A Cooperative and Hybrid Network Intrusion Detection Framework in Cloud Computing Based on Snort and Optimized Back Propagation Neural Network

Chiba, Zouhair; Abghour, Noreddine; Moussaid, Khalid; Omri, Amina El; Rida, Mohamed

doi:10.1016/j.procs.2016.04.249

Cited by 53 publications

(26 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If an attack was found in a layer, it cannot be executed in the other layers. Chiba et al [27] also propose a network-based cooperative IDS to identify network attacks in the cloud environment, which is performed by monitoring traffic while maintaining performance and service quality. Recently, Wahab et al [28,29] propose a game theoretic-based IDS.…”

Section: Related Workmentioning

confidence: 99%

An SVM-based framework for detecting DoS attacks in virtualized clouds under changing environment

2018

View full text Add to dashboard Cite

Cloud Computing enables providers to rent out space on their virtual and physical infrastructures. Denial of Service (DoS) attacks threaten the ability of the cloud to respond to clients requests, which results in considerable economic losses. The existing detection approaches are still not mature enough to satisfy a cloud-based detection systems requirements since they overlook the changing/dynamic environment, that characterises the cloud as a result of its inherent characteristics. Indeed, the patterns extracted and used by the existing detection models to identify attacks, are limited to the current VMs infrastructure but do not necessarily hold after performing new adjustments according to the pay-as-you-go business model. Therefore, the accuracy of detection will be negatively affected. Motivated by this fact, we present a new approach for detecting DoS attacks in a virtualized cloud under changing environment. The proposed model enables monitoring and quantifying the effect of resources adjustments on the collected data. This helps filter out the effect of adjustments from the collected data and thus enhance the detection accuracy in dynamic environments. Our solution correlates as well VMs application metrics with the actual resources load, which enables the hypervisor to distinguish between benignant high load and DoS attacks. It helps also the hypervisor identify the compromised VMs that try to needlessly consume more resources. Experimental results show that our model is able to enhance the detection accuracy under changing environments.

show abstract

Section: Related Workmentioning

confidence: 99%

An SVM-based framework for detecting DoS attacks in virtualized clouds under changing environment

2018

View full text Add to dashboard Cite

show abstract

“…In this way anomaly-based approach is able to detect zero-day attacks but results in high false positive rates (FPR) because deviation from normal behavior may not always leads to attack. There exists another detection approach called hybrid approach [31], [36] which combined the two approaches. With hybrid IDS , first, known attacks are detected and separated by matching with the attack signatures and then among the remaining stream the unknown attacks are detected by observing deviations of such packet features from those of the normal packets.…”

Section: Intrusion Detection Systemsmentioning

confidence: 99%

Intrusion Detection Analytics: A Comprehensive Survey

Sameera¹,

Shashi²

2019

International Journal of Advanced Scientific Research and Management

View full text Add to dashboard Cite

Cyber threat is growing on par with the advancements in the field of co mputer technology and information age which makes Intrusion detection Systems (IDSs) to get a lot of attention now a days. IDS is an evolv ing research area in the field of cyber security, which is aimed to detect cyber-intrusions. The authors have surveyed many research papers on IDS in the resent past and the essence of their survey is presented in this paper by keeping in thought of helping research scholars in the area of IDS. This paper aims at p resenting brief description of IDS and mach ine learning approach for its imp lementation. Though lot of literature survey on IDS exist, in this paper authors attempt to present a clear picture of IDS in all aspects through their extensive survey.

show abstract

“…The authors stress that the main research challenges are alert correlation algorithms and CIDS architectures that were categorised into centralised architecture, hybrid architecture and fully distributed architecture, which are similar to the deployment models of C3ISP infrastructure. For instance, two works [34] [35] proposed using CIDS to detect DDoS attacks for Cloud Computing, whereby one region's IDS can share its alert data with the other IDS systems. This helps to reduce computational cost for detecting the same attacks at other IDS systems and therefore improves detection rate in overall cloud environment.…”

Section: B Cti Data Sharing For Collaborative Analysismentioning

confidence: 99%

“…This helps to reduce computational cost for detecting the same attacks at other IDS systems and therefore improves detection rate in overall cloud environment. The difference is the paper [34] rides on the fully distributed architecture while the paper [35] uses the hybrid architecture.…”

Section: B Cti Data Sharing For Collaborative Analysismentioning

confidence: 99%