Transcription
www.ijemr.netISSN (ONLINE): 2250-0758, ISSN (PRINT): 2394-6962SPECIAL ISSUE (ACEIT-2018)Second International Conference on Advancement in Computer Engineeringand Information TechnologyOrganized By: Department of Computer Science & Engineering,Integral University, Lucknow, INDIAPage Number: 47-52Approaches for Intrusion Detection and Prevention System in Cloud Environment: AReview1,2,3Gulafsha Parveen1, Jameel Ahmad 2 and Dr. Mohd Shahid Husain3Department of Computer Science, Integral University, Lucknow, INDIAABSTRACTNowadays, the cloud computing has receivedsignificant scope but security issues is one of the major part indecreasing the growth of cloud computing. Cloud computing isgenerally based on the services like infrastructure, software,platform etc. that represents a major development in ITservices. Although, the security of services remains seriousthreat this because of using IDS methods. Due to many use ofinternet the problem of intrusion is also increased. So, to detectan intrusion in the network traffic, we analyze in this paper touse a hybrid intrusion detection technique, which is used fordetecting known and unknown attacks. Therefore, this workproposing to develop a System which can effectively minimizedifferent types of computer or network intrusion andimplements some counter measures, so as to increase the overallsecurity in cloud. The system will be built using collaborativecloud architecture. The work is aiming to ensure the securecommunication between users and the system and user to user.Keywords-: Intrusion detection, IntrusionDistributed system, Cloud Computing, IDS.I.prevention,INTRODUCTIONAn intrusion detection system (IDS) is one of thestandard components in the security architecture which candetect and prevent from security threats and many attacks.An IDS is an application which is used for monitoring andprotecting the network from intruders [1]. It is the securitytechnology that can monitor the target source of activitieslike network traffic load, computer attacks etc. And then useintrusion detection techniques in order to provide securityservices. In most of the research papers definition ofintrusion detection were described but the issues could notremoved.The main objective of intrusion detection and preventionsystem is that it declares the security of whole cloud and alsoclassifies network activities.47An intrusion-detection system can be distinguishable astools, solution, and resources used to help identify, assess,and to claim unapproved network action. We are going todescribe three types of intrusion detection techniques. Theyare as follows:A. Signature based Intrusion detection Technique It is theprocess of comparative information collected againstdatabase from network. A signature technique defines knownattacks and it is a predefined set of patterns or rules. Thistechnique is also called as misuse detection. These signaturesare composed by several elements that allow identifying thetraffic. There are some tools that are used in signature baseddetection like Snort, Network Flight Recorder, NetworkSecurity Monitor, Net Ranger etc. It has not ability to detectunknown attacks.B. Anomaly based Intrusion detection Technique It is theprocess of comparative to define the current user activitiesagainst preloaded profiles of users or networks. It definesunknown attacks and the profiles may be dynamic or static innature and corresponds to the probable behavior of the users.The different features are used for developing profiles suchas failed login attempts, number of times a file is accessed bya particular user over a particular time duration, CPU usageetc. There are some methods that are used in anomaly baseddetection are IDES (Intrusion Detection Expert System) thatuses a knowledge-based system, ISA-IDS which is based onstatistical methods, Audit Data Analysis and Mining which isbased on automatic/machine learning methods, etc. Theretools are Mazu Profiler, SPADE, Prelude etc.C. Hybrid based Intrusion detection Technique Hybridbased detection works for a known and unknown attackwhich is basically called as combination of signature andanomaly based detection technique. It is most beneficial forimproving efficiency of Intrusion detection system by joiningthe signature and anomaly detection. The tool which is usedin hybrid detection is watch guard.Copyright 2018. IJEMR. All Rights Reserved.
