MULTI-LEVEL INTRUSION DETECTION AND LOG MANAGEMENT SYSTEM IN CLOUD COMPUTING
By
Author
Presented To
Department of Computer Science
ABSTRACT
Cloud Computing is a new type of service which provides large scale computing resource to each customer. Cloud Computing systems can be easily threatened by various cyber-attacks, because most of Cloud Computing systems provide services to so many people who are not proven to be trustworthy.Therefore, a Cloud Computing system needs to contain some Intrusion Detection Systems (IDSs) for protecting each Virtual Machine (VM) against threats. In this case, there exists a trade-off between the security level of the IDS and the system performance. If the IDS provide stronger security service usingmore rules or patterns, then it needs much more computing resources in proportion to the strength of security. So the amount of resources allocating for customersdecreases. Another problem in Cloud Computing is that, huge amount of logs makes system administrators hard to analyse them. In this project, we propose a method that enables Cloud Computing system to achieve both effectiveness of using the system resource and strength of the security service without trade-off between them
Cloud Computing is a new type of service which provides large scale computing resource to each customer. Cloud Computing systems can be easily threatened by various cyber-attacks, because most of Cloud Computing systems provide services to so many people who are not proven to be trustworthy.Therefore, a Cloud Computing system needs to contain some Intrusion Detection Systems (IDSs) for protecting each Virtual Machine (VM) against threats. In this case, there exists a trade-off between the security level of the IDS and the system performance. If the IDS provide stronger security service usingmore rules or patterns, then it needs much more computing resources in proportion to the strength of security. So the amount of resources allocating for customersdecreases. Another problem in Cloud Computing is that, huge amount of logs makes system administrators hard to analyse them. In this project, we propose a method that enables Cloud Computing system to achieve both effectiveness of using the system resource and strength of the security service without trade-off between them
CHAPTER ONE
10 INTRODUCTION
As Green IT has been issued, many companies have started to find ways to decrease IT cost and overcome economic recession Cloud Computing service is a new computing paradigm in which people only need to pay for use of services without cost of purchasing physical hardware For this reason, Cloud Computing has been rapidly developed along with the trend of IT services It is efficient and cost economical for consumers to use computing resources as much as they need or use services they want from Cloud Computing provider Especially, Cloud Computing has been recently more spotlighted than other computing services because of its capacity of providing unlimited amount of resources Moreover, consumers can use the services wherever Internet access is possible, so CloudComputing is excellent in the aspect of accessibility Cloud Computing systems have a lot of resources and private information, therefore they are easily threatened by attackers Especially, System administrators potentially can become attackers Therefore, Cloud Computing providersmust protect the systems safely against both insiders and outsiders IDSs are one of the most popular devices for protecting Cloud Computing systems from various types of attack Because an IDSobserves the traffic from each VM and generates alert logs, it can manage Cloud Computing globally Another important problem is log management Cloud Computing systems are used by many people, therefore, they generate huge amount of logs So, system administrators should decide to which log should be analysed first
Cloud Computing is a fused-type computing paradigm which includes Virtualization, Grid Computing, UtilityComputing, Server Based Computing(SBC), and Network Computing, rather than an entirely new type of computing technique Cloud computing has evolved through a number of implementations Moving data into the cloud provides great convenience to users Cloud computing is a collection of all resources to enable resource sharing in terms of scalable infrastructures, middleware and application development platforms, and value-added business applications The characteristics of cloud computing includes: virtual, scalable, efficient, and flexible In cloud computing, three kinds of services are provided: Software as a Service (SaaS) systems, Infrastructure as a Service (IaaS) providers, and Platform as a Service (PaaS) In SaaS, systems offer complete online applications that can be directly executed by their users; In IaaS, providers allow their customers to have access to entire virtual machines; and in SaaS, it offers development and deployment tools, languages and APIs used to build, deploy and run applications in the cloud
A cloud is subject to several accidental and intentional security threats, including threats to the integrity, confidentiality and availability of its resources, data and infrastructure Also, when a cloud with large computingpower and storage capacity is misused by an ill-intentioned party for malicious purposes, the cloud itself is a threat against society Intentional threats are imposed by insiders and external intruders Insiders are legitimate cloud users who abuse their privileges by using the cloud for unintended purposes and we consider this intrusive behaviour to be detected An intrusion consists of an attack exploiting a security flaw and a consequent breach which is the resulting violation of the explicit or implicit security policy of the system Although an intrusion connotes a successful attack, IDSs also try to identify attacks that don't lead to compromises Attacks and intrusions‖ are commonly considered synonyms in the intrusion detection context The underlying network infrastructure of a cloud, being an important component of the computing environment, can be the object of an attack Grid and cloud applications running on compromised hosts are also a security concern We consider attacks against any network or host participating in a cloud as attacks against that, since they may directly orindirectly affect its security aspects Cloud systems are susceptible to all typical network and computer securityattacks, plus specific means of attack because of their new protocols and services
IDSs are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analysing them for signs of security problems IDSs are one of widely used security technologies An IDS alerts to system administrators, generate log about attack when it detects signature of accident according to host or network security policy IDS can be installed in a host or a network according to purpose Thus, the aim of the IDS is to alert or notify the system that some malicious activities have taken place and try to eliminate it
According to the method of the collection of intrusion data, all the intrusion detection systems can be classifiedinto two types: host-based and network-based IDSs Hostbased intrusion detection systems (HIDSs) analyse audit data collected by an operating system about the actions performed by users and applications; while network-based intrusion detection systems (NIDSs) analyse data collected from network packets
IDSs analyse one or more events gotten from the collected data According to analysis techniques, IDSsystem is classified into two different parts: misuse detection and anomaly detection Misuse detection systemsuse signature patterns of exited well-known attacks of the system to match and identify known intrusions Misusedetection techniques, in general, are not effective against thelatest attacks that have no matched rules or pattern yetAnomaly detection systems identify those activities whichdeviate significantly from the established normal behaviours as anomalies These anomalies are most likely regarded asintrusions Anomaly detection techniques can be effectiveagainst unknown or the latest attacks However, anomalydetection systems tend to generate more false alarms thanmisuse detection systems because an anomaly may be a newnormal behaviour or an ordinary activityWhile IDS detects an intrusion attempt, IDS shouldreport to the system administrator
There are three ways toreport the detection results They are notification, manualresponse, and automatic response In notification responsesystem, IDS only generates reports and alerts In manualresponse system, IDS provides additional capability for thesystem administrator to initiate a manual response Inautomatic response system, IDS immediately respond to anintrusion through auto response system
PROBLEM STATEMENT
The fully distributed and open structure of cloud computing and services becomes an even more attractive target for potential intruders It involves multi-mesh distributed and service oriented paradigms, multi-tenancies, multi-domains, and multi-user autonomous administrative infrastructures which are more vulnerable and prone to security risks Cloud computing service architecture combines three layers of inter-dependent infrastructure, platform and application; each layer may suffer from certain vulnerabilities which are introduced by different programming or configuration errors of the user or the service provider A cloud computing system can be exposed to several threats including threats to the integrity, confidentiality and availability of its resources, data and the virtualized infrastructure which can be used as a launching pad for new attacks The problem becomes even more critical when a cloud with massive computing power and storage capacity is abused by an insider intruder as an ill-intention party which makes cloud computing a threat against itself
SIGNIFICANCE OF THE STUDY
The significance of this study includes the following:
It helps in economic cost reduction in running a particular application
It provides humans with effective resource management
It will help organizations in focusing on core business in the sense that you only concentrate on what means most to you Since your applications will be run over the internet, you do not have to worry about technical problems and other inconveniences associated with physical unified storage solution spaces
It increasesperformance and support by updating the fact that all your software and applications automatically
It provides security and compliance
It provides anytime anywhere access to information
Objective of the study
To increase resource availability of Cloud Computing system
To handle the potential threats by deploying Multi-level IDS and managing user logs per group according to anomaly level
To develop an address book application that will be launch as a cloud application
14Limitation of the study
The problems encountered during the course of carrying out this research work include:
Fund: There was limited fund to take care of the research properly especially when test running the application
Research Material: Lack of access to research materials on the topic in the school library and even public libraries were also a major constraint in the cause of this project
SCOPE OF THE STUDY
Multi-level intrusion detection and log management in cloud computing is an embracing topic in the determinant of how applications are developed and installed on a server, intrusion detection systems which acts as an antivirus is also installed to fight againstcyber-attacks For the purpose of this research work, the researcher shall be limited to developing an address book application which will be installed on a server for us to be able to test the strength of multilevel intrusion and log management in cloud computing
REFERENCES
H Debar, M Dacier, and A Wespi, ―Towards a Taxonomy of Intrusion Detection Systems, Int‘l JComputer andTelecommunications Networking, vol 31, no 9, pp 805–822,1999
Jun Ho Lee, Min Woo Park, Jung Ho Ecom ― Multi-level Intrusion Detection and Log Management in Cloud Computing IEEE computer society, pp 552-555, Feb2011
Soumya Mathew and Ann Preetha Jose ― Securing Cloud from Attacks based on IntrusionDetection System, International Journal of Advanced Research in Computer and Communication Engineering Vol 1, Issue 10, December 2012
S Axelsson, Research in Intrusion-Detection Systems: A Survey,tech report TR-98-17, Dept Computer Eng,Chalmers Univ of Technology, 1999
S Kenny and B Coghlan, ―Towards a Grid-Wide Intrusion Detection System, Proc European Grid Conf (EGC 05),Springer, pp 275–284,2005
Vieira, K Schulter, A Westphall, CB Westphall, CM ―IntrusionDetection for Grid and Cloud Computing IEEE computer society,vol 12, issue 4, pp 38 – 43,2010
10 INTRODUCTION
As Green IT has been issued, many companies have started to find ways to decrease IT cost and overcome economic recession Cloud Computing service is a new computing paradigm in which people only need to pay for use of services without cost of purchasing physical hardware For this reason, Cloud Computing has been rapidly developed along with the trend of IT services It is efficient and cost economical for consumers to use computing resources as much as they need or use services they want from Cloud Computing provider Especially, Cloud Computing has been recently more spotlighted than other computing services because of its capacity of providing unlimited amount of resources Moreover, consumers can use the services wherever Internet access is possible, so CloudComputing is excellent in the aspect of accessibility Cloud Computing systems have a lot of resources and private information, therefore they are easily threatened by attackers Especially, System administrators potentially can become attackers Therefore, Cloud Computing providersmust protect the systems safely against both insiders and outsiders IDSs are one of the most popular devices for protecting Cloud Computing systems from various types of attack Because an IDSobserves the traffic from each VM and generates alert logs, it can manage Cloud Computing globally Another important problem is log management Cloud Computing systems are used by many people, therefore, they generate huge amount of logs So, system administrators should decide to which log should be analysed first
Cloud Computing is a fused-type computing paradigm which includes Virtualization, Grid Computing, UtilityComputing, Server Based Computing(SBC), and Network Computing, rather than an entirely new type of computing technique Cloud computing has evolved through a number of implementations Moving data into the cloud provides great convenience to users Cloud computing is a collection of all resources to enable resource sharing in terms of scalable infrastructures, middleware and application development platforms, and value-added business applications The characteristics of cloud computing includes: virtual, scalable, efficient, and flexible In cloud computing, three kinds of services are provided: Software as a Service (SaaS) systems, Infrastructure as a Service (IaaS) providers, and Platform as a Service (PaaS) In SaaS, systems offer complete online applications that can be directly executed by their users; In IaaS, providers allow their customers to have access to entire virtual machines; and in SaaS, it offers development and deployment tools, languages and APIs used to build, deploy and run applications in the cloud
A cloud is subject to several accidental and intentional security threats, including threats to the integrity, confidentiality and availability of its resources, data and infrastructure Also, when a cloud with large computingpower and storage capacity is misused by an ill-intentioned party for malicious purposes, the cloud itself is a threat against society Intentional threats are imposed by insiders and external intruders Insiders are legitimate cloud users who abuse their privileges by using the cloud for unintended purposes and we consider this intrusive behaviour to be detected An intrusion consists of an attack exploiting a security flaw and a consequent breach which is the resulting violation of the explicit or implicit security policy of the system Although an intrusion connotes a successful attack, IDSs also try to identify attacks that don't lead to compromises Attacks and intrusions‖ are commonly considered synonyms in the intrusion detection context The underlying network infrastructure of a cloud, being an important component of the computing environment, can be the object of an attack Grid and cloud applications running on compromised hosts are also a security concern We consider attacks against any network or host participating in a cloud as attacks against that, since they may directly orindirectly affect its security aspects Cloud systems are susceptible to all typical network and computer securityattacks, plus specific means of attack because of their new protocols and services
IDSs are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analysing them for signs of security problems IDSs are one of widely used security technologies An IDS alerts to system administrators, generate log about attack when it detects signature of accident according to host or network security policy IDS can be installed in a host or a network according to purpose Thus, the aim of the IDS is to alert or notify the system that some malicious activities have taken place and try to eliminate it
According to the method of the collection of intrusion data, all the intrusion detection systems can be classifiedinto two types: host-based and network-based IDSs Hostbased intrusion detection systems (HIDSs) analyse audit data collected by an operating system about the actions performed by users and applications; while network-based intrusion detection systems (NIDSs) analyse data collected from network packets
IDSs analyse one or more events gotten from the collected data According to analysis techniques, IDSsystem is classified into two different parts: misuse detection and anomaly detection Misuse detection systemsuse signature patterns of exited well-known attacks of the system to match and identify known intrusions Misusedetection techniques, in general, are not effective against thelatest attacks that have no matched rules or pattern yetAnomaly detection systems identify those activities whichdeviate significantly from the established normal behaviours as anomalies These anomalies are most likely regarded asintrusions Anomaly detection techniques can be effectiveagainst unknown or the latest attacks However, anomalydetection systems tend to generate more false alarms thanmisuse detection systems because an anomaly may be a newnormal behaviour or an ordinary activityWhile IDS detects an intrusion attempt, IDS shouldreport to the system administrator
There are three ways toreport the detection results They are notification, manualresponse, and automatic response In notification responsesystem, IDS only generates reports and alerts In manualresponse system, IDS provides additional capability for thesystem administrator to initiate a manual response Inautomatic response system, IDS immediately respond to anintrusion through auto response system
PROBLEM STATEMENT
The fully distributed and open structure of cloud computing and services becomes an even more attractive target for potential intruders It involves multi-mesh distributed and service oriented paradigms, multi-tenancies, multi-domains, and multi-user autonomous administrative infrastructures which are more vulnerable and prone to security risks Cloud computing service architecture combines three layers of inter-dependent infrastructure, platform and application; each layer may suffer from certain vulnerabilities which are introduced by different programming or configuration errors of the user or the service provider A cloud computing system can be exposed to several threats including threats to the integrity, confidentiality and availability of its resources, data and the virtualized infrastructure which can be used as a launching pad for new attacks The problem becomes even more critical when a cloud with massive computing power and storage capacity is abused by an insider intruder as an ill-intention party which makes cloud computing a threat against itself
SIGNIFICANCE OF THE STUDY
The significance of this study includes the following:
It helps in economic cost reduction in running a particular application
It provides humans with effective resource management
It will help organizations in focusing on core business in the sense that you only concentrate on what means most to you Since your applications will be run over the internet, you do not have to worry about technical problems and other inconveniences associated with physical unified storage solution spaces
It increasesperformance and support by updating the fact that all your software and applications automatically
It provides security and compliance
It provides anytime anywhere access to information
Objective of the study
To increase resource availability of Cloud Computing system
To handle the potential threats by deploying Multi-level IDS and managing user logs per group according to anomaly level
To develop an address book application that will be launch as a cloud application
14Limitation of the study
The problems encountered during the course of carrying out this research work include:
Fund: There was limited fund to take care of the research properly especially when test running the application
Research Material: Lack of access to research materials on the topic in the school library and even public libraries were also a major constraint in the cause of this project
SCOPE OF THE STUDY
Multi-level intrusion detection and log management in cloud computing is an embracing topic in the determinant of how applications are developed and installed on a server, intrusion detection systems which acts as an antivirus is also installed to fight againstcyber-attacks For the purpose of this research work, the researcher shall be limited to developing an address book application which will be installed on a server for us to be able to test the strength of multilevel intrusion and log management in cloud computing
REFERENCES
H Debar, M Dacier, and A Wespi, ―Towards a Taxonomy of Intrusion Detection Systems, Int‘l JComputer andTelecommunications Networking, vol 31, no 9, pp 805–822,1999
Jun Ho Lee, Min Woo Park, Jung Ho Ecom ― Multi-level Intrusion Detection and Log Management in Cloud Computing IEEE computer society, pp 552-555, Feb2011
Soumya Mathew and Ann Preetha Jose ― Securing Cloud from Attacks based on IntrusionDetection System, International Journal of Advanced Research in Computer and Communication Engineering Vol 1, Issue 10, December 2012
S Axelsson, Research in Intrusion-Detection Systems: A Survey,tech report TR-98-17, Dept Computer Eng,Chalmers Univ of Technology, 1999
S Kenny and B Coghlan, ―Towards a Grid-Wide Intrusion Detection System, Proc European Grid Conf (EGC 05),Springer, pp 275–284,2005
Vieira, K Schulter, A Westphall, CB Westphall, CM ―IntrusionDetection for Grid and Cloud Computing IEEE computer society,vol 12, issue 4, pp 38 – 43,2010
- FOR ENQUIRY
- support@e-projecttopics.com
- 09019904113
Learn and Obtain Diploma in Web development, Software development, Business, Technology and Creative Skills taught by industry experts. Explore a wide range of skills with our professional tutorials.
About E-Project Material Centre
E-Project Material Centre is a web service aimed at successfully assisting final year students with quality, well researched, reliable and ready made project work. Our materials are recent, complete (chapter 1 to Minimum of Chapter 5, with references) and well written.INSTANT ACCESS! INSTANT DOWNLOAD. Simply select your department, choose from our list of topics available and explore your data
Why Students Love to Use E-Project Material ?
Guaranteed Delivery Getting your project delivered on time is essential. You cannot afford to turn in your project past the deadline. That is why you must get your project online from a company that guarantees to meet your deadline. e-Project Topics Material Centre is happy to offer instant delivery of projects listed on our website. We can handle just about any deadline you send our way. Satisfaction Guaranteed We always do whatever is necessary to ensure every customer's satisfaction
Disclaimer
E-Project Topics Material Centre will only provide projects as a reference for your research. The projects ordered and produced should be used as a guide or framework for your own project. The contents of the projects should be able to help you in generating new ideas and thoughts for your own project. It is the aim of e-Project Topics Centre to only provide guidance by which the projects should be pursued. We are neither encouraging any form of plagiarism nor are we advocating the use of the projects produced herein for cheating.
Terms and Condition
Using our service is LEGAL and IS NOT prohibited by any university/college policies You are allowed to use the original model papers you will receive in the following ways:
- As a source for additional understanding of the subject
- As a source for ideas for you own research (if properly referenced)
- For PROPER paraphrasing ( see your university definition of plagiarism and acceptable paraphrase) Direct citing ( if referenced properly)