A profile based network intrusion detection and prevention system for securing cloud environment

Abstract

Cloud computing provides network based access to computing and data storage services on a pay per usage model. Cloud provides better utilization of resources and hence a reduced service access cost to individuals. Cloud services include software as a service, platform as a service, and infrastructure as a service. Cloud computing virtually and dynamically distributes the computing and data resources to a variety of users, based on their needs, with the use of virtualization technologies. As Cloud computing is a shared facility and is accessed remotely, it is vulnerable to various attacks including host and network based attacks (Brown 2012, and Grance 2009) and hence requires immediate attention. This paper identifies vulnerabilities responsible for well-known network based attacks on cloud and does a critical analysis on the security measures available in cloud environment. This paper focuses on a nonconventional technique for securing cloud network from malicious insiders and outsiders with the use of network profiling. With network profiling, a profile is created for each virtual machine (VM) in cloud that describes network behavior of each cloud user (an assigned VM). The behavior gathered is then used for determination (detection) of network attacks on cloud. The novelty of the approach lies in the early detection of network attacks with robustness and minimum complexity. The proposed technique can be deployed with minimal changes to existing cloud environment. An initial prototype implementation is verified and tested on private cloud with a fully functional implementation under progress