TY - GEN
T1 - Hierarchical model for intrusion detection systems in the cloud environment
AU - Abdulazeez, Muhammed
AU - Kowalski, Dariusz
PY - 2015/1/1
Y1 - 2015/1/1
N2 - The recent emergence of cloud computing technology has drastically altered the way we perceive computing infrastructure, software delivery and development models. This massive leap from mainframe computers to highly scalable, dynamically configurable and heterogeneous cloud technology has turned computing and data centres to an innovative technology. This rapid transition towards the cloud has triggered security concerns on this delivery model. The two security challenges addressed in this paper are (i) Dynamic Large Scale System, where most cloud defence systems provide cloudprovider-oriented security in which the defence components are placed at the entrance of the cloud without considering scalability of the cloud and heterogeneity of the applications that run on the platform. (ii) Detection Rate vs. Performance, where we have an inverse relationship between detection rate and performance. However, as the underlying technology is changing, security experts are not amending their approach towards tackling the security challenges of cloud computing. This is because they do not consider the above challenges when building their cloud defence systems. They treat cloud computing security issues as if they were traditional network environments with homogeneous applications that are not easily scalable. To solve this problem, we introduced a lightweight, hierarchical, highly dynamic intrusion detection system architecture that is more suited for cloud computing environment. Our model uses application layer detection mechanisms to detect intrusions at different levels of the cloud computing hierarchy. We identified a number of rules that need to be checked in the application layer protocol to detect the possibility of attacks on the application server. The checking of the rules is not done at certain nodes in the cloud instead, our system decides where to check them based on the current load and the attacks detected at the node and the child nodes of the architecture. This solves the scalability issue of cloud computing architecture, because intrusion detection load will be distributed across the cloud eliminating single points of contention and failure. Our solution also addresses the heterogeneity challenge, because servers (virtual machines (VM)) running different applications can apply different detection approaches. We employed randomised approaches to improve the detection performance of our system, for instance, by selecting a subset of the rules to detect attacks; this is to improve the detection rate and performance challenge. To justify efficiency of our system, we present preliminary results comparing the detection rate vs. system performance. It is worthy to note that although in this paper, we concentrated on Denial of Service and Distributed Denial of Service attacks, our model can be extended to other types of attacks as well.
AB - The recent emergence of cloud computing technology has drastically altered the way we perceive computing infrastructure, software delivery and development models. This massive leap from mainframe computers to highly scalable, dynamically configurable and heterogeneous cloud technology has turned computing and data centres to an innovative technology. This rapid transition towards the cloud has triggered security concerns on this delivery model. The two security challenges addressed in this paper are (i) Dynamic Large Scale System, where most cloud defence systems provide cloudprovider-oriented security in which the defence components are placed at the entrance of the cloud without considering scalability of the cloud and heterogeneity of the applications that run on the platform. (ii) Detection Rate vs. Performance, where we have an inverse relationship between detection rate and performance. However, as the underlying technology is changing, security experts are not amending their approach towards tackling the security challenges of cloud computing. This is because they do not consider the above challenges when building their cloud defence systems. They treat cloud computing security issues as if they were traditional network environments with homogeneous applications that are not easily scalable. To solve this problem, we introduced a lightweight, hierarchical, highly dynamic intrusion detection system architecture that is more suited for cloud computing environment. Our model uses application layer detection mechanisms to detect intrusions at different levels of the cloud computing hierarchy. We identified a number of rules that need to be checked in the application layer protocol to detect the possibility of attacks on the application server. The checking of the rules is not done at certain nodes in the cloud instead, our system decides where to check them based on the current load and the attacks detected at the node and the child nodes of the architecture. This solves the scalability issue of cloud computing architecture, because intrusion detection load will be distributed across the cloud eliminating single points of contention and failure. Our solution also addresses the heterogeneity challenge, because servers (virtual machines (VM)) running different applications can apply different detection approaches. We employed randomised approaches to improve the detection performance of our system, for instance, by selecting a subset of the rules to detect attacks; this is to improve the detection rate and performance challenge. To justify efficiency of our system, we present preliminary results comparing the detection rate vs. system performance. It is worthy to note that although in this paper, we concentrated on Denial of Service and Distributed Denial of Service attacks, our model can be extended to other types of attacks as well.
KW - Application layer security
KW - Cloud security
KW - Denial of Service
KW - Intrusion detection
KW - Virtual machine
UR - http://www.scopus.com/inward/record.url?scp=84940731662&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84940731662&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84940731662
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 319
EP - 327
BT - Proceedings of the 14th European Conference on Cyber Warfare and Security, ECCWS 2015
A2 - Abouzakhar, Nasser
PB - Curran Associates Inc.
T2 - 14th European Conference on Cyber Warfare and Security, ECCWS 2015
Y2 - 2 July 2015 through 3 July 2015
ER -