Escolar Documentos
Profissional Documentos
Cultura Documentos
Abstract-- Innovations are essential to ride the inevitable tide of cloud computing lie in IaaS [3], the platform for providing the
revolutions. Most of enterprises are striving to reduce their applications to the user is present in PaaS [4, 28] and the
computing cost through the means of virtualization. This demand services that are hosted at users machines are deployed by SaaS
of reducing the computing cost has led to the innovation of [21, 28], sometimes also called On-demand software [31].
cloud computing. With the increasing number of companies
The user interfaces lie on the top of these three models.
resorting to employ resources in the cloud, the protection of the
users data is becoming a significant issue of concern. This report Section 1 of this research paper presents the introduction of
tackles this concern for enterprises in terms of security with cloud computing as an evolving technology describing its
intrusion detection while adopting cloud computing. The main aim deployment models and service models. In, section 2 the
of this research is to understand the security threats and identify a security issues reproduced with the cloud computing have been
security technique used to mitigate them in cloud computing. The highlighted. In section 3, the focus is on the related work done
intrusion detection will be undertaken on the basis of anomaly- and the theoretical background of the proposed work. An
detection on the data generated from the transactions captured overview of the concepts used for the current IDS model is
within the cloud network. The data captured will undergo intense mentioned in section 4. In section 4 the proposed model
data mining through clustering and then performing classification
architecture and the implementation details are delineated.
using BOAT algorithm to detect the presence of intruders on the
cloud. The mining approach will consider various attributes of the Finally the conclusion and a brief discussion on the future work
data to scrutinize the user behaviour. are presented in section 6.
Keywords- Cloud computing; centralized resources; security; II. CLOUD COMPUTING AND SECURITY
intrusion detection; anomaly-detection; data mining; BOAT
algorithm The shift from server based computing towards service-
based computing is transforming the technology in terms of
I. INTRODUCTION designing and delivering applications [30, 32]. An entity is
considered trustworthy when all the people involved in dealing
Cloud computing [1] proves to be the next evolution to the
with that entity rely on its credibility, which in turn leads to
distributed computing paradigm that facilitates resource pool,
reliability [6, 11]. Although the use of cloud services promises
storage and computing resources. The term cloud in cloud
attractive opportunity for organizations of all sizes and traits to
computing accelerates the way through which everything
outsource and utilize centrally-managed security resources,
from computing power to computing infrastructure, multiple
organizations should also be conscious of the threats and
applications, various business processes to non public
challenges associated with a particular cloud choice before
collaborations can be delivered to users as a service wherever
handing over their sensitive data or services into the cloud
and whenever required [2]. Cloud computing is a sculpture for
environment [29, 30, 32]. The issues related with the
facilitating ubiquitous (availability), convenient, on-demand
application and service of cloud computing and information
network access to a shared pool of configurable computing
security of cloud computing comprises of the client side
resources (e.g., servers, storage, networks, applications, and
equipment security, the threats against websites involved, the
services) that can be swiftly provisioned and released with
detection, diagnosis and surveillance of intrusions, access
nominal management exertion or service provider interaction
rights and security of database at the cloud side, detection of
[28].
system leakage and the supervision of real-time repairing
Service models (layers) identify different control options
process, management of server system, the management of
for the cloud customer and cloud service provider (CSP) which
mobile e-commerce processing, and the integrated analysis
in turn impacts the level of responsibility for both parties [29].
of associated security information and issues [18]. An IT
The service models of cloud are represented as a layered
organization must ensure the right balance of protection,
architecture of cloud computing. The three most commonly used
privacy, governance, and accessibility in spite of the fact that IT
service models [28] are described in Figure 1, where resources
security is quite difficult to monitor [12]. A security framework
that make the resource pool and pull the computing power for
Existing
Parameters for comparison Proposed model
model
Correctly Classified Instances 88.604% 92.0228%
Incorrectly Classified Instances 11.396% 7.9772%
Mean Absolute Error 11.4% 10.4%
Root Mean Squared Error 33.76% 27.03%
Relative Absolute Error 24.7463% 22.6135%
True Positive Rate 88.604% 92.0228%
False Positive Rate 17.9% 11.1%
Precision 89.1% 92%
F-Measure 88.3% 91.9%
Fig. 6 J48 decision tree formation
By comparing the proposed model with the existing model
that uses SVM classifier [15] to detect attacks on cloud network,
it is observed that this proposed model promises to detect a
higher level of intrusions with less false positives, depicted in Journal of Emerging Technology and Advanced Engineering, Volume
4, Issue 2, pp. 653-657, February 2014.
