Article Preview
Top1. Introduction
As the Internet is vast growing, computer security issues are becoming a major problem (Jaber et al., 2017) because of an enormous amount of computer attacks, illegitimate intrusions and malicious cyber threats that aims to exploit the existing vulnerabilities in the network or in a cloud-based environment. The demand and evolution of virtualized infrastructure along with on-demand and on-time self-services calls for an urgent demand for a distributed computing platform which can be globally available termed as cloud computing. In cloud computing-based environment, we can easily get services for computation, storage, and management from anywhere in the world as there is no need to invest in an increase of training personnel, software or hardware as the demand increases. Along with all of these benefits, it has some major shortcomings (Narwal et al., 2017) as well. The security is still a major concern as there may exist some vulnerabilities of which the attackers may take an advantage.
One of the most popular and threatening attacks that mostly affect cloud-based infrastructure is Denial of Service (DoS)/ Distributed Denial of Service (DDoS) attacks. A DoS attack usually halts a virtual machine (Fan et al., 2013) by sending a large number of packets in order to hamper its normal functioning so as to consume either the bandwidth or the computing resources of the victimized virtual machines. It generally becomes very difficult to identify this attack as it may require specialized software or hardware to identify malicious traffic from legitimate traffic. This problem becomes more worst if the attack is launched by multiple malicious machines called Botnets that are under the control of a malicious master computer. So, in comparison to DoS it becomes quite difficult to detect these DDoS attacks in a network (Jaber et al., 2017) or near the malicious attacking machines as the traffic would be coming from multiple distributed malicious sources i.e. Botnets.
Many approaches have been used as a countermeasure (Jaber et al., 2017) (Narwal & Kumar, 2016) by researchers so far but still, attackers or illegitimate users often find errors, vulnerabilities or bugs in the software and tries to hamper the legitimate services by their anomalous intrusions. To prevent this breach of security, many techniques (Fan et al., 2013) have been used that usually employ an intrusion detection system because of its ability to detect attacks and intrusions at an early stage, thereby initiating several countermeasures (Ariu et al., 2011) (Narwal & Kumar, 2016) to trace and stop these intrusive attacks. However, it is still a challenging problem to make an identification between normal traffic flow or intrusive traffic accurately.
An Intrusion Detection System (IDS) can use its tools for detection of intrusive attacks and the intrusion detection techniques (Sheenam et al., 2016) can be categorized as signature-based, stateful protocol analysis-based and anomaly-based methodologies.
Anomaly or behavior-based intrusion detection technology (Ariu et al., 2007) is widely used as it is able to detect the vulnerabilities that are unknown to its user itself. An anomaly basically refers to the deviation from expected to some abnormal or unexpected behavior or events. One of the most threatening attacks like DoS/DDoS or an attack (Narwal et al., 2017) by a legitimate user itself by penetrating its network can be handled by anomaly-based intrusion techniques.