Distributed Intrusion Detection System using Mobile Agents in Cloud Computing Environment

1 / 27

About This Presentation

Title:

Distributed Intrusion Detection System using Mobile Agents in Cloud Computing Environment

Description:

Title: Security System for Protection of Mobile Agents Author: Imran Yousaf Last modified by: AIS LAB PC14 Created Date: 2/11/2005 12:12:02 PM Document presentation ... –

Number of Views:293

Avg rating:3.0/5.0

Slides: 28

Provided by: ImranY3

Category:

more less

Transcript and Presenter's Notes

Title: Distributed Intrusion Detection System using Mobile Agents in Cloud Computing Environment

1
Distributed Intrusion Detection System using
Mobile Agents in Cloud Computing Environment
1
2
Agenda

Overview
Introduction
Challenges Motivations
Literature Survey
Problem Statement
Architecture Workflow
Standard Technologies
Roadmap
References

3
What is Intrusion Detection System
Traffic is monitored
Intruder
System Admin who takes appropriate action
software or hardware IDS
Reported to SysAdmin
Traffic is analyzed
Intrusion is detected
4
Introduction

The open and distributed architecture of Cloud
Computing paradigm is vulnerable to intruders who
may threaten the security of Cloud Service
Providers (CSPs) and Cloud Service Consumers
(CSCs).

5
Where to deploy IDS in Cloud

In Cloud environment, IDS may be deployed at any
of the three layers
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
The deployment of IDS at IaaS layer is the most
flexible model.

6
Cloud??
Comes from the early days of the Internet where
we drew the network as a cloud we didnt care
where the messages went the cloud hid it from
us Kevin Marks, Google
7
Challenges to Cloud based IDS
Scalability
False Positive Rate
Mobility
Single Point of Failure
Network load
Distributed and Large Scale Attacks
8

Literature Survey

9
Distributed Intrusion Detection in Clouds using
Mobile Agents

Problem
The increased number of security issues in
public cloud
Motivation
Flexibility
Mobility
Scalability

Reference A. V. Dastjerdi, K. A. Bakar, S. G.
H. Tabatabaei, Distributed Intrusion Detection
in Clouds using Mobile Agents, Third
International Conference on Advanced Engineering
Computing and Applications in Sciences, 2009, pp.
175-180.
10
Solution

Pros
Can detect both known and unknown attacks
Cons
Limited number of VMs to be visited

Problem
Large size of network traffic
Creation of Signatures
Cooperation among Small Signature Database (SSD)
and Complementary Signature Database (CSD)

Reference M. Uddin, A. A. Rehman, N. Uddin, et
al., Signature-based Multi-Layer Distributed
Intrusion Detection System using Mobile Agents,
International Journal of Network Security, Vol.
15, No. 1, Jan. 2013, pp. 79-87.
12
Solution
Pros

Ability to handle large volume of network
traffic
Fast processing due to match with a small set
of signatures
Cons
Training time for IDS

Problem
Intrusions from inside and outside the network
Motivation
Protection of network from distributed intrusions

Reference M. Xiu-liang, W. Chun-dong, W.
Huai-bin, A Distributed Intrusion Detection
System Based on Mobile Agents, IEEE 2009.
14
Solution
Pros

Distributed Intrusions
Can detect new attacks

Cons

Single Point of Failure

Reference M. Xiu-liang, W. Chun-dong, W.
Huai-bin, A Distributed Intrusion Detection
System Based on Mobile Agents, IEEE 2009.
15
Literature Survey Findings
16
Literature Survey Findings (cont..)
17
Industrial Survey
http//www.linux.org/threads/suricata-the-snort-re
placer-part-1-intro-install.4346/
18
Community Response
http//mail-archives.apache.org/mod_mbox/cloudstac
k-users/201311.mbox/browser
19
Problem Statement

The large-scale and distributed intrusions
causing mainly due to the open and distributed
architecture of Cloud threaten both Cloud Service
Providers (CSPs) and Cloud Service Consumers
(CSCs).

20
Proposed Solution

A Distributed Intrusion Detection System using
Mobile Agents in Cloud Computing Environment
Correlation of intrusion alerts from multiple
locations in order to identify distributed
intrusions.

21
Proposed System Architecture and Workflow
Signature Database
Alert Correlation
Management Station
Management Server
MA
MA
Alert Console
MA
22
Related Standards and Technologies
Mobile Agents
23
Roadmap
Milestones Duration
Preliminary study and Research Done
Implementation
Cloud Configuration 2 week
Installation and Configuration of Suricata 1 week
Development of Mobile Agents 2 month
Signature Creation and Correlation 2 month
Testing and Evaluation 1 month
Final Documentation 1 month
24
THANKS
25
References

1. C. C. Lo, C. C. Huang, J. Ku, A Cooperative
Intrusion Detection System Framework for Cloud
Computing Networks, 39th International
Conference on Parallel Processing Workshops 2010,
pp. 280-284.
2. C. N. Modi, D. R. Patel, A. Patel, R.
Muttukrishnan, Bayesian Classifier and Snort
based Network Intrusion Detection System in Cloud
Computing, Third International Conference on
Computing, Communication and Networking
Technologies, 26th-28th July 2012.
3. C. Mazzariello, R. Bifulco and R. Canonico,
Integrating a Network IDS into an Open Source
Cloud Computing Environment, 2010 Sixth
International Conference on Information Assurance
and Security, pp. 265-270.
4. A. Bakshi, Yogesh B, Securing cloud from
DDOS Attacks using Intrusion Detection System in
Virtual Machine, 2010 Second International
Conference on Communication Software and
Networks, pp. 260-264.
5. Ms. P. K. Shelke, Ms. S. Sontakke, Dr. A. D.
Gawande, Intrusion Detection System for Cloud
Computing, International Journal of Scientific
Technology Research Volume 1, Issue 4, May 2012,
pp. 67-71.

26
References

6. A. Patel, Q. Qassim, Z. Shukor, J. Nogueira,
J. Júnior and C. Wills, Autonomic Agent-Based
Self-Managed Intrusion Detection and Prevention
System, Proceedings of the South African
Information Security Multi-Conference (SAISMC
2010), pp. 223-234.
7. J. H. Lee, M. W. Park, J. H. Eom, T. M.
Chung, Multi-level Intrusion Detection System
and Log Management in Cloud Computing, ICACT,
2011, pp. 552-555.
8. A. V. Dastjerdi, K. A. Bakar, S. G. H.
Tabatabaei, Distributed Intrusion Detection in
Clouds using Mobile Agents, Third International
Conference on Advanced Engineering Computing and
Applications in Sciences, 2009, pp. 175-180.
9. K. Vieira, A. Schulter, Carlos B. Westphall,
and C. M. Westphall, Intrusion Detection for
Grid and Cloud Computing, IEEE Computer Society,
(July/August 2010), pp. 38-43.
10. S. N. Dhage, B. B. Meshram, R. Rawat, S.
Padawe, M. Paingaokar, A. Misra , Intrusion
Detection System in Cloud Computing Environment,
International Conference and Workshop on Emerging
Trends in Technology (ICWET 2011), pp. 235-239.

27
References

11. S. Bharadwaja, W. Sun, M. Niamat, F. Shen,
Collabra A Xen Hypervisor based Collaborative
Intrusion Detection System, Eighth International
Conference on Information Technology New
Generations, 2011, pp. 695-700.
12. M. Uddin, A. A. Rehman, N. Uddin, et al.,
Signature-based Multi-Layer Distributed
Intrusion Detection System using Mobile Agents,
International Journal of Network Security, Vol.
15, No. 1, Jan. 2013, pp. 79-87.
13. M. Xiu-liang, W. Chun-dong, W. Huai-bin, A
Distributed Intrusion Detection System Based on
Mobile Agents, IEEE 2009.
14. Suricata The Snort Replacer (Part 1 Intro
Install), Jul 24, 2013, http//www.linux.org/thr
eads/suricata-the-snort-replacer-part-1-intro-inst
all.4346/
15. cloudstack-users mailing list archives
November 2013,
http//mail-archives.apache.org/mod_mbox/c
loudstack-users/201311.mbox/browser