Skip to main content
SpringerLink
Log in

A feasible approach to intrusion detection in virtual network layer of Cloud computing

  • Published:
Sādhanā Aims and scope Submit manuscript

Abstract

Intrusion detection/prevention is the greatest security challenge at virtual network layer of Cloud computing. To address this challenge, there have been several security frameworks reported. However, still there is a scope of addressing newer challenges. Here, we propose a security framework to detect network intrusions in Cloud computing. This framework uses Snort and combination of different classifiers, viz Bayesian, Associative and Decision tree. We deploy our intrusion detection system (IDS) sensors on each host machine of Cloud. These sensors correlate intrusive alerts from each region of Cloud in order to identify distributed attacks. For feasibly analysis and functional validation of this framework, we perform different experiments in real time and offline simulation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11
Figure 12
Figure 13
Figure 14
Figure 15
Figure 16

Similar content being viewed by others

References

  1. Mell P, Grance T and Gentry C 2011 The NIST definition of cloud computing (draft). National Institute of Standards and Technology (NIST), http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

  2. Popovic K and Hocenski Z 2010 Cloud computing security issues and challenges. In: Proceedings of the 33rd International Convention MIPRO, pp. 344–349

  3. Gens F 2008 IT Cloud services user survey, pt.2: top benefits and challenges. International Data Corporation, http://blogs.idc.com/ie/?p=210

  4. Biggs S and Vidalis S 2009 Cloud computing: the impact on digital forensic investigations. In: Proceedings of the International Conference on Internet Technology and Secured Transactions, pp. 1–6

  5. Modi C, Patel D, Borisaniya B, Patel H, Patel A and Muttukrishnan R 2013 A survey on security issues and solutions at different layers of Cloud computing. The Journal of Supercomputing 63(2): 561–592

    Article  Google Scholar 

  6. Modi C, Patel, D, Borisaniya B, Patel A and Muttukrishnan R 2013 A survey of intrusion detection techniques in Cloud. Journal of Network and Computer Applications 36(1): 42–57

    Article  Google Scholar 

  7. Martin L 2010 Awareness, trust and security to shape Government Cloud adoption. Lockheedmartin, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/Cloud-Computing-White-Paper.pdf

  8. Gupta S, Kumar P and Abraham A 2013 A profile based network intrusion detection and prevention system for securing Cloud environment. International Journal of Distributed Sensor Networks 9(3): 1–12

    Article  Google Scholar 

  9. Roschke S, Feng C and Meinel C 2009 An extensible and virtualization-compatible IDS management architecture. In: Proceedings of the Fifth International Conference on Information Assurance and Security, pp. 130–134

  10. Cox P 2010 Intrusion detection in a cloud computing environment. Techtarget, http://searchcloudcomputing.techtarget.com/tip/Intrusion-detection-in-a-cloud-computing-environment

  11. Patel A, Taghavi M, Bakhtiyari K and Jnior J C 2013 An intrusion detection and prevention system in cloud computing: a systematic review. Journal of Network and Computer Applications 36(1): 25–41

    Article  Google Scholar 

  12. NVD 2009 Vulnerability summary for CVE-2009-1542. National Vulnerability Database, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1542

  13. NVD 2007 Vulnerability summary for CVE-2007-4993. National Vulnerability Database, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4993

  14. Dastjerdi A V, Bakar K A and Tabatabaei S G H 2009 Distributed intrusion detection in Clouds using mobile agents. In: Proceedings of the Third International Conference on Advanced Engineering Computing and Applications in Sciences, pp. 175–180

  15. Lo C C, Huang C C and Ku J 2010 A cooperative intrusion detection system framework for Cloud computing networks. In: Proceedings of the 39th International Conference on Parallel Processing Workshops (ICPPW), pp. 280–284

  16. Ram S 2012 Secure Cloud computing based on mutual intrusion detection system. International Journal of Computer Application 2(1): 57–67

    Google Scholar 

  17. Bakshi A and Yogesh B 2010 Securing Cloud from DDOS attacks using intrusion detection system in virtual machine. In: Proceedings of the Second International Conference on Communication Software and Networks, pp. 260–264

  18. Mazzariello C, Bifulco R and Canonico R 2010 Integrating a network IDS into an open source Cloud Computing environment. In: Proceedings of the 2010 Sixth International Conference on Information Assurance and Security (IAS), pp. 265–270

  19. Gul I and Hussain M 2011 Distributed Cloud intrusion detection model. International Journal of Advanced Science and Technology 34: 71–82

    Google Scholar 

  20. Dhage S N and Meshram B B 2012 Intrusion detection system in Cloud Computing environment. International Journal of Cloud Computing 1(2): 261–282

    Article  Google Scholar 

  21. Kholidy H A and Baiardi F 2012 CIDS: a framework for intrusion detection in Cloud systems. In: Proceedings of the 2012 Ninth International Conference on Information Technology: New Generations (ITNG), pp. 379–385

  22. Idrees F, Rajarajan M and Memon A Y 2013 Framework for distributed and self-healing hybrid intrusion detection and prevention system. In: Proceedings of the International Conference on ICT Convergence (ICTC), pp. 277–282

  23. Snort 2014 Snort-home page. Snort Tool, https://www.snort.org/

  24. Modi C N, Patel D R, Patel A and Rajarajan M 2012 Integrating Signature Apriori based Network Intrusion Detection System (NIDS) in Cloud Computing. In: Proceedings of the 2nd International Conference on Communication, Computing & Security [ICCCS-2012], pp. 905–912

  25. Modi C N, Patel D R, Patel A and Rajarajan M 2012 Bayesian classifier and Snort based network intrusion detection system in cloud computing. In: Proceedings of the 2012 Third International Conference on Computing Communication Networking Technologies (ICCCNT), pp. 1–7

  26. Han J 2005 Data mining: concepts and techniques. Morgan Kaufmann Publishers Inc, San Francisco, CA, USA

    Google Scholar 

  27. Modi C, Patel, D, Borisaniya B, Patel A and Muttukrishnan R 2012 A novel framework for intrusion detection in Cloud. In: Proceedings of the Fifth International Conference on Security of Information and Networks, pp. 67–74

    Google Scholar 

  28. NSL-KDD Data Set 2014 NSL-KDD intrusion dataset. NSL-KDD, http://nsl.cs.unb.ca/NSL-KDD/

  29. Carstens T 2014 The Sniffer’s guide to raw traffic. A libpcap tutorial, http://yuba.stanford.edu/~casado/pcap/section1.html

  30. KDD Cup Data 1999 KDD intrusion dataset. KDD, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  31. Chan A P F, Ng W W Y, Yeung D S and Tsang E C C 2005 Comparison of different fusion approaches for network intrusion detection using ensemble of RBFNN. In: Proceedings of the 2005 International Conference on Machine Learning and Cybernetics, pp. 3846–3851

  32. Oza N C and Tumer K 2008 Classifier ensembles: select real-world applications. Information Fusion 9(1): 4–20

    Article  Google Scholar 

  33. Modi C N and Patel D 2013 A novel hybrid-network intrusion detection system (H-NIDS) in cloud computing. In: Proceedings of the 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 23–30

  34. Bidakhvidi M A 2015 Net tools. Net Tools, http://users.telenet.be/ahmadi/nettools.htm

  35. Pachghare S V 2011 SYN flooding using SCAPY and prevention using iptables. Linux forum, http://www.linuxforu.com/2011/10/syn-flooding-using-scapy-and-prevention-using-iptables/

  36. Moon S 2009 SYN flood DOS attack with C source code (Linux). Binary tides, http://www.binarytides.com/syn-flood-dos-attack/

  37. Nmap 2014 Nmap—the network mapper. Nmap, http://nmap.org/

  38. Arora H 2011 C socket programming for Linux with a server and client example code. The Geek Stuff, http://www.thegeekstuff.com/2011/12/c-socket-programming/

  39. DARPA dataset 1999 DARPA intrusion detection data sets. DARPA, http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/

  40. Hick P 2007 The CAIDA DDoS attack 2007 dataset. CAIDA Datasets, https://data.caida.org/datasets/security/ddos-20070804/

  41. Sathya S S, Ramani R G and Sivaselvi K 2011 Discriminant analysis based feature selection in KDD intrusion dataset. International Journal of Computer Applications 31(11): 1–7

    Google Scholar 

  42. Singh S and Silakari S 2009 An ensemble approach for feature selection of Cyber Attack Dataset. International Journal of Computer Science and Information Security 6(2): 297–302

    Google Scholar 

  43. Kayacik N and Heywood M 2005 Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the The 3rd Annual Conference on Privacy, Security and Trust (PST)

  44. Ibrahim L M, Basheer D T and Mahmod M S 2013 A comparison study for intrusion database (KDD99, NSL-KDD) based on self organization map (SOM) artificial neural network. Journal of Engineering Science and Technology 8(1): 107–119

    Google Scholar 

  45. Wang L, Zhang S, Li Y, Wu R and Yu Y 2013 An attribute-weighted clustering intrusion detection method. Journal of Engineering Science and Technology 8(6): 1278–1284

    Google Scholar 

  46. Long Y, Ouyang J and Sun X 2013 Network intrusion detection model based on fuzzy support vector machine. Journal of Networks 8(6): 1387–1394

    Google Scholar 

  47. Kannan A, Maguire G Q, Sharma A and Schoo P 2012 Genetic algorithm based feature selection algorithm for effective intrusion detection in Cloud networks. In: Proceedings of the International Conference on Data Mining, pp. 416–423

  48. Hubballi N, Biswas S and Nandi S 2013 Towards reducing false alarms in network intrusion detection systems with data summarization technique. Security and Communication Networks 6(3): 275–285

    Article  Google Scholar 

  49. Naidu R C A and Avadhani P S 2012 A comparison of data mining techniques for intrusion detection. In: Proceedings of the 2012 IEEE International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), vol. 6(3), pp. 41–44

Download references

Author information

Authors and Affiliations

  1. National Institute of Technology Goa, Farmagudi, 403 401, India

    Chirag Modi

  2. National Institute of Technology Surat, Surat, 395 007, India

    Dhiren Patel

Authors
  1. Chirag Modi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dhiren Patel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chirag Modi.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Modi, C., Patel, D. A feasible approach to intrusion detection in virtual network layer of Cloud computing. Sādhanā 43, 114 (2018). https://doi.org/10.1007/s12046-018-0910-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s12046-018-0910-2

Keywords

Search

Navigation