Intrusion Detection Management as a Service in Cloud Computing Environments

Abstract

Current implementations and research trends for intrusion detection in grid and cloud environments are limited to addressing the requirements for the perfect intrusion detection to be part of the security infrastructure. This doesn’t take into consideration the requirements of the cloud’s clients. In this thesis, we address the intrusion detection in cloud environments from a different perspective, mainly on the possibilities to allow intrusion detection to be provided to clients as a service. The thesis includes the limitations in current intrusion detection systems that don’t allow such user-friendly architecture of intrusion detection. The thesis describes the Cloud Intrusion Detection Service (CIDS), which is a novel intrusion detection Web Service to be provided for cloud clients in a service-based manner. CIDS utilizes the “Snort” open source intrusion detection system. The operating logic and user access webpages were developed using J2EE. The testing environment was composed of two scenarios. The first scenario aimed at measuring the relative overhead of using CIDS while the second one aims at measuring the CIDS effectiveness and performance improvements over other implementations for approaching the same problem. The CIDS was eventually found to put very small overhead due to the extra complexity in the definitions of the attack models but at the same time gave excellent results when it was compared to the other solutions. This improvement would be experienced by both the cloud providers and subscribers alike.