Abstract
Cloud computing is becoming more influential as a technical-cum-business model in the present scenario of enterprise business computing. It attracts the customers with its glossy catchphrase ‘pay-as-you-use’. Even after knowing all its benefits, many organizations ranging from medium to large businesses fear migrating to this computing paradigm because of the security issues associated with it. The reason being, today’s business computing world breathes solely on users and their data which require sophisticated mechanisms to protect it against theft and misuse. Subsequently, due to the public and multi-tenancy nature of cloud, the security threats and the velocity of consequences are higher in cloud, than in in-premises computing. eCloudIDS a next-generation security system designed with innovative hybrid two-tier expert engines, namely uX-Engine (tier-1) and sX-Engine (tier-2), is considered as a most suitable security solution for cloud computing environments; precisely public cloud. This paper deals with the design and implementation of our proposed eCloudIDS architecture’s Tier-1 uX-Engine Subsystem using one of the unsupervised machine learning techniques named Self-Organizing Map (SOM). This experiment was conducted on the setup with 6 machines which had Ubuntu 10.04 LTS 64-bit LTS Desktop edition as native operating system, CloudStack 3.0.0 as IaaS platform, XenServer 6.0 as virtualization host, and all systems with statically allocated IP addresses. This paper travels through the phases and footprints involved in the implementation of proposed eCloudIDS Tier-1 uX-Engine subsystem architecture using SOM. Further, our implemented system showcases the detection performance rate as 89% with minimal false alarm rates, which is considerably substantial for an unsupervised machine learning implementation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Madhan, K.S., Sarukesi, K., Rodrigues, P., Saimanoj, M., Revathy, P.: State-of-the-art Cloud Computing Security Taxonomies – A classification of security challenges in the present cloud computing environment. In: ICACCI 2012, pp. 470–476. ACM, India (2012), doi:10.1145/2345396.2345474, ISBN: 978-1-4503-1196-0
Cloud Computing and Sustainability: The Environmental Benefits of moving to the Cloud. Technical report, Accenture (2010)
Srinivasan, M.K., Sarukesi, K., Keshava, A., Revathy, P.: eCloudIDS – Design Roadmap for the Architecture of Next-Generation Hybrid Two-Tier Expert Engine-Based IDS for Cloud Computing Environment. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Calero, J.M.A., Thomas, T. (eds.) SNDS 2012. CCIS, vol. 335, pp. 358–371. Springer, Heidelberg (2012)
Security Guidance for Critical Areas of Focus in Cloud Computing V2.1. Technical report, Cloud Security Alliance (2009)
Top Threats to Cloud Computing V1.0. Technical report, Cloud Security Alliance (2010)
What’s Holding Back the Cloud? Technical report, Intel IT Center (2012)
Securing Multi-Tenancy and Cloud Computing. Technical report, Juniper Networks (2012)
Li, H., Sedayao, J., Hahn-Steichen, J., Jimison, E., Spence, C., Chahal, S.: Developing an Enterprise Cloud Computing Strategy. Technical report, Intel Corporation (2009)
Madhan Kumar, S., Rodrigues, P.: A Roadmap for the Comparison of Identity Management Solutions Based on State-of-the-Art IdM Taxonomies. In: Meghanathan, N., Boumerdassi, S., Chaki, N., Nagamalai, D. (eds.) CNSA 2010. CCIS, vol. 89, pp. 349–358. Springer, Heidelberg (2010)
Madhan, K.S., Rodrigues, P.: Analysis on Identity Management Systems with Extended State-of-the-art IdM Taxonomy Factors. International Journal of Ad hoc, Sensor & Ubiquitous Computing 1(4), 62–70 (2010), doi:10.5121/ijasuc.2010.1406
Shiels, M.: Malicious insider attacks to rise. Technical report, BBC News (2009)
Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800-145. Technical report, National Institute of Standards and Technology (2011)
Ghahramani, Z.: Unsupervised Learning. In: Bousquet, O., von Luxburg, U., Rätsch, G. (eds.) Machine Learning 2003. LNCS (LNAI), vol. 3176, pp. 72–112. Springer, Heidelberg (2004)
Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: A Hierarchical SOM based Intrusion Detection System. Journal of Engineering Applications of Artificial Intelligence 20(4), 439–451 (2007), doi:10.1016/j.engappai.2006.09.005
Patole, V.A., Pachghare, V.K., Kulkarni, P.: Self-Organizing Maps to Build Intrusion Detection System. Intl. Journal of Computer Applications, 1–4 (2010)
Khaled, L., Rao, V.: NSOM – A Real-Time Network-Based Intrusion Detection System Using Self-Organizing Maps. University of California. Technical report. Davis (2002)
Zanero, S.: Improving Self-Organizing Map Performance for Network Intrusion Detection. In: SDM 2005 Workshop on Clustering High Dimensional Data and its Applications (2005)
Bivens, A., Palagiri, C., Smith, R., Szymanski, B., Embrechts, M.: Network-based Intrusion Detection using Neural Networks. In: Intelligent Engineering Systems through Artificial Neural Networks, ANNIE 2002, New York, vol. 12, pp. 579–584 (2002)
Keerthi, B., Madhan, K.S., Sarukesi, K., Rodrigues, P.: Implementation of Next-generation Traffic Sign Recognition System with Two-tier Classifier Architecture. In: ACM ICACCI 2012, pp. 481–487. ACM, India (2012), doi:10.1145/2345396.2345476
Balasundaram, K., Srinivasan, M.K., Sarukesi, K.: iReSign-Implementation of Next-Generation Two-Tier Identity Classifier-Based Traffic Sign Recognition System Architecture using Hybrid Region-Based Shape Representation Techniques. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Calero, J.M.A., Thomas, T. (eds.) SNDS 2012. CCIS, vol. 335, pp. 408–421. Springer, Heidelberg (2012)
CloudStack 3.0.0 Release Notes. Technical report. Citrix Systems, Inc. (2012)
XenServer 6.0 Release Notes. Technical report. Citrix Systems, Inc. (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Srinivasan, M.K., Sarukesi, K., Keshava, A., Revathy, P. (2012). eCloudIDS Tier-1 uX-Engine Subsystem Design and Implementation Using Self-Organizing Map (SOM) for Secure Cloud Computing Environment. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2012. Communications in Computer and Information Science, vol 335. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34135-9_42
Download citation
DOI: https://doi.org/10.1007/978-3-642-34135-9_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34134-2
Online ISBN: 978-3-642-34135-9
eBook Packages: Computer ScienceComputer Science (R0)