Skip to main content
SpringerLink
Log in

A risk mitigation approach for autonomous cloud intrusion response system

  • Published:
Computing Aims and scope Submit manuscript

Abstract

Cloud computing delivers on-demand resources over the Internet on a pay-for-use basis, intruders may exploit clouds for their advantage. This paper presents Autonomous Cloud Intrusion Response System (ACIRS), a proper defense strategy for cloud systems. ACIRS continuously monitors and analyzes system events and computes security and risk parameters to provide risk assessment and mitigation capabilities with a scalable and elastic architecture with no central coordinator. It detects masquerade, host based and network based attacks and selects the appropriate response to mitigate these attacks. ACIRS is superior to NICE (Network Intrusion Detection and Countermeasure Selection system) in reducing the risk by 38 %. This paper describes the components, architecture, and advantages of ACIRS.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

References

  1. Karen S, Peter M (2007) Guide to Intrusion Detection and Prevention Systems (IDPS), National Institute of Standards and Technology(NIST). Special Publication, pp 800–894

  2. Top Threats to Cloud Computing (2010) Cloud security alliance. http://www.cloudsecurityalliance.org/csaguide.pdf. V. 1.0

  3. Foster I, Zhao Y, Raicu I, Lu S (2008) Cloud computing and grid computing 360-degree compared. In: Grid Computing Environments Workshop, GCE ’08, pp 1–10

  4. Jansen W, Karygiannis T (1999) Mobile agents and security. Special Publication, pp 800–819, NIST

  5. Dastjerdi A, Abu Bakar K, Gholam SH (2009) Tabatabaei, distributed intrusion detection in clouds using mobile agents. In: 3\(^{rd}\) International Conf. on Advanced Engineering Computing and Application in Sciences, October 11, 2009—Sliema, Malta

  6. Roschke S, Cheng F, Meinel (2009) Intrusion detection in the cloud. In: The 8th International Conference on Dependable, Autonomic and Secure Computing (DASC-09) China

  7. Issac B, Israr N (eds) (2014) Case studies in secure computing-achievements and trends. CRC Press, Taylor and Francis, New York, USA 204

    Google Scholar 

  8. Vieira K, Schulter A, Westphall CB, Westphall CM (2010) Intrusion detection for grid and cloud computing. IT Prof 12(4), 38–43

  9. Venkataramana K, Padmavathamma M (2012) Multi-agent intrusion detection and prevention system for cloud environment. Int J Comput Appl (0975–8887) 49(20)

  10. Pratik PJ, Madhu BR (2013) Data mining based CIDS: cloud intrusion detection system for masquerade attacks [DCIDSM]. In: Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT), pp 1–5

  11. Kholidy HA, Baiardi F (2012) CIDD: a cloud intrusion detection dataset for cloud computing and Masquerade attacks. In: The 9th International Conference on Information Technology: New Generations (ITNG), Las Vegas, Nevada, USA

  12. Thukral K, Zilpelwar A, Madiajagan M (2014) Proactive autonomous defense shield (PADS) for infrastructure as a service (IaaS). In: Proc. of the World Congress on Engineering 2014 Vol I, London, UK, WCE 2014

  13. Lei J, Li ZT (2007) Using network attack graph to predict the future attacks. In: Second International Conference on Communications and Networking in China, 2007. CHINACOM ’07, pp 403–407

  14. Shameli-Sendi A, Ezzati-jivan N, Jabbarifar M, Dagenais M (2012) Intrusion response systems: survey and taxonomy. IJCSNS Int J Comput Sci Netw Secur 12(1)

  15. Roy A, Kim DS, Trivedi K (2012) Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees. In: Proc. IEEE Int’l Conf. Dependable Systems Networks (DSN ’12)

  16. Poolsappasit N, Dewri R, Ray I (2012) Dynamic security risk management using Bayesian attack graphs. IEEE Trans Depend Secur Comput 9(1):61–74

    Article  Google Scholar 

  17. Foo B, Wu YS, Mao YC, Bagchi S, Spafford EH (2005) ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment. In: Proc. of DSN, pp 508–517

  18. Gehani A, Kedem G (2004) Rheostat: real-time risk management. In: Proceedings of RAID, pp 296–314

  19. Jahnke M, Thul C, Martini P (2007) Graph based metrics for intrusion response measures in computer networks. In: Proceedings of the IEEE LCN, pp 1035–1042

  20. Chung CJ, Khatkar P, Xing T, Lee J, Huang D (2013) NICE: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans Depend Secur Comput 10(4):198–211. doi:10.1109/TDSC.2013.8

  21. Hisham A, Kholidy, Baiardi F, Hariri S (2014) DDSGA: a data-driven semi-global alignment approach for detecting Masquerade attacks. IEEE Trans Depend Secur Comput. doi:10.1109/TDSC.2014.2327966

  22. http://www.ossec.net/main/

  23. http://www.snort.org/

  24. Microsoft Private cloud. http://www.microsoft.com/en-us/server-cloud/private-cloud/default.aspx

  25. VMware cloud. http://www.vmware.com/solutions/cloud-computing/index.html

  26. Open stack. http://www.openstack.org/

  27. Debar H, Curry D (2007) The intrusion detection message exchange format (IDMEF), rfc4765

  28. Bereziński P, Śliwa J, Piotrowski J, Jasiul B (2016) Detection of multistage attack in ederation of systems environment. Military Communication Institute

  29. OSSIM Manual. http://www.alienvault.com/documentation/index.html

  30. Eucalyptus. http://www.eucalyptus.com/

  31. Tupper M, Zincir-Heywood A (2008) VEA-bility security metric: a network security analysis tool. In: Proc IEEE Third Int’l Conf. Availability, Reliability and Security

  32. Metasploit (2012). http://www.metasploit.com

  33. Armitage (2012). http://www.fastandeasyhacking.com

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Faculty of Computers and Information, Fayoum University, Fayoum, Egypt

    Hisham A. Kholidy

  2. Department of Computer Science and Engineering, College of Engineering, Qatar University, Doha, Qatar

    Abdelkarim Erradi

  3. Electrical and Computer Engineering, Mississippi State University, Starkville, MS, USA

    Hisham A. Kholidy & Sherif Abdelwahed

  4. Dipartimento di Informatica, Università di Pisa, Pisa, Italy

    Fabrizio Baiardi

Authors
  1. Hisham A. Kholidy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abdelkarim Erradi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sherif Abdelwahed
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fabrizio Baiardi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hisham A. Kholidy.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kholidy, H.A., Erradi, A., Abdelwahed, S. et al. A risk mitigation approach for autonomous cloud intrusion response system. Computing 98, 1111–1135 (2016). https://doi.org/10.1007/s00607-016-0495-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00607-016-0495-8

Keywords

Mathematics Subject Classification

Search

Navigation