A Cooperative Intrusion Detection System Framework for Cloud Computing Networks
Institute of Information Management National Chiao Tung University Hsinchu, Taiwan firstname.lastname@example.org
Institute of Information Management National Chiao Tung University Hsinchu, Taiwan email@example.com
Institute of Information Management National Chiao Tung University Hsinchu, Taiwan firstname.lastname@example.org
Abstract—Cloud computing provides a framework for supporting end users easily attaching powerful services and applications through Internet. To provide secure and reliable services in cloud computing environment is an important issue. One of the security issues is how to reduce the impact of denialof-service (DoS) attack or distributed denial-of-service (DDoS) in this environment. To counter these kinds of attacks, a framework of cooperative intrusion detection system (IDS) is proposed. The proposed system could reduce the impact of these kinds of attacks. To provide such ability, IDSs in the cloud computing regions exchange their alerts with each other. In the system, each of IDSs has a cooperative agent used to compute and determine whether to accept the alerts sent from other IDSs or not. By this way, IDSs could avoid the same type of attack happening. The implementation results indicate that the proposed system could resist DoS attack. Moreover, by comparison, the proposed cooperative IDS system only increases little computation effort compared with pure Snort based IDS but prevents the system from single point of failure attack. Keywords-cloud computing; denial-of-service attack; distributed denial-of-service attack; cooperative intrusion detection system
Cloud computing has evolved through a number of implementations. Moving data into the cloud provides great convenience to users. Cloud computing is a collection of all resources to enable resource sharing in terms of scalable infrastructures, middleware and application development platforms, and value-added business applications . The characteristics of cloud computing includes: virtual, scalable, efficient, and flexible. In cloud computing, three kinds of services are provided: Software as a Service (SaaS) systems, Infrastructure as a Service (IaaS) providers, and Platform as a Service (PaaS). In SaaS, systems offer complete online applications that can be directly executed by their users; In IaaS, providers allow their customers to have access to entire virtual machines; and in SaaS, it offers development and deployment tools, languages and APIs used to build, deploy and run applications in the cloud. The virtual environment 1530-2016/10 $26.00 © 2010 IEEE DOI 10.1109/ICPPW.2010.46 280 285
lets users use computing power which far exceeds that contained in their physical worlds. These services in cloud computing may easily expose to the risk of security attacks. Within the cloud computing, security issues, such as confidentiality, integrity and availability (CIA) are the most important security considerations. Denial-of-service (DoS) attack and distributed denial-of-attack (DDoS) are other kinds of attacks that cause the targeted system or network unusable. Therefore, if the cloud computing framework suffers from these kinds of attacks, the service providers and users could not use the services. Intrusion detection system (IDS) is a practical solution to resist these kinds of attacks. However, if IDS is deployed in each cloud computing region, but without any cooperation and communication, IDS may easily suffers from single point of failure attack. Obviously, the abilities of intrusion detection and response are decreased significantly. Thus, the cloud environment could not support services continually. In order to protect the cloud environment from DoS or DDoS attacks, the proposed paper launches an idea of...