Designing Network Intrusion and Detection System using signature-based method for protecting OpenStack private cloud

Santoso, Berkah I.; Idrus, M. Rien Suryatama; Gunawan, Irwan Prasetya

doi:10.1109/inaes.2016.7821908

Cited by 25 publications

(8 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…4. Signatures are a series of system calls made in certain orders, and duplicates are removed to identify specific executables [26]. This procedure is repeated for malware and benign traces, and subsequently, on receipt of all malware signatures, they are sorted by their frequency of appearances.…”

Section: Malware Detection Using Signature-based Approachmentioning

confidence: 99%

Randomized MILP framework for Securing Virtual Machines from Malware Attacks

Mangalagowri¹,

Venkataraman²

2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

Cloud computing involves remote server deployments with public network infrastructures that allow clients to access computational resources. Virtual Machines (VMs) are supplied on requests and launched without interactions from service providers. Intruders can target these servers and establish malicious connections on VMs for carrying out attacks on other clustered VMs. The existing system has issues with execution time and false-positive rates. Hence, the overall system performance is degraded considerably. The proposed approach is designed to eliminate Cross-VM side attacks and VM escape and hide the server's position so that the opponent cannot track the target server beyond a certain point. Every request is passed from source to destination via one broadcast domain to confuse the opponent and avoid them from tracking the server's position. Allocation of SECURITY Resources accepts a safety game in a simple format as input and finds the best coverage vector for the opponent using a Stackelberg Equilibrium (SSE) technique. A Mixed Integer Linear Programming (MILP) framework is used in the algorithm. The VM challenge is reduced by a firewall-based controlling mechanism combining behavior-based detection and signature-based virus detection. The proposed method is focused on detecting malware attacks effectively and providing better security for the VMs. Finally, the experimental results indicate that the proposed security method is efficient. It consumes minimum execution time, better false positive rate, accuracy, and memory usage than the conventional approach.

show abstract

Section: Malware Detection Using Signature-based Approachmentioning

confidence: 99%

Randomized MILP framework for Securing Virtual Machines from Malware Attacks

Mangalagowri¹,

Venkataraman²

2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

show abstract

“…The working process on the rules, which can be written in any language, so that the rules can be read and modified easily [11]. The solution developed by signature-based IDS is used to find the sequences and patterns that match a particular attack signature, usually employed to scan the system files for any malicious activity [18]. A Hybrid IDS is a combined one that is derived from more than one kind of IDS.…”

Section: Signature Based Intrusion Detection Systemmentioning

confidence: 99%

Securing Cloud Using Intrusion Detection Systems: A Review

Eepari

Raju

Sai

et al. 2023

Advances in Transdisciplinary Engineering

View full text Add to dashboard Cite

Cloud computing consists of technologies like distributed computing, grid computing, virtualization, utility computing, network computing, and the web. There are several threats in the cloud, such as man-in-the-middle attacks, port scans, DoS/DDoS attacks, IP spoofing, and phishing. One of the most serious threats today is denial-of-service attacks, because they affect the availability of critical resources. The primary goal of this paper is to analyze the intrusion detection systems (IDSs) that can identify intrusion attempts in distributed systems as well as virtualized environments. This paper discusses various types of systems such as anomaly, signature, hybrid, hierarchical, and collaborative IDS. The systems are studied and the various methodologies, tools, datasets, operating layers, and accuracies of the IDS are compared and contrasted.

show abstract

“…Depending on the detection method, the NID systems can be largely categorized into signature-based and behavior-based NID systems [33]. The signature-based NID system [34] aims to detect malicious network activities by examining specific patterns in network traffic. Despite their popularity, this method tends to be insufficient for detecting unknown attacks for which patterns have not been analyzed.…”

Section: Related Workmentioning

confidence: 99%

Hunt for Unseen Intrusion: Multi-Head Self-Attention Neural Detector

et al. 2021

View full text Add to dashboard Cite

A network intrusion detection (NID) system plays a critical role in cybersecurity. However, the existing machine learning-based NID research has a vital issue that their experimental settings do not reflect real-world situations where unknown attacks are constantly emerging. In particular, their train and test sets are from a single data set, which inevitably overestimates the detection power since all test attack types are known in training, and test cases will have similar characteristics to the training data. This paper introduces a new strategy to constitute test data with updated traffic with attack types not included in training data. In the proposed setting, the prediction accuracy of the existing detectors is dropped by about 20% compared to what has been reported. Also, in-depth analysis of detection performance by attack types has revealed that the existing models have strength at certain attack types but struggle to detect the other attack types such as DoS, DDoS, web attack, and port scan. To overcome the issues, we propose a new neural detector, called MHSA, based on a multi-head self-attention mechanism whose architecture suits better to capture scattered pieces of evidence in network traffic. Our model improved the overall detection performance by 29% in false positive rate at the true positive rate of 0.9 and by 9% in AUC over the current state-of-the-art models, successfully detecting the attacks that are not well captured before. Furthermore, we show that our proposed MHSA model even outperforms the best ensemble detector constructed by joining the state-of-the-art classifiers.

show abstract

Designing Network Intrusion and Detection System using signature-based method for protecting OpenStack private cloud

Cited by 25 publications

References 5 publications

Randomized MILP framework for Securing Virtual Machines from Malware Attacks

Randomized MILP framework for Securing Virtual Machines from Malware Attacks

Securing Cloud Using Intrusion Detection Systems: A Review

Hunt for Unseen Intrusion: Multi-Head Self-Attention Neural Detector

Contact Info

Product

Resources

About