Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

1 VLDB 2006, Seoul Mapping a Moving Landscape by Mining Mountains of Logs Automated Generation of a Dependency Model for HUG’s Clinical System Mirko Steinle,

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

IDS/IPS Definition and Classification

Intrusion Detection Systems and Practices

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Applied Cryptography for Network Security

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Computer Security: Principles and Practice

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

seminar on Intrusion detection system

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Lecture 11 Intrusion Detection (cont)

Department Of Computer Engineering

Intrusion Detection System Marmagna Desai [ 520 Presentation]

Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.

Security Guidelines and Management

Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

IIT Indore © Neminah Hubballi

Layered Approach using Conditional Random Fields For Intrusion Detection.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Clay Brockman ITK 478 Fall Why intrusion detection? Comparing two types: Monitoring Database Application Behavior Using Time Signatures.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

RELATIONAL FAULT TOLERANT INTERFACE TO HETEROGENEOUS DISTRIBUTED DATABASES Prof. Osama Abulnaja Afraa Khalifah

Operating system Security By Murtaza K. Madraswala.

Intrusion Control. CSCE Farkas2 Readings Lecture Notes Pfleeger: Chapter 7.5.

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Cryptography and Network Security Sixth Edition by William Stallings.

Paulo Fernando da Silva Carlos Becker Westphall Network and Management Laboratory Post-Graduate Program in.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Intrusion Detection System

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

Role Of Network IDS in Network Perimeter Defense.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors ： Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser.

Approaches to Intrusion Detection statistical anomaly detection – threshold – profile based rule-based detection – anomaly – penetration identification.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Some Great Open Source Intrusion Detection Systems (IDSs)

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Access control techniques

Intrusion Control.

Outline Introduction Characteristics of intrusion detection systems

Intrusion Detection Systems

Presentation transcript:

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal University of Santa Catarina, Brazil Content Type Journals Appears IT Professional Date July/August 2010 Speaker Jyue-Li Lu

Introduction Providing security in a distributed system requires more than user authentication with passwords or digital certificates and confidentiality in data transmission. The Grid and Cloud Computing Intrusion Detection System integrates knowledge and behavior analysis to detect intrusions. Because of their distributed nature, grid and cloud computing environments are easy targets for intruders looking for possible vulnerabilities to exploit. To combat attackers, intrusion-detection systems can offer additional security measures.

Introduction IDS (intrusion-detection systems) must monitor each node and, when an attack occurs, alert other nodes in the environment. This kind of communication requires compatibility between heterogeneous hosts, various communication mechanisms, and permission control over system maintenance and updates—typical features in grid and cloud environments. Cloud middleware usually provides these features, so we propose an IDS service offered at the middleware layer.

Introduction An attack against a cloud computing system can be silent, because cloud-specific attacks don’t necessarily leave traces in a node’s operating system. In this way, traditional IDSs can’t appropriately identify suspicious activities in a grid and cloud environment. We propose the Grid and Cloud Computing Intrusion Detection System (GCCIDS), which has an audit system designed to cover attacks.

Figure 1 The architecture of grid and cloud computing intrusion detection. Each node identifies local events that could represent security violations and sends an alert to the other nodes.

Out Proposed Service Figure 1 depicts the sharing of information between the IDS service and the other elements participating in the architecture: the node, service, event auditor, and storage service.  Node : resources, which are accessed homogeneously through the middleware.  Service : provides its functionality in the environment through the middleware, which facilitates communication.  Event Auditor : is the key piece in the system. It captures data from various sources, such as the log system, service, and node messages.  Storage Service : holds the data that the IDS service must analyze. It’s important for all nodes to have access to the same data.

IDS Service The IDS service increases a cloud’s security level by applying two methods of intrusion detection. The behavior-based method dictates how to compare recent user actions to the usual behavior. The knowledge-based method detects known trails left by attacks or certain sequences of actions from a user who might represent an attack.

IDS Service - Analyzer The analyzer uses a profile history database to determine the distance between a typical user behavior and the suspect behavior and communicates this to the IDS service. With these responses, the IDS calculates the probability that the action represents an attack and alerts the other nodes if the probability is sufficiently high.

Behavior Analysis Numerous methods exist for behavior-based intrusion detection, such as data mining, artificial neural networks, and artificial immunological systems. We use a feed-forward artificial neural network, because this type of network can quickly process information, has self-learning capabilities, and can tolerate small behavior deviations. These features help overcome some IDS limitations.

Behavior Analysis Using this method, we need to recognize expected behavior (legitimate use) or a severe behavior deviation. For a given intrusion sample set, the network learns to identify the intrusions using its retropropagation algorithm. However, we focus on identifying user behavioral patterns and deviations from such patterns. With this strategy, we can cover a wider range of unknown attacks.

Knowledge Analysis Knowledge-based intrusion detection is the most often applied technique in the field because it results in a low false-alarm rate and high positive rates, although it can’t detect unknown attack patterns. Using an expert system, we can describe a malicious behavior with a rule. One advantage of using this kind of intrusion detection is that we can add new rules without modifying existing ones. In contrast, behavior-based analysis is performed on learned behavior that can’t be modified without losing the previous learning.

Increasing Attack Coverage The two intrusion detection techniques are distinct. The knowledge-based intrusion detection is characterized by a high hit rate of known attacks, but it’s deficient in detecting new attacks. We therefore complemented it with the behavior based technique. The volume of data in a cloud computing environment can be high, so administrators don’t observe each user’s actions—they observe only alerts from the IDS.

Results We developed a prototype to evaluate the proposed architecture using Grid-M, a middleware of our research group developed at the Federal University of Santa Catarina. We prepared three types of simulation data to test.  First, we created data representing legitimate action by executing a set of known services simulating a regular behavior.  Then, we created data representing behavior anomalies.  Finally, we created data representing policy violation.

Evaluating the Event Auditor The event auditor captures all requests received by a node and the corresponding responses, which is fundamental for behavior analysis. In the experiments with the behavior-based IDS, we considered using audit data from both a log and a communication system. Unfortunately, data from a log system has a limited set of values with little variation.

Evaluating the Event Auditor This made it difficult to find attack patterns, so we opted to explore communication elements to evaluate this technique. We evaluated the behavior-based technique using artificial intelligence enabled by a feedforward neural network. In the simulation environment, we monitored five intruders and five legitimate users.

Evaluating the Event Auditor We initiated the neural-network training with a data set representing 10 days of usage simulation. Using this data resulted in a high number of false negatives and a high level of uncertainty. Increasing the sample period for the learning phase improved the results.