Download A Review on Intrusion Detection System to Protect Cloud Data

A Review on Intrusion Detection System to
Protect Cloud Data
Shivani Arora1, Rajesh Kumar Bawa2
M.Tech Student1, Associate Professor2
Department of Computer Science, Punjabi University Patiala1, 2
Abstract: Cloud computing is a paradigm which
allows the users to use the applications without
installing them at their own end. With internet access,
they can access their files at any computer. Different
types of attacks such as Denial of service attack and
Distributed denial of service attack makes the
network to become unusable. With the use of IDS,
these types of attacks can be resisted. An IDS
identifies suspicious behavior by monitoring and
analyzing the user traffic. It sends early alarms
whenever there is risk of exposure caused by an
attack. Thus it helps in preventing the serious damage
to the system. In this paper, a review on IDS is done
to protect cloud data and comparison is done on basis
of different parameters.
Keywords: Cloud data, IDS, denial of service,
security,
INTRODUCTION
a. Cloud Computing
Cloud Computing does not deliver the
product, rather it provides the computing as
a service where shared resources, software
and information are provided to computers
and other devices as a utility over a network.
It provides storage services that do not need
end-user knowledge of the physical location
and configuration of the system that delivers
the services.
The main disadvantage of Cloud
Computing is security. Various attacks such
as IP spoofing, Address Resolution Protocol
spoofing, Routing information Protocol
attack, DNS poisoning, Flooding, Denial of
Service (DoS), Distributed Denial of Service
cause the targeted system or network
unusable. Intrusion detection system (IDS)
is a solution to resist these kinds of attacks
[1].
b. Types of attacks
First kind of attack is known as internal
attack in which authorized cloud users may
try to gain unauthorized privileges. After
signing in, frauds can be committed and
information can be disclosed to others. For
example,
an
internal
DoS
attack
demonstrated against the Amazon Elastic
Compute Cloud (EC2).
In External Attacks, outsiders disturb nodes
from providing services. Internal intrusion is
more dangerous than external.
c. Intrusion Detection System
Intrusion detection system (IDS) is one of
the most efficient attack prevention
mechanisms. The traffic that violates predefined rules will be alerted or blocked, but
not for that inside the perimeter. In the
environment of cloud, many audit logs are
recorded and many alert logs are also
reported by IDS. Some attack attempts
recorded in a log might not be successful as
the target machine does not possess the
vulnerability exploited by the attack.
Therefore, alert or warning from a log might
not be able to plot the whole picture.
However, multiple logs could indicate if a
previous attack is successful as a
compromised target may leave some attack
trace in different logs. [9]
With the help of IDS, the logs, user and
network traffic are monitored and analyzed
in a view to identify any suspicious activity.
An IDS sends early alarm upon risks of
exposure caused by any attack so that the
system administrators get alert and execute
respective response measurements to
prevent any damage to the system. An IDS
consists of several components- a sensor
which generates security events, a console to
monitor events, alerts and control the sensor,
and a central engine that’s records event
logged by the sensor in a database and
generates alert from security event received
[8].
analyzer aggregates information from
multiple IDS and analyzes the same [1].
e. Intrusion Detection Techniques
The intrusion detection techniques are
discussed as follows:
Anomaly Detection Approach
d. Types of IDS
IDSs can be classified into host based IDSs,
network-based IDSs and distributed IDSs.
1. Host-Based Intrusion Detection System
Host-based IDSs operate on information
collected from within an individual
computer system. It monitors the packets
from the computer system only and would 
alert the user or administrator if suspicious
activity is detected. Host-based IDSs use the
computing resources of the hosts they are
monitoring,
therefore
inflicting
a
performance cost on the monitored systems.
2. Network-Based Intrusion Detection
System
Network-based Intrusion Detection Systems
stress on the network rather than a specific
host. Network-based IDS detects attacks by
capturing and analyzing network packets.
By listening on a network segment, a
network- based IDS can monitor the
network traffic that affects many hosts
which are connected to the network
segment, hence protecting those hosts.
3. Distributed Intrusion Detection System
(DIDS)
A Distributed IDS (DIDS) consists of
multiple IDS (E.g. HIDS, NIDS etc.) over a
large network, all of which communicate
with each other, or with a central server that
enables network monitoring. The intrusion
detection components collect the system
information, convert it into a standardized
form and pass it to central analyzer. Central
This approach is used to identify abnormal
unusual behavior on a host or network. They
assume that attacks are different from
legitimate activity and can therefore be
detected by systems that identify these
differences.
Misuse Detection Approach
This approach analyzes system activity,
looks for events or sets of events that match
a predefined pattern of events that describe a
known attack. As the patterns corresponding
to known attacks are called signatures,
misuse detection is sometimes called
signature-based detection.
LITERATURE SURVEY
C. Modi et al. [1] studied that cloud
computing provides scalable, virtualized
on-demand services to the end users with
greater flexibility and lesser infrastructural
investment. The bugs and vulnerabilities
which exist in underlying technologies and
legacy protocols open doors for intrusion. It
discusses various techniques and types of
IDS and how they can be incorporated in
cloud.
Intrusions
like
integrity,
confidentiality and availability of Cloud
services in the future are studied.. This paper
stresses on the use of other alternative
options to incorporate IDS/IPS in cloud and
explores the locations where IDS/IPS can be
positioned so that attacks on data can be
easily detected and prevented. Recent
research findings which incorporate IDS/IPS
in Cloud have been discussed and their
advantages and disadvantages have been
highlighted. The paper has identified several
security challenges which can be resolved.
C. M. Chen et al. [9] proposed a detection
system which analyzes the logs in the cloud
to determine the intensions behind the
attacks. Sometimes the administrator
neglects some stealthy reconnaissance
actions for the insignificant number of
violations. Hidden Markov model is adopted
to model the sequence of attack performed
by hacker and such stealthy events in a long
time frame will become significant in the
state-aware model. The preliminary results
show that the proposed system can identify
such attack plans in the real network. The
primary concern is whether user data is
secure and the allocated resources are not
bleached in such shared-source and
distributed
computing
environment.
Traditional intrusion detection mechanism
might not be able to address such issue as
some traffic might not be monitored.
Multiple logs in cloud should be inspected
and correlated to identify attack plans
adopted by hackers in cloud. This study
examines the stages of an attack plan and
analyzes logs to identify attack sequences.
Hidden Markov model, suitable for
recognizing time sequence events, is
proposed to detect such attacks. The
preliminary results show that the proposed
detection model is efficient to identify attack
sequences.
P.K. Shelke et al. (2012) [2] suggested that
providing security in a distributed system
requires more than user authentication with
passwords or digital certificates and
confidentiality in data transmission.
Distributed model of cloud makes it
vulnerable and prone to sophisticated
distributed intrusion attacks like Distributed
Denial of Service (DDOS) and Cross Site
Scripting (XSS). To handle large scale
network access traffic and administrative
control of data and application in cloud, a
new multi-threaded distributed cloud IDS
model has been proposed. The proposed
cloud IDS handles large flow of data
packets, analyze them and generate reports
efficiently by integrating knowledge and
behavior analysis to detect intrusions.
R.Vanathi et al. (2012) [6] studied that
computer networks face a constant struggle
against intruders and attackers. Attacks on
distributed systems grow stronger and more
prevalent each and every day. Intrusion
detection methods are a key to control and
potentially eradicate attacks on a system. An
Intrusion detection system pertains to the
methods used to identify an attack on a
computer or computer network. In cloud
computing environment the applications are
user-centric and the customers should be
confident about their applications stored in
the cloud server. Network Intrusion
Detection System (NIDS) plays an
important role in providing the network
security. They provide a defense layer which
monitors the network traffic for pre-defined
suspicious activity or pattern. Snort,
Tcpdump and Network Flight Recorder are
the most famous NIDS .
C.L. Tsai et al. (2011) [3] proposed a
dynamic intrusion detection system for
strengthening the security application of
cloud computing. In the proposed
mechanism, numbers of intrusion detectors
are dispatched on the whole topology of the
networking system through multi-layers and
multi stages deployment. Those information
security issues related with the application
and service of cloud computing are
experimented
and
discussed.
The
experiments include the equipment security
of the client side termination, the threats of
web site and webpage, the detection and
diagnosis and surveillance of intrusion, the
access and security of database in the cloud
side, the detection of system leakage and the
monitor of real-time repairing process, the
management of server system, the
management of mobile e-commerce
processing, and the integrated analysis of
associated security information and issues.
The goal of the proposed mechanism is not
only focused on finding out some solutions,
but also focused on developing some
feasible information security techniques or
products for the application and service of
cloud computing. Experimental results
demonstrate that the proposed mechanism
does provide good performance for intrusion
detection.
S. Roschke et al. (2009) [4] pointed out that
Intrusion Detection Systems (IDS) have
been used widely to detect malicious
behaviors in network communication and
hosts. IDS management is an important
capability for distributed IDS solutions,
which makes it possible to integrate and
handle different types of sensors or collect
and synthesize alerts generated from
multiple hosts located in the distributed
environment. Facing new application
scenarios in Cloud Computing, the IDS
approaches yield several problems since the
operator of the IDS should be the user, not
the administrator of the Cloud infrastructure.
Extensibility, efficient management, and
compatibility to virtualization-based context
need to be introduced into many existing
IDS implementations. Additionally, the
Cloud providers need to enable possibilities
to deploy and configure IDS for the user.
They summarized several requirements for
deploying IDS in the Cloud and propose an
extensible IDS architecture for being easily
used in a distributed cloud infrastructure.
C.C. Lo et al. (2010) [5] developed a
framework
of
cooperative
intrusion
detection system (IDS). The proposed
system could reduce the impact of denial ofservice (DoS) attack or distributed denial-ofservice (DDoS) attacks. To provide such
ability, IDSs in the cloud computing regions
exchange their alerts with each other. In the
system, each of IDSs has a cooperative
agent used to compute and determine
whether to accept the alerts sent from other
IDSs or not. By this way, IDSs could avoid
the same type of attack happening. The
implementation results indicate that the
proposed system could resist DoS attack.
Moreover, by comparison, the proposed
cooperative IDS system only increases little
computation effort compared with pure
Snort based IDS but prevents the system
from single point of failure attack.
CONCLUSION
In this paper, we have discussed the
paradigm of cloud computing, various types
of attacks that hamper the security of the
cloud, intrusion detection system to monitor
and analyze the attacks, types and
techniques of IDS. Research findings of
different authors have been discussed and
the future research scope is discussed.
REFERENCES
[1] C. Modi, D. Patel, H. Patel, B. Borisaniya, A.
Patel, M. Rajarajan, “A survey of intrusion detection
techniques in Cloud,” Journal of Network and
Computer Applications, 36(1), pp. 42-57, 2013.
[2] Ms. Parag K. Shelke, Ms. Sneha Sontakke, Dr.
A. D. Gawande, “ Intrusion Detection System for
Cloud Computing”, International Journal of
Scientific & Technology Research Volume 1, Issue 4,
May 2012.
[3] C-L.Tsai, U-C. Lin, A.Y.Chang, C-J.Chen,
“Information Security Issue of Enterprises Adopting
the Application of Cloud Computing”, Department of
Computer Science, Chinese Culture University, 2011.
[4] S. Roschke, F.Cheng, C.Meinel, “Intrusion
Detection in the Cloud”, Hasso Plattner Institute
(HPI), University of Potsdam, Eighth IEEE
International Conference on Dependable, Autonomic
and Secure Computing, 2009.
[5] C-C. Lo, C-C.Huang, J.Ku, “A Cooperative
Intrusion Detection System Framework for Cloud
Computing Networks”, Institute of Information
Management , National Chiao Tung University, 39th
International Conference on Parallel Processing
Workshops, 2010.
[6] R.Vanathi & S.Gunasekaran, “Comparison of
Network Intrusion Detection Systems in Cloud
Computing Environment”, Department of Computer
Science Coimbatore Institute of Engineering and
Technology, International Conference on Computer
Communication and Informatics (ICCCI -2012), Jan.
10 – 12, 2012, Coimbatore, INDIA, 2012.
[7] H.A.Kholidy, F.Baiardi, “CIDD: A Cloud
Intrusion Detection Dataset For Cloud Computing
and Masquerade Attacks”, Ninth International
Conference on Information Technology- New
Generations, 2012.
[8] W. Yassin, N.I. Udzir, Z. Muda, A. Abdullah and
M.T. Abdullah, “A Cloud-Based Intrusion Detection
Service Framework”, Faculty of Computer Science
and Information Technology, Universiti Putra
Malaysia, 2012.
[9] C-M Chen, D. J. Guan, Y-Z Huang, and Y-H Ou,
“Attack Sequence Detection in Cloud Using Hidden
Markov Model”, Department of Computer Science
and Engineering, Seventh Asia Joint Conference on
Information Security, 2012.
[10] R.S. Khune and J. Thangakumar, “A CloudBased Intrusion Detection System for Android
Smartphones”, 2012 International Conference on
Radar, Communication and Computing (ICRCC),
SKP Engineering College, Tiruvannamalai, TN.,
India. 21 - 22 December, 2012. pp.180-184.