Intrusion Detection for Grid and Cloud Computing



Similar documents
Intrusion Detection for Mobile Ad Hoc Networks

An Alternative Model Of Virtualization Based Intrusion Detection System In Cloud Computing

Effective Analysis of Cloud Based Intrusion Detection System

Entropy based Anomaly Detection System to Prevent DDoS Attacks in Cloud

Virtual Host based Intrusion Detection System for Cloud

Intrusion Detection System for Cloud

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

Ensuring Security in Cloud with Multi-Level IDS and Log Management System

CHAPTER 1 INTRODUCTION

Performance Evaluation of Intrusion Detection Systems

Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science

Intrusion Detection from Simple to Cloud

Web Application Security

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CSCE 465 Computer & Network Security

SCADA SYSTEMS AND SECURITY WHITEPAPER

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Building accurate intrusion detection systems. Diego Zamboni Global Security Analysis Lab IBM Zürich Research Laboratory

<COMPANY> PR11 - Log Review Procedure. Document Reference Date 30th September 2014 Document Status. Final Version 3.

Taxonomy of Intrusion Detection System

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Outline Intrusion Detection CS 239 Security for Networks and System Software June 3, 2002

Data Protection Analysis in Cloud Computing

Journal of Internet Banking and Commerce

Intrusion Detection Systems

Improving SCADA Control Systems Security with Software Vulnerability Analysis

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Observation and Findings

M Hasan Islam Department of Computer Sciences CASE Islamabad, Pakistan

How To Manage Security On A Networked Computer System

Radware s Behavioral Server Cracking Protection

Hybrid Intrusion Detection Architecture for Cloud Environment

Cyber Watch. Written by Peter Buxbaum

APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION

Contents. Intrusion Detection Systems (IDS) Intrusion Detection. Why Intrusion Detection? What is Intrusion Detection?

SURVEY OF INTRUSION DETECTION SYSTEM

B database Security - A Case Study

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

How To Protect A Network From Attack From A Hacker (Hbss)

Network & Agent Based Intrusion Detection Systems

How To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Information Technology Policy

IndusGuard Web Application Firewall Test Drive User Registration

Passing PCI Compliance How to Address the Application Security Mandates

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Intrusion Detection System using Log Files and Reinforcement Learning

IDPS: An Integrated Intrusion Handling Model for Cloud Computing Environment

Distributed Intrusion Detection System Using Mobile Agent Technology

A Review on Intrusion Detection System to Protect Cloud Data

INTRUSION DETECTION SYSTEMS and Network Security

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

CyberArk Privileged Threat Analytics. Solution Brief

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

End-user Security Analytics Strengthens Protection with ArcSight

Intrusion Detection via Machine Learning for SCADA System Protection

Compliance Guide: PCI DSS

SANS Top 20 Critical Controls for Effective Cyber Defense

Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks

A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS

How To Prevent Network Attacks

Data Mining For Intrusion Detection Systems. Monique Wooten. Professor Robila

Internet Banking Internal Control Questionnaire

IDS : Intrusion Detection System the Survey of Information Security

Computational intelligence in intrusion detection systems

CloudCheck Compliance Certification Program

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

Secure the Cloud Computing Environment from Attackers using Intrusion Detection System

Guidelines for Web applications protection with dedicated Web Application Firewall

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Intrusion Detection. Tianen Liu. May 22, paper will look at different kinds of intrusion detection systems, different ways of

USM IT Security Council Guide for Security Event Logging. Version 1.1

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

CS Computer and Network Security: Intrusion Detection

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Role of Anomaly IDS in Network

NETWORK SECURITY (W/LAB) Course Syllabus

Grid e-services for Multi-Layer SOM Neural Network Simulation

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Fasoo Data Security Framework

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM

Introduction to Cyber Security / Information Security

Intruders & Intrusion Hackers Criminal groups Insiders. Detection and IDS Techniques Detection Principles Requirements Host-based Network-based

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

Transcription:

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal University of Santa Catarina, Brazil Content Type Journals Appears IT Professional Date July/August 2010 Speaker Jyue-Li Lu

Introduction n Providing security in a distributed system requires more than user authentication with passwords or digital certificates and confidentiality in data transmission. The Grid and Cloud Computing Intrusion Detection System integrates knowledge and behavior analysis to detect intrusions. n Because of their distributed nature, grid and cloud computing environments are easy targets for intruders looking for possible vulnerabilities to exploit. n To combat attackers, intrusion-detection systems can offer additional security measures.

Introduction n IDS (intrusion-detection systems) must monitor each node and, when an attack occurs, alert other nodes in the environment. n This kind of communication requires compatibility between heterogeneous hosts, various communication mechanisms, and permission control over system maintenance and updates typical features in grid and cloud environments. n Cloud middleware usually provides these features, so we propose an IDS service offered at the middleware layer.

Introduction n An attack against a cloud computing system can be silent, because cloud-specific attacks don t necessarily leave traces in a node s operating system. n In this way, traditional IDSs can t appropriately identify suspicious activities in a grid and cloud environment. n We propose the Grid and Cloud Computing Intrusion Detection System (GCCIDS), which has an audit system designed to cover attacks.

Figure 1 n The architecture of grid and cloud computing intrusion detection. Each node identifies local events that could represent security violations and sends an alert to the other nodes.

Out Proposed Service n Figure 1 depicts the sharing of information between the IDS service and the other elements participating in the architecture: the node, service, event auditor, and storage service. Node : resources, which are accessed homogeneously through the middleware. Service : provides its functionality in the environment through the middleware, which facilitates communication. Event Auditor : is the key piece in the system. It captures data from various sources, such as the log system, service, and node messages. Storage Service : holds the data that the IDS service must analyze. It s important for all nodes to have access to the same data.

IDS Service n The IDS service increases a cloud s security level by applying two methods of intrusion detection. n The behavior-based method dictates how to compare recent user actions to the usual behavior. n The knowledge-based method detects known trails left by attacks or certain sequences of actions from a user who might represent an attack.

IDS Service - Analyzer n The analyzer uses a profile history database to determine the distance between a typical user behavior and the suspect behavior and communicates this to the IDS service. n With these responses, the IDS calculates the probability that the action represents an attack and alerts the other nodes if the probability is sufficiently high.

Behavior Analysis n Numerous methods exist for behavior-based intrusion detection, such as data mining, artificial neural networks, and artificial immunological systems. n We use a feed-forward artificial neural network, because this type of network can quickly process information, has self-learning capabilities, and can tolerate small behavior deviations. These features help overcome some IDS limitations.

Behavior Analysis n Using this method, we need to recognize expected behavior (legitimate use) or a severe behavior deviation. n For a given intrusion sample set, the network learns to identify the intrusions using its retropropagation algorithm. n However, we focus on identifying user behavioral patterns and deviations from such patterns. n With this strategy, we can cover a wider range of unknown attacks.

Knowledge Analysis n Knowledge-based intrusion detection is the most often applied technique in the field because it results in a low false-alarm rate and high positive rates, although it can t detect unknown attack patterns. n Using an expert system, we can describe a malicious behavior with a rule. One advantage of using this kind of intrusion detection is that we can add new rules without modifying existing ones. n In contrast, behavior-based analysis is performed on learned behavior that can t be modified without losing the previous learning.

Increasing Attack Coverage n The two intrusion detection techniques are distinct. n The knowledge-based intrusion detection is characterized by a high hit rate of known attacks, but it s deficient in detecting new attacks. We therefore complemented it with the behavior based technique. n The volume of data in a cloud computing environment can be high, so administrators don t observe each user s actions they observe only alerts from the IDS.

Results n We developed a prototype to evaluate the proposed architecture using Grid-M, a middleware of our research group developed at the Federal University of Santa Catarina. n We prepared three types of simulation data to test. First, we created data representing legitimate action by executing a set of known services simulating a regular behavior. Then, we created data representing behavior anomalies. Finally, we created data representing policy violation.

Evaluating the Event Auditor n The event auditor captures all requests received by a node and the corresponding responses, which is fundamental for behavior analysis. n In the experiments with the behavior-based IDS, we considered using audit data from both a log and a communication system. n Unfortunately, data from a log system has a limited set of values with little variation.

Evaluating the Event Auditor n This made it difficult to find attack patterns, so we opted to explore communication elements to evaluate this technique. n We evaluated the behavior-based technique using artificial intelligence enabled by a feedforward neural network. n In the simulation environment, we monitored five intruders and five legitimate users.

Evaluating the Event Auditor n We initiated the neural-network training with a data set representing 10 days of usage simulation. n Using this data resulted in a high number of false negatives and a high level of uncertainty. n Increasing the sample period for the learning phase improved the results.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information