Intrusion Detection System with Snort in Cloud Computing: Advanced IDS

Mishra, Vikas Kumar; Vijay, Vinay Kumar; Tazi, Satyanaryan

doi:10.1007/978-981-10-0129-1_48

Cited by 10 publications

(9 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Snort comprises five logical components that determine and classify potential malicious attacks or any undesired threat against computer systems and networks ( Ali et al., 2018 ). Finally, interested readers can refer to the following references for the details of the Snort components ( Essid, Jemili & Korbaa, 2021 ; Mishra, Vijay & Tazi, 2016 ; Shah & Issac, 2018 ).…”

Section: Essential Conceptsmentioning

confidence: 99%

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Jaw

Wang

2022

PeerJ Computer Science

View full text Add to dashboard Cite

The rapid advanced technological development alongside the Internet with its cutting-edge applications has positively impacted human society in many aspects. Nevertheless, it equally comes with the escalating privacy and critical cybersecurity concerns that can lead to catastrophic consequences, such as overwhelming the current network security frameworks. Consequently, both the industry and academia have been tirelessly harnessing various approaches to design, implement and deploy intrusion detection systems (IDSs) with event correlation frameworks to help mitigate some of these contemporary challenges. There are two common types of IDS: signature and anomaly-based IDS. Signature-based IDS, specifically, Snort works on the concepts of rules. However, the conventional way of creating Snort rules can be very costly and error-prone. Also, the massively generated alerts from heterogeneous anomaly-based IDSs is a significant research challenge yet to be addressed. Therefore, this paper proposed a novel Snort Automatic Rule Generator (SARG) that exploits the network packet contents to automatically generate efficient and reliable Snort rules with less human intervention. Furthermore, we evaluated the effectiveness and reliability of the generated Snort rules, which produced promising results. In addition, this paper proposed a novel Security Event Correlator (SEC) that effectively accepts raw events (alerts) without prior knowledge and produces a much more manageable set of alerts for easy analysis and interpretation. As a result, alleviating the massive false alarm rate (FAR) challenges of existing IDSs. Lastly, we have performed a series of experiments to test the proposed systems. It is evident from the experimental results that SARG-SEC has demonstrated impressive performance and could significantly mitigate the existing challenges of dealing with the vast generated alerts and the labor-intensive creation of Snort rules.

show abstract

Section: Essential Conceptsmentioning

confidence: 99%

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Jaw

Wang

2022

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…An experimentation showing the efficiency of the method for the discovery of inconsistency, incompleteness and redundancy in access control policy. Mishra et al [6] suggests an advanced way to using snort the popular NIDS on the cloud focusing on securing the network layer specifically and centralizing outputs alerts of the system. This study uses snort rules to detect intrusive behavior rather than simple attacks, yet this approach still has difficulties to detect zero-day attacks and the system needs constant rule updates.…”

Section: Related Workmentioning

confidence: 99%

“…Mishra et al[6] Al-Mousa et al[10] Ghosh et al[11] Sangeetha et al[12] Grobert et al[3] Boggs et al[4] …”

mentioning

confidence: 99%

Experimental Evaluation of a Hybrid Intrusion Detection System for Cloud Computing

Ghourabi¹

2019

IJATCSE

View full text Add to dashboard Cite

Cloud computing is becoming an integral part of many businesses today. It offers wide range of benefits and competitive advantage over companies that do not shift to the cloud. This growing popularity makes cloud computing subject to several security issues. In this paper, we propose an approach to protect the cloud by providing a hybrid solution based on the distribution of intrusion detectors and the centralization of alerts for management purposes. The purpose of our approach is to protect the most important layers of the cloud using intrusion detection systems. Each layer has its properties that makes it different from other layers. This leads us to use specific intrusion detectors for each layer. The detection model relies on two techniques: signature-based detection and anomaly-based detection. The first technique targets previously known attacks, the second technique targets unknown malicious events. In this article, we describe the architecture of our approach and present some experimental results to evaluate its effectiveness.

show abstract

“…It has the ability to perform real-time traffic analysis on IP networks. It is one of the most widely deployed IDSes and it has been previously deployed on virtualized infrastructures to detect attacks [12]. We installed Snort on each VNF instance.…”

Section: B Snort Ids Applicationmentioning

confidence: 99%

Demo abstract: EL-SEC: ELastic management of security applications on virtualized infrastructure

Akhtar

Matta

Raza

et al. 2018

IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)

View full text Add to dashboard Cite

Intrusion Detection System with Snort in Cloud Computing: Advanced IDS

Cited by 10 publications

References 6 publications

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Experimental Evaluation of a Hybrid Intrusion Detection System for Cloud Computing

Demo abstract: EL-SEC: ELastic management of security applications on virtualized infrastructure

Contact Info

Product

Resources

About