Detection of New Attacks on Ubiquitous Services in Cloud Computing and Countermeasures
Authors: L. Sellami, D. Idoughi, P. F. Tiako
Abstract:
Cloud computing provides infrastructure to the enterprise through the Internet allowing access to cloud services at anytime and anywhere. This pervasive aspect of the services, the distributed nature of data and the wide use of information make cloud computing vulnerable to intrusions that violate the security of the cloud. This requires the use of security mechanisms to detect malicious behavior in network communications and hosts such as intrusion detection systems (IDS). In this article, we focus on the detection of intrusion into the cloud sing IDSs. We base ourselves on client authentication in the computing cloud. This technique allows to detect the abnormal use of ubiquitous service and prevents the intrusion of cloud computing. This is an approach based on client authentication data. Our IDS provides intrusion detection inside and outside cloud computing network. It is a double protection approach: The security user node and the global security cloud computing.
Keywords: Cloud computing, intrusion detection system, privacy, trust.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1129720
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1105References:
[1] T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my cloud,”exploring information leakage in third-party compute clouds, In: CCS’09, Proceedings of the 16th ACM conference on Computer and communications security, New York: USA, 2009, pp. 199 – 212.
[2] R. Wu, G.-joon Ahnl, and H. Hul, “Information Flow Control in Cloud Computing,” IEEE Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2010, pp. 1 – 7.
[3] A.E. Youssef, “Exploring Cloud Computing Services and Applications,” Journal of Emerging Trends in Computing and Information Sciences, Vol. 3, No. 6, 2012.
[4] A.E. Youssef, and M. Alageel, “A Framwork. For Secure Cloud Computing,” IJCSI International Journal of Computer Science Issues. Vol. 9. Issue 4. No. 3, 2012.
[5] Z. Mahmood, “Cloud Computing: Characteristics and Deployment Approaches,” 11th IEEE International Conference on Computer and Information Technology, 2011, pp. 121 – 126.
[6] R. Bace, and P. Mell, “NIST Special Publication on Intrusion Detection Systems,” National Institute of Standards and Technology, 2001.
[7] K. Sellami, R. Chelouah, L. Sellami, and M. Ahmed-Nacer, M, “Intrusion Detection Based on Swarm Intelligence using mobile agent,” International Conference on Swarm Intelligence: Theoretical advances and real world applications (ICSI 2011). Cergy: France; June, 2011, pp. 1 – 3.
[8] L. Sellami, D. Idoughi, and A. Baadache, “Intrusions Detection System Based on Ubiquitous Network Nodes,” INFOCOMP 2014. The Fourth International Conference on Advanced Communications and Computation. Paris, 2014, ISBN. 978-1-61208-365-0, pp. 138 – 143
[9] J. Mchugh, A. Christie,and A. Allen, “Defending Yourself: The Role of Intrusion Detection Systems,” IEEE Software, 17(5) , 2000, pp. 42 – 51.
[10] F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger, and D. Leaf, “NIST Cloud Computing Reference Architecture‖ (NIST SP 500-292),” National Institute of Standards and technology, Departement of commerce. U.S, 2011.
[11] P. Mell, and T. Grance, “The NIST Definition of Cloud Computing,” Recommendation of NIST. Special Publication 800-145, 2011.
[12] “Cloud Computing,” NIST Cloud Computing Program Draft Documents, Information Techology Laboratory, https://www.nist.gov/programs-projects/cloud-computing, Created November 15, 2010, Updated November 17, 2016 (accessed November 2016).
[13] L. Sellami, D. Idoughi and P.F. Tiako, "An Intrusion Detection System Based on Nodes in Cloud Computing Environments", in Proceedings of Fourth International Conference on Parallel, Distributed, Grid and Cloud Computing for Engineering, P. Iványi, B.H.V. Topping, (Editors), Civil-Comp Press, Stirlingshire, United Kingdom, paper 22, Croatia 2015, doi:10.4203/ccp.101.22, ISSN 1759-3433, pp. 1-10.
[14] L. Mé, and C. Michel, “La détection d’intrusion : bref aperçu et derniers développements,” 1999.
[15] B. Philippe, “Architecture expérimentale pour la détection d’intrusions dans un système informatique,” 2001.
[16] J. Lancia, “Infrastructure orientée service pour le développement d’application ubiquitaire,” These. N_d’ordre : 3745, 2008.
[17] K.V.S.N.R. Rao, A. Pal, and M.R. Patra, “A Service Oriented Architectural Design for Building Intrusion Detection Systems,” International Journal of Recent Trends in Engineering. 1(2) , 2009, pp. 11 – 14.
[18] E. Cooke, “Examination of a HIDS (SNORT + ADS),” Available at: cs.columbusstate.edu/cae-ia/studentpapers/cooke.edgar.pdf.
[19] H. Zhengbing, L. Zhitang, and W. Junqi, “Novel Network Intrusion Detection System (NIDS) Based on Signatures Search of Data Mining‖,” First International Workshop on Knowledge Discovery and Data Mining, 2008, pp. 10 – 16.
[20] K. Hwang, M. Cai, and Y. Chen, S. Member, M. Qin, “Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes,” IEEE Transactions on Dependable and Secure Computing. 4(1), 2007, pp. 1 – 15.
[21] A. Saxena, A. K. Sharma, "An Agent based Distributed Security System for Intrusion Detection," in Computer NetworksInternational Journal of Computer Applications (0975 – 8887), Vol 12– No.3, November 2010, pp. 18-27.https://pdfs.semanticscholar.org/ 1b99/3f06a4c3fa7df5d68d7562f64a74b11b9ed1.pdf, (accessed November 2016)
[22] J. Nikolai, “Detecting Unauthorized usage in a cloud using Tenant. Network Security” pp. 7 – 10, 2010.
[23] R. Bhadauria, R. Chaki, N. Chaki, and S. Sanyal, “A Survey on Security Issues in Cloud Computing,” The IEEE Communications Surveys and Tutorials, 2011.
[24] C. Wang, Q. Wang, K. Ren, and W. Lou, “Ensuring Data Storage Security in Cloud Computing,” 17th International Workshop on Quality of Service: (IWQoS'09), 2009, pp. 1 – 9.
[25] KABAV. Dastjerdi, SGH. Tabatabaei, Distributed intrusion detection in clouds using mobile agents. In: Third International Conference on Advanced Engineering Computing and Applications in Sciences: ADVCOMP ’09, 2009, pp. 175 – 180.
[26] K. Vieira, A. Schulter, C. Westphall, C. Westphall, “Intrusion detection techniques in grid and cloud computing environment,” IEEE IT Professional Magazine, 2010, pp.38 – 43.
[27] K.S. Narenda, and K. Parthasarathy, “Identification and control of dynamical systems using neural networks. IEEE Transaction on Neural Networks. vo. 1, no. 1, 1990, pp. 4 – 27.
[28] Recursion Software Inc, Voyager ORB Developer's Guide. www.objectspace.com, (accessed November 2016).
[29] O. Saud,” cloud intrusion detection and prevention systems taxonomy (CIDPS),” http://www.slideshare.net/OhudSaud/cloud-intrusion-detection-and-prevention-systems-taxonomy, (accessed November 2016).