Table 1. [16] Sheveta Vashisht, Manveer Kaur, Richa Sapra, Mandeep Singh,
Detecting Cyber Crime by Analyzing Users Data, International
This research project is aimed on user behaviour based Journal of Computer Technology & Applications,Vol 3 (3), pp.1029-
anomaly detection for malicious activities in case of 1033, May-June 2012.
unauthorized access or illegal transactions over cloud data. In [17] Pei-Te Chen, Chi-Sung Laih, IDSIC: an intrusion detection system
with identification capability, Springer-Verlag, pp.185-197, June 2007.
order to achieve vastly secure transactions in future, the system [18] Chang-Lung Tsai, Uei-Chin Lin, Chang, A.Y., Chun-Jung Chen,
can be extended to execute the detection for network behaviour Information security issue of enterprises adopting the application of
with various other applications at Software-as-a-Service layer of cloud computing, Networked Computing and Advanced Information
Cloud. Management (NCM), Sixth International Conference on, pp.645-649,
August 2010.
[19] Jun-Ho Lee; Min-Woo Park; Jung-Ho Eom; Tai-Myoung Chung,
REFERENCES Multi-level Intrusion Detection System and log management in Cloud
Computing, Advanced Communication Technology (ICACT), 13th
[1] Anthony T. Velte, Toby J. Velte, Robert Elsenpeter, Cloud Computing International Conference on , pp.552-555, February 2011.
A Practical Approach, Tata McGrawHill Edition, ISBN: 978-0-07- [20] Nascimento, G., Correia, M., Anomaly-based intrusion detection in
162695-8. software as a service, Dependable Systems and Networks Workshops
[2] Judith Hurwitz, Robin Bloor, Marcia Kaufman, Dr. Fern Halper, Cloud (DSN-W), IEEE/IFIP 41st International Conference on, pp.19-24, June
Computing For Dummies, Wiley Publishing, Inc. 2011.
[3] A. Weiss., Computing in the clouds, NetWorker - Cloud computing: [21] Tupakula, U, Varadharajan, V., Akku, N., Intrusion Detection
PC functions move onto the web, Volume 11 Issue 4, pp. 1625, Techniques for Infrastructure as a Service Cloud, Dependable,
December 2007. Autonomic and Secure Computing (DASC), IEEE Ninth International
[4] Rodrigo N. Calheiros, Rajiv Ranjan, Anton Beloglazov, Csar A. F. De Conference on , pp.744-751, December 2011.
Rose, Rajkumar Buyya, CloudSim: A Toolkit for Modeling and [22] Chirag N. Modil, Dhiren R. Patell, Avi Patel, Rajarajan Muttukrishnan,
Simulation of Cloud Computing Environments and Evaluation of Bayesian Classifier and Snort based Network Intrusion Detection
Resource Provisioning Algorithms, Software: Practice and Experience, System in Cloud Computing, Computing Communication &
Volume 41, Issue 1, pp. 2350, January 2011. Networking Technologies (ICCCNT), 2012 Third International
[5] Luis M. Vaquero, Luis Rodero-Merino, Daniel Morn, Locking the Conference on, pp. 1-7, July 2012.
sky: a survey on IaaS cloud security, Springer, Journal Computing, [23] Punit Gupta, Deepika Agrawal, Behavior Based IDS for Cloud IaaS,
Volume 91, Issue 1, pp. 93-118, January 2011. International Journal of Software and Web Sciences (IJSWS), pp. 31-
[6] Dimitrios Zissis, Dimitrios Lekkas, Addressing cloud computing 36, June-August 2013.
security issues, Future Generation Computer Systems, Volume 28, [24] David J. Day, Denys A. Flores, Harjinder Singh Lallie, CONDOR: A
Issue 3, pp. 583592, March 2012. Hybrid IDS to Offer Improved Intrusion Detection, IEEE 11th
[7] Ms. Sumitra Binu and Dr. J Minakumari, A security framework for an International Conference on Trust, Security and Privacy in Computing
enterprise system on cloud, Indian Journal of Computer Science and and Communications, pp. 931-936, 2012.
Engineering, Vol.3, No.4, pp. 548-552, Aug-Sep 2012. [25] Hari Om, Aritra Kundu, A Hybrid System for Reducing the False
[8] Ajeet Kumar Gautam, Vidushi Sharma, Shiva Prakash, An Improved Alarm Rate of Anomaly Intrusion Detection System, In Proceedings of
Hybrid Intrusion Detection System in Cloud Computing, International 1st Int'l Conf. on Recent Advances in Information Technology (RAIT-
Journal of Computer Applications, Volume 53 No.6, pp. 1-13, 2012),IEEE, pp. 131-136, 2012.
September 2012. [26] Choudhury, A.J.; Kumar, P.; Sain, M.; Hyotaek Lim; Hoon Jae-Lee, A
[9] Amirreza Zarrabi and Alireza Zarrabi, Internet Intrusion Detection Strong User Authentication Framework for Cloud Computing, Services
System Service in Cloud, International Journal of Computer Science Computing Conference (APSCC), IEEE Asia-Pacific, pp.110-115,
Issues, Vol. 9, Issue 5, No. 2, pp. 308-315, September 2012. December 2011.
[10] Ahmed Patel, Mona Taghavi, Kaveh Bakhtiyari and Joaquim Celestino [27] Johannes Gehrke, Venkatesh Ganti, Raghu Ramakrishnany, Wei-Yin
Jnior, An Intrusion Detection And Prevention System In Cloud Lohz, BOAT Optimistic Decision Tree Construction, Proceedings
Computing: A Systematic Review, Journal of Network and Computer of the 1999 ACM SIGMOD International conference on Management
Applications. Volume 36, Issue 1, pp. 25 -41, January 2013. of data, pp. 169-180, 1999.
[11] Diogo A. B. Fernandes, Liliana F. B. Soares, Joo V. Gomes, Mrio M. [28] Mandeep Singh, Gaurav Mehta, Chetna Vaid, Parul Oberoi, Detection
Freire, Pedro R. M. Incio, Security issues in cloud environments: a of Malicious Node in Wireless Sensor Network Based on Data
survey, International Journal of Information Security, Springer-Verlag Mining,, International Conference on Computing Sciences (ICCS),
Berlin Heidelberg, Volume 13, Issue 2 , pp 113-170, September 2013. pp.291-294, September 2012.
[12] Christos Kalloniatis, Haralambos Mouratidis and Shareeful Islam, [29] Peter Mell, Timothy Grance, The NIST Definition of Cloud
Evaluating cloud deployment scenarios based on security and privacy Computing, National Institute of Standards and Technology Special
requirements, Springer-Verlag London, Journal Requirements Publication, pp.800-145, September 2011.
Engineering, Volume 18, Issue 4, pp 299-319, November 2013. [http://csrc.nist.gov/publications/nistpubs/800-145/SP800-45.pdf]
[13] An Na Kang, Leonard Barolli, Jong Hyuk Park, Young-Sik Jeong, A [30] PCI Data Security Standard (PCI DSS) by Cloud Special Interest Group
strengthening plan for enterprise information security based on cloud PCI Security Standards Council Version: 2.0.
computing, Springer Science+Business Media New York 2013, [31] Top Threats Working Group, The Notorious Nine Cloud Computing
Journal Cluster Computing, November 2013. Top Threats in 2013, February 2013.
[14] Ms Deepavali P Patil, Prof.Archana C.Lomte, Implementation of [http://www.cloudsecurityalliance.org/topthreats]
Intrusion Detection System for Cloud Computing, International Journal [32] Walter Bailey, Insider Threats To Cloud Computing, October 2012.
of Advanced Research in Computer Science and Software Engineering, [http://cloudtweaks.com/2012/10/insider-threats-to-cloud-computing/].
Volume 3, Issue 11, November 2013.
[15] Harshit Saxena, Dr. Vineet Richariya, Intrusion Detection System
using K- means, PSO with SVM Classifier: A Survey, International