MULTI-LEVEL INTRUSION DETECTION AND LOG MANAGEMENT SYSTEM IN CLOUD COMPUTING

MULTI-LEVEL INTRUSION DETECTION AND LOG MANAGEMENT SYSTEM IN CLOUD COMPUTING

ABSTRACT

Cloud computing is a new form of service that offers each consumer with large-scale computing resources. Because most Cloud Computing systems give services to a large number of persons who have not been demonstrated to be trustworthy, they are vulnerable to numerous cyber-attacks.As a result, a Cloud Computing system must include certain Intrusion Detection Systems (IDSs) to safeguard each Virtual Machine (VM) from threats. In this instance, there is a trade-off between the IDS’s security level and system performance. If the IDS provides a greater security service by employing more rules or patterns, it will require much more computing resources in proportion to the level of security. As a result, the number of resources allocated to customers drops. Another issue with Cloud Computing is that the large volume of logs makes it difficult for system administrators to analyze them. In this research, we offer a solution for Cloud Computing systems to achieve both the efficacy of employing system resources and the robustness of security services without sacrificing either.

CHAPITRE ONE

1.0 INVESTIGATION

Since the introduction of Green IT, many businesses have begun to look for ways to reduce IT costs while overcoming the economic downturn. Cloud computing is a new computing paradigm in which customers simply pay for the use of services rather than acquiring actual hardware. As a result, Cloud Computing has grown swiftly alongside the trend of IT services. It is practical and cost effective for users to use computing resources as needed or to use services from Cloud Computing providers as desired. Because of its ability to provide an infinite quantity of resources, Cloud computer has recently received more attention than traditional computer services. Furthermore, clients can utilize the services wherever Internet connectivity is available, making Cloud Computing a good choice in terms of accessibility. Because cloud computing systems include a large amount of resources and private information, they are easily targeted by attackers. System administrators, in particular, have the potential to become attackers. As a result, Cloud Computing companies must safeguard their systems against both insiders and outsiders. IDSs are one of the most often used devices for defending Cloud Computing systems against many forms of attacks. An IDS can handle Cloud Computing on a worldwide scale since it monitors traffic from each VM and generates alert logs. Another significant issue is log management. Because cloud computing systems are utilized by so many individuals, they generate a massive number of logs. As a result, system administrators must determine which log should be examined first.

Cloud Computing is a hybrid computing paradigm that combines Virtualization, Grid computer, Utility Computing, Server Based Computing (SBC), and Network Computing, rather than a whole new computer approach. Cloud computing has gone through several iterations. Users benefit greatly from moving data to the cloud. Cloud computing is a collection of all resources that allow for resource sharing in the form of scalable infrastructures, middleware and application development platforms, and value-added commercial applications. Cloud computing has the following characteristics: virtual, scalable, efficient, and flexible. There are three types of cloud computing services: Software as a Service (SaaS) systems, Infrastructure as a Service (IaaS) providers, and Platform as a Service (PaaS). In SaaS, systems provide complete online applications that users can directly execute; in IaaS, providers provide access to entire virtual machines; and in SaaS, it provides development and deployment tools, languages, and APIs used to build, deploy, and run applications in the cloud.

A cloud is vulnerable to a variety of security threats, both unintentional and intentional, including threats to the integrity, confidentiality, and availability of its resources, data, and infrastructure. Furthermore, when a cloud with substantial processing power and storage capacity is used for nefarious purposes by an ill-intentioned entity, the cloud itself becomes a threat to society. Insiders and external intruders both pose intentional threats. Insiders are legitimate cloud users who abuse their credentials by exploiting the cloud for unanticipated purposes, which we regard to be intrusive. An incursion is defined as an attack that exploits a security defect and a subsequent breach, which is a violation of the system’s explicit or implicit security policy. Although an intrusion indicates a successful attack, intrusion detection systems also attempt to discover attempts that do not result in breaches. In the domain of intrusion detection, attacks and intrusions are frequently used interchangeably. As an integral component of the computing environment, the underlying network infrastructure of a cloud can be attacked. Grid and cloud apps that run on vulnerable hosts are likewise a security risk. assaults on any network or host participating in a cloud are considered assaults on that cloud since they may directly or indirectly damage its security characteristics. Because of its innovative protocols and services, cloud systems are vulnerable to all common network and computer security assaults, as well as specific techniques of attack.

IDSs are software or hardware systems that automate the process of monitoring and analyzing events in a computer system or network for signals of security issues. IDSs are a popular type of security technology. When an IDS identifies a signature of an accident in accordance with host or network security rules, it notifies system administrators and generates an attack log. IDS can be placed in either a host or a network, depending on the objective. Thus, the goal of the IDS is to alert or tell the system that harmful activities have occurred and to attempt to eradicate them.

All intrusion detection systems can be divided into two types based on how they collect intrusion data: host-based IDSs and network-based IDSs. Host-based intrusion detection systems (HIDSs) examine audit data gathered by an operating system concerning user and application behaviors, whereas network-based intrusion detection systems (NIDSs) examine data gathered from network packets.

IDSs examine one or more events derived from acquired data. The IDSsystem is divided into two portions based on analysis techniques: misuse detection and anomaly detection. Misuse detection systems match and identify known intrusions by using signature patterns of previously executed well-known attacks on the system. Misused detection systems, in general, are ineffective against the most recent attacks with no matched rules or patterns.Anomaly detection systems identify anomalies as activities that differ significantly from established normal behaviors. These anomalies are almost certainly considered intrusions. Techniques for detecting anomalies can be helpful against unknown or recent threats. Anomaly detection systems, on the other hand, produce more false alarms than misuse detection systems since an anomaly can be a newnormal behavior or a usual activity.When an intrusion attempt is detected, the IDS should notify the system administrator.

There are three options for reporting detection results. There are three of them: notification, manual response, and automatic reaction. IDS merely generates reports and alarms in a notification response system. IDS provides the system administrator with the option to initiate a manual response in a manual response system. In an automated response system, IDS responds to an intrusion quickly via the auto response system.

STATEMENT OF THE PROBLEM

Cloud computing and services’ fully distributed and open architecture makes an even more appealing target for potential hackers. It includes multi-mesh distributed and service-oriented paradigms, multi-tenancies, multi-domains, and multi-user autonomous administrative infrastructures, all of which are more vulnerable and vulnerable to security issues. Cloud computing service design comprises three layers of interdependent infrastructure, platform, and application; each tier may be vulnerable due to programming or configuration errors made by the user or service provider. A cloud computing system can be vulnerable to a variety of vulnerabilities, including threats to the integrity, confidentiality, and availability of its resources, data, and virtualized architecture, which can be utilized to launch new assaults. When a cloud with tremendous computational power and storage capacity is abused by an insider intruder as an ill-intentioned party, cloud computing becomes a threat against itself.

IMPORTANCE OF THE STUDY

The following are some of the study’s implications:

It aids in the lowering of economic costs associated with the operation of a specific application.

It allows humans to manage their resources more effectively.

It will assist firms in focusing on core business in the sense that you will only focus on what is most important to you. You won’t have to worry about technical issues or other hassles associated with physical unified storage solution locations because your apps will be run over the internet.

It improves performance and support by automatically upgrading all of your software and applications.

It ensures security and conformity.

It enables access to information at any time and from any location.

The investigation’s goal

To improve the Cloud Computing system’s resource availability.

To deal with potential threats, deploy Multi-level IDS and manage user logs by group based on anomalous level.

To create an address book app that will be released as a cloud application.

1.4Study Restrictions

The following issues were observed while doing this research:

Fund: There were insufficient funds to effectively do the research, especially while testing the application.

Sources of Information: A major restraint in the cause of this project was a lack of access to study materials on the issue in the school library and even public libraries.

OBJECTIVES OF THE STUDY

Multi-level intrusion detection and log management in cloud computing is an all-encompassing topic in determining how apps are built and installed on a server, intrusion detection systems that operate as antivirus are also installed to combat cyber-attacks. The researcher will be limited to designing an address book application that will be placed on a server so that we can assess the strength of multilevel intrusion and log management in cloud computing.

REFERENCES

Towards a Taxonomy of Intrusion Detection Systems, H. Debar, M. Dacier, and A. Wespi, International Journal of Computer and Telecommunications Networking, vol. 31, no. 9, pp. 805-822,1999.

Jun Ho Lee, Min Woo Park, and Jung Ho Ecom Multi-level Intrusion Detection and Log Management in Cloud Computing IEEE Computer Society, Feb.2011, pages 552-555.

Securing Cloud against Attacks Using an Intrusion Detection System, Soumya Mathew and Ann Preetha Jose, International Journal of Advanced Research in Computer and Communication Engineering Vol. 1, Issue 10, December 2012.

S. Axelsson, Research in Intrusion-Detection Systems: A Survey, TR-98-17, Department of Computer Engineering, Chalmers University of Technology, 1999.

Towards a Grid-Wide Intrusion Detection System, S. Kenny and B. Coghlan, Proc. European Grid Conf. (EGC 05),Springer, pp. 275-284, 2005.

Vieira, K. Schulter, A. Westphall, C.B. Westphall, and C.M. Westphall, IntrusionDetection for Grid and Cloud Computing, IEEE Computer Society, vol. 12, issue 4, pp. 38-43, 2010.