Abstract
Recently there is a trend to use cloud computing on service deployment, enjoying various advantages that it offers with emphasis on the economy which is achieved in the era of the financial crisis. However, along with the transformation of technology, several security issues are raised and especially the threat of malicious insiders. For instance, insiders can use their privileged position to accomplish an attack against the cloud infrastructure. In this paper we introduce a practical and efficient intrusion detection system solution for cloud based on the advantages of CUDA technology. The proposed solution audits the deployed virtual machines operation, and correlates the collected information to detect uncommon behavior based on Smith-Waterman algorithm. To do so, we collect the system calls of cloud virtual machines and compare them with pre-defined attack signatures. We implement the core of the detection module both sequentially and in parallel on CUDA technology. We evaluate our solution on experimental CUDA enabled cloud system in terms of performance using well known attack patterns. Results indicate that our approach improve highly the efficiency of detection in terms of processing time compared to a sequential implementation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Spring, J.: Monitoring cloud computing by layer, part 1. Secur. Priv. IEEE 9(2), 66–68 (2011)
Strace command. http://unixhelp.ed.ac.uk/CGI/man-cgi?strace+1. Accessed 24 May 2015
AlZain, M.A., et al.: Cloud computing security: from single to multi-clouds. In: 2012 45th Hawaii International Conference on System Science (HICSS). IEEE (2012)
Krutz, R.L., Vines, R.D.: Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Wiley, Indianapolis (2010)
Enisa: Cloud Computing – Benefits, Risks and Recommendations for Information Security (2009)
Sandhu, R., et al.: Towards a discipline of mission-aware cloud computing. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop. ACM (2010)
Kandias, M., Virvilis, N., Gritzalis, D.: The insider threat in cloud computing. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds.) CRITIS 2011. LNCS, vol. 6983, pp. 93–103. Springer, Heidelberg (2013)
CUDA technology. http://www.nvidia.com/object/cuda_home_new.html. Accessed 24 May 2015
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: ACM CCS, Chicago (2009)
Roschke, S., Cheng, F., Meinel, C.: An advanced IDS management architecture. J. Inf. Assur. Secur. 5, 246–255 (2010)
Magklaras, G., Furnell, S., Papadaki, M.: LUARM: an audit engine for insider misuse detection. Int. J. Digit. Crime Forensics 3(3), 37–49 (2011)
Tripathi, A., Mishra, A.: Cloud computing security considerations. In: 2011 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC). IEEE (2011)
Stolfo, S.J., Salem, M.B., Keromytis, A.D.: Fog computing: mitigating insider data theft attacks in the cloud. In: 2012 IEEE Symposium on Security and Privacy Workshops (SPW). IEEE (2012)
Hoang, C.: Protecting Xen hypercalls. MSC thesis, University of British Columbia, July 2009
XEN Hypervisor. http://www.xenproject.org/developers/teams/hypervisor.html. Accessed 24 May 2015
Rawat, S., Gulati, V.P., Pujari, A.K., Vemuri, V.R.: Intrusion detection using text processing techniques with a binary-weighted cosine metric. J. Inf. Assur. Secur. 1(1), 43–50 (2006)
Sundararajan, S., Narayanan, H., Pavithran, V., Vorungati, K., Achuthan, K.: Preventing insider attacks in the cloud. In: Abraham, A., Lloret Mauri, J., Buford, J.F., Suzuki, J., Thampi, S.M. (eds.) ACC 2011, Part I. CCIS, vol. 190, pp. 488–500. Springer, Heidelberg (2011)
Xiao, Z., Xiao, Y.: Security and privacy in cloud computing. IEEE Commun. Surv. Tutorials PP(99), 1–17 (2012)
Bates, A.: Dtecting cloud co-residency with network flow watermarking techniques. MSC thesis, University of Oregon, September 2012
Nmap command. http://nmap.org/. Accessed 24 May 2015
Hping command. http://www.hping.org/. Accessed 24 May 2015
Wget command. http://www.gnu.org/software/wget/. Accessed 24 May 2015
Mundada, Y., Ramachndran, A., Feamster, N.: SilverLine: data and network isolation for cloud services. In: Proceedings of the USENIX Workshop on Hot Topics in Cloud Computing (HotCloud) (2011)
Zhang, Y., Juels, A., Oprea, A., Reiter, A.: HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis. In: IEEE Symposium on Security and Privacy (2011)
Mazzariello, C., Bifulco, R., Canonico, R.: Integrating a network IDS into an open source cloud computing environment. In: Sixth International Conference on Information Assurance and Security (2010)
Schulter, A., Vieira, K., Westphal, C., Westaphal, C., Abderrrahim, S.: Intrusion detection for computational grids. In: Proceedings of the 2nd Int’l Conference New Technologies Mobility, and Security. IEEE Press (2008)
Cheng, F., Roschke, S., Meinel, C.: Implementing IDS management on lock-keeper. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 360–371. Springer, Heidelberg (2009)
Cheng, F., Roschke, S., Meinel, C.: An advanced IDS management architecture. J. Inf. Assu. Secur. 51, 246–255 (2010)
Cheng, F., Roschke, S., Meinel, C.: Intrusion detection in the cloud. In: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, China (2009)
Bharadwaja, S., Sun, W., Niamat, M., Shen, F.: Collabra: axen hypervisor based collaborative intrusion detection system. In: Proceedings of the 8th International Conference on Information Technology: New Generations (ITNG 2011), Las Vegas, Nev, USA, pp. 695–700 (2011)
Bakshi, A., Yogesh, B.: Securing cloud from ddos attacks using intrusion detection system in virtual machine. In: Second International Conference on Communication Software and Networks, ICCSN 2010. IEEE (2010)
Alarifi, S.S., Wolthusen, S.D.: Detecting anomalies in IaaS environments through virtual machine host system call analysis. In: 2012 International Conferece for Internet Technology and Secured Transactions. IEEE (2012)
KVM Hypervisor. http://www.linux-kvm.org/. Accessed 24 May 2015
Rawat, S., et al.: Intrusion detection using text processing techniques with a binary-weighted cosine metric. J. Inf. Assur. Secur. 1(1), 43–50 (2006)
Sharma, A., Pujari, A.K., Paliwal, K.K.: Intrusion detection using text processing techniques with a kernel based similarity measure. Comput. Secur. 26(7), 488–495 (2007)
Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151–180 (1998)
Kang, D.-K., Fuller, D., Honavar, V.: Learning classifiers for misuse and anomaly detection using a bag of system calls representation. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005. IEEE (2005)
Azmandian, F., et al.: Securing cloud storage systems through a virtual machine monitor. In: Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems. ACM (2012)
Eskin, E., Lee, W., Stolfo, S.J.: Modeling system calls for intrusion detection with dynamic window sizes. In: Proceedings of the DARPA Information Survivability Conference and Exposition II, DISCEX 2001, vol. 1. IEEE (2001)
Azmandian, F., et al.: Virtual machine monitor-based lightweight intrusion detection. ACM SIGOPS Operating Syst. Rev. 45(2), 38–53 (2011)
Nslookup command. http://www.computerhope.com/unix/unslooku.htm. Accessed 24 May 2015
Backtrack Linux. http://www.backtrack-linux.org/. Accessed 24 May 2015
Kali Linux. http://www.kali.org/. Accessed 24 May 2015
Backbox Linux. http://www.backbox.org/. Accessed 24 May 2015
Our CUDA parallel implementation. https://code.google.com/p/smith-waterman-cuda-syscall/. Accessed 24 May 2015
GNU Operating System. http://www.gnu.org/software/wget/. Accessed 24 May 2015
Hping command. http://www.hping.org/. Accessed 24 May 2015
Maybury, M., et al.: Analysis and Detection of Malicious Insiders. MITRE Corp., Bedford (2005)
Smurf attack. http://www.ciscopress.com/articles/article.asp?p=1312796. Accessed 24 May 2015
Ping6 attack. http://www.tldp.org/HOWTO/Linux%2BIPv6-HOWTO/x811.html. Accessed 24 May 2015
Agarwal, A., Agarwal, A.: The security risks associated with cloud computing. Int. J. Comput. Appl. Eng. Sci. 1 (2011)
Smith, T., Waterman, M.: Identification of common molecular subsequences. J. Mol. Biol. 147, 195–197 (1981)
Krutz, R.L., Vines, R.D.: Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Wiley, Indianapolis (2010)
Jose, G., Arul, J., Sanjeev, C., Suyambulingom, C.: Implementation of data security in cloud computing. Int. J. P2P Netw. Trends Technol. 1(1) (2011)
Labib, K., Vemuri, V.R.: An application of principal component analysis to the detection and visualization of computer network attacks. Annales des Télécommunications 61(1–2), 218–234 (2006)
Coull, S., Branch, J., Szymanski, B., Breimer, E.: Intrusion detection: a bioinformatics approach. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 24–33. IEEE, December 2003
Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., Ioannidis, S.: Gnort: high performance network intrusion detection using graphics processors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 116–134. Springer, Heidelberg (2008)
Snort IDS. https://www.snort.org/. Accessed 24 May 2015
Cudasw parallel SW CUDA implementation. http://cudasw.sourceforge.net/homepage.htm#latest. Accessed 24 May 2015
Pitropakis, N., Pikrakis, A., Lambrinoudakis, C.: Behaviour reflects personality: detecting co-residence attacks on Xen-based cloud environments. Int. J. Inf. Secur. 1–7 (2014)
Pitropakis, N., et al.: If you want to know about a hunter, study his prey: detection of network based attacks on KVM based cloud environments. J. Cloud Comput. Adv. Syst. Appl. 3(1), 20 (2014)
Maier, D.: The complexity of some problems on subsequences and supersequences. J. ACM (JACM) 25(2), 322–336 (1978)
Acknowledgements
This work has been partially supported by the Research Center of the University of Piraeus.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Pitropakis, N., Lambrinoudakis, C., Geneiatakis, D. (2015). Till All Are One: Towards a Unified Cloud IDS. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-22906-5_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22905-8
Online ISBN: 978-3-319-22906-5
eBook Packages: Computer ScienceComputer Science (R0)