Skip to main content
SpringerLink
Log in

A Study of Threat Detection Systems and Techniques in the Cloud

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10694))

Included in the following conference series:

  • 1080 Accesses

Abstract

This paper presents a study of existing threat detection techniques in cloud computing, together with an experimental evaluation of a subset of them. We consider the threats defined in the Cloud Security Alliance (CSA) report as well as the techniques for their detection, starting from classical signature-based approaches and finishing with recent machine learning based techniques. This paper also contains an analysis of original results presented in international conferences, published as journal papers, Internet resources, and standards. The main contributions of the study include: 1. providing a closer relationship between top threats in cloud computing and known detection techniques; 2. evaluating existing detection techniques concerning cloud computing principles and security challenges nowadays; and 3. reviewing commonly utilized datasets and their association with threats in the last five years. As existing detection techniques tend to target specific threats (or their groups), we also present the experimental evaluation of the applicability of known detection approaches against non-targeted threat groups.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Network protocol developed by Cisco for the collection and monitoring of network traffic flow data generated by NetFlow-enabled routers and switches.

References

  1. Akamai: Akamai’s state of the internet/Security Q3 2015 report. Technical report (2015)

    Google Scholar 

  2. Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007 (2007)

    Google Scholar 

  3. Baig, Z.A., Binbeshr, F.: Controlled virtual resource access to mitigate economic denial of sustainability (EDoS) attacks against cloud infrastructures. In: 2013 International Conference on Cloud Computing and Big Data (CloudCom-Asia), pp. 346–353 (2013)

    Google Scholar 

  4. Bates, A., Mood, B., Pletcher, J., Pruse, H., Valafar, M., Butler, K.: Detecting co-residency with active traffic analysis techniques. In: CCSW 2012, pp. 1–12. ACM Press, New York (2012)

    Google Scholar 

  5. Cao, J., Yu, B., Dong, F., Zhu, X., Xu, S.: Entropy-based denial of service attack detection in cloud data center. In: 2014 Second International Conference on Advanced Cloud and Big Data, pp. 201–207, November 2014

    Google Scholar 

  6. Caswell, B., Foster, J.C., Russell, R., Beale, J., Posluns, J.: Snort 2.0 Intrusion Detection. Syngress Publishing, Rockland (2003)

    Google Scholar 

  7. Chou, H.H., Wang, S.D.: An adaptive network intrusion detection approach for the cloud environment. In: 2015 International Carnahan Conference on Security Technology (ICCST), pp. 1–6. IEEE (2015)

    Google Scholar 

  8. Cloud Security Alliance (CSA): The Notorious Nine: Cloud Computing Top Threats in 2013 (2013)

    Google Scholar 

  9. Derfouf, M., Eleuldj, M., Enniari, S., Diouri, O.: Smart intrusion detection model for the cloud computing. In: Rocha, Á., Serrhini, M., Felgueiras, C. (eds.) Europe and MENA Cooperation Advances in Information and Communication Technologies. AISC, vol. 520, pp. 411–421. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-46568-5_42

    Chapter  Google Scholar 

  10. ENISA: ENISA Threat Landscape 2015. Technical report, January 2016

    Google Scholar 

  11. Erway, C.C., Küpçü, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(4), 15 (2015)

    Article  Google Scholar 

  12. Fernandes, D.A.B., Soares, L.F.B., Gomes, J.V., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13, 113–170 (2014)

    Article  Google Scholar 

  13. García, S., Grill, M., Stiborek, J., Zunino, A.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014)

    Article  Google Scholar 

  14. Garkoti, G., Peddoju, S.K., Balasubramanian, R.: Detection of insider attacks in cloud based e-healthcare environment. In: 2014 International Conference on Information Technology (ICIT), pp. 195–200. IEEE (2014)

    Google Scholar 

  15. Gupta, S., Kumar, P., Sardana, A., Abraham, A.: A fingerprinting system calls approach for intrusion detection in a cloud environment. In: 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN), pp. 309–314. IEEE (2012)

    Google Scholar 

  16. Hamdi, O., Mbaye, M., Krief, F.: A cloud-based architecture for network attack signature learning. In: 2015 7th International Conference on New Technologies, Mobility and Security (NTMS). IEEE (2015)

    Google Scholar 

  17. Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4(1), 5 (2013)

    Article  Google Scholar 

  18. Huang, S.Y., Suri, N., Huang, Y.: Event pattern discovery on IDS traces of cloud services. In: 2014 IEEE International Conference on Big Data and Cloud Computing (BdCloud), pp. 25–32. IEEE (2014)

    Google Scholar 

  19. Huang, T., Zhu, Y., Wu, Y., Bressan, S., Dobbie, G.: Anomaly detection and identification scheme for VM live migration in cloud infrastructure. Future Gener. Comput. Syst. 56, 736–745 (2016)

    Article  Google Scholar 

  20. Idrissi, H., Hajji, S.E., Ennahbaoui, M., Souidi, E.M., Souidi, E.M.: Mobile agents with cryptographic traces for intrusion detection in the cloud computing. Procedia Comput. Sci. 73, 179–186 (2015)

    Article  MATH  Google Scholar 

  21. Jeyanthi, N., Iyengar, N.C.S.N., Kumar, P.C.M., Kannammal, A.: An enhanced entropy approach to detect and prevent DDoS in cloud environment. IJCNIS 5(2), 110 (2013)

    Google Scholar 

  22. Jouad, M., Diouani, S., Houmani, H., Zaki, A.: Security challenges in intrusion detection. In: 2015 International Conference on Cloud Technologies and Applications (CloudTech), pp. 1–11. IEEE (2015)

    Google Scholar 

  23. Katz, G., Elovici, Y., Shapira, B.: CoBAn: a context based model for data leakage prevention. Inf. Sci.: Int. J. 262, 137–158 (2014)

    Article  MathSciNet  Google Scholar 

  24. Kene, S.G., Theng, D.P.: A review on intrusion detection techniques for cloud computing and security challenges. In: 2015 2nd International Conference on Electronics and Communication Systems (ICECS), pp. 227–232. IEEE (2015)

    Google Scholar 

  25. Kholidy, H.A., Baiardi, F.: CIDS: a framework for intrusion detection in cloud systems. In: 2012 Ninth International Conference on Information Technology: New Generations (ITNG). IEEE (2012)

    Google Scholar 

  26. Khorshed, M.T., Ali, A.B.M.S., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28(6), 833–851 (2012)

    Article  Google Scholar 

  27. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. CoRR (2014)

    Google Scholar 

  28. Kumar, N., Katta, V., Mishra, H., Garg, H.: Detection of data leakage in cloud computing environment. In: 2014 International Conference on Computational Intelligence and Communication Networks (CICN), pp. 803–807. IEEE (2014)

    Google Scholar 

  29. Li, Y.H., Tzeng, Y.R., Yu, F.: VISO: characterizing malicious behaviors of virtual machines with unsupervised clustering. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom). IEEE (2015)

    Google Scholar 

  30. Marnerides, A.K., Spachos, P., Chatzimisios, P., Mauthe, A.U.: Malware detection in the cloud under ensemble empirical mode decomposition. In: 2015 International Conference on Computing, Networking and Communications (ICNC), pp. 82–88. IEEE (2015)

    Google Scholar 

  31. Marnerides, A.K., Shirazi, N., Hutchison, D., Simpson, S., Watson, M., Mauthe, A.: Assessing the impact of intra-cloud live migration on anomaly detection. In: 2014 IEEE 3rd International Conference on Cloud Networking (CloudNet) (2014)

    Google Scholar 

  32. Mell, P.M., Grance, T.: SP 800–145. The NIST Definition of Cloud Computing. Technical report, Gaithersburg, MD, USA (2011)

    Google Scholar 

  33. Modi, C.N., Patel, D.: A novel hybrid-network intrusion detection system (H-NIDS) in cloud computing. In: 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 23–30 (2013)

    Google Scholar 

  34. Modi, C., Patel, D.R., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. JNCA 36(1), 42–57 (2013)

    Article  Google Scholar 

  35. Osanaiye, O., Choo, K.K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud DDoS mitigation framework. J. Netw. Comput. Appl. 67, 147–165 (2016)

    Article  Google Scholar 

  36. Pandeeswari, N., Kumar, G.: Anomaly detection system in cloud environment using fuzzy clustering based ANN. Mob. Netw. Appl. 21, 1–12 (2015)

    Google Scholar 

  37. Patel, A., Taghavi, M., Bakhtiyari, K., Celestino Júnior, J.: An intrusion detection and prevention system in cloud computing: a systematic review. J. Netw. Comput. Appl. 36(1), 25–41 (2013)

    Article  Google Scholar 

  38. Rosado, D.G., Gómez, R., Mellado, D., Fernández-Medina, E.: Security analysis in the migration to cloud environments. Future Internet 4(4), 469–487 (2012)

    Article  Google Scholar 

  39. Sculley, D.: Web-scale k-means clustering. In: Proceedings of the 19th International Conference on World Wide Web. In: WWW 2010, pp. 1177–1178. ACM (2010)

    Google Scholar 

  40. Shamsolmoali, P., Alam, M.A., Biswas, R.: C2DF: high Rate DDOS filtering method in cloud computing. Int. J. Comput. Netw. Inf. Secur. 6(9), 43–50 (2014)

    Google Scholar 

  41. Sharma, P., Sharma, R., Pilli, E.S., Mishra, A.K.: A detection algorithm for DoS attack in the cloud environment. In: Compute 2015, pp. 107–110 (2015)

    Google Scholar 

  42. Shirazi, S.N., Simpson, S., Gouglidis, A., Mauthe, A., Hutchison, D.: Anomaly detection in the cloud using data density. In: 2016 IEEE 9th International Conference on Cloud Computing (CLOUD), pp. 616–623, June 2016

    Google Scholar 

  43. Vaquero, L.M., Rodero-Merino, L., Morán, D.: Locking the sky: a survey on IaaS cloud security. Computing 91(1), 93–118 (2011)

    Article  MATH  Google Scholar 

  44. Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. CSUR 47(4), 33 (2015). Article no. 55

    Article  Google Scholar 

  45. Watson, M.R., Shirazi, N., Marnerides, A.K., Mauthe, A., Hutchison, D.: Malware detection in cloud computing infrastructures. TDSC 13(2), 192–205 (2016)

    Google Scholar 

  46. Xiong, W., Hu, H., Xiong, N., Yang, L.T., Peng, W.C., Wang, X., Qu, Y.: Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications. Inf. Sci. 258, 403–415 (2014)

    Article  Google Scholar 

  47. Yaseen, Q., Althebyan, Q., Panda, B., Jararweh, Y.: Mitigating insider threat in cloud relational databases. Secur. Commun. Netw. 9, 1132–1145 (2016)

    Article  Google Scholar 

  48. Yu, S., Gui, X., Lin, J.: An approach with two-stage mode to detect cache-based side channel attacks. In: 2013 International Conference on Information Networking (ICOIN), pp. 186–191. IEEE (2013)

    Google Scholar 

  49. Yu, W., Moulema, P., Xu, G., Chen, Z.: A cloud computing based architecture for cyber security situation awareness. In: 2013 IEEE Conference on Communications and Network Security (CNS), pp. 488–492. IEEE (2013)

    Google Scholar 

  50. Zbakh, M., Elmahdi, K., Cherkaoui, R., Enniari, S.: A multi-criteria analysis of intrusion detection architectures in cloud environments. In: 2015 International Conference on Cloud Technologies and Applications (CloudTech), pp. 1–9. IEEE (2015)

    Google Scholar 

Download references

Acknowledgment

The project leading to this paper has received funding from the European Union Horizon 2020 research and innovation program under grant agreement No. 644429 - MUSA project.

Author information

Authors and Affiliations

  1. SAMOVAR, Télécom SudParis, CNRS, Université Paris-Saclay, Évry, France

    Pamela Carvallo, Ana R. Cavalli & Natalia Kushik

  2. Montimage, Paris, France

    Pamela Carvallo & Ana R. Cavalli

Authors
  1. Pamela Carvallo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ana R. Cavalli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Natalia Kushik
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pamela Carvallo .

Editor information

Editors and Affiliations

  1. IMT Atlantique, Cesson Sévigné, France

    Nora Cuppens

  2. IMT Atlantique, Cesson Sévigné, France

    Frédéric Cuppens

  3. LHS Rennes, Rennes, France

    Jean-Louis Lanet

  4. Inria, Rennes, France

    Axel Legay

  5. Télécom SudParis, Evry Cedex, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Carvallo, P., Cavalli, A.R., Kushik, N. (2018). A Study of Threat Detection Systems and Techniques in the Cloud. In: Cuppens, N., Cuppens, F., Lanet, JL., Legay, A., Garcia-Alfaro, J. (eds) Risks and Security of Internet and Systems. CRiSIS 2017. Lecture Notes in Computer Science(), vol 10694. Springer, Cham. https://doi.org/10.1007/978-3-319-76687-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-76687-4_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-76686-7

  • Online ISBN: 978-3-319-76687-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation