A Cooperate Intrusion Detection System Framework for Cloud Computing Networks
2010 39th International Conference on Parallel Processing Workshops
A Cooperative Intrusion Detection System Framework for Cloud Computing Networks
Chi-Chun Lo
Institute of Information Management National Chiao Tung University Hsinchu, Taiwan cclo@faculty.nctu.edu.tw
Chun-Chieh Huang
Institute of Information Management National Chiao Tung University Hsinchu, Taiwan chuchieh.iim91g@nctu.edu.tw
Joy Ku
Institute of Information Management National Chiao Tung University Hsinchu, Taiwan joyku@iim.nctu.edu.tw
Abstract—Cloud computing provides a framework for supporting end users easily attaching powerful services and applications through Internet. To provide secure and reliable services in cloud computing environment is an important issue. One of the security issues is how to reduce the impact of denialof-service (DoS) attack or distributed denial-of-service (DDoS) in this environment. To counter these kinds of attacks, a framework of cooperative intrusion detection system (IDS) is proposed. The proposed system could reduce the impact of these kinds of attacks. To provide such ability, IDSs in the cloud computing regions exchange their alerts with each other. In the system, each of IDSs has a cooperative agent used to compute and determine whether to accept the alerts sent from other IDSs or not. By this way, IDSs could avoid the same type of attack happening. The implementation results indicate that the proposed system could resist DoS attack. Moreover, by comparison, the proposed cooperative IDS system only increases little computation effort compared with pure Snort based IDS but prevents the system from single point of failure attack. Keywords-cloud computing; denial-of-service attack; distributed denial-of-service attack; cooperative intrusion detection system
I.
INTRODUCTION
Cloud computing has evolved through a number of implementations. Moving data into the cloud provides great convenience to users. Cloud computing is a collection of all
A Cooperative Intrusion Detection System Framework for Cloud Computing Networks
Chi-Chun Lo
Institute of Information Management National Chiao Tung University Hsinchu, Taiwan cclo@faculty.nctu.edu.tw
Chun-Chieh Huang
Institute of Information Management National Chiao Tung University Hsinchu, Taiwan chuchieh.iim91g@nctu.edu.tw
Joy Ku
Institute of Information Management National Chiao Tung University Hsinchu, Taiwan joyku@iim.nctu.edu.tw
Abstract—Cloud computing provides a framework for supporting end users easily attaching powerful services and applications through Internet. To provide secure and reliable services in cloud computing environment is an important issue. One of the security issues is how to reduce the impact of denialof-service (DoS) attack or distributed denial-of-service (DDoS) in this environment. To counter these kinds of attacks, a framework of cooperative intrusion detection system (IDS) is proposed. The proposed system could reduce the impact of these kinds of attacks. To provide such ability, IDSs in the cloud computing regions exchange their alerts with each other. In the system, each of IDSs has a cooperative agent used to compute and determine whether to accept the alerts sent from other IDSs or not. By this way, IDSs could avoid the same type of attack happening. The implementation results indicate that the proposed system could resist DoS attack. Moreover, by comparison, the proposed cooperative IDS system only increases little computation effort compared with pure Snort based IDS but prevents the system from single point of failure attack. Keywords-cloud computing; denial-of-service attack; distributed denial-of-service attack; cooperative intrusion detection system
I.
INTRODUCTION
Cloud computing has evolved through a number of implementations. Moving data into the cloud provides great convenience to users. Cloud computing is a collection of all
References: Figure. 3 Simulation results [1] [2] B.R. Kandukuri, R. Paturi V, and A. Rakshit, “Cloud Security Issues,” 2009 IEEE International Conference on Services Computing, Sep. 21-25, 2009, Bangalore, India, pp. 517-520. D. Curry and H.Debar, “Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) 283 288 Document Type Definition,” draft-ietf-idwg-idmef-xml-06.txt, Feb. 2002. [3] D.J. Ragsdale, C.A. Carver, Jr. J.W. Humphries, U.W. Pooch, “Adaptation techniques for intrusion detection and intrusion response systems,” 2000 IEEE International Conference on Systems, Man, and Cybernetics, Vol.4 , 8-11 Oct. 2000 p.2344-p.2349. [4] E.H, Spafford and D. Zamboni, “Intrusion Detection Using Autonomous Agent,” Computer Networks, vol.34, issue 4, 2000, pp.547-570. [5] G. Carl, G. Kesidis, R.R, Brooks, and S. Rai, “Denial-of-serive attack-detection techniques,” IEEE Transaction on Internet Computing, Vol.10, issue 1, 2006, pp.82-89. [6] J. Haggerty, S. Qi, and M. Merabti, “Early detection and prevention of denial-of-service attacks: a novel mechanism with propagated traced-back attack blocking,” IEEE Journal on Selected Areas in Communications, Vol.23, Issue 10, Oct.2005, pp.1994-2002. [7] L.J. Zhang and Qun Zhou, “CCOA: Cloud Computing Open Architecture,” 2009 IEEE International Conference on Web Services, July 6-10, 2009, Los Angeles, CA, USA, pp. 607-616. [8] M.H., Islam, K. Nadeem, S.A., Khan, “Efficient placement of sensors for detection against distributed denial of service attack,” International Conference on Innovations in Information Technology, 2008, 16-18 Dec. 2008, pp.653-657. [9] R. Martin, “Snort – Light Weight Intrusion Detection for Networks,” http://www.snort.org. [10] S. Cheung, R. Crawford, and M. Dilger et al., “The Design of GrIDS: A Graph-Based Intrusion Detection System,” Technical Report CSE99-2, U.C. Davis Computer Science Department, January 1999. [11] S.R. Snapp, J. Brentano, G.V. Dias, T.L. Goan, T. Grance, L.T. Heberlein, C.L. Ho, K.N. Levitt, B. Mukherjee, D.L. Mansur, K.L. Pon, and S.E. Smaha, “A system for distributed intrusion detection,” Compcon Spring’91, Feb-March 1991, pp.170-176. 284 289