www.ijemr.netISSN (ONLINE): 2250-0758, ISSN (PRINT): 2394-6962Figure 1. Working of Intrusion detection system [2].II.DESCRIPTION OF CLOUDCOMPUTING FOR IDSCloud computing is the computational model whichhelps in development of distributed computing, parallelcomputing and grid computing. Cloud services are typicallyaligned on the end-user (business) requirements. The recentlyattack Happened on Apple and Sony cloud that have createda large fear in the clients mind about the security of their data[3]. The Cloud Computing is one of the trendingtechnologies in the world. It is an Internet based computing,where shared resources like software, platform, storage andinformation are provided to customers on demand.A. Types of cloud based IDSGenerally Cloud Based Intrusion Detection System(IDS) can be divided into four types [4]:1. Host based IDS: It collects the data from any source likesystem calls, operating system log files, NT events log file,CPU utilization, application log files, etc.2. Network based IDS: It collects the data from the networkarea directly in the form of packets. They have operatingsystem which are independent platform and easy to deployinto various systems. It is based on data analysis &processing unit. It can be classified into 2 categories.a) Distributed IDS (DIDS): A Distributed IDS (DIDS)works on large network and it contains IDS such as NetworkIDS (NIDS) and Host IDS (HIDS) that are used for monitorand analyze the traffic for intrusive behaviour. They havetwo functions: detection component and correlation manager.Testing level of Distributed IDS makes the use of known andunknown attacks. In Distributed IDS, it can be located atprocessing server or at Host machine.b) Hypervisor IDS: Hypervisor creates a platform to runVirtual machines in the cloud environment. Hypervisorbased IDS can be located at the hypervisor layer. It allowsmonitoring and analyzing of available information fordetection of anomalous activities and events.B. Limitations of Existing IDPS If we see in traditional Internet or Intranetenvironments there must be lack of scalability. Lack of autonomous adjustment. In traditional internet, it makes them unsuitablefor the cloud based environments. Noise can affect the channel of intrusion detectionsystems. Network Intrusion Detection System may crash byusing invalid data attack. In network channel, the heavy load of traffic canaffects the communication or packets which aretravelling. A single point of failure can reduce the reliabilityand availability of system.B. Security Issues in Cloud ComputingSecurity issues in the cloud computing can becategorized as follows [5]:a) Cloud data confidentiality issue: Confidentiality of dataover the cloud is one of the most important security issues.Encryption of data can be done with the help of traditionaltechniques.b) Network and host based attacks on a remote Server: Thenetwork and host intrusion attacks on remote hypervisors arealso the major security part; according to the cloud vendorsthey use the virtual machine technologies.c) Lack of data interoperability standards: It occurs on thecloud user data lock in a state. According to the cloud user’sdata and an application may not be compatible with othervendor’s data storage format or platform. This is also calledas lack of interoperability.1) Representing Comparison between Different Paperswith Different Approaches for IDSTable 1. Comparison between Different approaches for IDS.YearAuthorMethod2011SN DhageLearningmethod2011Hai JinVMFence48ReferencesResult[6]To meet the requirement of scalability.[7]It shows the method is effective and bringsacceptableoverhead.basedCopyright 2018. IJEMR. All Rights Reserved.
www.ijemr.net2011ISSN (ONLINE): 2250-0758, ISSN (PRINT): 2394-6962Saman Taghavi Distributed IDPS[8]Zargar2012Sanchika Gupta Fingerprinting System [9]calls2012Tonny Shekha Security Algorithms - [10]KarAES,RSA,OnetimePassword and MD5Hashing.PROOF-OFTurki Alharkan CONCEPT[11]2012IDSaaS2013Fauzia IdreesNaiveTechnique2013HassaniMohamedSignature AprioriAlgorithm[13]2013Massimo Ficco Event Correlation[14]In this the framework of cloud services anddemonstrateshow the cloud service providers performintrusiondetection and prevention and also identifiesvariouschallenges.It maintains scalability and adaptability issues.It ensures the security for whole cloud structureandexecution time is not subsequently high.It implements IDSaaS framework that enable theclientsto protect their virtual machines and supportmany cloudfeatures.Bayes[12]ApproachIt monitors known and unknown attacks.It detects the security system and blocks varioustypes ofintruders and attacks.It gives a framework of distributed intrusiondetectionarchitecture in the cloud computing and thearchitectureis a first prototype of an IDS managementsystem.It evaluates the performance of SnortFlow agentwithvariation of different deployment scenario.It monitors the lack of traditional cyber attacksinhomeland seciruty.2013Pankaj Khatkar SnortFlow[15]2014Jamal RaiynCAD & CIS[16]2014SaeedM.AlqahtaniSIPSCC[17]2014R. AishwaryaHop-Count Filtering[18]2015PrachiDeshpandeSNORT IDS[19]2015Bikram Khadka SNORT DDoS[20]It diagnosedenvironment.2015Ajay Kumara[21]File alteration identification is achieved .It49OSSECIt detects vulnerability, average time, and falsepositives.In this the DoS attack is overcome and filters thesequence number encoding, attack packets toprovidelarge security.It analyzes two critical security threats: portscan attackand the flooding attack.DDoSattacksCopyright 2018. IJEMR. All Rights Reserved.incloud
www.ijemr.netISSN (ONLINE): 2250-0758, ISSN (PRINT): 2394-6962detectcapability ofVMIDPS.2015Chuang Wang Botnet[22]It shows the high detection rate, preventionaccuracy andlow vulnerability.2016DeepakH.Sharma[23]It gives effectiveness, performance, control andcost ofownership.2016Nathan Keegan MapReduce[24]2016DrashtiNandasana[25]IMSaaSPattern MatchingAlgorithmFrom previous papers, we study an overall viewabout intrusion detection and prevention system in cloud thatmight have some counter measures to remove in our researchwork to make the system more accurate. We want to developan efficient and secure communication channel thatminimizes the different types of intrusions and detect allpossible threats so that we maintains an overall security inthe cloud.D. Threats Model for CloudThere are mainly two types of threats: insider (attackwithin a Cloud network) and outsider (attack outside theCloud network) considered in Cloud Network. They are asfollows [26]: a) Insider attackers: Authorized Cloud users mayattempt to an unauthorized privileges. Insider attackers maycommit as frauds and distribute information to the others.This may be a serious trust issue. For example, assume aninternal DoS attack proving against the Amazon ElasticCompute Cloud (EC2). The confidentiality of the cloud usersbreaches by the attacker.b) Outsider attackers: It can be also called as thenetwork attackers who has the ability to perform differentattacks as IP spoofing, Address Resolution Protocol (ARPspoofing), DNS poisoning, man-in-the-middle, Denial ofService (Dos)/Distributed Denial of service (DDoS) attacks,phishing attack, user to root attack, Port scanning, attack onvirtual machine (VM) or hypervisor such BLUEPILL andDKSM etc. The most common intrusions in cloud aredescribed that affect the CIA of cloud are follows: Attacks on Hypervisor or Virtual Machines incloud: An attacker may successfully control the authority ofvirtual machines by corporate with the hypervisor. The mostcommon attack on hypervisor can be done on virtual layer ofcloud such as B- LUEPILL etc.50This elaborate the current study of networkintrusiondetection , various MLAs and certain problemsandchallenges.It made changes to existing DIDS approach todecreasestorage space and execution time. User to Root (U2R) attacks in cloud: The attacker usespassword to access a user’s account which enables to obtainroot privileges from a system by victimising vulnerabilities,e.g. Root shells. Port Scanning attack in cloud: Attackers can be useport scanning attacks which contains list of ports, open portsetc. and then started attacking against the services running onopen ports. Different techniques of port scanning areSynchronisation scanning, Acknowledgement scanning,Transfer Control Protocol scanning, etc. The port scanningattack may also causes by confidentiality and integrity. Backdoor channel attacks in cloud: Hackers has theability that can remotely access the infected machines byusing the passive attack that uses the confidentiality of userinformation. Denial of Service (DoS) attack in cloud: In cloudenvironment, the attacker may send huge number of requeststhrough automation to access VMs thus disabling theiravailability of users which is known as DoS attack.III.CONCLUSIONIn this work, we are aiming to propose an immunenetwork theory method of IDPS to detect intruders, which isbased on Bio inspired Artificial Immune System Algorithm.In this paper we are aiming to made changes to existingIDPS to improve accuracy, availability, reliability andperformance challenges. We also want to use hybriddetection technique of IDS and generate an interoperablesystem for measuring and detecting various insider andoutsider attacks and threats for achieving the goal to secureour communication channel which are belong to network andremove or resolve by it. The collaborative model has beenoccurred from traffic load and single point of failure; theseCopyright 2018. IJEMR. All Rights Reserved.
www.ijemr.netISSN (ONLINE): 2250-0758, ISSN (PRINT): 2394-6962can be enhanced by creating replicas of core VM to distributethe heavy load of traffic and to prevent from single point offailure. In distributed channel there must be manyunauthorized users can take place, this happens to slow downthe system or hack the information from the cloud databaseand so on. In the current study we will proposed a distributedcloud based IDS for improving high security of the systemand use additional functions related to Intrusion Managementto make it more effective and efficient.IV.REFERENCES[1] Dr. S.Vijayarani and Ms. Maria Sylviaa.S;(2015). “Intrusion Detection System: A Study.” InternationalJournal of Security, Privacy and Trust Management(IJSPTM) Vol 4, No 1.[2] Yasir Mehmood,Muhammad Awais Shibli,Ayesha kanwal;(2015). “Distributed intrusion vironment”.International ConferenceonInformation Assurance and Cyber Security (CIACS) inRawalpindi, Pakistan.[3] Komal Singh Gill, Anju Sharma; (2015 ). “IDPS basedFramework for Security in Green Cloud Computing andComprehensive Review on Existing Frameworks andSecurity Issues.” International Conference on Computing,Communication and Security (ICCCS) in Pamplemousses,Mauritius. Pages: 1 – 6.[4] Ahmed Patel, Mona Taghavi, Kaveh Bakhtiyari,Joaquim Celestino Júnior; (2013). “An Intrusion Detectionand Prevention System in Cloud Computing: A SystematicReview.” Journal of Network and Computer Applications,Volume 36, Issue 1. Pages: 25-41.[5] Ms. Parag K. Shelke, Ms. Sneha Sontakke, Dr. D.Gawande; (2012). “Intrusion Detection System for CloudComputing”. International Journal of Scientific &Technology Research, ISSN 2277-8616.[6] SN Dhage,B B Meshram,R Rawat ,S Padawe ,MPaingaokar ,A Misra; (2011). “Intrusion DetectionSystem in Cloud Computing Environment.” InternationalConference and Workshop on Emerging Trends inTechnology (ICWET 2011) –TCET.B. Hai Jin,Guofu Xiang,Deqing Zou,Song Wu, FengZhao,Min Li,Weide Zheng; (2011). “A VMM-basedintrusion prevention system in cloud computingenvironment.” The Journal of Supercomputing, Volume 66,Issue 3. Pages: 1133–115.Springer Science Business Media,LLC 2011.[8] Saman Taghavi Zargar, Hassan Takabi, James D. Joshi;(2011).“DCDIDP: A distributed, collaborative, and datadriven intrusion detection and prevention framework forcloud computing environments.” In 7th InternationalConference on Collaborative Computing: Networking,Applications and Worksharing (CollaborateCom) onOrlando, FL, USA. Pages: 332 – 341.51[9] SanchikaGupta,PadamKumar;(2012).“AFingerprinting System Calls Approach for IntrusionDetection in a Cloud Environment”. In fourth InternationalConference on Computational Aspects of Social Networks(CASoN) in Sao Carlos, Brazil. Pages: 309 – 314.[10] Kawser Wazed Nafi, Tonny Shekha Kar, Sayed AnisulHoque, Dr. M. M. A Hashem; (2012). “A Newer UserAuthentication, File encryption and Distributed Server BasedCloud Computing security architecture”. InternationalJournal of Advanced Computer Science and Applications(IJACSA), Vol. 3, No. 10.[11] TurkiAlharkan, Patrick Martin; (2012). “IDSaaS:Intrusion Detection System as a Service in PublicClouds”.In12th IEEE/ACM International Symposium onCluster, Cloud and Grid Computing on Washington, DC,USA. Pages: 686-687.[12] Fauzia Idrees, Muttukrishnan Rajarajan, A. Y. Memon;(2013).“Framework for distributed and self-healing hybridintrusion detection and prevention system”. InternationalConference on ICT Convergence (ICTC) in Jeju, SouthKorea. Pages: 277 – 282.[13] Hassani Mohamed, Lebbat Adil, Tallal Saida, MedromiHicham; (2013). “A collaborative intrusion detection andPrevention System in Cloud Computing.” Africon ,Mauritius .Pages:1-5.[14] IntrusionDetectioninCloudCo mputing.” InEighth International Conference on P2P, Parallel, Grid,Cloud and Internet Computing on Compiegne, France.Pages: 276– 283.[15] Tianyi Xing, Dijiang Huang, Le Xu, Chun-Jen Chung,Pankaj Khatkar; (2013).“SnortFlow: A OpenFlow-BasedIntrusion Prevention System in Cloud Environment”.2013Second GENI Research and Educational ExperimentWorkshop in Salt Lake City, UT, USA. Pages:89-92.[16] Jamal Raiyn; (2014). “A survey of Cyber AttackDetection Strategies.” InternationalJournal of Security and its Applications, Vol.8, No.Pages:247-256.[17] Saeed M. Alqahtani, Maqbool Al Balushi, Robert John ;(2014). “An Intelligent Intrusion Prevention System forCloud Computing (SIPSCC)”. International Conference onComputational Science and Computational Intelligence onLas Vegas, NV, USA .Pages:– 158.[18] R. Aishwarya, S. Malliga; (2014).“Intrusion detectionsystem- An efficient way to thwart against Dos/DDos attackin the cloud environment”.2014 International Conference onRecent Trends in Information Technology in Chennai, India.Pages: 1 – 6.[19] Prachi Deshpande,S.C.Sharma and P.Sateeshkumaret;(2015) . “Security Threats inCloudComputing.”InternationalConference on Computing, Communication and Automation(ICCCA) on Noida, India.Pages: 632 - 636.[20] Bikram Khadka, Chandana Withana; Abeer Alsadoon,Amr Elchouemi; (2015).“Distributed Denial of ServiceCopyright 2018. IJEMR. All Rights Reserved.
www.ijemr.netISSN (ONLINE): 2250-0758, ISSN (PRINT): 2394-6962attack on cloud: Detection and prevention”.2015International Conference and Workshop on Computing andCommunication (IEMCON) in Vancouver, BC, Canada.Pages: 1 – 6.[21] Ajay Kumara M. A, Jaidhar C. D; (2015). “Hypervisorand virtual machine dependent Intrusion Detection andPrevention System for virtualized cloud environment”. 20151st International Conference on Telematics and FutureGeneration Networks (TAFGEN) in Kuala Lumpur,Malaysia.Pages: 28 - 33 .[22] Nen-Fu Huang, Chuang Wang, I-Ju Liao, Che-Wei Lin,Chia-Nan Kao; (2015). “An OpenFlow-based collaborativeintrusion prevention system for cloud networking”. 2015IEEE International Conference on Communication Softwareand Networks (ICCSN) in Chengdu, China.Pages: 85 – 92.[23] Deepak H. Sharma, Dr. C A. Dhote , Manish M. Potey;(2016). “Implementing Intrusion Management as Securityasa-Service from Cloud.” International Conference onComputational Systems and Information Systems forSustainable Solutions in Bangalore, India. Pages: 363 – 366.[24] Nathan Keegan, Soo‑ Yeon Ji, Aastha Chaudhary,Claude Concolato, Byunggu Yu and Dong Hyun Jeong;(2016). “A survey of cloud-based network intrusiondetection analysis”. Human centric Computing andInformation Sciences.[25] Drashti Nandasana, Virendra Barot; (2016). “Aframework for database intrusion detection system”.International Conference on Global Trends in SignalProcessing. InformationComputing and Communication (ICGTSPICC)(2016) inJalgaon, India. Pages: 74 – 78.[26] Awais Shibli, Umme Habiba, Rahat Masood;(2015).“Intrusion Detection System in Cloud Computing:Challenges and Opportunities”.52Copyright 2018. IJEMR. All Rights Reserved.
communication between users and the system and user to user. Keywords-: Intrusion detection, Intrusion prevention, Distributed system, Cloud Computing, IDS. I. INTRODUCTION An intrusion detection system (IDS) is one of the standard components in the security architecture which can detect and prevent from security threats and many attacks.
