prevention of denial of service attacks in MANETs , 2009, IWCMC.

[58]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[59]  Ainuddin Wahid Abdul Wahab,et al.  A review on feature selection in mobile malware detection , 2015, Digit. Investig..

[60]  E BalachandruduK Security Issues In Cloud Computing , 2012 .

[61]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[62]  Huaglory Tianfield Security issues in cloud computing , 2012, 2012 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[63]  Edson dos Santos Moreira,et al.  An adaptive intrusion detection system using neural networks , 1998 .

[64]  Giovanni Vigna,et al.  NetSTAT: A Network-based Intrusion Detection System , 1999, J. Comput. Secur..

[65]  Johnny S. Wong,et al.  A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[66]  Jun Xu,et al.  A Result Fusion based Distributed Anomaly Detection System for Android Smartphones , 2013, J. Networks.

[67]  Christopher Krügel,et al.  Alert Verification Determining the Success of Intrusion Attempts , 2004, DIMVA.

[68]  Songwu Lu,et al.  SmartSiren: virus detection and alert for smartphones , 2007, MobiSys '07.

[69]  Min-Woo Park,et al.  Multi-level Intrusion Detection System and log management in Cloud Computing , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[70]  Azzedine Boukerche,et al.  Behavior-Based Intrusion Detection in Mobile Phone Systems , 2002, J. Parallel Distributed Comput..

[71]  Sara Matzner,et al.  Analysis and Detection of Malicious Insiders , 2005 .

[72]  Fabio Roli,et al.  Alarm clustering for intrusion detection systems in computer networks , 2005, Eng. Appl. Artif. Intell..

[73]  Danco Davcev,et al.  Mobile Cloud Computing Environment as a Support for Mobile Learning , 2012, CLOUD 2012.

[74]  Nor Badrul Anuar,et al.  Intrusion response systems: Foundations, design, and challenges , 2016, J. Netw. Comput. Appl..

[75]  Chonho Lee,et al.  A survey of mobile cloud computing: architecture, applications, and approaches , 2013, Wirel. Commun. Mob. Comput..

[76]  Christopher Krügel,et al.  Using Alert Verification to Identify Successful Intrusion Attempts , 2004, Prax. Inf.verarb. Kommun..

[77]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[78]  J. Thangakumar,et al.  A cloud-based intrusion detection system for Android smartphones , 2012, 2012 International Conference on Radar, Communication and Computing (ICRCC).

[79]  Ragib Hasan,et al.  Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems , 2013, ArXiv.

[80]  George M. Mohay,et al.  IDS Interoperability and Correlation Using IDMEF and Commodity Systems , 2002, ICICS.

[81]  Fei Liu,et al.  Mitigating Cross-VM Side Channel Attack on Multiple Tenants Cloud Platform , 2014, J. Comput..

[82]  Aman Bakshi,et al.  Securing Cloud from DDOS Attacks Using Intrusion Detection System in Virtual Machine , 2010, 2010 Second International Conference on Communication Software and Networks.

[83]  Wei-Tek Tsai,et al.  Mobile Cloud Computing Research - Issues, Challenges and Needs , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.

[84]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[85]  Wouter Joosen,et al.  Improving Intrusion Detection through Alert Verification , 2006, WOSIS.

[86]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[87]  Yuval Elovici,et al.  Applying Behavioral Detection on Android-Based Devices , 2010, MOBILWARE.

[88]  Ehab Al-Shaer,et al.  Alert prioritization in Intrusion Detection Systems , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[89]  P. Coulton,et al.  Mobile phone vulnerabilities: a new generation of malware , 2004, IEEE International Symposium on Consumer Electronics, 2004.

[90]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[91]  Sadie Creese,et al.  Insider Attacks in Cloud Computing , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[92]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[93]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[94]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[95]  Eugene Marinelli,et al.  Hyrax: Cloud Computing on Mobile Devices using MapReduce , 2009 .

[96]  Roberto Bifulco,et al.  Integrating a network IDS into an open source Cloud Computing environment , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[97]  Lawrence B. Holder,et al.  Insider Threat Detection Using a Graph-Based Approach , 2010 .

[98]  Fan Zhang,et al.  Stealthy video capturer: a new video-based spyware in 3G smartphones , 2009, WiSec '09.

[99]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[100]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[101]  Hatem Hamad,et al.  Managing Intrusion Detection as a Service in Cloud Networks , 2012 .

[102]  Ainuddin Wahid Abdul Wahab,et al.  A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing , 2014, TheScientificWorldJournal.

[103]  Stephanie Forrest,et al.  Automated response using system-call delays , 2000 .

[104]  Yongji Wang,et al.  C2Detector: a covert channel detection framework in cloud computing , 2014, Secur. Commun. Networks.

[105]  Wenke Lee,et al.  Intrusion Detection Techniques for Mobile Wireless Networks , 2003, Wirel. Networks.

[106]  Saman A. Zonouz,et al.  A cloud-based intrusion detection and response system for mobile phones , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[107]  Arati Baliga,et al.  Rootkits on smart phones: attacks, implications and opportunities , 2010, HotMobile '10.

[108]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.