cloud intrusion detection system
TRANSCRIPT
IN THE NAME OF ALLAHMost Gracious, Most Merciful
Cloud Network Intrusion Detection
Mohammad Sadegh SalehiBy:
Fall 20152
genda
01
What is CLOUD Computing?
History of CLOUD Computing02
CLOUD Types And Models03
CLOUD Advantage and Disadvantage04
CLOUD Intrusion Detection - article05
Cloud Network Intrusion Detection Fall 2015 4 / 34
The Cloud?
hat is
C loud Computing
CLOUD COMPUTING evolved from the term “the cloud”,
Cloud Computing is the overarching ability for user to access data, application, and services remotely, using internet.
THE CLOUD is a metaphor for the internet that was born from diagrams depicting the internet as a cloud.
CLOUD SERVICES, or cloud computing, can be categorized into three different levels.
Cloud History
Cloud Types
Cloud Models
Adv And DisAdv
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 5 / 34
C loud Computing
Cloud History
Cloud Types
Cloud Models
Adv And DisAdv
Cloud Components
It has three components 1.) Client computers2.) Distributed Servers3.) Datacenters
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 6 / 34
C loud Computing
Cloud History
Cloud Types
Cloud Models
Adv And DisAdv
Clients
Clients are the device that the end user interact with cloud. Four types of clients:
1.) Mobile and Tablet,2.) Thick,3.) Thin (Most Popular),4.) Zero (UltraThin).
It is collection of servers where application is placed and is accessed via internet.
Datacenters
Distributed servers
Often servers are in geographically different places, but server acts as if they are working next to each other.
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 7 / 34
Cloud Types
Cloud Models
Adv And DisAdv
L loud istory
Cloud Computing Cloud Computing: Past, Present and Future
1960sIdeas about computation as a public utility emerged in public discourse and literature
2001Autonomic Computing evolved as systems to aid self-management.
1997The word “cloud computing” was first used by information system Prof.Ramnach Chelappa.
2006Amazon offered “Amazon
Web Service” cloud computing to customers
2007Research on Cloud
Computing was undertaken by companies
like Google and IBM
Early 2008Open Source AWS API-compatible platform called
Eucalyptus offered private clouds.Packaging of computing resource become a metered
service called Utility Computing.
Mid 2008Organization began switching from company-owned hardware to cloud services.
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 8 / 34
Cloud Types
Cloud Models
Adv And DisAdv
L loud istory
Cloud Computing Cloud Computing: Past, Present and Future
2009The National science Foundation awarded approx. $5 million in grants for researching
cloud computing.
2010Microsoft Azure become commercially available.
2013$78bn worldwide public
cloud Service Market.
2015$114.3bn worldwide public cloud Service
Market.
The Future of Cloud Computing: Studies predict more than 50% of all
information technology will be in the cloud within the next 5 to 10 years
43%
In the next 5years , hybrid clouds are expected to represent 43% of the market higher than both public and private.
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 9 / 34
Cloud Types
Cloud Models
Adv And DisAdv
L loud istory
Cloud Computing What we store in the Cloud Today ?
By 2016 the Asia-Pacific market is expected to account for 1.5 Zb of global cloud computing usage.
Notes & Research
Music Address Book
Calendars BusinessDocs
Emails Photo
43%
43%
44%
48%
66%
70%
75%
According to a survey by Endurance International Group, The following type of data is most commonly stored on the cloud,
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 10 / 34
Cloud History
Cloud Models
Adv And DisAdv
Cloud Computing Public, Private or Hybrid??
In The “Cloud” infrastructure, platforms, software or processes are provided by external IT services.
There are some key point to consider when deciding which cloud is to be used:
To what extent application that want to move to the cloud are essential for business.
Data protection requirements.
Applications Workloads.
Application integration with other business Function.
L loud Types
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 11 / 34
Cloud History
Cloud Models
Adv And DisAdv
Cloud Computing Public CLOUD:
Data (text messages, mails, documents …).
Metadata (origin, destination, text length, time , call duration)
Applications, storage and other resources are available through the service provider.
The public cloud is usually maintained and managed by a service provider unrelated to the end customer.
Service Provider
Services applications and storage is available to users via internet, “as a service”, usually with a pay per use system.
L loud Types
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 12 / 34
Cloud History
Cloud Models
Adv And DisAdv
Cloud Computing Public CLOUD (cont):
Reduces complexity and deadlines because of its fixed structure
Provide less options For security and Output customization
Service Provider
The economy of scale that allows the public cloud computing technology makes it particularly attractive
STABLE FOR
Companies that need to be in the market quickly.
Business subjected to less regulatory restriction.
Companies looking to outsource part or all of their IT requirements.
L loud Types
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 13 / 34
Cloud History
Cloud Models
Adv And DisAdv
Cloud Computing Private CLOUD:
Company ServersExternal Provider
Companies install their own servers and storage hardware's.
You can move workloads between servers when demand peaks occur or to introduce new applications.
Unshared resource
Increased storage capacity:
Advanced security solutions high availability and fault tolerance that have no place in the public cloud.
Require a high level of commitment by both the corporation and IT departments.
L loud Types
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 14 / 34
Cloud History
Cloud Models
Adv And DisAdv
Cloud Computing Private CLOUD (cont):
STABLE FOR
Companies that must comply with strict regulation
Crucial applications for the company
L loud Types
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 15 / 34
PUBLIC PRIVATE
Images, Video, documents,…
AccountManagementPaymentServices, …
Cloud History
Cloud Models
Adv And DisAdv
Cloud Computing ybrid CLOUD:
Cost advantages and scale of public clouds, combined with the superior control of private.
Usually, companies run an application mainly in the private cloud while public cloud is used to cover peak in demand.
Moderate initial investment.
Platform scalability.
L loud Types
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 16 / 34
L loud Models
Cloud History
Cloud Types
Adv And DisAdv
Cloud Computing
S ervice Models are the reference models on which the Cloud Computing is based.
These can be categorized into three basic service models as listed below:
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 17 / 34
L loud Models
Cloud History
Cloud Types
Adv And DisAdv
Cloud Computing I nfrastructure as a Service (IaaS)
Usually billed based on usage Usually multi tenant virtualized environment Can be coupled with Managed Services for OS and application support
IaaS is a model where service providers offer pools of abstract IT infrastructure resources
servers, storage, and network component,… pay-per-usage model
The service provider owns the equipment and is responsible for housing, cooling, operation and maintenanceProposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 18 / 34
L loud Models
Cloud History
Cloud Types
Adv And DisAdv
Cloud Computing I nfrastructure as a Service (IaaS)- (cont)
IaaS Examples:
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 19 / 34
L loud Models
Cloud History
Cloud Types
Adv And DisAdv
Cloud Computing I latform as a Service (PaaS)- (cont)
PaaS provides the runtime environment for applications, development & deployment tools, etc.
PaaS provides all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely from the Internet.
Typically applications must be developed with a particular platform in mind
Multi tenant environments Highly scalable multi tier architecture
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 20 / 34
L loud Models
Cloud History
Cloud Types
Adv And DisAdv
Cloud Computing I latform as a Service (PaaS)- (cont)
PaaS Examples:
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 21 / 34
L loud Models
Cloud History
Cloud Types
Adv And DisAdv
Cloud Computing I oftware as a Service (SaaS)
SaaS model allows to use software applications as a service to end users.
SaaS is a software delivery methodology that provides licensed multi-tenant access to software and its functions remotely as a Web-based service.
Usually billed based on usage Usually multi tenant environment Highly scalable architecture
The Future of Application in the cloud
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 22 / 34
L loud Models
Cloud History
Cloud Types
Adv And DisAdv
Cloud Computing
Saas Examples:
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
I ervice as a Service (SaaS)
Cloud Network Intrusion Detection Fall 2015 23 / 34
L loud Models
Cloud History
Cloud Types
Adv And DisAdv
Cloud Computing
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Application
Data
Runtime
Middleware
O/S
Virtualization
Servers
Storage
Networking
Application
Data
Runtime
Middleware
O/S
Virtualization
Servers
Storage
Networking
Application
Data
Runtime
Middleware
O/S
Virtualization
Servers
Storage
Networking
PaaS
IaaS
hostBuildConsume
Man
age
by
Serv
ice
Pro
vid
er
Man
age
by
Clie
nt
Cloud Network Intrusion Detection Fall 2015 24 / 34
L loud Models
Cloud History
Cloud Types
Adv And DisAdv
Cloud Computing
PaaS:Rapid development at low cost.Private or Public deploymentLimits developers to provider languages and tools
SaaS:Free or paid via subscriptionAccessible from any computerFacilitates collaborative workingGeneric applications not always suitable for business use…
Pros and Cons
Proposed Model
Cloud Intrusion
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 25 / 34
Almost limitless storage500,000 x more capacity
Adv and DisAdv
Cloud History
Cloud Types
Cloud Models
Cloud Intrusion
Cloud Computing
Disadvantage of CLOUD Advantage of CLOUD
Sporadic Batch Computing
Disaster Recovery
Performance
Transparency
ServiceIndustry ratio for staff-to-customersIs 3:500
Proposed Model
Article Introduce
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 26 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
A rticle introduce
A n Efficient Cloud Network Intrusion Detection System
© Springer India 2015
J.K. Mandal et al. (eds.), Information Systems Design and
Intelligent Applications,
Advances in Intelligent Systems and Computing 339,
DOI 10.1007/978-81-322-2250-7_10
P. Ghosh (&) A.K. Mandal R. Kumar
Information Technology, Netaji Subhash Engineering College, Kolkata, India
e-mail: [email protected]
A.K. Mandal
e-mail: [email protected]
R. Kumar
e-mail: [email protected] Intrusion
Proposed Model
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 27 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
C loud I ntrusion
Article Introduce
With the enormous use of Cloud, the probability of occurring intrusion also increases.
Intrusion Detection System (IDS) is a stronger strategy to providesecurity.
In the paper, they have proposed an efficient, fast and secure IDS with the collaboration of:
Multi-threaded Network Intrusion Detection System (NIDS), And Host Intrusion Detection System (HIDS).
Proposed Model
Conclusion
Ignite
References
What is Problem?
Cloud Network Intrusion Detection Fall 2015 28 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
C loud I ntrusion
Article Introduce Analysis of packets is done using: K-Nearest Neighbor And Neural Network (KNN-NN) hybrid classifier.
After getting the report from the Cloud-IDS: Cloud Service Provider (CSP) will generate an alert for the user as well as
maintain a loglist for storing the malicious IP addresses.
In the Intrusion Detection system, Cloud-IDS capture packets from Network, Analyze them, And send reports to the Cloud Administrator on the basis of analysis.
Proposed Model
Conclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 29 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
C loud I ntrusion
Article Introduce
Proposed Model
Fig. 1: Intrusion detection system in cloud environmentConclusion
Ignite
References
Cloud Network Intrusion Detection Fall 2015 30 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
Article Introduce
Proposed M odel
Cloud Intrusion
The Multi-threaded NIDS model for Cloud environment is basically based on three modules Capture and Query module, Analysis module, And Reporting module.
Conclusion
Ignite
References
P roposed Model - cont:
In proposed model, network maintenance or monitoring device called NIDS that used at the bottleneck position of the network.
In this model, for intrusion detection, they have used multi-threaded NIDS to monitor the requests send by the user. To overcome the large network traffic. and for easy process.
Cloud Network Intrusion Detection Fall 2015 31 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
Article Introduce
Proposed M odel
Cloud Intrusion
Fig. 2:Flowchart of multithreaded cloud IDS
Conclusion
Ignite
References
P roposed Model - cont:
Cloud Network Intrusion Detection Fall 2015 32 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
Article Introduce
Proposed M odel
Cloud Intrusion
Fig. 3 Flowchart of IDS using KNN-NN classifier
Conclusion
Ignite
References
P roposed Model - cont:
Cloud Network Intrusion Detection Fall 2015 33 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
Article Introduce
R eferences:
R eferences
Cloud Intrusion
Proposed Model
Conclusion
Ignite
Mittal, R., Soni, K.: Analysis of cloud computing architectures. Int. J. Adv. Res. Comput. Commun. Eng. 2, 2087–2091 (2013)
Partha, G., Abhay, ,K.and Rupesh Kumar: An Efficient Cloud Network Intrusion Detection System. Springer, Indea, 2015.
http:Wikipeda.com, last visited 11/8/2015. http://virtualization.itpro.ir, last visited 11/7/2015.
Thank You!
Mohammad Sadegh Salehi [email protected]
Mohammad Sadegh Salehi [email protected]
(:علیه السالم)امام علی .لَبِ المالِ طَأیُّهَا النّاسُ اعلَمُوا أنَّ کَمالَ الدّینِ طَلَبُ العِلْمِ وَالعَمَلُ بِهِ، أال وَإنَّ طَلَبَ العِلْمِ أوجَبُ عَلَیْکُم مِنْ
ا و عمل به آن است و آگاه باشید که دانش اندوزی از مال اندوزی بر شمکسب دانش ای مردم بدانید که کمال دین، . واجب تر است
Surely, the completion of one’s faith lies in seeking knowledge and putting it into practice, and know that seeking knowledge is more necessary for you than amassing wealth.
Imam Ali
30، ص 1کافی، ج
Cloud Network Intrusion Detection Fall 2015 36 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
Article Introduce
I gnite
Cloud Intrusion
Proposed Model
Conclusion
References
Do you Use the Cloud?
Cloud Network Intrusion Detection Fall 2015 37 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
Article Introduce
Conclusion
C onclusion
Cloud Intrusion
Fig. 5 Detection accuracy
Proposed Model
Ignite
References
Cloud Network Intrusion Detection Fall 2015 38 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
Article Introduce
Proposed M odel
Cloud Intrusion
Fig. 4 Intrusion based task of administrator
Conclusion
Resource
Ignite
References
P roposed Model - cont:
Cloud Network Intrusion Detection Fall 2015 39 / 34
Cloud History
Cloud Types
Cloud Models
Adv And Disadv
Cloud Computing
Article Introduce
Proposed M odel
Cloud Intrusion
In proposed model, network maintenance or monitoring device called NIDS.
NIDS used at the bottleneck position of the network.
In this model, for intrusion detection, they have used multi-threaded NIDS to monitor the requests send by the user.
To overcome the large network traffic. and for easy process.
Conclusion
Ignite
References
P roposed Model: