Chirag N. Modi

Review: A survey of intrusion detection techniques in Cloud

In this paper, we survey different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. Proposals incorporating Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) in Cloud are examined. We recommend IDS/IPS positioning in Cloud environment to achieve desired security in the next generation networks.

A survey on security issues and solutions at different layers of Cloud computing

Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment.

Maintaining privacy and data quality in privacy preserving association rule mining

Privacy preserving data mining (PPDM) is a novel research direction to preserve privacy for sensitive knowledge from disclosure. Many of the researchers in this area have recently made effort to preserve privacy for sensitive association rules in statistical database. In this paper, we propose a heuristic algorithm named DSRRC (Decrease Support of R.H.S. item of Rule Clusters), which provides privacy for sensitive rules at certain level while ensuring data quality. Proposed algorithm clusters the sensitive association rules based on certain criteria and hides as many as possible rules at a time by modifying fewer transactions. Because of less modification in database it helps maintaining data quality.

A novel framework for intrusion detection in cloud

One of the major security challenges in cloud computing is the detection and prevention of denial-of-service (DoS) attacks. In order to detect and prevent DoS attacks as well as other malicious activities at the network layer, we propose a framework which integrates a network intrusion detection system (NIDS) in the Cloud infrastructure. We use snort and decision tree (DT) classifier to implement this framework. It aims to detect network attacks in Cloud by monitoring network traffic, while maintaining performance and service quality. To validate our approach, we evaluate the performance and detection efficiency by using the freely available NSL-KDD and KDD experimental intrusion datasets. The results show that the proposed framework has a higher detection rate with low false positives at an affordable computational cost.

A novel hybrid-network intrusion detection system (H-NIDS) in cloud computing

To detect and prevent network intrusions in Cloud computing environment, we propose a novel security framework hybrid-network intrusion detection system (H-NIDS). We use different classifiers (Bayesian, Associative and Decision tree) and Snort to implement this framework. This framework aims to detect network attacks in Cloud by monitoring network traffic, while ensuring performance and service quality. We evaluate the performance and detection efficiency of H-NIDS for ensuring its feasibility in Cloud. The results show that the proposed framework has higher detection rate and low false positives at an affordable computational cost.

Collaborative IDS Framework for Cloud

Cloud computing is used extensively to deliver utility computing over the Internet. Defending network accessible Cloud resources and services from various threats and attacks is of great concern. Intrusion Detection System (IDS) has become popular as an important network security technology to detect cyber-attacks. In this paper, we propose a novel Collaborative IDS (CIDS) Framework for cloud. We use Snort to detect the known stealthy attacks using signature matching. To detect unknown attacks, anomaly detection system (ADS) is built using Decision Tree Classifier and Support Vector Machine (SVM). Alert Correlation and automatic signature generation reduce the impact of Denial of Service (DoS)/Distributed DoS (DDoS) attacks and increase the performance and accuracy of IDS.

Virtualization layer security challenges and intrusion detection/prevention systems in cloud computing: a comprehensive review

Virtualization plays a vital role in the construction of cloud computing. However, various vulnerabilities are existing in current virtualization implementations, and thus there are various security challenges at virtualization layer. In this paper, we investigate different vulnerabilities and attacks at virtualization layer of cloud computing. We examine the proposals of cloud intrusion detection system (IDS) and intrusion detection and prevention system frameworks. We recommend the cloud IDS requirements and research scope to achieve desired level of security at virtualization layer of cloud computing.

A Survey on Preserving Privacy for Sensitive Association Rules in Databases

Privacy preserving data mining (PPDM) is a novel research area to preserve privacy for sensitive knowledge from disclosure. Many of the researchers in this area have recently made effort to preserve privacy for sensitive knowledge in statistical database. In this paper, we present a detailed overview and classification of approaches which have been applied to knowledge hiding in context of association rule mining. We describe some evaluation metrics which are used to evaluate the performance of presented hiding algorithms.

An efficient approach for privacy preserving distributed mining of association rules in unsecured environment

Distributed data mining techniques are widely used for many applications viz; marketing, decision making, statistical analysis etc. In distributed data environment, each of the involving sites contains local information which will be collaborated to extract global mining result. However, these techniques have been investigated in terms of privacy and security concerns of individual sites information. To solve this problem, many cryptography techniques have been investigated. Still there is a room for further improvement. In this paper, we propose an efficient approach for privacy preserving distributed association rule mining. We use onion routing protocol in order to exchange information among involving sites. We use an elliptic curve (EC) based cryptography in order to achieve security and privacy of individual sites information in unsecured distributed environment. Finally, we analyze proposed solution in terms of security, privacy, computational cost and communication cost.

Elliptic Curve Cryptography Based Mining of Privacy Preserving Association Rules in Unsecured Distributed Environment

Distributed data mining techniques are often used for various applications. In terms of privacy and security issues, these techniques are recently investigated with a conclusion that they reveal data or information to each other parties involved to find global valid results. But because of privacy issues, involving parties do not want to reveal such type of data. Recently many cryptography techniques have been found to address privacy problems in distributed mining. In this paper, we propose an elliptic curve cryptography based algorithm to mine privacy-preserving association rules on horizontal partitioned data. Moreover, we have also considered unsecured communication channels in distributed environment. Proposed algorithm provides privacy and security against involving parties and other parties (adversaries) who can reveal information by reading unsecured channel between involving parties. Finally, we analyze the privacy and security provided by proposed algorithm and also discuss the communication and computation cost of proposed algorithm. Keywords-Data Mining; Association Rules; Distributed Databases; Privacy; Security; Eliptic Curve Cryptography;