Behavioral Analysis Approach for Likelihood Determination in Cloud IDS: Implementation Architecture

Behavioral Analysis Approach for Likelihood Determination in Cloud IDS: Implementation Architecture

Youssef Ben Charhi (University Med V, Rabat, Morocco), Nada Mannane (University Mohamed V Ensias Rabat, Rabat, Morocco), Elmahdi Bendriss (University Mohamed V Ensias Rabat, Rabat, Morocco) and Regragui Boubker (University Mohamed V Ensias Rabat, Rabat, Morocco)
DOI: 10.4018/IJMDWTFE.2018010103

Abstract

Cyberattacks present a ubiquitous threat to an enterprise's information in Cloud Computing assets and must be properly controlled. The use of the current generation of IDS have various limitations on their performance making them not effective for cloud computing security and could generate a huge number of false-positive alarms. Analyzing intrusion based on attack patterns and risk assessment has demonstrated its efficiency in reducing the number of false alarms and optimizing the IDS performances. However, the use of the same value of likelihood makes the approach lack a real risk value determination. This article intends to present a new probabilistic and behavioral approach for likelihood determination to quantify attacks in cloud environment. With the main task to increase the efficiency of IDS and decrease the number of alarms. Experimental results show that the approach is superior to the state-of-the-art approach for intrusion detection in the cloud.
Article Preview

Introduction

Information are stored digitally, and many business processes are processed digitally and transmitted over IT networks, which means businesses, administrations and citizen’s data depends on the proper operation of the information technology used. Rapid growth of resources and escalating cost of infrastructure is leading organizations to adopt cloud computing. This technology has emerged as an important paradigm for deploying services and applications for both enterprises/administration and end-users, providing many characteristics:

  • On-demand self-service: A consumer can unilaterally provision computing capabilities as needed automatically without requiring human interaction with each service provider (Mell, 2011).

  • Resource pooling: The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned according to consumer demand.

  • Measured service: Cloud systems automatically control and optimize resource used by leveraging a metering capability at some level of abstraction appropriate to the type of service

To interact with various services in the cloud and to store the data processed by cloud services, several security capabilities are required. Cyber-attacks present a ubiquitous threat to an enterprise’s information in Cloud Computing asset and must be properly controlled. This security concern is one of the primary hurdles that prevent the widespread adoption of the cloud by potential enterprises. Although these sensitive data could be protected by deploying intrusion detection systems and firewalls. Security attacks are still likely to occur and infiltrate onto networks, making them harder to detect with actual technologies and security measures especially in cloud environment with the enormous number of users and the evolutions of attacks.

To detect attacks in this high-speed and multi-users network environment. We suggest, a bulk of analysis to be performed by distributed and collaborative risk agents in Cloud services with an analysis in depth for all attacks patterns.

This paper explores two related challenges in the context of intrusion detections in cloud computing, the first concern is the approach of intrusion detection-based risk assessment and attack pattern, which have demonstrated its efficiency to reduce the number of alarms. The second concern is about the architecture of implementation. The increasing complexity and convergence of the network architectures in cloud introduces additional risk that must be taken into account by intrusion detection systems, we address in this paper an architecture of implementation to be used in order of intrusion detection based on attack pattern and risk assessment in cloud environment.

Experimental implementation of the approach has demonstrated its efficiency to reduce the number of false alarms by distinguishing between attacks and normal patterns directed to cloud services.

The remainder of this paper is structured as follows: in the first section, we give an overview in related work and intrusion detection approaches with advantages and limitations of each approach. The second section describes intrusion detection-based attack pattern and risk assessment. The third section describes our probabilistic approach for likelihood determination in attack patterns; we discuss in the same section the initial results of deployment. The last section of this article will present a conclusion and future works.

Intrusion detection refers to a problem of finding non-conforming patterns or behaviors in user’s requests and traffic data, in order to enumerate attackers who are attempting to expose network and service vulnerabilities. In this type of system, attacks can be detected based on the analysis and correlation by using two essential types of IDS: signature based and behavior-based IDS.

The misuse detection uses the knowledge accumulated about attacks and checks for signatures of these attacks, while the anomaly detection builds a reference model of the usual behavior of the system being monitored, and checks for deviations from the observed usage (Sha, 2017). The false positive rates of misuse detection are lower than the rates of behavioral detection.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 2 Issues (2019): Forthcoming, Available for Pre-Order
Volume 9: 2 Issues (2018): 1 Released, 1 Forthcoming
View Complete Journal Contents Listing