Intrusion Detection System in Cloud Computing: Challenges and opportunities

Cloud computing has been adopted very rapidly by organizations with different businesses and sizes, the use of cloud services is rising at an unparalleled rate these days especially IaaS services as cloud providers offer more powerful resources with flexible offerings and models. This rapid adoption opens new surface attacks to the organizations that attackers abuse with their malware to take advantage of these powerful resources and the valuable data that exist on them. Therefore for organizations to well defend against malware attacks they need to have full visibility not only on their data centers but also on their resources hosted on the cloud and don't take their security for granted. This paper discusses and aims to provide the best approaches to achieve continuous monitoring of malware attacks on the cloud along with their phases (before, during, and after) and the limitations of today's available techniques suggesting needed developments. Logging and forensics techniques have always been the cornerstone of achieving continuous monitoring and detection of malware attacks on-premises, this paper defines the best methods to bring loggings and forensics to the cloud and integrate them with on-premises visibility, thus achieving the full monitoring over the whole security posture of the organization assets whether they are on-premises or on the cloud.

show abstract

“…The cloud user is in charge of monitoring HIDS deployed on a VM, while the cloud provider is in charge of HIDS deployment on the cloud [42].…”

Section: ) Network-based Intrusion Detection Systems (Nids)mentioning

confidence: 99%

Detecting Malware Infection on Infrastructure Hosted in Iaas Cloud using Cloud Visibility and Forensics

Almadhoor¹,

El-Aziz²,

Hamdi³

2021

IJACSA

View full text Add to dashboard Cite

show abstract

“…2) Centralized: a command and control center in the cloud monitors the mobile devices. In-depth analyses are performed on powerful servers, taking advantage of their abundant computation power and memory capacity [6], [19]- [23]. 3) Distributed: the system is partly deployed on the mobile device and partly within the cloud.…”

Section: Related Workmentioning

confidence: 99%

HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android

et al. 2020

View full text Add to dashboard Cite

Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connection between monitored devices and the server, which might be infeasible, due to mobile network's outage or partial coverage. Second, it increases the risk of sensitive information leakage and the violation of user's privacy. To help alleviate these problems, in this paper, we develop a novel Host-based IDPS for Android (HIDROID), which runs completely on a mobile device, with a minimal computation burden. It collects data in run-time, by periodically sampling features reflecting the utilization of scarce resources on a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The detection engine exploits statistical and machine learning algorithms to build a data-driven model for the benign behavior. Any observation failing to match this model triggers an alert, and the preventive agent takes proper countermeasure(s) to minimize the risk. HIDROID requires no malicious data for training or tuning, which makes it handy for day-today usage. Experimental test results, on a real-life device, show that HIDROID is well able to learn and discriminate normal from malicious behavior, with very promising accuracy of up to 0.9, while maintaining false positive rate by 0.03. INDEX TERMS Android, security and privacy, intrusion detection and prevention system (IDPS), anomaly detection, malware detection, behavior analysis, machine learning, prototype development.

show abstract

“…IoT and Cloud Computing technologies to produce a large volume of traffic attack over 665 GB/s [8][9].…”

Section: Figure1 Cloud Computing Stackmentioning

confidence: 99%

A Hybrid Genetic-Neuro Algorithm for Cloud Intrusion Detection System

Nallamuthu¹

2020

J Comput Sci Intell Technol

View full text Add to dashboard Cite

The security for cloud network systems is essential and significant to secure the data source from intruders and attacks. Implementing an intrusion detection system (IDS) for securing from those intruders and attacks is the best option. Many IDS models are presently based on different techniques and algorithms like machine learning and deep learning. In this research, IDS for the cloud computing environment is proposed. Here in this model, the genetic algorithm (GA) and back propagation neural network (BPNN) is used for attack detection and classification. The Canadian Institute for Cyber-security CIC-IDS 2017 dataset is used for the evaluation of performance analysis. Initially, from the dataset, the data are preprocessed, and by using the genetic algorithm, the attack was detected. The detected attacks are classified using the BPNN classifier for identifying the types of attacks. The performance analysis was executed, and the results are obtained and compared with the existing machine learning-based classifiers like FC-ANN, NB-RF, KDBN, and FCM-SVM techniques. The proposed GA-BPNN model outperforms all these classifying techniques in every performance metric, like accuracy, precision, recall, and detection rate. Overall, from the performance analysis, the best classification accuracy is achieved for Web attack detection with 97.90%, and the best detection rate is achieved for Brute force attack detection with 97.89%.

show abstract

Intrusion Detection System in Cloud Computing: Challenges and opportunities

Cited by 49 publications

References 13 publications

Detecting Malware Infection on Infrastructure Hosted in Iaas Cloud using Cloud Visibility and Forensics

Detecting Malware Infection on Infrastructure Hosted in Iaas Cloud using Cloud Visibility and Forensics

HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android

A Hybrid Genetic-Neuro Algorithm for Cloud Intrusion Detection System

Contact Info

Product

Resources

About