article

Review: An intrusion detection and prevention system in cloud computing: A systematic review

Authors:

Kaveh Bakhtiyari,

Joaquim Celestino JúNiorAuthors Info & Claims

Journal of Network and Computer Applications, Volume 36, Issue 1

Pages 25 - 41

https://doi.org/10.1016/j.jnca.2012.08.007

Published: 01 January 2013 Publication History

Abstract

The distributed and open structure of cloud computing and services becomes an attractive target for potential cyber-attacks by intruders. The traditional Intrusion Detection and Prevention Systems (IDPS) are largely inefficient to be deployed in cloud computing environments due to their openness and specific essence. This paper surveys, explores and informs researchers about the latest developed IDPSs and alarm management techniques by providing a comprehensive taxonomy and investigating possible solutions to detect and prevent intrusions in cloud computing systems. Considering the desired characteristics of IDPS and cloud computing systems, a list of germane requirements is identified and four concepts of autonomic computing self-management, ontology, risk management, and fuzzy theory are leveraged to satisfy these requirements.

References

[1]

New data mining technique to enhance IDS alarms quality. Journal in Computer Virology. v6. 43-55.

[2]

Identifying false alarm for network intrusion detection system using data mining and decision tree. Malaysian Journal of Computer Science. v21. 101-115.

[3]

A novel intrusion severity analysis approach for Clouds. Future Generation Computer Systems.

[4]

A multi-layered approach to the design of intelligent intrusion detection and prevention system (IIDPS). Issues in Informing Science and Information Technology. v6.

[5]

Intrusion Detection Systems: A Taxonomy and Survey. Technical Report No 99-15," Department of Computer Engineering. 2000. Chalmers University of Technology, Sweden.

[6]

Virtual machine monitor-based lightweight intrusion detection. SIGOPS-Operating Systems Review. v45. 38-53.

[7]

Beale J, AR Baker,B Caswell, and M Poor, "Snort 2.1 Intrusion Detection," ed.: Syngress Media Inc, 2004, p. 25

[8]

Next-generation misuse and anomaly prevention system. Enterprise Information Systems. v19. 117-129.

[9]

. In: Filipe, J, Cordeiro, J (Eds.), Next-Generation Misuse and Anomaly Prevention System Enterprise Information Systems, 19. Springer, Berlin Heidelberg. pp. 117-129.

[10]

. In: Bubak, M, van Albada, G, Dongarra, J, Sloot, P (Eds.), Agent-Based Immunological Intrusion Detection System for Mobile Ad-Hoc Networks Computational Science-ICCS 2008, 5103. Springer, Berlin/Heidelberg. pp. 584-593.

[11]

Denial-of-service attack-detection techniques. Internet Computing, IEEE,. v10. 82-89.

[12]

Type-2 Fuzzy Logic in Intelligent Control Applications, in Type-2 Fuzzy Logic. Springer, Berlin/ Heidelberg.

[13]

Anomaly detection: a survey. ACM Computing Surveys. v41. 1-58.

[14]

Mobile agent based wireless sensor networks. Journal of Computers. v1. 14-21.

[15]

The cyber threat landscape: challenges and future research directions. Computers & Security. v30. 719-731.

[16]

Host-based intrusion detection systems adapted from agent-based artificial immune systems. Neurocomputing.

[17]

Cloud-Security-Alliance. (2010). Top Threats to Cloud Computing V1.0. Available: {https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf}

[18]

Dastjerdi AV, KA Bakar, and SGH Tabatabaei, "Distributed intrusion detection in clouds using mobile agents," in Third International Conference on Advanced Engineering Computing and Applications in Sciences, Sliema. pp. 175-180, 2009.

[19]

Dhage S, B Meshram, R Rawat, S Padawe, M Paingaokar, and A Misra, "Intrusion detection system in cloud computing environment," in International Conference & Workshop on Emerging Trends in Technology, New York, NY, USA pp. 235-9, 2011.

[20]

Alert correlation in collaborative intelligent intrusion detection systems-a survey. Applied Soft Computing. v11. 4349-4365.

[21]

Anomaly detection methods in wired networks: a survey and taxonomy. Computer Communications. v27. 1569-1584.

Digital Library

[22]

Foster I, Y Zhao, I Raicu, and S Lu, "Cloud computing and grid computing 360-degree compared," in Grid Computing Environments Workshop, 2008. GCE '08 Austin, TX. pp. 1-10, 2008

[23]

Gaffney JEJr and JW Ulvila, "Evaluation of intrusion detectors: a decision theory approach," in IEEE Symposium on Security and Privacy, 2001. S&P 2001, Oakland, CA, USA. pp. 50-61, 2001.

[24]

Galante J., O Kharif, and P Alpeyev (2011, May 17, 2011). Sony Network Breach Shows Amazon Cloud's Appeal for Hackers. Available: {http://www.bloomberg.com/news/2011-05-15/sony-attack-shows-amazon-s-cloud-service-lures-hackers-at-pennies-an-hour.html}

[25]

Anomaly-based network intrusion detection: techniques, systems and challenges. Computers & Security. v28. 18-28.

[26]

Understanding cloud computing vulnerabilities. Security & Privacy, IEEE. v9. 50-57.

[27]

Gunasekaran S., "Comparison of network intrusion detection systems in cloud computing environment," in international conference on computer communication and informatics (ICCCI), Coimbatore, pp. 1-6, 2012.

[28]

Anomaly-based intrusion detection in software as a service. Dependable Systems and Networks Workshops. 19-24.

[29]

. In: Abraham, A, Hassanien, A-E, de Carvalho, A (Eds.), Mining Network Traffic Data for Attacks through MOVICAB-IDS Foundations of Computational Intelligence, 4 204. Springer, Berlin/ Heidelberg. pp. 377-394.

[30]

A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference. Journal of Network and Computer Applications. v32. 1219-1228.

[31]

Hybrid intrusion detection with weighted signature generation over anomalous internet episodes. Dependable and Secure Computing, IEEE Transactions on. v4. 41-55.

[32]

Database intrusion prevention cum detection system with appropriate response. International Journal of Information Technology. v2. 651-656.

[33]

A VMM-based intrusion prevention system in cloud computing environment. The Journal of Supercomputing. 1-19.

[34]

Intrusion Detection Systems. Windowsecurity.

[35]

Using internal sensors and embedded detectors for intrusion detection. Journal of Computer Security. v10. 23-70.

[36]

Klüft S, Alarm management for intrusion detection systems-prioritizing and presenting alarms from intrusion detection systems," Master, Computer Science Programme, master of science thesis, University of Gothenburg, {http://hdl.handle.net/2077/28856}, 2012.

[37]

Mobile agent based hierarchical intrusion detection system in wireless sensor networks. International Journal of Computer Science Issues, IJCSI. v9.

[38]

Kholidy HA and F. Baiardi, CIDS: a Framework for Intrusion Detection in Cloud Systems," in Ninth International Conference on Information Technology: New Generations (ITNG), Las Vegas, NV, pp. 379-5, 2012.

[39]

A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Generation Computer Systems. v28. 833-851.

[40]

System intrusion detection and prevention. In: Kizza, JM (Ed.), A Guide to Computer Network Security, Springer, London. pp. 273-298.

[41]

Lee JH, MW Park, JH Eom, and TM Chung, "Multi-level Intrusion Detection System and log management in Cloud Computing," in 13th international conference on advanced communication technology (ICACT), Seoul, pp. 552-5, 2011.

[42]

Lee JH, MW Park, JH Eom, and TM Chung, "Multi-level intrusion detection system and log management in cloud computing," 13th international conference on advanced communication technology (ICACT), pp. 552-5, 2011.

[43]

Leitner M, Leitner P, Zach M, Collins S, Fahy C, "Fault management based on peer-to-peer paradigms; a case study report from the celtic project madeira," in 10th IFIP/IEEE International Symposium on Integrated Network Management, pp. 697-700, 2007.

[44]

An immunity-based dynamic multilayer intrusion detection system. In: Huang, D-S, Li, K, Irwin, G (Eds.), Computational Intelligence and Bioinformatics, 4115. Springer, Berlin Heidelberg. pp. 641-650.

[45]

The effect of identifying vulnerabilities and patching software on the utility of network intrusion detection. In: Wespi, A, Vigna, G, Deri, L (Eds.), Recent Advances in Intrusion Detection, 2516. Springer, Berlin/ Heidelberg. pp. 307-326.

[46]

. In: Li, K, Fei, M, Jia, L, Irwin, G (Eds.), A New Distributed Intrusion Detection Method Based on Immune Mobile Agent Life System Modeling and Intelligent Computing, 6328. Springer, Berlin/Heidelberg. pp. 233-243.

[47]

An ontology-based intrusion alerts correlation system. Expert Systems with Applications. v37. 7138-7146.

[48]

Reducing false positives in anomaly detectors through fuzzy alert aggregation. Information Fusion. v10. 300-311.

[49]

Filtering intrusion detection alarms. Cluster Computing. v13. 19-29.

[50]

Martínez CA, Echeverri GI, and Sanz AGC, "Malware detection based on cloud computing integrating intrusion ontology representation," in IEEE Latin-American Conference on Communications (LATINCOM), Bogota, pp. 1-6, 2010.

[51]

Cloud-based malware detection for evolving data streams. ACM Transactions Management Information Systems. v2. 1-27.

[52]

The "Big Picture" of insider it sabotage across U.S. critical infrastructures. In: Stolfo, S J, Bellovin, SM, Keromytis, AD, Hershkop, S, Smith, SW, Sinclair, S (Eds.), Insider Attack and Cyber Security, 39. Springer, US. pp. 17-52.

[53]

Current intrusion detection techniques in information technology-a detailed analysis. European Journal of Scientific Research. v65. 611-624.

[54]

An overview of anomaly detection techniques: existing solutions and latest technological trends. Computer Networks. v51. 3448-3470.

Digital Library

[55]

Patel A, Qassim Q, Shukor Z, Nogueira J, Júnior J, Wills C, "Autonomic agent-based self-managed intrusion detection and prevention system," in South African information security multi-conference (SAISMC 2010), Port Elizabeth, South Africa, pp. 223-24, 2009.

[56]

A survey of intrusion detection and prevention systems. Information Management and Computer Security. v18. 277-290.

[57]

Alarm clustering for intrusion detection systems in computer networks. Engineering Applications of Artificial Intelligence. v19. 429-438.

[58]

Data mining and machine learning-towards reducing false positives in intrusion detection. Information Security Technical Report. v10. 169-183.

Digital Library

[59]

Incremental hybrid intrusion detection using ensemble of weak classifiers. In: Sarbazi-Azad, H, Parhami, B, Miremadi, S-G, Hessabi, S (Eds.), Advances in Computer Science and Engineering, 6. Springer, Berlin Heidelberg. pp. 577-584.

[60]

Roschke S, F Cheng, and C Meinel, "Intrusion detection in the Cloud," presented at the Eighth IEEE international conference on dependable, autonomic and secure computing, pp. 729-34, 2009.

[61]

Guide to Intrusion Detection and Prevention Systems (idps). Special Publication, 2007.NIST.

[62]

The future for cloud computing: opportunities for european cloud computing beyond. Expert Group Report, Public Version1, European Commission 2010.

[63]

Google android: a comprehensive security assessment. Secur. Privacy IEEE. v8. 35-44.

[64]

Intrusion detection systems technology. International Journal of Engineering and Advanced Technology (IJEAT). v1. 28-33.

[65]

Applying genetic algorithm for classifying anomalous TCP/IP packets. Neurocomputing. v69. 2429-2433.

[66]

A multiagent-based intrusion detection system with the support of multi-class supervised classification. In: Cao, L (Ed.), Data Mining and Multi-agent Integration, Springer, US. pp. 127-142.

[67]

A smart sensor to detect the falls of the elderly. Pervasive Computing, IEEE. v3. 42-47.

[68]

Smith D, Q Guan, and S Fu, "An Anomaly Detection Framework for Autonomic Management of Compute Cloud Systems," 34th Annual Computer Software and Applications Conference Workshops (COMPSACW), Seoul, pp. 376-1, 2010.

[69]

Reducing false positives in intrusion detection systems. Computers & Security. v29. 35-44.

[70]

Distributed instrusion prevention in active and extensible networks active networks. In: Minden, G, Calvert, K, Solarski, M, Yamamoto, M (Eds.), Lecture Notes in Computer Science, 3912. Springer, Berlin/Heidelberg. pp. 54-65.

[71]

A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications. v34. 1-11.

[72]

A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach. Computers & Security. v28. 301-309.

[73]

Integrating intrusion alert information to aid forensic explanation: an analytical intrusion detection framework for distributive IDS. Inf. Fusion. v10. 325-341.

[74]

Takahashi T, Y Kadobayashi, and H Fujiwara, "Ontological approach toward cybersecurity in cloud computing," presented at the Proceedings of the 3rd international conference on Security of information and networks, Taganrog, Rostov-on-Don, Russian Federation, 2010.

[75]

Parametric methods for anomaly detection in aggregate traffic,. IEEE/ACM Transactions on Networking (TON). v19. 512-525.

[76]

A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm. Computers & Security. v29. 712-723.

[77]

Secure mobile agent execution in virtual environment. Autonomous Agents and Multi-Agent Systems. v16. 1-12.

[78]

Tupakula U, V Varadharajan, and N Akku, "Intrusion Detection Techniques for Infrastructure as a Service Cloud," IEEE International Conference on Dependable, Autonomic and Secure Computing pp. 744-1, 2011.

[79]

Cloud computing and the common man. Computer. v42. 106-108.

[80]

Ntrusion detection for grid and cloud computing. IT Professional. v12. 38-43.

[81]

Decentralized multi-dimensional alert correlation for collaborative intrusion detection. Journal of Network and Computer Applications. v32. 1106-1123.

[82]

Wang C, Q Wang, K Ren, and W Lou, "Ensuring data storage security in cloud computing," in 17th International Workshop on Quality of Service, 2009. IWQoS, Charleston, SC. pp. 1-9, 2009

[83]

. Principles of Information Security, ed.: Course Technology Ptr. 315

[84]

The use of computational intelligence in intrusion detection systems: a review. Applied Soft Computing. v10. 1-35.

[85]

Anomaly detection in wireless sensor networks: a survey. Journal of Network and Computer Applications. v34. 1302-1325.

Digital Library

[86]

Xin W, H Ting-lei, and L Xiao-yu, Research on the Intrusion detection mechanism based on cloud computing," in 2010 International Conference on Intelligent Computing and Integrated Systems (ICISS), Guilin, pp. 125-8, 2010.

[87]

Correlation analysis of intrusion alerts. Intrusion Detection Systems, 2008.Springer, US.

[88]

A cost-based analysis of intrusion detection system configuration under active or passive response. Decision Support System. v50. 21-31.

[89]

Zargar ST, H Takabi, and JBD Joshi, "Dcdidp: a distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments," in International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Orlando, Florida, 2011.

[90]

A new intrusion detection method based on antibody concentration emerging intelligent computing technology and applications. In: Huang, D-S, Jo, K-H, Lee, H-H, Kang, H-J, Bevilacqua, V (Eds.), With Aspects of Artificial Intelligence, 5755. Springer, Berlin/ Heidelberg. pp. 500-509.

[91]

A survey of coordinated attacks and collaborative intrusion detection. Computers & Security. v29. 124-140.

Cited By

Kim YPark GKim H(2024)Domain knowledge free cloud-IDS with lightweight embedding methodJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-024-00707-813:1Online publication date: 27-Sep-2024
https://dl.acm.org/doi/10.1186/s13677-024-00707-8
Sworna ZMousavi ZBabar M(2023)NLP methods in host-based intrusion detection systemsJournal of Network and Computer Applications10.1016/j.jnca.2023.103761220:COnline publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103761
Maheswari KSiva CNalinipriya G(2023)Optimal cluster based feature selection for intrusion detection system in web and cloud computing environment using hybrid teacher learning optimization enables deep recurrent neural networkComputer Communications10.1016/j.comcom.2023.02.003202:C(145-153)Online publication date: 15-Mar-2023
https://dl.acm.org/doi/10.1016/j.comcom.2023.02.003
Show More Cited By

Review: An intrusion detection and prevention system in cloud computing: A systematic review
1. Networks
  1. Network services
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Taxonomy and Proposed Architecture of Intrusion Detection and Prevention Systems for Cloud Computing
Cyberspace Safety and Security
Abstract
The distributed and open structure of cloud computing and services becomes an attractive target for potential cyber-attacks by intruders. The traditional Intrusion Detection and Prevention Systems (IDPS) are deemed largely inefficient to be ...
Review: A survey of intrusion detection techniques in Cloud

In this paper, we survey different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. Proposals incorporating Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) in Cloud are examined. ...
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Journal of Network and Computer Applications

Journal of Network and Computer Applications Volume 36, Issue 1

January, 2013

566 pages

ISSN:1084-8045

Issue’s Table of Contents

Copyright © Elsevier Ltd © 2012.

Publisher

Academic Press Ltd.

United Kingdom

Publication History

Published: 01 January 2013

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

73
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kim YPark GKim H(2024)Domain knowledge free cloud-IDS with lightweight embedding methodJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-024-00707-813:1Online publication date: 27-Sep-2024
https://dl.acm.org/doi/10.1186/s13677-024-00707-8
Sworna ZMousavi ZBabar M(2023)NLP methods in host-based intrusion detection systemsJournal of Network and Computer Applications10.1016/j.jnca.2023.103761220:COnline publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103761
Maheswari KSiva CNalinipriya G(2023)Optimal cluster based feature selection for intrusion detection system in web and cloud computing environment using hybrid teacher learning optimization enables deep recurrent neural networkComputer Communications10.1016/j.comcom.2023.02.003202:C(145-153)Online publication date: 15-Mar-2023
https://dl.acm.org/doi/10.1016/j.comcom.2023.02.003
Linhares TPatel ABarros AFernandez M(2023)SDNTruth: Innovative DDoS Detection Scheme for Software-Defined Networks (SDN)Journal of Network and Systems Management10.1007/s10922-023-09741-431:3Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1007/s10922-023-09741-4
Farhat SAbdelkader MMeddeb-Makhlouf AZarai F(2023)CADS-ML/DL: efficient cloud-based multi-attack detection systemInternational Journal of Information Security10.1007/s10207-023-00729-422:6(1989-2013)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1007/s10207-023-00729-4
Abdulganiyu OAit Tchakoucht TSaheed Y(2023)A systematic literature review for network intrusion detection system (IDS)International Journal of Information Security10.1007/s10207-023-00682-222:5(1125-1162)Online publication date: 27-Mar-2023
https://dl.acm.org/doi/10.1007/s10207-023-00682-2
Zhang LPan ZPan YGuo SLiu YXia SZheng QLi HBai W(2022)A Hidden Attack Sequences Detection Method Based on Dynamic Reward Deep Deterministic Policy GradientSecurity and Communication Networks10.1155/2022/14883442022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1488344
Mishra PGupta AAggarwal PPilli E(2022)vServiceInspectorAd Hoc Networks10.1016/j.adhoc.2022.102836131:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.adhoc.2022.102836
Shadroo SRahmani ARezaee A(2022)Survey on the application of deep learning in the Internet of ThingsTelecommunications Systems10.1007/s11235-021-00870-279:4(601-627)Online publication date: 1-Apr-2022
https://dl.acm.org/doi/10.1007/s11235-021-00870-2
Rani MGagandeep (2022)Effective network intrusion detection by addressing class imbalance with deep neural networks multimedia tools and applicationsMultimedia Tools and Applications10.1007/s11042-021-11747-681:6(8499-8518)Online publication date: 1-Mar-2022
https://dl.acm.org/doi/10.1007/s11042-021-11747-6
Show More Cited By

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents