Anomaly-based IDS Implementation in Cloud

Environment using BOAT Algorithm

Chetna Vaid#, Harsh K Verma#
#
Department of Computer Science and Engineering
Dr B R Ambedkar National Institute of Technology, Jalandhar, India.
chetna.vaid@gmail.com
vermah@nitj.ac.in

Abstract-- Innovations are essential to ride the inevitable tide of
revolutions. Most of enterprises are striving to reduce their
computing cost through the means of virtualization. This demand
of reducing the computing cost has led to the innovation of
cloud computing. With the increasing number of companies
resorting to employ resources in the cloud, the protection of the
users data is becoming a significant issue of concern. This report
tackles this concern for enterprises in terms of security with
intrusion detection while adopting cloud computing. The main aim
of this research is to understand the security threats and identify a
security technique used to mitigate them in cloud computing. The
intrusion detection will be undertaken on the basis of anomaly-
detection on the data generated from the transactions captured
within the cloud network. The data captured will undergo intense
data mining through clustering and then performing classification
using BOAT algorithm to detect the presence of intruders on the
cloud. The mining approach will consider various attributes of the
data to scrutinize the user behaviour.
cloud computing lie in IaaS [3], the platform for providing the
applications to the user is present in PaaS [4, 28] and the
services that are hosted at users machines are deployed by SaaS
[21, 28], sometimes also called On-demand software [31].
The user interfaces lie on the top of these three models.
Section 1 of this research paper presents the introduction of
cloud computing as an evolving technology describing its
deployment models and service models. In, section 2 the
security issues reproduced with the cloud computing have been
highlighted. In section 3, the focus is on the related work done
and the theoretical background of the proposed work. An
overview of the concepts used for the current IDS model is
mentioned in section 4. In section 4 the proposed model
architecture and the implementation details are delineated.
Finally the conclusion and a brief discussion on the future work
are presented in section 6.

Keywords- Cloud computing; centralized resources; security; II. CLOUD COMPUTING AND SECURITY
intrusion detection; anomaly-detection; data mining; BOAT
algorithm The shift from server based computing towards service-
based computing is transforming the technology in terms of
I. INTRODUCTION designing and delivering applications [30, 32]. An entity is
considered trustworthy when all the people involved in dealing
Cloud computing [1] proves to be the next evolution to the
with that entity rely on its credibility, which in turn leads to
distributed computing paradigm that facilitates resource pool,
reliability [6, 11]. Although the use of cloud services promises
storage and computing resources. The term cloud in cloud
attractive opportunity for organizations of all sizes and traits to
computing accelerates the way through which everything
outsource and utilize centrally-managed security resources,
from computing power to computing infrastructure, multiple
organizations should also be conscious of the threats and
applications, various business processes to non public
challenges associated with a particular cloud choice before
collaborations can be delivered to users as a service wherever
handing over their sensitive data or services into the cloud
and whenever required [2]. Cloud computing is a sculpture for
environment [29, 30, 32]. The issues related with the
facilitating ubiquitous (availability), convenient, on-demand
application and service of cloud computing and information
network access to a shared pool of configurable computing
security of cloud computing comprises of the client side
resources (e.g., servers, storage, networks, applications, and
equipment security, the threats against websites involved, the
services) that can be swiftly provisioned and released with
detection, diagnosis and surveillance of intrusions, access
nominal management exertion or service provider interaction
rights and security of database at the cloud side, detection of
[28].
system leakage and the supervision of real-time repairing
Service models (layers) identify different control options
process, management of server system, the management of
for the cloud customer and cloud service provider (CSP) which
mobile e-commerce processing, and the integrated analysis
in turn impacts the level of responsibility for both parties [29].
of associated security information and issues [18]. An IT
The service models of cloud are represented as a layered
organization must ensure the right balance of protection,
architecture of cloud computing. The three most commonly used
privacy, governance, and accessibility in spite of the fact that IT
service models [28] are described in Figure 1, where resources
security is quite difficult to monitor [12]. A security framework
that make the resource pool and pull the computing power for

978-1-4799-6896-1/14/$31.00 2014 IEEE

is proposed in [7] for cloud-based enterprise systems that must
comprise:
(i) Physical security: Imposing codes of conduct and social
guidelines for the workforce and procuring mechanisms to
assure the adherence of rules. It must also cover the solution to
catastrophe or disaster recovery.
(ii) Data storage security: It constitutes of encryption of
sensitive data, maintaining privacy of data and backing up of
data on periodical basis in order to recover from disasters.
(iii) Access security: This module should comprise of intrusion
detection and prevention system to guard against unauthorized
access over the network or systems.
(iv) Application software management: This module contains
the business logic to ensure the security and integrity of data.
This can be practiced via user authentication, maintaining data
integrity and identity management of users through credential
synchronization.
(v) Communication management: It can be attained through
transaction security and by implementing encryption techniques
like Secure Socket Layer (SSL) and Transport Layer Security
(TLS) to protect communication through servers.
Fig. 1 Layered Architecture of Cloud Computing [4]
Many businesses, organizations and governments are
incorporating Security-as-a-Service into their cloud strategies
[15, 30, 32]. However industry experts have analyzed various
vulnerabilities that are of great concern to current industry that
have placed their data onto the cloud and introduced multiple
threats like data breaches/losses, account hijacking, malicious
insiders, insecure APIs, denial of services and shared technology
issues [5, 13].
Due to tremendously large size of the resources and
inherent loopholes in the TCP/IP stack, the attacker can
effortlessly exploit the protocol stack to introduce multiple
attacks on the customers virtual machines. In addition, several
new attacks, called zero day attacks, are emerging quite
frequently thus making it extremely difficult for the CSPs to
detect and prevent the attacks [21].
In this paper, we have proposed an intrusion detection
model that can be implemented with SaaS layer of cloud in
order to provide utmost security for the cloud network by
scrutinizing the users behaviour who are trying to access the
cloud network.
III. RELATED WORK
A. Problem Statement
To design and implement an Intrusion Detection System
(IDS) that is able to detect the malicious activity on a service
hosted by a cloud environment in a network on a virtual
machine. In other words, to propose a model that could detect
the presence of intruders on a cloud environment and generate
the alarms at the occurrence of any illegitimate activity. Here
the intrusion detection system is trained with the normal data
and thus the malicious data is recognized on the basis of the
deviation (or anomaly) suspected while any new data is
compared with the trained data.
B. Related Work
In 2007, Pei-Te Chen et al. proposed the concept of security
auditors who can be used to discover the system vulnerabilities
and modify the tested packets with the help of fingerprints that
can be detected and recognized by IDS [17].
In February 2011, Jun-Ho Lee et al. proposed a multi-level
method for implementing IDS [19] in cloud computing system.
In this method all the users were bound to a security system on
the basis of degree of anomaly that they termed as anomaly
level (High, Medium and Low). The system judged anomalies
on the basis of users IP coverage, vulnerable ports, number of
ID/password failures etc.
In June 2011, Gustavo Nascimento et al. presented an
anomaly-based intrusion detection model in a production
environment of SaaS application [20] with more than 500,000
requests in a day.
In July 2012, Chirag N. Modi et al. designed and integrated
a Network based IDS module in Cloud that offered IaaS to
detect network attacks [22]. In this module, they used Bayesian
classification algorithm along with Snort. The authors quoted
that their module guarantees low false positives and low false
negatives with affordable computational cost.
In 2012, Ajeet Kumar Gautam et al. proposed an improved
hybrid intrusion detection system in cloud computing wherein
two technologies were used in combination, honeypot
technology with KFSensor and anomaly based IDS via
FlowMatrix[8]. They designed an architecture and implemented
it as real time by providing and detecting various attacks.
In September 2012, Amirreza et al. introduced a Cloud
Intrusion Detection System Service (CIDSS) [9] to overcome
the crucial challenge of securing the client from cyber attacks.
The CIDSS architecture composed of three primary
components: A Service Agent for Intrusion Detection, a Service
Component (CCSC), and an Intrusion Detection Service
Component (IDSC) that were used to assimilate information and
thereafter test them.
In January 2013, Ahmed Patel et al. presented a detailed
taxonomy of their proposed model of Intrusion Detection and
Prevention system (IDPS) in cloud computing [10]. In this
model, the basic requirements for an ideal IDPS were presented
and thus the concepts of autonomic computing, risk
management, fuzzy theory and ontology were grabbed and
combined acknowledge the requirements of an IDS.
In August 2013, P. Gupta et al. proposed behaviour based
IDS [23], the implementation was exercsed in a real cloud IaaS
environment using Qemu as the Virtual machine monitor
and Libvirt library as a driver to interact with Qemu. The
framework was tested with NIDS to detect network based
attacks like spoofing, DOS, scripting attacks etc.
In February 2014, Harshit Saxena et al. proposed an
intrusion detection system using K- means, PSO with SVM
classifier [15] to detect various attacks at network. In this the
author has tried to design an IDS that is trained on the basis of
Particle Swarm Optimization, executed on the KDD data.
IV. THEORETICAL BACKGROUND
A. Intrusion Detection
The process of recognizing malicious activity targeted
against the networking resources is termed as intrusion
detection. The identification of any suspicious activity on the
devices and/or networks is raised by an alert [20]. An Intrusion
Detection System (IDS) is a must in a cloud computing
environment for protecting each VM against the threat of
attacks.
An IDS can be a hardware or software program that
automates the process of monitoring the events at a machine or
at a network. It observes the traffic at each virtual machine,
monitors the network and thus generates the logs, in order to
provide the essence of security to all the devices globally [6, 15,
20]. The monitored environments for an IDS are [10]:
Network-based Intrusion Detection System: NIDS monitors the
network packets for specific network segments or stations to
identify any suspicious activity.
Host-based Intrusion Detection System: HIDS monitors a
specific host to detect if any program accesses some resources.
It behaves somewhat like a firewall.
B. Categories of IDS
Among various IDS operations, intruder identification is
one of the fundamental ones [14]. The three main identified
methods of detection by IDS [ 6, 10, 20] are mainly categorized
as:
1) Misuse-based Detection: A misuse-based IDS
maintains a database of signatures depicting attacks. Such
signatures of attacks target widely used systems or available
applications where security vulnerabilities are quite common.
The signature or pattern based IDS performs a profound
inspection of the packets observing for any malicious patterns in
the header and/or payload.
2) Anomaly-based Detection: An anomaly-based IDS
secures a statistical model of custom patterns that describe the
normal behavior of a resources to be monitored [20]. The initial
training phase is utilized by the system wherein a similarity
metric is used to compare an input request with the model, and
thereby generating alerts for those deviating significantly,
bearing them anomalous.
Although the inspection method utilized in signature
(misuse)-based IDS seems quite efficient and effective, it shows
two main disadvantages, namely inaccuracy in the detection of
signature against unknown attacks [24, 26] and deficiencies in
pattern analysis. The first disadvantage is due to the fact that
misuse-based IDS is unable to detect unknown attacks [21], or
variations of a previous attack patterns because they rely on
string comparison; thus the unknown attacks as well as their
variants can show deviation from the comparison string, or
signature, and thus are ignored from being detected, leading to
false negatives [25]. Secondly, misuse-based IDSs have
deficiencies in pattern analysis, and in rule writing techniques as
it mainly relies on the human ability to capture all the
vulnerabilities of attacks which if not done accurately can
drastically affect the process of intrusion detection [8, 24, 25].
V. OVERVIEW OF TECHNIQUES USED
A. K-means Clustering Technique
The algorithm takes input parameter k and divides the n
dataset into k clusters in such a way that the intra-cluster
similarity remains high and inter-cluster similarity goes low,
where k is a positive integer number that is presumed. K-
means clustering takes less time as compared to the hierarchical
clustering methods and therefore yields better results. The
method is initialized with setting cluster centroids, where the
distance between the centroids is calculated using Eucleadian
distance that is defined as:
d(x, y) = (xi yi)2
where, x = (x1 . . . xm) and y = (y1ym) are the two input vectors
with m quantitative features [28].
B. Decision Tree
Decision trees are the powerful and one of the most popular
tools for the purpose of classification and prediction. We will
use the bootstrapped ID3 that is called J48, decision tree over
the data to be trained. J48 extracts the best attribute from the
training set that can be utilized for the partitioning of the given
