A Distributed Intrusion Detection Scheme for Cloud Computing

A Distributed Intrusion Detection Scheme for Cloud Computing

Nurudeen Mahmud Ibrahim, Anazida Zainal
Copyright: © 2020 |Pages: 15
DOI: 10.4018/IJDST.2020010106
OnDemand:
(Individual Articles)
Available
$37.50
Current Special Offers
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

Intrusion detection systems (IDS) is an important security measure used to secure cloud resources, however, IDS often suffer from poor detection accuracy due to coordinated attacks such as a DDoS. Various research on distributed IDSs have been proposed to detect DDoS however, the limitations of these works the lack of technique to determine an appropriate period to share attack information among nodes in the distributed IDS. Therefore, this article proposes a distributed IDS that uses a binary segmentation change point detection algorithm to address the appropriate period to send attack information to nodes in distributed IDS and using parallel Stochastic Gradient Descent with Support Vector Machine (SGD-SVM) to achieve the distributed detection. The result of the proposed scheme was implemented in Apache Spark using NSL-KDD benchmark intrusion detection dataset. Experimental results show that the proposed distributed intrusion detection scheme outperforms existing distributed IDS for cloud computing.
Article Preview
Top

Introduction

Cloud computing is a new computing paradigm that offers computing resources as a service via the internet (Xiong et al., 2014). It has revolutionized the conventional usage of hardware and software resources as organizations can cut the cost of purchasing and maintaining expensive hardware and software by subscribing for it on a pay-per-use basis. Cloud computing is a promising and emerging IT technology with enormous potentials and benefits to customers; however, it has underlying security issues and vulnerabilities (Khorshed, Ali, & Wasimi, 2012). Example of security threats capable of compromising the cloud security are DoS and DDoS (Mishra, Pilli, Varadharajan, & Tupakula, 2017). Therefore, providing effective security is paramount to the quality of service of cloud computing. Intrusion detection is the process of monitoring events occurring in a system or network and analyzing it for evidence of security incidents that breaches or presents impending threat of breach of system security policy or standard security practice (Scarfone & Mell, 2007). IDS can be classified into signature-based and anomaly detection depending on whether the kinds of attacks to be detected is known beforehand or unknown. The signature-based detection process captures activities in a network and compare them with a collection of attack signatures (Liao, Lin, Lin, & Tung, 2013). Anomaly detection on the other hand is more suited for detection of unknown attack but it suffers from high false alarm (Singh, Patel, Borisaniya, & Modi, 2016). Also coordinated attacks such as DDoS attacks which simultaneously occur in many networks results in difficulties in detection of this attacks (Zhou, Leckie, & Karunasekera, 2009). This difficulty is due to the coordinated nature of the attacks where attacks are spread over multiple network. Therefore, a collaborative effort is required to tackle the attack. For instance, Smurf based DDoS used a spoofed IP address to send ICMP request to large number of reflector host when the reflector host receives the request. They reply to the spoofed IP address thereby flooding it (Bhuyan, Bhattacharyya, & Kalita, 2015).

Complete Article List

Search this Journal:
Reset
Volume 15: 1 Issue (2024)
Volume 14: 2 Issues (2023)
Volume 13: 8 Issues (2022)
Volume 12: 4 Issues (2021)
Volume 11: 4 Issues (2020)
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing