Abstract
This paper presents a study of existing threat detection techniques in cloud computing, together with an experimental evaluation of a subset of them. We consider the threats defined in the Cloud Security Alliance (CSA) report as well as the techniques for their detection, starting from classical signature-based approaches and finishing with recent machine learning based techniques. This paper also contains an analysis of original results presented in international conferences, published as journal papers, Internet resources, and standards. The main contributions of the study include: 1. providing a closer relationship between top threats in cloud computing and known detection techniques; 2. evaluating existing detection techniques concerning cloud computing principles and security challenges nowadays; and 3. reviewing commonly utilized datasets and their association with threats in the last five years. As existing detection techniques tend to target specific threats (or their groups), we also present the experimental evaluation of the applicability of known detection approaches against non-targeted threat groups.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Network protocol developed by Cisco for the collection and monitoring of network traffic flow data generated by NetFlow-enabled routers and switches.
References
Akamai: Akamai’s state of the internet/Security Q3 2015 report. Technical report (2015)
Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007 (2007)
Baig, Z.A., Binbeshr, F.: Controlled virtual resource access to mitigate economic denial of sustainability (EDoS) attacks against cloud infrastructures. In: 2013 International Conference on Cloud Computing and Big Data (CloudCom-Asia), pp. 346–353 (2013)
Bates, A., Mood, B., Pletcher, J., Pruse, H., Valafar, M., Butler, K.: Detecting co-residency with active traffic analysis techniques. In: CCSW 2012, pp. 1–12. ACM Press, New York (2012)
Cao, J., Yu, B., Dong, F., Zhu, X., Xu, S.: Entropy-based denial of service attack detection in cloud data center. In: 2014 Second International Conference on Advanced Cloud and Big Data, pp. 201–207, November 2014
Caswell, B., Foster, J.C., Russell, R., Beale, J., Posluns, J.: Snort 2.0 Intrusion Detection. Syngress Publishing, Rockland (2003)
Chou, H.H., Wang, S.D.: An adaptive network intrusion detection approach for the cloud environment. In: 2015 International Carnahan Conference on Security Technology (ICCST), pp. 1–6. IEEE (2015)
Cloud Security Alliance (CSA): The Notorious Nine: Cloud Computing Top Threats in 2013 (2013)
Derfouf, M., Eleuldj, M., Enniari, S., Diouri, O.: Smart intrusion detection model for the cloud computing. In: Rocha, Á., Serrhini, M., Felgueiras, C. (eds.) Europe and MENA Cooperation Advances in Information and Communication Technologies. AISC, vol. 520, pp. 411–421. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-46568-5_42
ENISA: ENISA Threat Landscape 2015. Technical report, January 2016
Erway, C.C., Küpçü, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(4), 15 (2015)
Fernandes, D.A.B., Soares, L.F.B., Gomes, J.V., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13, 113–170 (2014)
García, S., Grill, M., Stiborek, J., Zunino, A.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014)
Garkoti, G., Peddoju, S.K., Balasubramanian, R.: Detection of insider attacks in cloud based e-healthcare environment. In: 2014 International Conference on Information Technology (ICIT), pp. 195–200. IEEE (2014)
Gupta, S., Kumar, P., Sardana, A., Abraham, A.: A fingerprinting system calls approach for intrusion detection in a cloud environment. In: 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN), pp. 309–314. IEEE (2012)
Hamdi, O., Mbaye, M., Krief, F.: A cloud-based architecture for network attack signature learning. In: 2015 7th International Conference on New Technologies, Mobility and Security (NTMS). IEEE (2015)
Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4(1), 5 (2013)
Huang, S.Y., Suri, N., Huang, Y.: Event pattern discovery on IDS traces of cloud services. In: 2014 IEEE International Conference on Big Data and Cloud Computing (BdCloud), pp. 25–32. IEEE (2014)
Huang, T., Zhu, Y., Wu, Y., Bressan, S., Dobbie, G.: Anomaly detection and identification scheme for VM live migration in cloud infrastructure. Future Gener. Comput. Syst. 56, 736–745 (2016)
Idrissi, H., Hajji, S.E., Ennahbaoui, M., Souidi, E.M., Souidi, E.M.: Mobile agents with cryptographic traces for intrusion detection in the cloud computing. Procedia Comput. Sci. 73, 179–186 (2015)
Jeyanthi, N., Iyengar, N.C.S.N., Kumar, P.C.M., Kannammal, A.: An enhanced entropy approach to detect and prevent DDoS in cloud environment. IJCNIS 5(2), 110 (2013)
Jouad, M., Diouani, S., Houmani, H., Zaki, A.: Security challenges in intrusion detection. In: 2015 International Conference on Cloud Technologies and Applications (CloudTech), pp. 1–11. IEEE (2015)
Katz, G., Elovici, Y., Shapira, B.: CoBAn: a context based model for data leakage prevention. Inf. Sci.: Int. J. 262, 137–158 (2014)
Kene, S.G., Theng, D.P.: A review on intrusion detection techniques for cloud computing and security challenges. In: 2015 2nd International Conference on Electronics and Communication Systems (ICECS), pp. 227–232. IEEE (2015)
