SECURITY IN CLOUD COMPUTING USING MUL-LEVEL INTRUSION DETECTION AND LOG MANAGEMENT SYSTEM

Description

CHAPTER ONE

INTRODUCTION

1.1 Background of the study:

The term cloud is analogical to “Internet”. The term cloud computing is based on cloud drawings used in the past to represent telephone networks and later to depict internet. Cloud computing is internet based computing where virtual shared servers provide software, infrastructure, platform, devices and other resources and hosting to customer as a service on pay-as you-use basis. Many companies have started to find ways to decrease IT cost and overcome economic recession. Cloud Computing service is a new computing paradigm in which people only need to pay for use of services without cost of purchasing physical hardware. For this reason, Cloud Computing has been rapidly developed along with the trend of IT services. It is efficient and cost economical for consumers to use computing resources as much as they need or use services they want from Cloud Computing provider. Especially, Cloud Computing has been recently more spotlighted than other computing services because of its capacity of providing unlimited amount of resources. Moreover, consumers can use the services wherever Internet access is possible, so Cloud Computing is excellent in the aspect of accessibility. Cloud Computing systems have a lot of resources and private information, therefore they are easily threatened by attackers. Especially, System administrators potentially can become attackers. Therefore, Cloud Computing providers must protect the systems safely against both insiders and outsiders. Intrusion Detection Systems (IDSs) are one of the most popular devices for protecting Cloud Computing systems from various types of attack. Because an IDS observes the traffic from each Virtual Machine (VM) and generates alert logs, it can manage Cloud Computing globally. Another important problem is log management. Cloud Computing systems are used by many people, therefore, they generate huge amount of logs. So, system administrators should decide to which log should be analysed first.

Cloud Computing is a fused-type computing paradigm which includes Virtualization, Grid Computing, Utility Computing, Server Based Computing(SBC), and Network Computing, rather than an entirely new type of computing technique. Cloud computing has evolved through a number of implementations. Moving data into the cloud provides great convenience to users. Cloud computing is a collection of all resources to enable resource sharing in terms of scalable infrastructures, middleware, application development platforms, and value-added business applications. The characteristics of cloud computing includes: virtual, scalable, efficient, and flexible. In cloud computing, three kinds of services are provided: Software as a Service (SaaS) systems, Infrastructure as a Service (IaaS) providers, and Platform as a Service (PaaS). In SaaS, systems offer complete online applications that can be directly executed by their users; In IaaS, providers allow their customers to have access to entire virtual machines; and in SaaS, it offers development and deployment tools, languages and APIs used to build, deploy and run applications in the cloud (Parag et al., May 2012).

A cloud is subject to several accidental and intentional security threats, including threats to the integrity, confidentiality and availability of its resources, data and infrastructure. Also, when a cloud with large computing power and storage capacity is misused by an ill-intentioned party for malicious purposes, the cloud itself is a threat against society. Intentional threats are imposed by insiders and external intruders. Insiders are legitimate cloud users who abuse their privileges by using the cloud for unintended purposes and we consider this intrusive behaviour to be detected. An intrusion consists of an attack exploiting a security flaw and a consequent breach which is the resulting violation of the explicit or implicit security policy of the system. Although an intrusion connotes a successful attack, IDSs also try to identify attacks that don’t lead to compromises. Attacks and intrusions are commonly considered synonyms in the intrusion detection context (Debar et al, 1999).

The underlying network infrastructure of a cloud, being an important component of the computing environment, can be the object of an attack. Grid and cloud applications running on compromised hosts are also a security concern. We consider attacks against any network or host participating in a cloud as attacks against that, since they may directly or indirectly affect its security aspects.
Cloud systems are susceptible to all typical network and computer security attacks, plus specific means of attack because of their new protocols and services.

IDSs are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analysing them for signs of security problems. IDSs are one of widely used security technologies. An IDS alerts to system administrators, generate log about attack when it detects signature of accident according to host or network security policy. IDS can be installed in a host or a network according to purpose. Thus, the aim of the IDS is to alert or notify the system that some malicious activities have taken place and try to eliminate it. According to the method of the collection of intrusion data, all the intrusion detection systems can be classified into two types: host-based and network-based IDSs. Host based intrusion detection systems (HIDSs) analyse audit data collected by an operating system about the actions performed by users and applications; while network-based intrusion detection systems (NIDSs) analyse data collected from network packets (Parag et al., May 2012).

IDSs analyse one or more events gotten from the collected data. IDS system is classified into two different parts: misuse detection and anomaly detection. Misuse detection systems use signature patterns of exited well-known attacks of the system to match and identify known intrusions. A Misuse detection techniques, in general, are not effective against the latest attacks that have no matched rules or pattern yet. Anomaly detection systems identify those activities which deviate significantly from the established normal behaviours as anomalies. These anomalies are most likely regarded as intrusions. Anomaly detection techniques can be effective against unknown or the latest attacks. However, anomaly detection systems tend to generate more false alarms than misuse detection systems because an anomaly may be a new normal behaviour or an ordinary activity. While IDS detects an intrusion attempt, IDS should report to the system administrator.

There are three ways to report the detection results. They are notification, manual response, and automatic response. In notification response system, IDS only generates reports and alerts. In manual response system, IDS provides additional capability for the system administrator to initiate a manual response. In automatic response system, IDS immediately respond to an intrusion through auto response system (Prema et al, 2014).

1.2 Problem Statement

Cloud Computing provides large scale computing resource to each customer. Cloud Computing systems can be easily threatened by various cyber-attacks, because most of Cloud Computing systems provide services to so many people who are not proven to be trustworthy. There are various issues that need to be dealt with in respect to security and performance in a cloud computing system. A common issue is intrusion detection systems management of large loads of data. There needs to be a strong balance between IDS security level and system performance. If the IDS provide stronger security service using more rules or patterns, then it needs much more computing resources in proportion to the strength of security. So the amount of resources allocating to customers decreases. Another issue in Cloud Computing is that, huge amount of logs makes system administrators hard to analyze them. To resolve these kinds of issues, a multi-level ID’S and log management system is proposed to enables Cloud Computing system to achieve both effectiveness of using the system resource and strength of the security service without trade-off between them. The proposed system could detect various types of attacks and provide suitable level of security by examining attacker data record observed in processes on the virtual machine without consuming much system resources that will have adverse impact on resource allocation to client services.

1.3. Aim and Objectives of the Research

The aim of this research is to use multi-level intrusion detection system and log management system to ensure security of cloud resources by detecting various types of attacks and provide suitable level of security by examining attacker data record observed in processes on the virtual machine without consuming much system resources that will have adverse impact on resource allocation to client services. The objectives of this research work are as follows:

1. To conduct a feasibility study on the application of multi-level IDS and log management platform on cloud based security.
2. To design a multi-level IDS and user log management platform using context diagram, use case diagram, ERD.

• To implement the design in (ii) above using ASP.NET MVC-(Active Server pages) programming language.

1. To test and evaluate the codes developed in (iii) above for correctness and robustness.

1.4 Scope of the Study

Multi-level intrusion detection and log management in cloud computing  is an embracing topic in the determinant of how applications are developed and installed on a server, intrusion detection systems which acts as an antivirus is also installed to fight against cyber-attacks.  For the purpose of this research work, we shall be limited to developing an application that uses multi-level intrusion system and log management system that manage logs for the purpose of securing the cloud resources.

1.5 Definition of Terms

Cloud Computing: It is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. And by computing resources we mean any things that can be utilized as part of computing systems, this includes the networks, servers, storage, applications, and services. An important concept that is always being mentioned as an apparent advantage of cloud computing is the availability of resources.

Intrusion Detection Systems: An Intrusion Detection System (Commonly referred to IDS) is a system that replaces the typical task of system administrators of constantly reviewing the log files in attempt to spot any abnormal records (any records that indicate a malicious activity by the user.).

HTML CODE: – HTML stands for Hyper Text Markup Language. It is a type of computer language that is primarily used for files that are posted on the internet and viewed by web browsers. HTML files can also be sent via email.

MARKUP LANGUAGE: – A markup language is a combination of words and symbols which give instructions on how a document should appear. For example, a tag may indicate that words are written in italics or bold type.

WEB BROWSER: -A Web browser is a software program that interprets the coding language of the World Wide Web in graphic form, displaying the translation rather than the coding. This allows anyone to “browse the Web” by simple point and click navigation, bypassing the need to know commands used in software languages.

FILE EXTENSION: – A file extension is the suffix at the end of a filename that tells a computer, and the computer user, which program is needed to open the file. Also called a filename extension, this suffix preceded by at least one period, is generally one to five characters long but the norm is usually three characters in length.

EMAIL: – Email, also sometimes written as e-mail, is simply the shortened form of electronic mail, a protocol for receiving, sending, and storing electronic messages. Email has gained popularity with the spread of the Internet. In many cases, email has become the preferred method of communication.