Integrating a network IDS into an open source Cloud Computing environment

Abstract: Abstract-The success of the Cloud Computing paradigm may be jeopardized by concerns about the risk of misuse of this model aimed at conducting illegal activities. In this paper we address the issue of detecting Denial of Service attacks performed by means of resources acquired on-demand on a Cloud Computing platform. To this purpose, we propose to investigate the consequences of the use of a distributed strategy to detect and block attacks, or other malicious activities, originated by misbehaving customers of … Show more

“…Mazzariello et al [60] presented Snort based misuse detection in open source Eucalyptus Cloud environment. In this approach, Snort is deployed at a primary controller managing cloud instances called cloud controller as well as on the physical machines (hosting virtual machines) to detect intrusions coming from external networks.…”

A survey on security issues and solutions at different layers of Cloud computing

“…Mazzariello et al [60] presented Snort based misuse detection in open source Eucalyptus Cloud environment. In this approach, Snort is deployed at a primary controller managing cloud instances called cloud controller as well as on the physical machines (hosting virtual machines) to detect intrusions coming from external networks.…”

A survey on security issues and solutions at different layers of Cloud computing

“…Mazzariello et al [2] present the deployment of an existing lightweight NIDS on the Eucalyptus Infrastructure as a Service (IaaS) cloud. The strategy is to deploy one NIDS next to every physical server, monitoring a portion of the network traffic for a specific number of VMs.…”

“…We also deploy two Snort [9] lIDSs VMs (1 and 2), that is one per virtual switch to monitor on the compute nodes. This scenario is representative of a production setup that balances the load of monitored traffic across several lIDS instances [2]. Thus in lIDS 1 only the rules that are related with the monitored services (web and email server) are enabled, whereas in lIDS 2 only the rules that are related with DNS traffic.…”

“…Indeed a monitoring system specific to a virtual infrastructure hosted in the cloud may include components that are located in the cloud but outside the virtual infrastructure [2], [3], [4], [5]. Moreover those components may only monitor subsets of VMs [2] or parts of the network. Consequently, changes in the number of VMs (e.g.…”

Towards Self Adaptable Security Monitoring in IaaS Clouds

“…An intrusion detection mechanism like SNORT is stacked on VM for monitoring both incoming and outgoing traffic [36]. An alternate method is to mount IDS on all physical machines where users VMs are hosted [37]. The performance of this scheme works very well in a Eucalyptus cloud [38].…”

Cloud Computing Security Aspects, Vulnerabilities and Countermeasures