samples [28]. It terminates its operation when the attribute
efficiently and fully classifies the training set, or else it
recursively functions on the m detached subsets to get the 11. Intrusion at the cloud is suspected.
"best" attributes. 12. Generate the alarm.
END
C. BOAT Algorithm
BOAT (Bootstrapped Optimistic Algorithm for Tree Generation of Data Capturing DATA
Scenarios in GNS3 using Wireshark
Construction) is a highly scalable algorithm that has the SET
capability to update a decision tree in an incremental fashion in
case the training dataset modifies dynamically [27]. Instead of K-means Clustering Training of IDS
rebuilding every time, BOAT makes the update to the current
tree by incorporating the new training data for ever-changing
environments. BOAT algorithm inputs a sample D1 from the Data Classification by J.48 Generation of Alarms on
training database D that saves it in the memory of the machine. decision tree (BOAT) occurrence of alert
With the help of bootstrapping technique, small samples can be
obtained as S1, S2, S3,., SN that become the replacement of Fig. 2 Proposed model architecture
actual big sample D1 and construct mini decision trees ST1,
ST2, ST3,., STM using any of the conventional tree The proposed method comprises of three phases of intrusion
constructing algorithms for these samples. In the process of detection that are:
bootstrapping, a new sample of N transactions is randomly
extracted out of m sampled data, where each transaction is A. Phase 1
selected at most t times. In the first phase a scenario (topology) will be configured
on an emulator called GNS3, as shown in Figure 3, that lets the
VI. PROPOSED IDS FRAMEWORK network to act as been operated on an actual virtual machine
with the cloud environment. The transactions done with the
The proposed intrusion detection method is based on the scenario will be logged for further observations.
concept of k-means clustering algorithm along with
bootstrapped ID3 classification algorithm (BOAT algorithm),
thus acting as a two-stage IDS. In the first stage, the current
dataset obtained from cloud environment is evaluated with the
ideal data (genuine transactions) stored in the database GT and
the profile score PrS is computed. If any deviation from the
authorized data is encountered, the data is forwarded to the
second stage. Second stage provides the deviation conformity
that, it is due to some criminal activity (like unauthorized
access) or due to short term change in behaviour of the user.
This is accomplished by comparing data with the database CT
and calculating the deviation score DvS. The algorithm designed
for the proposed system will be as follows:
START: Fig 3 Scenario to depict a cloud service (FTP) hosted by a virtual client
1. Create a topology of devices running on cloud environment.
2. Obtain the data set of the transaction through the emulator B. Phase 2
running on virtual machine. This phase will comprise of the data gathering that has been
3. Select the data to be investigated and normalize it on the generated by GNS3. The data will be judged later on the basis of
basis of various attributes. various attributes. Additionally this phase will train the
4. Apply the k-clustering algorithm to achieve the required proposed IDS with the genuine user behaviour.
clusters.
5. Apply the target attributes on the clusters formed. The attributes presumed for validating the users behaviour
6. Calculates the PrS with the decision tree. in the due course of access in the cloud network are:
7. If PrS is greater than presumed threshold value, go to step 1. IP address of machines
8, else go to step 9. 2. Password violations
8. The user is believed genuine and no intrusion is detected. 3. Occurrence of proxy server
9. Calculate the DvS. 4. Protocol type
10. If the DvS is greater than presumed threshold value then go 5. Length of the packet
to step 11, else to step 12. 6. File extension
7. Network traffic into the user VM
8. Network traffic moving out of user VM
9. Operating system
C. Phase 3
The final phase will be the data analysis phase where the
data will be clustered. Clustering is done with simple K-means
clustering method over a dataset of 351 users.
The result includes nine attributes and two clusters, cluster 0 and
cluster 1. Four iterations were used in formulation of these two
clusters and within the clusters the sum of squared error is
154.83.
Cluster 0 data will be used for the training of IDS as the
ideal behaviour expected. The cluster 0 data is now fed to
classification process in terms of suspicious or unsafe
transactions extracted as a consequence of deviation from the
training on the basis of threshold limits.
The ID3 algorithm helps in the formulation of the decision
tree and hence supplied the results in the BOAT classifier. The
figure 7 illustrates the formulation of the J48 tree in a classified
manner, in a text representation. It shows the value present in
each node.