Kholidy, H.A., Baiardi, F.: CIDS: a framework for intrusion detection in cloud systems. In: 2012 Ninth International Conference on Information Technology: New Generations (ITNG). IEEE (2012)
Khorshed, M.T., Ali, A.B.M.S., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28(6), 833–851 (2012)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. CoRR (2014)
Kumar, N., Katta, V., Mishra, H., Garg, H.: Detection of data leakage in cloud computing environment. In: 2014 International Conference on Computational Intelligence and Communication Networks (CICN), pp. 803–807. IEEE (2014)
Li, Y.H., Tzeng, Y.R., Yu, F.: VISO: characterizing malicious behaviors of virtual machines with unsupervised clustering. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom). IEEE (2015)
Marnerides, A.K., Spachos, P., Chatzimisios, P., Mauthe, A.U.: Malware detection in the cloud under ensemble empirical mode decomposition. In: 2015 International Conference on Computing, Networking and Communications (ICNC), pp. 82–88. IEEE (2015)
Marnerides, A.K., Shirazi, N., Hutchison, D., Simpson, S., Watson, M., Mauthe, A.: Assessing the impact of intra-cloud live migration on anomaly detection. In: 2014 IEEE 3rd International Conference on Cloud Networking (CloudNet) (2014)
Mell, P.M., Grance, T.: SP 800–145. The NIST Definition of Cloud Computing. Technical report, Gaithersburg, MD, USA (2011)
Modi, C.N., Patel, D.: A novel hybrid-network intrusion detection system (H-NIDS) in cloud computing. In: 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 23–30 (2013)
Modi, C., Patel, D.R., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. JNCA 36(1), 42–57 (2013)
Osanaiye, O., Choo, K.K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud DDoS mitigation framework. J. Netw. Comput. Appl. 67, 147–165 (2016)
Pandeeswari, N., Kumar, G.: Anomaly detection system in cloud environment using fuzzy clustering based ANN. Mob. Netw. Appl. 21, 1–12 (2015)
Patel, A., Taghavi, M., Bakhtiyari, K., Celestino Júnior, J.: An intrusion detection and prevention system in cloud computing: a systematic review. J. Netw. Comput. Appl. 36(1), 25–41 (2013)
Rosado, D.G., Gómez, R., Mellado, D., Fernández-Medina, E.: Security analysis in the migration to cloud environments. Future Internet 4(4), 469–487 (2012)
Sculley, D.: Web-scale k-means clustering. In: Proceedings of the 19th International Conference on World Wide Web. In: WWW 2010, pp. 1177–1178. ACM (2010)
Shamsolmoali, P., Alam, M.A., Biswas, R.: C2DF: high Rate DDOS filtering method in cloud computing. Int. J. Comput. Netw. Inf. Secur. 6(9), 43–50 (2014)
Sharma, P., Sharma, R., Pilli, E.S., Mishra, A.K.: A detection algorithm for DoS attack in the cloud environment. In: Compute 2015, pp. 107–110 (2015)
Shirazi, S.N., Simpson, S., Gouglidis, A., Mauthe, A., Hutchison, D.: Anomaly detection in the cloud using data density. In: 2016 IEEE 9th International Conference on Cloud Computing (CLOUD), pp. 616–623, June 2016
Vaquero, L.M., Rodero-Merino, L., Morán, D.: Locking the sky: a survey on IaaS cloud security. Computing 91(1), 93–118 (2011)
Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. CSUR 47(4), 33 (2015). Article no. 55
Watson, M.R., Shirazi, N., Marnerides, A.K., Mauthe, A., Hutchison, D.: Malware detection in cloud computing infrastructures. TDSC 13(2), 192–205 (2016)
Xiong, W., Hu, H., Xiong, N., Yang, L.T., Peng, W.C., Wang, X., Qu, Y.: Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications. Inf. Sci. 258, 403–415 (2014)
Yaseen, Q., Althebyan, Q., Panda, B., Jararweh, Y.: Mitigating insider threat in cloud relational databases. Secur. Commun. Netw. 9, 1132–1145 (2016)
Yu, S., Gui, X., Lin, J.: An approach with two-stage mode to detect cache-based side channel attacks. In: 2013 International Conference on Information Networking (ICOIN), pp. 186–191. IEEE (2013)
Yu, W., Moulema, P., Xu, G., Chen, Z.: A cloud computing based architecture for cyber security situation awareness. In: 2013 IEEE Conference on Communications and Network Security (CNS), pp. 488–492. IEEE (2013)
Zbakh, M., Elmahdi, K., Cherkaoui, R., Enniari, S.: A multi-criteria analysis of intrusion detection architectures in cloud environments. In: 2015 International Conference on Cloud Technologies and Applications (CloudTech), pp. 1–9. IEEE (2015)
Acknowledgment
The project leading to this paper has received funding from the European Union Horizon 2020 research and innovation program under grant agreement No. 644429 - MUSA project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Carvallo, P., Cavalli, A.R., Kushik, N. (2018). A Study of Threat Detection Systems and Techniques in the Cloud. In: Cuppens, N., Cuppens, F., Lanet, JL., Legay, A., Garcia-Alfaro, J. (eds) Risks and Security of Internet and Systems. CRiSIS 2017. Lecture Notes in Computer Science(), vol 10694. Springer, Cham. https://doi.org/10.1007/978-3-319-76687-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-76687-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76686-7
Online ISBN: 978-3-319-76687-4
eBook Packages: Computer ScienceComputer Science (R0)