Article Preview
TopIntroduction
Cloud computing is a new computing paradigm that offers computing resources as a service via the internet (Xiong et al., 2014). It has revolutionized the conventional usage of hardware and software resources as organizations can cut the cost of purchasing and maintaining expensive hardware and software by subscribing for it on a pay-per-use basis. Cloud computing is a promising and emerging IT technology with enormous potentials and benefits to customers; however, there are underlying security issues and vulnerabilities (Khorshed, Ali, & Wasimi, 2012). Example of security threats in cloud computing are DDoS, port scanning, password guessing etc. which can compromise the cloud security.
Intrusion detection is the process of monitoring events occurring in a system or network and analyzing it for evidences of security incidents that breaches or presents impending threat of breach of system security policy or standard security practice. IDS can be classified into signature-based and anomaly detection depending on whether the kind of attack to be detected is known beforehand or unknown (Scarfone & Mell, 2007). The signature detection process captures activities in a network and compare them with a collection of attack signatures (Liao, Lin, Lin, & Tung, 2013). Anomaly detection creates a profile of the system’s normal behaviour any significant deviation from that profile will be considered as an anomaly. Anomaly detection have been well researched as a classical issue in the domain of intrusion detection, web semantics machine learning etc. Due to the recent advent of cloud computing with its new operational and technical features the problem of anomaly detection has risen again though well-established in classical computer system (Huang, Zhu, Wu, Bressan, & Dobbie, 2016). Anomaly detection techniques can be used for cloud to detect both known and unknown attacks at different levels such as IaaS, PaaS SaaS (Modi et al., 2013). However, anomaly detection system is prone to false alarm.
The behavior of the cloud network rapidly changes due to the heterogeneity of the clients using the services and the elastic nature of the services delivered (Xiong et al., 2014). Similarly, the migration of VM from one host to another makes it difficult to create a consistent normal profile for anomaly detection (Huang, Zhu, Wu, Bressan, & Dobbie, 2016). In cloud computing, nodes are dynamically added and removed as clients subscribe and unsubscribe therefore reference model for anomaly detection system becomes obsolete due to the changing scenario and different usage pattern in the cloud (Krishnan & Chatterjee, 2012). The normal behavior of cloud applications may change owing to technical and non-technical reasons. Changes due to technical reasons involve cloud migrations and software/hardware upgrade while non-technical aspect could be due to seasonal events. Moreover, IDS model updating is even more important during migration scenario since the infrastructure settings may change a lot during migration (Huang et al., 2013).