Article Preview
TopIntroduction
Information are stored digitally, and many business processes are processed digitally and transmitted over IT networks, which means businesses, administrations and citizen’s data depends on the proper operation of the information technology used. Rapid growth of resources and escalating cost of infrastructure is leading organizations to adopt cloud computing. This technology has emerged as an important paradigm for deploying services and applications for both enterprises/administration and end-users, providing many characteristics:
On-demand self-service: A consumer can unilaterally provision computing capabilities as needed automatically without requiring human interaction with each service provider (Mell, 2011).
Resource pooling: The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned according to consumer demand.
Measured service: Cloud systems automatically control and optimize resource used by leveraging a metering capability at some level of abstraction appropriate to the type of service
To interact with various services in the cloud and to store the data processed by cloud services, several security capabilities are required. Cyber-attacks present a ubiquitous threat to an enterprise’s information in Cloud Computing asset and must be properly controlled. This security concern is one of the primary hurdles that prevent the widespread adoption of the cloud by potential enterprises. Although these sensitive data could be protected by deploying intrusion detection systems and firewalls. Security attacks are still likely to occur and infiltrate onto networks, making them harder to detect with actual technologies and security measures especially in cloud environment with the enormous number of users and the evolutions of attacks.
To detect attacks in this high-speed and multi-users network environment. We suggest, a bulk of analysis to be performed by distributed and collaborative risk agents in Cloud services with an analysis in depth for all attacks patterns.
This paper explores two related challenges in the context of intrusion detections in cloud computing, the first concern is the approach of intrusion detection-based risk assessment and attack pattern, which have demonstrated its efficiency to reduce the number of alarms. The second concern is about the architecture of implementation. The increasing complexity and convergence of the network architectures in cloud introduces additional risk that must be taken into account by intrusion detection systems, we address in this paper an architecture of implementation to be used in order of intrusion detection based on attack pattern and risk assessment in cloud environment.
Experimental implementation of the approach has demonstrated its efficiency to reduce the number of false alarms by distinguishing between attacks and normal patterns directed to cloud services.
The remainder of this paper is structured as follows: in the first section, we give an overview in related work and intrusion detection approaches with advantages and limitations of each approach. The second section describes intrusion detection-based attack pattern and risk assessment. The third section describes our probabilistic approach for likelihood determination in attack patterns; we discuss in the same section the initial results of deployment. The last section of this article will present a conclusion and future works.
TopIntrusion detection refers to a problem of finding non-conforming patterns or behaviors in user’s requests and traffic data, in order to enumerate attackers who are attempting to expose network and service vulnerabilities. In this type of system, attacks can be detected based on the analysis and correlation by using two essential types of IDS: signature based and behavior-based IDS.
The misuse detection uses the knowledge accumulated about attacks and checks for signatures of these attacks, while the anomaly detection builds a reference model of the usual behavior of the system being monitored, and checks for deviations from the observed usage (Sha, 2017). The false positive rates of misuse detection are lower than the rates of behavioral detection.