Integrated Intrusion Detection Approach for Cloud Computing.
C. Ambikavathi and S. K. Srivatsa
Journal Title:Indian Journal of Science and Technology
Objectives: Intrusion Detection System (IDS) models and methods are integrated for better detection of intruders and mitigation of false alarms. Integrated IDS is proposed to provide security in a cloud environment. Methods: The distributed and dynamic nature built-in of cloud environment leads to critical issues like huge log analysis, heterogeneous traffic aggregation and scalability, etc. Intrusion specific data classification and false alarms degrades performance. This integrated model integrates both IDS models and IDS methodologies. Host-based IDS (H-IDS) model integrates with network-based IDS (N-IDS) model, as well as signature and anomaly based IDS methods are integrated to get the best of each. Findings: Whenever a Virtual Machine (VM) is created, H-IDS is in-built into its operating system to monitor the activities within that VM. N-IDS is deployed at strategic locations within the cloud network to monitor the traffic between the virtual machines and from the outside environment. Any malicious activity initiated by a cloud user using their virtual machine is detected by H-IDS. The packets flowing through the cloud network are captured and analyzed by N-IDS to detect infected packets send by hackers. The weakness of one methodology is compromised by the other during integration, but if the methods are used separately they are ineffective. Known attacks can be detected by signature based IDS and the new/unknown attack patterns are identified by anomaly based IDS. The major drawback of anomaly based IDS is high false alarm rate. It can be overcome by signature based IDS. This proposed work is implemented using Opennebula, for constructing a cloud environment and tested with IDS tools. Improvements: This integration leads to improve cloud security and trust among consumers. IDS specific issues are also rectified such as false alarms, heterogeneity etc.