Skip to main content
Springer Nature Link
Log in

Performance Analysis of Intrusion Detection Systems in Cloud-Based Systems

  • Conference paper
  • First Online:
Ubiquitous Networking (UNet 2017)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10542))

Included in the following conference series:

  • 1570 Accesses

Abstract

Cloud computing services are widely used nowadays and need to be more secured for an effective exploitation by the users. One of the most challenging issues in these environments is the security of the hosted data. Many cloud computing providers offer web applications for their clients, this is why the most handling attacks in cloud computing are Distributed Denial of Service (DDoS). In this paper, we provide a comparative performance analysis of intrusion detection systems (IDSs) in a real world lab. The aim is to provide an up to date study for researchers and practitioners to understand the issues related to intrusion detection and to deal with DDoS attacks. This analysis includes intrusion detection rates, time running, etc. In the experiments, we configured a cloud platform using OpenStack and an IDS monitoring the whole network traffic of the web server configured. The results show that Suricata drops fewer packets than Bro and Snort successively when a DDoS attack is happening and detect more malicious packets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Yu, S., Tian, Y., Guo, S., Wu, D.O.: Can we beat DDoS attacks in clouds? IEEE Trans. Parallel Distrib. Syst. 25, 2245–2254 (2014)

    Article  Google Scholar 

  2. Mell, P.M., Grance, T.: The NIST definition of cloud computing, Gaithersburg, MD (2011)

    Google Scholar 

  3. Ricci, R., Eide, E.: The CloudLab Team: Introducing CloudLab: Scientific Infrastructure for Advancing Cloud Architectures and Applications. login, vol. 39. USENIX (2014)

    Google Scholar 

  4. Albin, E.: A comparative analysis of the Snort and Suricata intrusion-detection systems (2011)

    Google Scholar 

  5. Irwin, B., van Riel, J.-P.: Using InetVis to evaluate Snort and Bro scan detection on a network telescope. In: Goodall, J.R., Conti, G., Ma, K.L. (eds.) Mathematics and Visualization, pp. 255–273. Springer, Heidelberg (2008)

    Google Scholar 

  6. Albin, E., Rowe, N.C.: A realistic experimental comparison of the Suricata and Snort intrusion-detection systems. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops, pp. 122–127. IEEE (2012)

    Google Scholar 

  7. Alqahtani, S.M., John, R.: A comparative study of different fuzzy classifiers for cloud intrusion detection systems alerts. In: 2016 IEEE Symposium Series on Computational Intelligence (SSCI), p. 19. IEEE (2016)

    Google Scholar 

  8. Biermann, E., Cloete, E., Venter, L.: A comparison of intrusion detection systems. Comput. Secur. 20, 676–683 (2001)

    Article  Google Scholar 

  9. Moya, M.A.C.: Analysis and evaluation of the Snort and Bro network intrusion detection (2008)

    Google Scholar 

  10. Park, W., Ahn, S.: Performance comparison and detection analysis in Snort and Suricata environment. Wirel. Pers. Commun. 112, 241–252 (2016)

    Google Scholar 

  11. Salah, K., Kahtani, A.: Performance evaluation comparison of Snort NIDS under Linux and Windows server. J. Netw. Comput. Appl. 33, 6–15 (2010)

    Article  Google Scholar 

  12. White, J.S., Fitzsimmons, T., Matthews, J.N.: Quantitative analysis of intrusion detection systems: Snort and Suricata. In: Ternovskiy, I.V., Chin, P. (eds.) Proceedings of SPIE, p. 875704 (2013)

    Google Scholar 

  13. National Center for Biotechnology Information. http://www.ncbi.nlm.nih.gov

  14. Snort Project. https://www.snort.org/

  15. Suricata. https://suricata-ids.org/

  16. The Bro Network Security Monitor. https://www.bro.org/

  17. OpenStack. https://www.openstack.org/

  18. Vogel, A., Griebler, D., Maron, C.A.F., Schepke, C., Fernandes, L.G.: Private IaaS clouds: a comparative analysis of OpenNebula, CloudStack and OpenStack. In: 2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP), pp. 672–679. IEEE (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ISeRT, ENSIAS College, Mohammed V University in Rabat, Rabat, Morocco

    Rachid Cherkaoui & Mostapha Zbakh

  2. INDI - Industrial Engineering Sciences Department, Vrije Universiteit Brussel - VUB, Brussels, Belgium

    Rachid Cherkaoui, An Braeken & Abdellah Touhafi

Authors
  1. Rachid Cherkaoui
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mostapha Zbakh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. An Braeken
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Abdellah Touhafi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rachid Cherkaoui .

Editor information

Editors and Affiliations

  1. ENSEM, Hassan II University of Casablanca, Casablanca, Morocco

    Essaid Sabir

  2. Universidad Carlos III de Madrid, Madrid, Spain

    Ana García Armada

  3. International University of Rabat, Morocco, and University of Leeds, UK, Leeds, United Kingdom

    Mounir Ghogho

  4. CentraleSupélec LANEAS, Gif-sur-Yvette, France

    Mérouane Debbah

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cherkaoui, R., Zbakh, M., Braeken, A., Touhafi, A. (2017). Performance Analysis of Intrusion Detection Systems in Cloud-Based Systems. In: Sabir, E., García Armada, A., Ghogho, M., Debbah, M. (eds) Ubiquitous Networking. UNet 2017. Lecture Notes in Computer Science(), vol 10542. Springer, Cham. https://doi.org/10.1007/978-3-319-68179-5_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68179-5_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68178-8

  • Online ISBN: 978-3-319-68179-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics