A Hidden Markov Model Combined With Markov Games for Intrusion Detection in Cloud

A Hidden Markov Model Combined With Markov Games for Intrusion Detection in Cloud

Priti Narwal (Amity University Uttar Pradesh, Noida, India), Deepak Kumar (Amity University Uttar Pradesh, Noida, India) and Shailendra N. Singh (Amity University Uttar Pradesh, Noida, India)
Copyright: © 2019 |Pages: 13
DOI: 10.4018/JCIT.2019100102

Abstract

Cloud computing has evolved as a new paradigm for management of an infrastructure and gained ample consideration in both industrial and academic area of research. A hidden Markov model (HMM) combined with Markov games can give a solution that may act as a countermeasure for many cyber security threats and malicious intrusions in a network or in a cloud. A HMM can be trained by using training sequences that may be obtained by analyzing the file traces of packet analyzer like Wireshark network analyzer. In this article, the authors have proposed a model in which HMM can be build using a set of training examples that are obtained by using a network analyzer (i.e., Wireshark). As it is not an intrusion detection system, the obtained file traces may be used as training examples to test a HMM model. It also predicts a probability value for each tested sequence and states if sequence is anomalous or not. A numerical example is also shown in this article that calculates the most optimal sequence of observations for both HMM and state sequence probabilities in case a HMM model is already given.
Article Preview
Top

1. Introduction

As the Internet is vast growing, computer security issues are becoming a major problem (Jaber et al., 2017) because of an enormous amount of computer attacks, illegitimate intrusions and malicious cyber threats that aims to exploit the existing vulnerabilities in the network or in a cloud-based environment. The demand and evolution of virtualized infrastructure along with on-demand and on-time self-services calls for an urgent demand for a distributed computing platform which can be globally available termed as cloud computing. In cloud computing-based environment, we can easily get services for computation, storage, and management from anywhere in the world as there is no need to invest in an increase of training personnel, software or hardware as the demand increases. Along with all of these benefits, it has some major shortcomings (Narwal et al., 2017) as well. The security is still a major concern as there may exist some vulnerabilities of which the attackers may take an advantage.

One of the most popular and threatening attacks that mostly affect cloud-based infrastructure is Denial of Service (DoS)/ Distributed Denial of Service (DDoS) attacks. A DoS attack usually halts a virtual machine (Fan et al., 2013) by sending a large number of packets in order to hamper its normal functioning so as to consume either the bandwidth or the computing resources of the victimized virtual machines. It generally becomes very difficult to identify this attack as it may require specialized software or hardware to identify malicious traffic from legitimate traffic. This problem becomes more worst if the attack is launched by multiple malicious machines called Botnets that are under the control of a malicious master computer. So, in comparison to DoS it becomes quite difficult to detect these DDoS attacks in a network (Jaber et al., 2017) or near the malicious attacking machines as the traffic would be coming from multiple distributed malicious sources i.e. Botnets.

Many approaches have been used as a countermeasure (Jaber et al., 2017) (Narwal & Kumar, 2016) by researchers so far but still, attackers or illegitimate users often find errors, vulnerabilities or bugs in the software and tries to hamper the legitimate services by their anomalous intrusions. To prevent this breach of security, many techniques (Fan et al., 2013) have been used that usually employ an intrusion detection system because of its ability to detect attacks and intrusions at an early stage, thereby initiating several countermeasures (Ariu et al., 2011) (Narwal & Kumar, 2016) to trace and stop these intrusive attacks. However, it is still a challenging problem to make an identification between normal traffic flow or intrusive traffic accurately.

An Intrusion Detection System (IDS) can use its tools for detection of intrusive attacks and the intrusion detection techniques (Sheenam et al., 2016) can be categorized as signature-based, stateful protocol analysis-based and anomaly-based methodologies.

Anomaly or behavior-based intrusion detection technology (Ariu et al., 2007) is widely used as it is able to detect the vulnerabilities that are unknown to its user itself. An anomaly basically refers to the deviation from expected to some abnormal or unexpected behavior or events. One of the most threatening attacks like DoS/DDoS or an attack (Narwal et al., 2017) by a legitimate user itself by penetrating its network can be handled by anomaly-based intrusion techniques.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 22: 4 Issues (2020): 1 Released, 3 Forthcoming
Volume 21: 4 Issues (2019)
Volume 20: 4 Issues (2018)
Volume 19: 4 Issues (2017)
Volume 18: 4 Issues (2016)
Volume 17: 4 Issues (2015)
Volume 16: 4 Issues (2014)
Volume 15: 4 Issues (2013)
Volume 14: 4 Issues (2012)
Volume 13: 4 Issues (2011)
Volume 12: 4 Issues (2010)
Volume 11: 4 Issues (2009)
Volume 10: 4 Issues (2008)
Volume 9: 4 Issues (2007)
Volume 8: 4 Issues (2006)
Volume 7: 4 Issues (2005)
Volume 6: 1 Issue (2004)
Volume 5: 1 Issue (2003)
Volume 4: 1 Issue (2002)
Volume 3: 1 Issue (2001)
Volume 2: 1 Issue (2000)
Volume 1: 1 Issue (1999)
View Complete Journal Contents Listing