Skip to main content
Springer Nature Link
Log in

Novel Intrusion Detection System for Cloud Computing: A Case Study

  • Conference paper
  • First Online:
Cloud Computing and Big Data (CloudCom-Asia 2015)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9106))

Abstract

Because of the growth in cloud computing and manturity of virtualization technology, many enterprises are virtualizing their servers to increase server utilization and lower costs. However, the complex network topology arising from virtualization makes clouds vulnerable, and security breaches have occurred on cloud computing platforms in recent years. Therefore, a comprehensive mechanism for detecting and preventing malicious traffic is necessary. We propose a network intrusion detection system that is based on a virtualization platform. This system, developed from a multipattern based network traffic classifier, collects packets from the virtual network environment and analyzes their content by using deep packet inspection for identifying malicious network traffic and intrusion attempts. We improve the intrusion detection features of the network traffic classifier and deploy it on a Xen virtualization platform. Our system can be combined with the Linux Netfilter framework to monitor inter-virtual-machine communications in the virtualization platform. It efficiently inspects packets and instantly protects the cloud computing environment from malicious traffic.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Netfilter. http://www.netfilter.org

  2. Libpcap. http://www.tcpdump.org

  3. Snort. http://www.snort.org

  4. The Bro Network Security Monitor. http://www.bro.org

  5. Wehrle, K., Pählke, F., Ritter, H., Müller, D., Bechler, M.: The Linux Networking Architecture: Design and Implementation of Network Protocols in the Linux Kernel (2004)

    Google Scholar 

  6. Qi, Y., Xu, L., Yang, B., Xue, Y., Li, J.: Packet classification algorithms: from theory to practice. In: INFOCOM 2009, pp. 648–656. IEEE (2009)

    Google Scholar 

  7. Finsterbusch, M., Richter, C., Rocha, E., Muller, J.: A survey of payload-based traffic classification approaches. In: IEEE Communications Surverys & Tutorials (2012)

    Google Scholar 

  8. Sicker, D.C., Ohm, P., Grunwald, D.: Legal issues surrounding monitoring during network research. In: Proceedings of the 7th ACM SIGCOMM on Internet Measurement (2007)

    Google Scholar 

  9. Rotsos, C., Van Gael, J., Moore, A.W., Ghahramani, Z.: Probabilistic graphical models for semi-supervised traffic classification. In: Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, pp. 752–757 (2010)

    Google Scholar 

  10. Piskac, P., Novotny, J.: Using of time characteristics in data flow for traffic classification. In: Proceedings of the Autonomous Infrastructure, Management, and Security: Managing the Dynamics of Networks and Services, pp. 173–176 (2011)

    Google Scholar 

  11. Lin, P.C., Li, Z.X., Lin, Y.D., Lai, Y.C., Lin, F.: Profiling and accelerating string matching algorithms in three network content security applications. IEEE Commun. Surv. Tutorials 8(2), 24–37 (2006)

    Article  Google Scholar 

  12. Liu, C., Wu, J.: Fast deep packet inspection with a dual finite automata. IEEE Trans. Comput. 62(2), 310–321 (2013)

    Article  MathSciNet  Google Scholar 

  13. Wang, X., Jiang, J., Tang, Y., Liu, B., Wang, X.: StriD2FA: scalable regular expression matching for deep packet inspection. In: 2011 IEEE ICC Conference, pp. 1–5 (2011)

    Google Scholar 

  14. Risso, F., Baldi, M., Morandi, O., Baldini, A., Monclus, P.: Lightweight, payload-based traffic classification: an experimental evaluation. In: IEEE ICC Conference (2008)

    Google Scholar 

  15. Liao, M.Y., Luo, M.Y., Yang, C.S., Chen, C.H., Wu, P.C., Chen, Y.C.: Design and evaluation of deep packet inspection system: a case study. IET Netw. 1, 2–9 (2012)

    Article  Google Scholar 

  16. KVM. http://www.linux-kvm.org/page/Main_Page

  17. Xen. http://www.xenproject.org/

  18. Khoudali, S., Benzidane, K., Sekkaki, A.: Inter-VM packet inspection in cloud computing. In: Communications, Computers and Applications (MIC-CCA) (2012)

    Google Scholar 

  19. Lee, J.H., Park, M.W., Eon, J.H., Chung, T.M.: Multilevel intrusion detection system and log management in cloud computing. In: ICACT (2011)

    Google Scholar 

  20. Wu, H., Yi, D., Winer, C., Li, Y.: Network security for virtual machine in cloud computing. In: ICCIT 2010 (2010)

    Google Scholar 

  21. Jin, H., Xi, G.F., Zou, D.Q., Wu, S., Zhao, F., Li, M., Zheng, W.: A VMM-based intrusion prevention system in cloud computing environment. J. Supercomputing 66, 1133–1151 (2013)

    Article  Google Scholar 

Download references

Acknowledgement

This research was supported by a grant from the Ministry of Science and Technology, Taiwan, Republic of China, under Grants MOST-103-2221-E-006-145-MY3 and MOST-103-2811-E-006-049, for which we are grateful.

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, Institute of Computer and Communication Engineering, National Cheng Kung University, Tainan, Taiwan, ROC

    Ming-Yi Liao, Zhi-Kai Mo & Chu-Sing Yang

  2. Department of Computer Science and Information Engineering, National Kaohsiung University of Applied Sciences, Kaohsiung, Taiwan, ROC

    Mon-Yen Luo

  3. Department of Electrical Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan, ROC

    Jiann-Liang Chen

Authors
  1. Ming-Yi Liao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhi-Kai Mo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mon-Yen Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chu-Sing Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jiann-Liang Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ming-Yi Liao .

Editor information

Editors and Affiliations

  1. School of Computer Science and Tech., Huazhong Univ. of Science and Technology, Wuhan, China

    Weizhong Qiang

  2. College of Mathematics and Computer Sci., Fuzhou University, Fuzhou, China

    Xianghan Zheng

  3. Dept. of Computer Scie and Informat. Eng, Chung Hua University, Hsinchu, Taiwan

    Ching-Hsien Hsu

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Liao, MY., Mo, ZK., Luo, MY., Yang, CS., Chen, JL. (2015). Novel Intrusion Detection System for Cloud Computing: A Case Study. In: Qiang, W., Zheng, X., Hsu, CH. (eds) Cloud Computing and Big Data. CloudCom-Asia 2015. Lecture Notes in Computer Science(), vol 9106. Springer, Cham. https://doi.org/10.1007/978-3-319-28430-9_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-28430-9_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-28429-3

  • Online ISBN: 978-3-319-28430-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics