cloud intrusion detection system

IN THE NAME OF ALLAHMost Gracious, Most Merciful

Cloud Network Intrusion Detection

Mohammad Sadegh SalehiBy:

Fall 20152

genda

01

What is CLOUD Computing?

History of CLOUD Computing02

CLOUD Types And Models03

CLOUD Advantage and Disadvantage04

CLOUD Intrusion Detection - article05

Cloud Network Intrusion Detection Fall 2015 4 / 34

The Cloud?

hat is

C loud Computing

CLOUD COMPUTING evolved from the term “the cloud”,

Cloud Computing is the overarching ability for user to access data, application, and services remotely, using internet.

THE CLOUD is a metaphor for the internet that was born from diagrams depicting the internet as a cloud.

CLOUD SERVICES, or cloud computing, can be categorized into three different levels.

Cloud History

Cloud Types

Cloud Models

Adv And DisAdv

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


C loud Computing

Cloud History

Cloud Types

Cloud Models

Adv And DisAdv

Cloud Components

It has three components 1.) Client computers2.) Distributed Servers3.) Datacenters

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


C loud Computing

Cloud History

Cloud Types

Cloud Models

Adv And DisAdv

Clients

Clients are the device that the end user interact with cloud. Four types of clients:

1.) Mobile and Tablet,2.) Thick,3.) Thin (Most Popular),4.) Zero (UltraThin).

It is collection of servers where application is placed and is accessed via internet.

Datacenters

Distributed servers

Often servers are in geographically different places, but server acts as if they are working next to each other.

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


Cloud Types

Cloud Models

Adv And DisAdv

L loud istory

Cloud Computing Cloud Computing: Past, Present and Future

1960sIdeas about computation as a public utility emerged in public discourse and literature

2001Autonomic Computing evolved as systems to aid self-management.

1997The word “cloud computing” was first used by information system Prof.Ramnach Chelappa.

2006Amazon offered “Amazon

Web Service” cloud computing to customers

2007Research on Cloud

Computing was undertaken by companies

like Google and IBM

Early 2008Open Source AWS API-compatible platform called

Eucalyptus offered private clouds.Packaging of computing resource become a metered

service called Utility Computing.

Mid 2008Organization began switching from company-owned hardware to cloud services.

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


Cloud Types

Cloud Models

Adv And DisAdv

L loud istory

Cloud Computing Cloud Computing: Past, Present and Future

2009The National science Foundation awarded approx. $5 million in grants for researching

cloud computing.

2010Microsoft Azure become commercially available.

2013$78bn worldwide public

cloud Service Market.

2015$114.3bn worldwide public cloud Service

Market.

The Future of Cloud Computing: Studies predict more than 50% of all

information technology will be in the cloud within the next 5 to 10 years

43%

In the next 5years , hybrid clouds are expected to represent 43% of the market higher than both public and private.

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


Cloud Types

Cloud Models

Adv And DisAdv

L loud istory

Cloud Computing What we store in the Cloud Today ?

By 2016 the Asia-Pacific market is expected to account for 1.5 Zb of global cloud computing usage.

Notes & Research

Music Address Book

Calendars BusinessDocs

Emails Photo

43%

43%

44%

48%

66%

70%

75%

According to a survey by Endurance International Group, The following type of data is most commonly stored on the cloud,

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


Cloud History

Cloud Models

Adv And DisAdv

Cloud Computing Public, Private or Hybrid??

In The “Cloud” infrastructure, platforms, software or processes are provided by external IT services.

There are some key point to consider when deciding which cloud is to be used:

To what extent application that want to move to the cloud are essential for business.

Data protection requirements.

Applications Workloads.

Application integration with other business Function.

L loud Types

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


Cloud History

Cloud Models

Adv And DisAdv

Cloud Computing Public CLOUD:

Data (text messages, mails, documents …).

Metadata (origin, destination, text length, time , call duration)

Applications, storage and other resources are available through the service provider.

The public cloud is usually maintained and managed by a service provider unrelated to the end customer.

Service Provider

Services applications and storage is available to users via internet, “as a service”, usually with a pay per use system.

L loud Types

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


Cloud History

Cloud Models

Adv And DisAdv

Cloud Computing Public CLOUD (cont):

Reduces complexity and deadlines because of its fixed structure

Provide less options For security and Output customization

Service Provider

The economy of scale that allows the public cloud computing technology makes it particularly attractive

STABLE FOR

Companies that need to be in the market quickly.

Business subjected to less regulatory restriction.

Companies looking to outsource part or all of their IT requirements.

L loud Types

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


Cloud History

Cloud Models

Adv And DisAdv

Cloud Computing Private CLOUD:

Company ServersExternal Provider

Companies install their own servers and storage hardware's.

You can move workloads between servers when demand peaks occur or to introduce new applications.

Unshared resource

Increased storage capacity:

Advanced security solutions high availability and fault tolerance that have no place in the public cloud.

Require a high level of commitment by both the corporation and IT departments.

L loud Types

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


Cloud History

Cloud Models

Adv And DisAdv

Cloud Computing Private CLOUD (cont):

STABLE FOR

Companies that must comply with strict regulation

Crucial applications for the company

L loud Types

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


PUBLIC PRIVATE

Images, Video, documents,…

AccountManagementPaymentServices, …

Cloud History

Cloud Models

Adv And DisAdv

Cloud Computing ybrid CLOUD:

Cost advantages and scale of public clouds, combined with the superior control of private.

Usually, companies run an application mainly in the private cloud while public cloud is used to cover peak in demand.

Moderate initial investment.

Platform scalability.

L loud Types

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


L loud Models

Cloud History

Cloud Types

Adv And DisAdv

Cloud Computing

S ervice Models are the reference models on which the Cloud Computing is based.

These can be categorized into three basic service models as listed below:

Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

Software as a Service (SaaS)

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


L loud Models

Cloud History

Cloud Types

Adv And DisAdv

Cloud Computing I nfrastructure as a Service (IaaS)

Usually billed based on usage Usually multi tenant virtualized environment Can be coupled with Managed Services for OS and application support

IaaS is a model where service providers offer pools of abstract IT infrastructure resources

servers, storage, and network component,… pay-per-usage model

The service provider owns the equipment and is responsible for housing, cooling, operation and maintenanceProposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


L loud Models

Cloud History

Cloud Types

Adv And DisAdv

Cloud Computing I nfrastructure as a Service (IaaS)- (cont)

IaaS Examples:

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


L loud Models

Cloud History

Cloud Types

Adv And DisAdv

Cloud Computing I latform as a Service (PaaS)- (cont)

PaaS provides the runtime environment for applications, development & deployment tools, etc.

PaaS provides all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely from the Internet.

Typically applications must be developed with a particular platform in mind

Multi tenant environments Highly scalable multi tier architecture

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


L loud Models

Cloud History

Cloud Types

Adv And DisAdv

Cloud Computing I latform as a Service (PaaS)- (cont)

PaaS Examples:

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


L loud Models

Cloud History

Cloud Types

Adv And DisAdv

Cloud Computing I oftware as a Service (SaaS)

SaaS model allows to use software applications as a service to end users.

SaaS is a software delivery methodology that provides licensed multi-tenant access to software and its functions remotely as a Web-based service.

Usually billed based on usage Usually multi tenant environment Highly scalable architecture

The Future of Application in the cloud

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


L loud Models

Cloud History

Cloud Types

Adv And DisAdv

Cloud Computing

Saas Examples:

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References

I ervice as a Service (SaaS)


L loud Models

Cloud History

Cloud Types

Adv And DisAdv

Cloud Computing

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References

Application

Data

Runtime

Middleware

O/S

Virtualization

Servers

Storage

Networking

Application

Data

Runtime

Middleware

O/S

Virtualization

Servers

Storage

Networking

Application

Data

Runtime

Middleware

O/S

Virtualization

Servers

Storage

Networking

PaaS

IaaS

hostBuildConsume

Man

age

by

Serv

ice

Pro

vid

er

Man

age

by

Clie

nt


L loud Models

Cloud History

Cloud Types

Adv And DisAdv

Cloud Computing

PaaS:Rapid development at low cost.Private or Public deploymentLimits developers to provider languages and tools

SaaS:Free or paid via subscriptionAccessible from any computerFacilitates collaborative workingGeneric applications not always suitable for business use…

Pros and Cons

Proposed Model

Cloud Intrusion

Article Introduce

Conclusion

Ignite

References


Almost limitless storage500,000 x more capacity

Adv and DisAdv

Cloud History

Cloud Types

Cloud Models

Cloud Intrusion

Cloud Computing

Disadvantage of CLOUD Advantage of CLOUD

Sporadic Batch Computing

Disaster Recovery

Performance

Transparency

ServiceIndustry ratio for staff-to-customersIs 3:500

Proposed Model

Article Introduce

Conclusion

Ignite

References


Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

A rticle introduce

A n Efficient Cloud Network Intrusion Detection System

© Springer India 2015

J.K. Mandal et al. (eds.), Information Systems Design and

Intelligent Applications,

Advances in Intelligent Systems and Computing 339,

DOI 10.1007/978-81-322-2250-7_10

P. Ghosh (&) A.K. Mandal R. Kumar

Information Technology, Netaji Subhash Engineering College, Kolkata, India

e-mail: [email protected]

A.K. Mandal

e-mail: [email protected]

R. Kumar

e-mail: [email protected] Intrusion

Proposed Model

Conclusion

Ignite

References

mailto:[email protected]




Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

C loud I ntrusion

Article Introduce

With the enormous use of Cloud, the probability of occurring intrusion also increases.

Intrusion Detection System (IDS) is a stronger strategy to providesecurity.

In the paper, they have proposed an efficient, fast and secure IDS with the collaboration of:

Multi-threaded Network Intrusion Detection System (NIDS), And Host Intrusion Detection System (HIDS).

Proposed Model

Conclusion

Ignite

References

What is Problem?


Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

C loud I ntrusion

Article Introduce Analysis of packets is done using: K-Nearest Neighbor And Neural Network (KNN-NN) hybrid classifier.

After getting the report from the Cloud-IDS: Cloud Service Provider (CSP) will generate an alert for the user as well as

maintain a loglist for storing the malicious IP addresses.

In the Intrusion Detection system, Cloud-IDS capture packets from Network, Analyze them, And send reports to the Cloud Administrator on the basis of analysis.

Proposed Model

Conclusion

Ignite

References


Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

C loud I ntrusion

Article Introduce

Proposed Model

Fig. 1: Intrusion detection system in cloud environmentConclusion

Ignite

References


Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

Article Introduce

Proposed M odel

Cloud Intrusion

The Multi-threaded NIDS model for Cloud environment is basically based on three modules Capture and Query module, Analysis module, And Reporting module.

Conclusion

Ignite

References

P roposed Model - cont:

In proposed model, network maintenance or monitoring device called NIDS that used at the bottleneck position of the network.

In this model, for intrusion detection, they have used multi-threaded NIDS to monitor the requests send by the user. To overcome the large network traffic. and for easy process.


Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

Article Introduce

Proposed M odel

Cloud Intrusion

Fig. 2:Flowchart of multithreaded cloud IDS

Conclusion

Ignite

References



Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

Article Introduce

Proposed M odel

Cloud Intrusion

Fig. 3 Flowchart of IDS using KNN-NN classifier

Conclusion

Ignite

References



Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

Article Introduce

R eferences:

R eferences

Cloud Intrusion

Proposed Model

Conclusion

Ignite

Mittal, R., Soni, K.: Analysis of cloud computing architectures. Int. J. Adv. Res. Comput. Commun. Eng. 2, 2087–2091 (2013)

Partha, G., Abhay, ,K.and Rupesh Kumar: An Efficient Cloud Network Intrusion Detection System. Springer, Indea, 2015.

http:Wikipeda.com, last visited 11/8/2015. http://virtualization.itpro.ir, last visited 11/7/2015.

http://www.wikipeda.com/

http://virtualization.itpro.ir/

Thank You!

Mohammad Sadegh Salehi [email protected]

Mohammad Sadegh Salehi [email protected]

(:علیه السالم)امام علی .لَبِ المالِ طَأیُّهَا النّاسُ اعلَمُوا أنَّ کَمالَ الدّینِ طَلَبُ العِلْمِ وَالعَمَلُ بِهِ، أال وَإنَّ طَلَبَ العِلْمِ أوجَبُ عَلَیْکُم مِنْ

ا و عمل به آن است و آگاه باشید که دانش اندوزی از مال اندوزی بر شمکسب دانش ای مردم بدانید که کمال دین، . واجب تر است

Surely, the completion of one’s faith lies in seeking knowledge and putting it into practice, and know that seeking knowledge is more necessary for you than amassing wealth.

Imam Ali

30، ص 1کافی، ج


Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

Article Introduce

I gnite

Cloud Intrusion

Proposed Model

Conclusion

References

Do you Use the Cloud?


Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

Article Introduce

Conclusion

C onclusion

Cloud Intrusion

Fig. 5 Detection accuracy

Proposed Model

Ignite

References


Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

Article Introduce

Proposed M odel

Cloud Intrusion

Fig. 4 Intrusion based task of administrator

Conclusion

Resource

Ignite

References



Cloud History

Cloud Types

Cloud Models

Adv And Disadv

Cloud Computing

Article Introduce

Proposed M odel

Cloud Intrusion

In proposed model, network maintenance or monitoring device called NIDS.

NIDS used at the bottleneck position of the network.

In this model, for intrusion detection, they have used multi-threaded NIDS to monitor the requests send by the user.

To overcome the large network traffic. and for easy process.

Conclusion

Ignite

References

P roposed Model: