A Network-Based Intrusion Detection System

This chapter reports a network-based IDS for the Cloud scenario. The IDS is implemented and analysed for the DDoS attack. The particular choice is due to the vulnerability of the DDoS attack in the Cloud paradigm.

[1]  Cheng Jin,et al.  Defense Against Spoofed IP Traffic Using Hop-Count Filtering , 2007, IEEE/ACM Transactions on Networking.

[2]  Jennifer L. Welch,et al.  An asynchronous leader election algorithm for dynamic networks , 2009, 2009 IEEE International Symposium on Parallel & Distributed Processing.

[3]  Xiuli Wang,et al.  Mitigation of DDoS Attacks through Pushback and Resource Regulation , 2008, 2008 International Conference on MultiMedia and Information Technology.

[4]  Eduardo B. Fernández,et al.  An analysis of security issues for cloud computing , 2013, Journal of Internet Services and Applications.

[5]  Eric Y. Chen,et al.  Active shaping: a countermeasure against DDoS attacks , 2002, 2nd European Conference on Universal Multiservice Networks. ECUMN'2001 (Cat. No.02EX563).

[6]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[7]  Tong Guo,et al.  Distributed Denial of Service Attacks Detection Method Based on Conditional Random Fields , 2013, J. Networks.

[8]  C.C. Zou,et al.  Adaptive Defense Against Various Network Attacks , 2005, IEEE Journal on Selected Areas in Communications.

[9]  S. K. Peddoju,et al.  A statistical and distributed packet filter against DDoS attacks in Cloud environment , 2018 .

[10]  S. Liu,et al.  On the defense of the distributed denial of service attacks: an on-off feedback control approach , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[11]  H. Jonathan Chao,et al.  A Principal Components Analysis-Based Robust DDoS Defense System , 2008, 2008 IEEE International Conference on Communications.

[12]  Jung-Min Park,et al.  A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks , 2007, IEEE Transactions on Parallel and Distributed Systems.

[13]  Hassan Aljifri,et al.  IP Traceback: A New Denial-of-Service Deterrent? , 2003, IEEE Secur. Priv..

[14]  Dawn Xiaodong Song,et al.  StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense , 2006, IEEE Journal on Selected Areas in Communications.

[15]  Yuyu Chou,et al.  Risk Assessment for Cloud-Based IT Systems , 2011, Int. J. Grid High Perform. Comput..

[16]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[17]  Daan Broeder,et al.  A data infrastructure reference model with applications: towards realization of a ScienceTube vision with a data replication service , 2013, Journal of Internet Services and Applications.

[18]  Lori M. Kaufman,et al.  Data Security in the World of Cloud Computing , 2009, IEEE Security & Privacy.

[19]  Gopinath Ganapathy,et al.  A multilevel thrust filtration defending mechanism against DDoS attacks in cloud computing environment , 2014, Int. J. Grid Util. Comput..

[20]  Mun Choon Chan,et al.  On the effectiveness of DDoS attacks on statistical filtering , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[21]  Minyi Guo,et al.  A Feasible IP Traceback Framework through Dynamic Deterministic Packet Marking , 2016, IEEE Transactions on Computers.

[22]  H. Jonathan Chao,et al.  RateGuard: A Robust Distributed Denial of Service (DDoS) Defense System , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[23]  Kai Hwang,et al.  Collaborative Detection of DDoS Attacks over Multiple Network Domains , 2007, IEEE Transactions on Parallel and Distributed Systems.

[24]  Tao Zhang,et al.  Defense of DDoS attack for cloud computing , 2012, 2012 IEEE International Conference on Computer Science and Automation Engineering (CSAE).

[25]  Kai Hwang,et al.  MAFIC: adaptive packet dropping for cutting malicious flows to push back DDoS attacks , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[26]  Jun Xu,et al.  Sustaining Availability of Web Services under Distributed Denial of Service Attacks , 2003, IEEE Trans. Computers.

[27]  Wanlei Zhou,et al.  Information theory based detection against network behavior mimicking DDoS attacks , 2008, IEEE Communications Letters.

[28]  Daniel Mellado,et al.  Security Analysis in the Migration to Cloud Environments , 2012, Future Internet.

[29]  Peter Mell,et al.  Intrusion Detection Systems , 2001 .

[30]  Syed M. Rahman,et al.  An Overview of the Security Concerns in Enterprise Cloud Computing , 2011, ArXiv.

[31]  Shui Yu,et al.  CBF: A Packet Filtering Method for DDoS Attack Defense in Cloud Environment , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.