An Adaptive Intrusion Detection Scheme for Cloud Computing

An Adaptive Intrusion Detection Scheme for Cloud Computing

Nurudeen Mahmud Ibrahim (Universiti Teknologi Malaysia, Johor Bahru, Malaysia) and Anazida Zainal (Universiti Teknologi Malaysia, Johor Bahru, Malaysia)
Copyright: © 2019 |Pages: 18
DOI: 10.4018/IJSIR.2019100104

Abstract

To provide dynamic resource management, live virtual machine migration is used to move a virtual machine from one host to another. However, virtual machine migration poses challenges to cloud intrusion detection systems because movement of VMs from one host to another makes it difficult to create a consistent normal profile for anomaly detection. Hence, there is a need to provide an adaptive anomaly detection system capable of adapting to changes that occur in the cloud data during VM migration. To achieve this, the authors proposed a scheme for adaptive IDS for Cloud computing. The proposed adaptive scheme is comprised of four components: an ant colony optimization-based feature selection component, a statistical time series change point detection component, adaptive classification, and model update component, and a detection component. The proposed adaptive scheme was evaluated using simulated datasets collected from vSphere and performance comparison shows improved performance over existing techniques.
Article Preview
Top

Introduction

Cloud computing is a new computing paradigm that offers computing resources as a service via the internet (Xiong et al., 2014). It has revolutionized the conventional usage of hardware and software resources as organizations can cut the cost of purchasing and maintaining expensive hardware and software by subscribing for it on a pay-per-use basis. Cloud computing is a promising and emerging IT technology with enormous potentials and benefits to customers; however, there are underlying security issues and vulnerabilities (Khorshed, Ali, & Wasimi, 2012). Example of security threats in cloud computing are DDoS, port scanning, password guessing etc. which can compromise the cloud security.

Intrusion detection is the process of monitoring events occurring in a system or network and analyzing it for evidences of security incidents that breaches or presents impending threat of breach of system security policy or standard security practice. IDS can be classified into signature-based and anomaly detection depending on whether the kind of attack to be detected is known beforehand or unknown (Scarfone & Mell, 2007). The signature detection process captures activities in a network and compare them with a collection of attack signatures (Liao, Lin, Lin, & Tung, 2013). Anomaly detection creates a profile of the system’s normal behaviour any significant deviation from that profile will be considered as an anomaly. Anomaly detection have been well researched as a classical issue in the domain of intrusion detection, web semantics machine learning etc. Due to the recent advent of cloud computing with its new operational and technical features the problem of anomaly detection has risen again though well-established in classical computer system (Huang, Zhu, Wu, Bressan, & Dobbie, 2016). Anomaly detection techniques can be used for cloud to detect both known and unknown attacks at different levels such as IaaS, PaaS SaaS (Modi et al., 2013). However, anomaly detection system is prone to false alarm.

The behavior of the cloud network rapidly changes due to the heterogeneity of the clients using the services and the elastic nature of the services delivered (Xiong et al., 2014). Similarly, the migration of VM from one host to another makes it difficult to create a consistent normal profile for anomaly detection (Huang, Zhu, Wu, Bressan, & Dobbie, 2016). In cloud computing, nodes are dynamically added and removed as clients subscribe and unsubscribe therefore reference model for anomaly detection system becomes obsolete due to the changing scenario and different usage pattern in the cloud (Krishnan & Chatterjee, 2012). The normal behavior of cloud applications may change owing to technical and non-technical reasons. Changes due to technical reasons involve cloud migrations and software/hardware upgrade while non-technical aspect could be due to seasonal events. Moreover, IDS model updating is even more important during migration scenario since the infrastructure settings may change a lot during migration (Huang et al., 2013).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 11: 4 Issues (2020): 2 Released, 2 Forthcoming
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing