Sanchika Gupta

A Profile Based Network Intrusion Detection and Prevention System for Securing Cloud Environment

Cloud computing provides network based access to computing and data storage services on a pay per usage model. Cloud provides better utilization of resources and hence a reduced service access cost to individuals. Cloud services include software as a service, platform as a service, and infrastructure as a service. Cloud computing virtually and dynamically distributes the computing and data resources to a variety of users, based on their needs, with the use of virtualization technologies. As Cloud computing is a shared facility and is accessed remotely, it is vulnerable to various attacks including host and network based attacks (Brown 2012, and Grance 2009) and hence requires immediate attention. This paper identifies vulnerabilities responsible for well-known network based attacks on cloud and does a critical analysis on the security measures available in cloud environment. This paper focuses on a nonconventional technique for securing cloud network from malicious insiders and outsiders with the use of network profiling. With network profiling, a profile is created for each virtual machine (VM) in cloud that describes network behavior of each cloud user (an assigned VM). The behavior gathered is then used for determination (detection) of network attacks on cloud. The novelty of the approach lies in the early detection of network attacks with robustness and minimum complexity. The proposed technique can be deployed with minimal changes to existing cloud environment. An initial prototype implementation is verified and tested on private cloud with a fully functional implementation under progress.

An Immediate System Call Sequence Based Approach for Detecting Malicious Program Executions in Cloud Environment

Cloud computing is a well-known architecture that provides Computing and data Storage services remotely over Internet on a pay per usage model which results in better utilization of resources with reduced cost for individuals to access it. As Cloud Computing is a shared facility and is accessed remotely, it is vulnerable to various attacks including hosts and network based attacks that require immediate attention. This paper focuses on attacks that are due to malicious Syscall executions from subverted programs, Rootkits, Worms and Trojans on Hosts in a Cloud Computing environment. The paper critically describes and discusses the present techniques for malicious System Call detection and proposes a new Immediate Syscall signature structure based technique to determine malicious program executions in Cloud. The proposed technique is efficient in terms of complexity involved and resources utilized by it, so as to justify its feasible deployment is low cost and platform independent in Cloud environment. The proposed technique has also been validated on all available UNM (University of New Mexico) datasets and with a 98% accuracy in program wide detection for detecting intrusive processes. The functional prototype is deployed on a private Cloud environment using open nebula and virtual box for analysis and results.

Secure Private Cloud Architecture for Mobile Infrastructure as a Service

Cloud based systems have gained popularity over traditional systems owing to their advantages like cost effectiveness, pay per use, scalability and ease to upgrade. Market is dominated by various cloud vendors providing Infrastructure as a Service (IaaS). However threat to security in mobile IaaS based cloud environment prohibits the usage of services specially, in case of public cloud environment. In this paper we propose secure private cloud architecture for mobile infrastructure as a service. As a prototype service, we deploy a virtual research lab which provides infrastructure and computing resources dynamically in a secure way. The proposed secure private cloud architecture for the lab environment provides the cloud services along with mobility. Mobility gives the researcher the flexibility to access cloud services on their mobile devices anywhere and anytime. We analyse the proposed architecture using a prototype on OpenNebula platform and compare it with traditional computational infrastructure. Results show that our architecture is capable to support 84% more users.

VM Profile Based Optimized Network Attack Pattern Detection Scheme for DDOS Attacks in Cloud

Cloud computing is a well-known internet platform based technology that provides access to rented, remotely located and distributed IT resources such as computing infrastructure, storage, online web and utility application on a pay per usage model. As it is a widely used service by individual users to corporate organizations and contains valuable data and applications, it is known to be vulnerable to risks and threats such as network level threats, host level threats and virtualization layer vulnerabilities etc. However for counterattacking these vulnerabilities traditional defense measures exists but are not efficient, scalable and optimized to be used in cloud. The paper identifies the drawbacks in the current schemes used for handling network attacks (primarily DDOS) and provides a new direction in which the same level of security capabilities for network can be obtained with minimal expense of resources which is the prime requirement for any scheme for being applicable in cloud environment. The paper describes a prototype implementation of the concept with details of experimental setup and initial results.

A fingerprinting system calls approach for intrusion detection in a cloud environment

Cloud Computing envisioned as the next generation architecture for IT enterprises, has proliferated itself due to the advantages it provides. Cloud Computing provides solutions for carrying out efficient, scalable and low cost computing. Due to the distributed nature of cloud based system, it is vulnerable to a large category of attacks out of which VM based attacks are most common. To counter these attacks we need Intrusion Detection System (IDS), which is used to monitor network traffic and policy violations from unauthorized users. Anomaly Detection is a technique of Intrusion Detection, which is used to detect intrusions by monitoring system activity and finding out patterns that do not comply with the normal behavior. In this paper an approach for anomaly detection in cloud environment is presented, which is based upon analysis of system call sequences generated by the virtual machines to the hypervisor. Our proposed implementation prevents malicious VM users to modify well known frequently executed programs.

IDS Based Defense for Cloud Based Mobile Infrastructure as a Service

Cloud Computing has emerged as one of the rapidly growing technology. Cloud has gained popularity owing to its advantages like cost-effectiveness, pay per use, scalability and ease to upgrade. In spite of all these benefits, the risk of security is preventing many organizations to adopt cloud environment. Unless cloud become resilient to the security threats owing to the change in the computing environment, it is impossible to get the full benefit of cloud. Switching to new computing environment has added different aspects to security besides the security threats present the traditional computing environment. Hence there is a need of different security framework in order to make cloud resistant to various security threats. This paper presents an IDS framework for cloud to provide security from the IaaS based attacks. The IDS has got two separate modules for network based attacks and host based attacks. This paper discusses the prototype of the framework and evaluation of the framework.

A Hybrid Intrusion Detection Architecture for Defense against DDoS Attacks in Cloud Environment

Cloud Computing is emerging out as the future of next generation architecture for information technology enterprises. But due to its popularity, it is vulnerable to various unwanted attacks. One of the solutions is intrusion detection system. The Existing architectures of IDS in cloud environment are deployed on the network periphery of each guest OS that offers high attack resistance at the cost of visibility. In this paper, we propose hybrid architecture for deployment of intrusion detection system which takes into account security at both the front end and the clusters. This Paper also includes a critical review of previously proposed architectures on deployment of Intrusion Detection Systems in Cloud Environment and a detailed description of the research Gaps identified. Our approach leverages VMware virtualization techniques using open nebula as a test bed for deploying our proposed system.

System cum Program-Wide Lightweight Malicious Program Execution Detection Scheme for Cloud

ABSTRACT Cloud is prone to a set of well-known network and host-based attacks from cloud insiders, cloud users, and outside attackers. This paper concretely focuses over the detection of malware and program modification-based attacks through identification of malicious program executions and malware at the client virtual machines and hosts in a cloud environment. The paper also focuses on the related techniques for malware detection using system call sequence measures. An immediate system call structure-based program cum system-wide technique is proposed for the detection of anomalous program executions and malwares in the cloud. The algorithm is validated over University of New Mexico sendmail data set. Effective deployment architecture for such an implementation is also presented as a distributed cum centralized intrusion prevention system (IPS). The proposed IPS also solves the problem of individual IPS getting malformed at client virtual machine with the use of both process and system level based detection strategies. The paper provides detailed results and experimentations of the proposed intrusion detection technique on a private cloud with open nebula and virtual box.

Implementing private cloud at IIT Roorkee: an initial experience

Cloud Computing has emerged as a promising technology to provide computing resources as public utility. Its features like cost effectiveness, pay per use and scalability have attracted many organization to adopt cloud computing environment in order to cut down IT cost. Hence market is blooming with the cloud vendors like Amazon, IBM who provide Infrastructure as a service. It saves the organizations form the complications of building infrastructure and hence the organization can concentrate on the quality of services and products to be delivered. Though the features like cost effectiveness and scalability have made cloud popular, at the same time, the features like multi-tenancy has refrained some of the organizations dealing with confidential information, from adopting cloud. This is because in the changed computing paradigm, the information of the client is present in the vendors premises. This implies less control over the data. For educational institutes, which need to secure the confidentiality and privacy of data, a private cloud can be a good solution. Hence we propose private cloud architecture for educational institute which can provide Infrastructure as a Service to the students and teachers without compromising the confidentiality of information. The proposed architecture has been deployed using open-source cloud computing tool kit called OpenNebula. It has been compared with traditional computing infrastructure. Results show that our architecture increases resource utilization up to 85%, thus increasing the efficiency.

A Resource-Efficient Integrity Monitoring and Response Approach for Cloud Computing Environment

Cloud computing has an immense need of file monitoring techniques to be applied so that system-specific configuration files are not modified by the virtual machine users or cloud insiders/outsiders for carrying out unwanted operations such as privilege escalation or system misconfiguration. The article critically describes the previous work done in the area of file monitoring and why there is a need for lightweight and efficient mechanism for its deployment in cloud. A centralized cum distributed approach for file monitoring of VMs on a host in cloud and the initial outcomes of its execution are presented in this article. The scheme does not use any database for storing file integrity, which eventually results in increased computational and storage efficiency. The technique is presented for the use by admins for ensuring integrity of specific files at VM hosts but can be upgraded to provide support to user-specified files as well.