1 / 28

Distributed Intrusion Detection System using Mobile Agents in Cloud Computing Environment

Distributed Intrusion Detection System using Mobile Agents in Cloud Computing Environment. Yasir Mehmood 2011-NUST-MS-CCS-31. Supervisor:. Dr. Abdul Ghafoor, Dr. Adnan Kiani, Ms. Hirra Anwar. Dr. Awais Shibli. Committee Members:. 1. Agenda. Overview

melita
Download Presentation

Distributed Intrusion Detection System using Mobile Agents in Cloud Computing Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Distributed Intrusion Detection System using Mobile Agents in Cloud Computing Environment Yasir Mehmood 2011-NUST-MS-CCS-31 Supervisor: Dr. Abdul Ghafoor, Dr. Adnan Kiani, Ms. Hirra Anwar Dr. Awais Shibli Committee Members: 1

  2. Agenda • Overview • Introduction • Challenges & Motivations • Literature Survey • Problem Statement • Architecture & Workflow • Standard & Technologies • Roadmap • References

  3. What is Intrusion Detection System Intruder software or hardware IDS Traffic is monitored System Admin who takes appropriate action Reported to SysAdmin Traffic is analyzed Intrusion is detected

  4. Introduction • The open and distributed architecture of Cloud Computing paradigm is vulnerable to intruders who may threaten the security of Cloud Service Providers (CSPs) and Cloud Service Consumers (CSCs).

  5. Where to deploy IDS in Cloud Reference: P. Cox , Intrusion detection in a cloud computing environment, http://searchcloudcomputing.techtarget.com/tip/Intrusion-detection-in-a-cloud-computing-environment • In Cloud environment, IDS may be deployed at any of the three layers: • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (SaaS) The deployment of IDS at IaaS layer is the most flexible model.

  6. Cloud?? “Comes from the early days of the Internet where we drew the network as a cloud… we didn’t care where the messages went… the cloud hid it from us” – Kevin Marks, Google

  7. Challenges to Cloud based IDS Scalability False Positive Rate Mobility Single Point of Failure Network load Distributed and Large Scale Attacks

  8. Literature Survey

  9. Paper 1 Distributed Intrusion Detection in Clouds using Mobile Agents Reference: A. V. Dastjerdi, K. A. Bakar, S. G. H. Tabatabaei, “Distributed Intrusion Detection in Clouds using Mobile Agents”, Third International Conference on Advanced Engineering Computing and Applications in Sciences, 2009, pp. 175-180. Problem: • The increased number of security issues in public cloud Motivation: • Flexibility • Mobility • Scalability

  10. Paper 1 Solution • Pros: • Can detect both known and variants of known attacks • Cons: • Limited number of VMs to be visited Reference: A. V. Dastjerdi, K. A. Bakar, S. G. H. Tabatabaei, “Distributed Intrusion Detection in Clouds using Mobile Agents”, Third International Conference on Advanced Engineering Computing and Applications in Sciences, 2009, pp. 175-180.

  11. Paper 2 Signature-based Multi-Layer Distributed Intrusion Detection System using Mobile Agents Reference: M. Uddin, A. A. Rehman, N. Uddin, et al., “Signature-based Multi-Layer Distributed Intrusion Detection System using Mobile Agents”, International Journal of Network Security, Vol. 15, No. 1, Jan. 2013, pp. 79-87. Problem: • Large size of network traffic • Creation of Signatures • Cooperation among Small Signature Database (SSD) and Complementary Signature Database (CSD)

  12. Paper 2 Solution • Pros: • Ability to handle large volume of network traffic • Fast processing due to match with a small set of signatures • Cons: • Vulnerable to attacks whose signatures are missing at SSD Reference: M. Uddin, A. A. Rehman, N. Uddin, et al., “Signature-based Multi-Layer Distributed Intrusion Detection System using Mobile Agents”, International Journal of Network Security, Vol. 15, No. 1, Jan. 2013, pp. 79-87.

  13. Paper 3 A Distributed Intrusion Detection System based on Mobile Agents Reference: M. Xiu-liang, W. Chun-dong, W. Huai-bin, “A Distributed Intrusion Detection System Based on Mobile Agents”, IEEE 2009. Problem: • Intrusions from inside and outside the network Motivation: • Protection of network from distributed intrusions

  14. Paper 3 Solution • Pros: • Distributed Intrusions • Can detect new attacks • Cons: • Single Point of Failure Reference: M. Xiu-liang, W. Chun-dong, W. Huai-bin, “A Distributed Intrusion Detection System Based on Mobile Agents”, IEEE 2009.

  15. Literature Survey Findings

  16. Literature Survey Findings (cont..)

  17. Industrial Motivation

  18. Industrial Survey http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/ • Source Fire is being bought by Cisco for ~$2.7b. • The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine.

  19. Community Response http://mail-archives.apache.org/mod_mbox/cloudstack-users/201311.mbox/browser • Suricata is multithreaded against snort which is single threaded. Performance is one big issue with snort. • Adding a new extension to snort EX: APPID detection is equally not easy. • The engine structure for suricataassumably is far better to add new plugin EX: APP detection at various layers.

  20. Problem Statement The large-scale and distributed intrusions causing mainly due to the open and distributed architecture of Cloud threaten both Cloud Service Providers (CSPs) and Cloud Service Consumers (CSCs).

  21. Proposed Solution • A Distributed Intrusion Detection System using Mobile Agents in Cloud Computing Environment • Correlation of intrusion alerts from multiple locations in order to identify distributed intrusions. • OSSIM, Stable release: 4.2.3 / June 5, 2013

  22. Proposed System Architecture and Workflow Signature Database Alert Correlation Management Station Management Server MA MA MA Alert Console VM 1 VM 2 VM 3

  23. Related Standards and Technologies Mobile Agents

  24. Roadmap

  25. THANKS

  26. References [1]. C. C. Lo, C. C. Huang, J. Ku, “A Cooperative Intrusion Detection System Framework for Cloud Computing Networks”, 39th International Conference on Parallel Processing Workshops 2010, pp. 280-284. [2]. C. N. Modi, D. R. Patel, A. Patel, R. Muttukrishnan, “Bayesian Classifier and Snort based Network Intrusion Detection System in Cloud Computing”, Third International Conference on Computing, Communication and Networking Technologies, 26th-28th July 2012. [3]. C. Mazzariello, R. Bifulco and R. Canonico, “Integrating a Network IDS into an Open Source Cloud Computing Environment”, 2010 Sixth International Conference on Information Assurance and Security, pp. 265-270. [4]. A. Bakshi, Yogesh B, “Securing cloud from DDOS Attacks using Intrusion Detection System in Virtual Machine”, 2010 Second International Conference on Communication Software and Networks, pp. 260-264. [5]. Ms. P. K. Shelke, Ms. S. Sontakke, Dr. A. D. Gawande, “Intrusion Detection System for Cloud Computing”, International Journal of Scientific & Technology Research Volume 1, Issue 4, May 2012, pp. 67-71.

  27. References [6]. A. Patel, Q. Qassim, Z. Shukor, J. Nogueira, J. Júnior and C. Wills, “Autonomic Agent-Based Self-Managed Intrusion Detection and Prevention System”, Proceedings of the South African Information Security Multi-Conference (SAISMC 2010), pp. 223-234. [7]. J. H. Lee, M. W. Park, J. H. Eom, T. M. Chung, “Multi-level Intrusion Detection System and Log Management in Cloud Computing”, ICACT, 2011, pp. 552-555. [8]. A. V. Dastjerdi, K. A. Bakar, S. G. H. Tabatabaei, “Distributed Intrusion Detection in Clouds using Mobile Agents”, Third International Conference on Advanced Engineering Computing and Applications in Sciences, 2009, pp. 175-180. [9]. K. Vieira, A. Schulter, Carlos B. Westphall, and C. M. Westphall, “Intrusion Detection for Grid and Cloud Computing”, IEEE Computer Society, (July/August 2010), pp. 38-43. [10]. S. N. Dhage, B. B. Meshram, R. Rawat, S. Padawe, M. Paingaokar, A. Misra , “Intrusion Detection System in Cloud Computing Environment”, International Conference and Workshop on Emerging Trends in Technology (ICWET 2011), pp. 235-239.

  28. References [11]. S. Bharadwaja, W. Sun, M. Niamat, F. Shen, “Collabra: A Xen Hypervisor based Collaborative Intrusion Detection System”, Eighth International Conference on Information Technology: New Generations, 2011, pp. 695-700. [12]. M. Uddin, A. A. Rehman, N. Uddin, et al., “Signature-based Multi-Layer Distributed Intrusion Detection System using Mobile Agents”, International Journal of Network Security, Vol. 15, No. 1, Jan. 2013, pp. 79-87. [13]. M. Xiu-liang, W. Chun-dong, W. Huai-bin, “A Distributed Intrusion Detection System Based on Mobile Agents”, IEEE 2009. [14]. Suricata: The Snort Replacer (Part 1: Intro & Install), Jul 24, 2013, http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/ [15]. cloudstack-users mailing list archives: November 2013, http://mail-archives.apache.org/mod_mbox/cloudstack- users/201311.mbox/browser [16]. P. Cox , Intrusion detection in a cloud computing environment, http://searchcloudcomputing.techtarget.com/tip/Intrusion-detection-in-a-cloud-computing-environment

More Related