Automated Evaluation of Network Intrusion Detection Systems in IaaS Clouds

Probst, Thibaut; Alata, Éric; Kaâniche, Mohamed; Nicomette, Vincent

doi:10.1109/edcc.2015.10

Cited by 5 publications

(4 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To measure the effectiveness of an NIDS in a cloud environment, Probst et al [14] describe a method in two phases: an analysis of network access control followed by the IDS evaluation in a cloned infrastructure based on the set of services running in the virtual infrastructure. Before this work, Massicotte et al [15] used a virtual infrastructure to generate traffic traces and used the trace to evaluate IDSs hosted in physical servers.…”

Section: Security Monitoring Setup Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

Verification for security monitoring SLAs in IaaS clouds: The example of a network IDS

Teshome¹,

Rilling

Morin³

2018

NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

In an IaaS cloud the physical infrastructure is controlled by service providers, including its security monitoring aspect. Clients hosting their information system need to trust and rely on what the providers claim. At the same time providers try to give assurance for some aspects of the infrastructure (e.g. availability) through service level agreements (SLAs). We aim at extending SLAs to include security monitoring terms. In this paper we describe the challenges to reach this goal, we propose a three-steps incremental strategy and we apply the first step of this strategy on the case of network IDS (NIDS) monitoring probes. In this case study we select a relevant metric to describe the performance of an NIDS, that is the metric can figure in an SLA and can be measured to verify that the SLA is respected. In particular we propose an in situ verification method of such a metric on a production NIDS and evaluate experimentally and analytically the proposed method.

show abstract

Section: Security Monitoring Setup Evaluationmentioning

confidence: 99%

“…Any mechanism that can simulate the network behavior of an application could be used in our methodology. In [14] an automaton is used to model network exchanges of an application with a legitimate and a malicious user. More realistic simulations produce more accurate results.…”

Section: Target Vmmentioning

confidence: 99%

Verification for security monitoring SLAs in IaaS clouds: The example of a network IDS

Teshome¹,

Rilling

Morin³

2018

NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

show abstract

“…To verify an IDS, Probst et al [5] describe a method in two phases: an analysis of network access control followed by the IDS evaluation based on the set of services running in the virtual infrastructure. Before this work, Massicotte et al [4] used a virtual infrastructure to generate traffic traces and used the traces to evaluate IDSs in traditional servers (non-cloud environment).…”

Section: Related Workmentioning

confidence: 99%

Including Security Monitoring in Cloud Service Level Agreements

Teshome

Rilling²,

Morin

2016

2016 IEEE 35th Symposium on Reliable Distributed Systems (SRDS)

View full text Add to dashboard Cite

“…The life-cycle of an SLA can be separated in three phases called SLA definition and negotiation, SLA enforcement and SLA verification [20]. Methods were proposed for the SLA verification phase in the case of an NIDS [2,18,22]. In this paper, we show how we can achieve the SLA definition and negotiation phase, thanks to new constructs in a cloud SLA language and an efficient knowledge-base building method for NIDS performance.…”

Section: Introductionmentioning

confidence: 99%

SLA definition for network intrusion detection systems in IaaS clouds

Wonjiga¹,

Rilling

Morin

2021

Proceedings of the 36th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

Migrating to the cloud results in losing full control of the physical infrastructure as the cloud service provider (CSP) is responsible for managing the infrastructure including its security. To solve the trust issue that this raises, CSPs provide tenants with guarantees through Service Level Agreements (SLA). However no such SLA addresses the security monitoring aspect of tenants' information systems. Moreover, security monitoring services should be configured according to the tenant's specific requirements. In this paper, we propose a method allowing CSPs to define SLAs providing each tenant with guarantees about the performance of a security monitoring probe, specifically a Network Intrusion Detection System (NIDS), configured according to the tenant's requirements. This method is based on an enhanced cloud SLA language and an efficient SLA template preparation method allowing a CSP to estimate the performance of an NIDS for any possible set of tenant's requirements at reasonable costs. Experimental evaluations show the feasibility of our approach.

show abstract

Automated Evaluation of Network Intrusion Detection Systems in IaaS Clouds

Cited by 5 publications

References 16 publications

Verification for security monitoring SLAs in IaaS clouds: The example of a network IDS

Verification for security monitoring SLAs in IaaS clouds: The example of a network IDS

Including Security Monitoring in Cloud Service Level Agreements

SLA definition for network intrusion detection systems in IaaS clouds

Contact Info

Product

Resources

About