Fig. 7 Tree representation of Classified Data

The tree representation of the classified data into various

Fig. 4 Cluster formation for all the attributes
Cluster 0 is the cluster for genuine users and it contain
64% of the total data set and cluster 1 is the cluster which
contains the illegal data set that is 36% of total data.
classes where in cluster 0, 216 users belong to Good class, but 9
to Mild class who can cause alerts and in cluster 1, 19 fall under
mild class whereas 107 are the intruders (Bad class). It shows
the accuracy of the proposed model that came out to be
92.0228% and mere 7.9772% are miss-classified instances.
VII. CONCLUSIONS & FUTURE WORK

The accuracy and the cost-benefit analysis play a significant

role in the recognition of any model for an application. The
accuracy of the BOAT classification comes out to be 91.66%.
TABLE I
EXISTING MODEL VS. PROPOSED MODEL

Existing
Parameters for comparison Proposed model
model
Correctly Classified Instances 88.604% 92.0228%
Incorrectly Classified Instances 11.396% 7.9772%
Mean Absolute Error 11.4% 10.4%
Root Mean Squared Error 33.76% 27.03%
Relative Absolute Error 24.7463% 22.6135%
True Positive Rate 88.604% 92.0228%
False Positive Rate 17.9% 11.1%
Precision 89.1% 92%
F-Measure 88.3% 91.9%
Fig. 6 J48 decision tree formation
By comparing the proposed model with the existing model
that uses SVM classifier [15] to detect attacks on cloud network,
it is observed that this proposed model promises to detect a
higher level of intrusions with less false positives, depicted in
Table 1.
This research project is aimed on user behaviour based
anomaly detection for malicious activities in case of
unauthorized access or illegal transactions over cloud data. In
order to achieve vastly secure transactions in future, the system
can be extended to execute the detection for network behaviour
with various other applications at Software-as-a-Service layer of
Cloud.
REFERENCES
[1] Anthony T. Velte, Toby J. Velte, Robert Elsenpeter, Cloud Computing
A Practical Approach, Tata McGrawHill Edition, ISBN: 978-0-07-
162695-8.
[2] Judith Hurwitz, Robin Bloor, Marcia Kaufman, Dr. Fern Halper, Cloud
Computing For Dummies, Wiley Publishing, Inc.
[3] A. Weiss., Computing in the clouds, NetWorker - Cloud computing:
PC functions move onto the web, Volume 11 Issue 4, pp. 1625,
December 2007.
[4] Rodrigo N. Calheiros, Rajiv Ranjan, Anton Beloglazov, Csar A. F. De
Rose, Rajkumar Buyya, CloudSim: A Toolkit for Modeling and
Simulation of Cloud Computing Environments and Evaluation of
Resource Provisioning Algorithms, Software: Practice and Experience,
Volume 41, Issue 1, pp. 2350, January 2011.
[5] Luis M. Vaquero, Luis Rodero-Merino, Daniel Morn, Locking the
sky: a survey on IaaS cloud security, Springer, Journal Computing,
Volume 91, Issue 1, pp. 93-118, January 2011.
[6] Dimitrios Zissis, Dimitrios Lekkas, Addressing cloud computing
security issues, Future Generation Computer Systems, Volume 28,
Issue 3, pp. 583592, March 2012.
[7] Ms. Sumitra Binu and Dr. J Minakumari, A security framework for an
enterprise system on cloud, Indian Journal of Computer Science and
Engineering, Vol.3, No.4, pp. 548-552, Aug-Sep 2012.
[8] Ajeet Kumar Gautam, Vidushi Sharma, Shiva Prakash, An Improved
Hybrid Intrusion Detection System in Cloud Computing, International
Journal of Computer Applications, Volume 53 No.6, pp. 1-13,
September 2012.
[9] Amirreza Zarrabi and Alireza Zarrabi, Internet Intrusion Detection
System Service in Cloud, International Journal of Computer Science
Issues, Vol. 9, Issue 5, No. 2, pp. 308-315, September 2012.
[10] Ahmed Patel, Mona Taghavi, Kaveh Bakhtiyari and Joaquim Celestino
Jnior, An Intrusion Detection And Prevention System In Cloud
Computing: A Systematic Review, Journal of Network and Computer
Applications. Volume 36, Issue 1, pp. 25 -41, January 2013.
[11] Diogo A. B. Fernandes, Liliana F. B. Soares, Joo V. Gomes, Mrio M.
Freire, Pedro R. M. Incio, Security issues in cloud environments: a
survey, International Journal of Information Security, Springer-Verlag
Berlin Heidelberg, Volume 13, Issue 2 , pp 113-170, September 2013.
[12] Christos Kalloniatis, Haralambos Mouratidis and Shareeful Islam,
Evaluating cloud deployment scenarios based on security and privacy
requirements, Springer-Verlag London, Journal Requirements
Engineering, Volume 18, Issue 4, pp 299-319, November 2013.
[13] An Na Kang, Leonard Barolli, Jong Hyuk Park, Young-Sik Jeong, A
strengthening plan for enterprise information security based on cloud
computing, Springer Science+Business Media New York 2013,
Journal Cluster Computing, November 2013.
[14] Ms Deepavali P Patil, Prof.Archana C.Lomte, Implementation of
Intrusion Detection System for Cloud Computing, International Journal
of Advanced Research in Computer Science and Software Engineering,
Volume 3, Issue 11, November 2013.
[15] Harshit Saxena, Dr. Vineet Richariya, Intrusion Detection System
using K- means, PSO with SVM Classifier: A Survey, International
Journal of Emerging Technology and Advanced Engineering, Volume
4, Issue 2, pp. 653-657, February 2014.
[16] Sheveta Vashisht, Manveer Kaur, Richa Sapra, Mandeep Singh,
Detecting Cyber Crime by Analyzing Users Data, International
Journal of Computer Technology & Applications,Vol 3 (3), pp.1029-
1033, May-June 2012.
[17] Pei-Te Chen, Chi-Sung Laih, IDSIC: an intrusion detection system
with identification capability, Springer-Verlag, pp.185-197, June 2007.
[18] Chang-Lung Tsai, Uei-Chin Lin, Chang, A.Y., Chun-Jung Chen,
Information security issue of enterprises adopting the application of
cloud computing, Networked Computing and Advanced Information
Management (NCM), Sixth International Conference on, pp.645-649,
August 2010.
[19] Jun-Ho Lee; Min-Woo Park; Jung-Ho Eom; Tai-Myoung Chung,
Multi-level Intrusion Detection System and log management in Cloud
Computing, Advanced Communication Technology (ICACT), 13th
International Conference on , pp.552-555, February 2011.
[20] Nascimento, G., Correia, M., Anomaly-based intrusion detection in
software as a service, Dependable Systems and Networks Workshops
(DSN-W), IEEE/IFIP 41st International Conference on, pp.19-24, June
2011.
[21] Tupakula, U, Varadharajan, V., Akku, N., Intrusion Detection
Techniques for Infrastructure as a Service Cloud, Dependable,
Autonomic and Secure Computing (DASC), IEEE Ninth International
Conference on , pp.744-751, December 2011.
[22] Chirag N. Modil, Dhiren R. Patell, Avi Patel, Rajarajan Muttukrishnan,
Bayesian Classifier and Snort based Network Intrusion Detection
System in Cloud Computing, Computing Communication &
Networking Technologies (ICCCNT), 2012 Third International
Conference on, pp. 1-7, July 2012.
[23] Punit Gupta, Deepika Agrawal, Behavior Based IDS for Cloud IaaS,
International Journal of Software and Web Sciences (IJSWS), pp. 31-
36, June-August 2013.
[24] David J. Day, Denys A. Flores, Harjinder Singh Lallie, CONDOR: A
Hybrid IDS to Offer Improved Intrusion Detection, IEEE 11th
International Conference on Trust, Security and Privacy in Computing
and Communications, pp. 931-936, 2012.
[25] Hari Om, Aritra Kundu, A Hybrid System for Reducing the False
Alarm Rate of Anomaly Intrusion Detection System, In Proceedings of
1st Int'l Conf. on Recent Advances in Information Technology (RAIT-
2012),IEEE, pp. 131-136, 2012.
[26] Choudhury, A.J.; Kumar, P.; Sain, M.; Hyotaek Lim; Hoon Jae-Lee, A
Strong User Authentication Framework for Cloud Computing, Services
Computing Conference (APSCC), IEEE Asia-Pacific, pp.110-115,
December 2011.
[27] Johannes Gehrke, Venkatesh Ganti, Raghu Ramakrishnany, Wei-Yin
Lohz, BOAT Optimistic Decision Tree Construction, Proceedings
of the 1999 ACM SIGMOD International conference on Management
of data, pp. 169-180, 1999.
[28] Mandeep Singh, Gaurav Mehta, Chetna Vaid, Parul Oberoi, Detection
of Malicious Node in Wireless Sensor Network Based on Data
Mining,, International Conference on Computing Sciences (ICCS),
pp.291-294, September 2012.
[29] Peter Mell, Timothy Grance, The NIST Definition of Cloud
Computing, National Institute of Standards and Technology Special
Publication, pp.800-145, September 2011.
[http://csrc.nist.gov/publications/nistpubs/800-145/SP800-45.pdf]
[30] PCI Data Security Standard (PCI DSS) by Cloud Special Interest Group
PCI Security Standards Council Version: 2.0.
[31] Top Threats Working Group, The Notorious Nine Cloud Computing
Top Threats in 2013, February 2013.
[http://www.cloudsecurityalliance.org/topthreats]
[32] Walter Bailey, Insider Threats To Cloud Computing, October 2012.
[http://cloudtweaks.com/2012/10/insider-threats-to-cloud-computing/].