Abstract
In recent years, cloud computing has provided a framework for dynamic and saleable use of a wide range of services. Despite the advantages of cloud, security is still one of its most challenging issues. Intrusion detection systems, as a common security tool, can be used to increase the level of security in cloud environments. However, some of the inherent features of the cloud, such as being highly distributed, the variety and dynamism of its services, and difference security needs of each user or cloud service has made conventional IDSs inefficient for this environment. In this paper, an efficient architecture for intrusion detection has been proposed for cloud computing. For this purpose, we classify services, in terms of their security requirements, into groups of services with similar security constraints. This way the intrusion detection process can be customized according to the specific attacks that usually target the services of each group. The proposed architecture has been evaluated using Snort and by customizing it for each cloud service security requirement. Simulations indicate that the proposed architecture has been able to decrease the total time of traffic analysis against attacks by 17.5 % on average, while having the same detection rate and not losing the accuracy.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Time to live.
References
TOP 10 PREDICTIONS, IDC Predictions 2013: Competing on the 3rd Platform. http://www.idc.com/research/Predictions13/downloadable/238044.pdf
Tanzim Khorshed, Md., Shawkat Ali, A.B.M., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28(6), 833–851 (2012)
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)
Lee, J.-H., Park, M.-W., Chung, T.-M.: Multi-level intrusion detection system and log management in cloud computing. In: 13th Interntional Conference on Advanced Communication Technology (ICACT), Seoul, pp. 552–555 (2011)
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in Cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)
Chebrolu, S., Abraham, A., Thomas, J.P.: Feature deduction and ensemble design of intrusion detection systems. Comput. Secur. 24(4), 295–300 (2005)
Lo, C.-C., Huang, C.-C., Ku, J.:A cooperative intrusion detection system framework for cloud computing networks. In: 39th International Conference on Parallel Processing Workshops (ICPPW), San Diego, vol. 39, pp. 280–284 (2010)
Roschke, S., Cheng, F., Meinel, C.: Intrusion detection in the cloud. In: 8th IEEE International Conference on Dependable, Autonomic and Secure Computing, Chengdu, pp. 729–735 (2009)
Tsamardinos, I., Aliferis, C.F., Statnikov, A.: Time and sample efficient discovery of Markov blankets and direct causal relations. In: 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 673–678 (2003)
Sander, V., Shenai, S.: Economic denial of sustainability (edos) in cloud services using http and xml based ddos attacks. Int. J. Comput. Appl. 41(20), 11–16 (2012)
Nguyen, H.H., Harbi, N., Darmont, J.: An efficient local region and clustering-based ensemble system for intrusion detection. In: 15th Symposium on International Database Engineering & Applications, pp. 185–191 (2011)
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53, 50–58 (2010)
Snort-Homepage. https://www.snort.org/
Darpa 99 Intrusion detection data set. http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/1999data.html
National Institute of Standards and technology (NIST), Computer Security Devision, Special Publications Series (800 Series). http://csrc.nist.gov/publications/PubsSPs.html
Stoneburner, G.: Underlying Technical Models for Information Technology Security. Technical Report. NIST SP 800-33, United States (2001)
Greene, S.: Security Policies and Procedures: Principles and Practice. Prentice-Hall Inc., Upper Saddle River (2005)
Fisk, M., Varghese, G.: Fast Content-Based Packet Handling for Intrusion Detection. Technical report, University of California at San Diego (2001)
Yoshioka, A., Shaikot, S.H., Kim, M.S.: Rule hashing for efficient packet classification in network intrusion detection. In: 17th International Conference on Computer Communications and Networks (ICCCN), US Virgin Island, pp.1–6 (2008)
Meenakshi, R.M., Saravanan, E.: A data mining analysis and approach with intrusion detection/prevention with real traffic. In: IJCA Proceedings on EGovernance and Cloud Computing Services, EGOV(4), pp. 13–17 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Ghorbani, H.R., Hashemi, M.R. (2014). An Improved Distributed Intrusion Detection Architecture for Cloud Computing. In: Jahangir, A., Movaghar, A., Asadi, H. (eds) Computer Networks and Distributed Systems. CNDS 2013. Communications in Computer and Information Science, vol 428. Springer, Cham. https://doi.org/10.1007/978-3-319-10903-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-10903-9_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10902-2
Online ISBN: 978-3-319-10903-9
eBook Packages: Computer ScienceComputer Science (R0)