mOSAIC-Based Intrusion Detection Framework for Cloud Computing

  • Massimo Ficco
  • Salvatore Venticinque
  • Beniamino Di Martino
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7566)


In recent years, with the growing popularity of Cloud Computing, security in Cloud has become an important issue. Cloud Computing paradigm represents an opportunity for users to reduce costs and increase efficiency providing an alternative way of using services. It represents both a technology for using computing infrastructures in a more efficient way and a business model for selling computing resources. The possibility of dynamically acquire and use resources and services on the base of a pay-per-use model, implies incredible flexibility in terms of management, which is otherwise often hard to address. On the other hand, because of this flexibility, Denial of Service attacks represent a serious danger, which can compromise performance and availability of services provided to final users. In this paper, a mOSAIC-based framework for providing distributed intrusion detection in Cloud Computing is proposed. It is an architectural framework that collects information at different Cloud architectural levels, using multiple security components, which are dynamically deployed as a distributed architecture. The proposed solution allows to monitor different attack symptoms on different Cloud architectural levels, which can be used to perform complex event correlation and diagnosis analysis of intrusion in the Cloud system.


Cloud security distributed intrusion detection monitoring mobile agents 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Westphall, C.B., Lamin, F.R.: SLA Perspective in Security Management for Cloud Computing. In: Proc. of the Int. Conf. on Networking and Services (ICNS), pp. 212–217 (2010)Google Scholar
  2. 2.
    Ficco, M., Rak, M.: Intrusion Tolerance of Stealth DoS Attacks to Web Services. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 579–584. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    Kossmann, D., Loesing, S.: An evaluation of alternative architectures for transaction processing in the cloud. In: Proc. of the Int. Conf. on Manag. of Data (2010)Google Scholar
  4. 4.
    Emeakaroha, V.C., Maurer, M., Dustdar, S., Acs, S., Kertesz, A., Kecskemeti, G.: LAYSI: A Layered Approach for SLA-Violation Propagation in Self-manageble Cloud Infrastructures. In: Proc. of the IEEE 34th Conf. on Computer Software and Applications, pp. 365–370 (November 2010)Google Scholar
  5. 5.
    Ostermann, S., Iosup, A., Yigitbasi, N., Prodan, R., Fahringer, T., Epema, D.: An Early Performance Analysis of Cloud Computing Services for Scientific Computing. TU Delft/PDS Technical Report PDS-2008-12 (December 2008)Google Scholar
  6. 6.
    Barbosa, P.R., Righi, R.R., Kreutz, D.L.: Defining Metrics to Sec-SLA Agreements in Conformance to International Security Standards. In: Proc. of the 23rd Latin American Informatics Conference, pp. 36–47 (2007)Google Scholar
  7. 7.
    Righi, R.R., Pelissari, F.R., Westphall, C.B.: Sec-SLA: Specification and Validation of Metrics to Security Service Level Agreements. In: Proc. of the Computer System Security Workshop, pp. 199–210 (2004)Google Scholar
  8. 8.
    Ficco, M., Romano, L.: A Generic Intrusion Detection and Diagnoser System Based on Complex Event Processing. In: Proc. of the 1st International Conference on Data Compression, Communications and Processing, pp. 275–284. IEEE CS Press (June 2011)Google Scholar
  9. 9.
    Gul, I., Hussain, M.: Distributed Cloud Intrusion Detection Model. Int. Journal of Advanced Science and Technology 34, 71–82 (2011)Google Scholar
  10. 10.
    mOSAIC Project, mOSAIC: Open source API and platform for multiple Clouds (May 2012),
  11. 11.
    Amazon Elastic Compute Cloud (Amazon EC2), Amazon (April 2012),
  12. 12.
    Windows Azure Platform, Microsoft Corporation (April 2012),
  13. 13.
    Google App. Engine, Google (April 2012),
  14. 14.
    Curry, D., Debar, H.: Intrusion Detection Message Exchange Format: Extensible Markup Language (XML) Document Type Definition, draft-ietf-idwg-idmef-xml-10.txt (January 2003)Google Scholar
  15. 15.
    Ramgovind, S., Eloff, M., Smith, E.: The Management of Security in Cloud Computing. In: Proc. of the Int. Conf. on Information Security for South Africa (2010)Google Scholar
  16. 16.
    Schulter, K.: Intrusion Detection for Grid and Cloud Computing. IEEE IT Professional Journal (July 2010)Google Scholar
  17. 17.
    Bhadauria, R., Chaki, R., Chaki, N., Sanyal, S.: A Survey on Security Issues in Cloud Computing (September 2011),
  18. 18.
    Palmieri, F., Pardi, S.: Towards a federated Metropolitan Area Grid environment: The SCoPE network-aware infrastructure. Future Generation Computer Systems 26(8), 1241–1256 (2010)CrossRefGoogle Scholar
  19. 19.
    Zhang, R., Xie, W., Qian, W., Zhou, A.: Security and Privacy in Cloud Computing: A Survey. In: Proc. of the the 6th Int. Conf. on Semantics Knowledge and Grid, pp. 105–112 (November 2010)Google Scholar
  20. 20.
    Cheng, F., Meinel, C.: Intrusion Detection in the Cloud. In: Proc. of the IEEE Int. Conf. on Dependable, Autonomic and Secure Computing, pp. 729–734 (December 2009)Google Scholar
  21. 21.
    Lo, C.-C., Huang, C.-C., Ku, J.: A Cooperative Intrusion Detection System Framework for Cloud Computing Networks. In: Proc. of the 39th Int. Conf. on Parallel Processing, pp. 280–284. IEEE CS Press (September 2010)Google Scholar
  22. 22.
    Park, M.-W., Eom, J.-H.: Multi-level Intrusion Detection System and Log Management in Cloud Computin. In: Proc. of the 13th Int. Conf. on Advanced Communication Technology, pp. 552–555. IEEE CS Press (February 2011)Google Scholar
  23. 23.
    Ficco, M., Rak, M.: Intrusion Tolerance as a Service: A SLA-Based Solution. In: Proc. of the 2nd Int. Conf. on Cloud Computing and Services Science. IEEE CS Press (April 2012)Google Scholar
  24. 24.
    Ficco, M., Rak, M.: Intrusion Tolerance in Cloud Applications: the mOSAIC Approach. In: Proc. of the 6th Int. Conf. on Complex, Intelligent, and Software Intensive Systems (2012)Google Scholar
  25. 25.
    Amqp - Advanced message queuing protocol (April 2012),
  26. 26.
    Amazon Web Services LLC - Amazon simple queue service (amazon sqs) (April 14, 2012),
  27. 27.
    Rak, M., Venticinque, S., Mhr, T., Echevarria, G., Esnal, G.: Cloud application monitoring: The mosaic approach. In: Proc. of the IEEE Int. Conf. on Cloud Computing Technology and Science, pp. 758–763 (2011)Google Scholar
  28. 28.
    mOSAIC Consortium. mOSAIC source repository (April 14, 2012),
  29. 29.
    Prelude, an Hybrid Intrusion Detection System (February-April 2012),

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Massimo Ficco
    • 1
  • Salvatore Venticinque
    • 1
  • Beniamino Di Martino
    • 1
  1. 1.Department of Information EngineeringSecond University of Naples (SUN)AversaItaly

Personalised recommendations