A Design of Firewall Based on Feedback of Intrusion Detection System in Cloud Environment

Security is critical to cloud services, this paper introduces a design of firewall, which based on IDS's feedback t change rules in order to detect attack flexible. It combines firewall and Intrusion Detection Systems(IDS) by using Intrusion Detection Systems, which detects ICMP, TCP, UDP attacks. Usually, a cloud service is a service built on a virtual machine. The virtual device is virtualized to achieve the purpose of multiplexing. Therefore, if you want to implement cloud security detection, you can listen to the physical device's network card. There are two types of Intrusion Detection System, one is host- based intrusion detection system(HIDS) and another is network intrusion detection system(NIDS). What's more, in order to highlight the importance of the firewall, the IDS monitoring data is analyzed and added to the firewall's defense strategy automatically. Finally, we measure the effectiveness of the system by False Negative(FN) and False Positive(FP), and verify that feedback plays a crucial role in improving the effectiveness of the system, improving the efficiency of the entire system filtering attacks.

[1]  Rajasekhar Mungara,et al.  A Routing-Driven Elliptic Curve Cryptography based Key Management Scheme for Heterogeneous Sensor Networks , 2014 .

[2]  V. Rao Vemuri,et al.  Using Text Categorization Techniques for Intrusion Detection , 2002, USENIX Security Symposium.

[3]  Mohsen Guizani,et al.  An effective key management scheme for heterogeneous sensor networks , 2007, Ad Hoc Networks.

[4]  Khaled Salah,et al.  Accelerating snort NIDS using NetFPGA-based Bloom filter , 2014, 2014 International Wireless Communications and Mobile Computing Conference (IWCMC).

[5]  Marc Dacier,et al.  Intrusion Detection Using Variable-Length Audit Trail Patterns , 2000, Recent Advances in Intrusion Detection.

[6]  Majd Latah,et al.  An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks , 2018, CCF Transactions on Networking.

[7]  David A. Wagner,et al.  Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[8]  Xiaojiang Du,et al.  Internet Protocol Television (IPTV): The Killer Application for the Next-Generation Internet , 2007, IEEE Communications Magazine.

[9]  Mohsen Guizani,et al.  Transactions papers a routing-driven Elliptic Curve Cryptography based key management scheme for Heterogeneous Sensor Networks , 2009, IEEE Transactions on Wireless Communications.

[10]  Xiaojiang Du,et al.  A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows , 2016, 2016 IEEE International Conference on Communications (ICC).

[11]  Xiaojiang Du,et al.  Provably efficient algorithms for joint placement and allocation of virtual network functions , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[12]  Eugene H. Spafford,et al.  The design and implementation of tripwire: a file system integrity checker , 1994, CCS '94.

[13]  Yining Xie,et al.  Researh on Network Intrusion Prevention System Based on Snort , 2011, Proceedings of 2011 6th International Forum on Strategic Technology.