A VMM-based intrusion prevention system in cloud computing environment

With the development of information technology, cloud computing becomes a new direction of grid computing. Cloud computing is user-centric, and provides end users with leasing service. Guaranteeing the security of user data needs careful consideration before cloud computing is widely applied in business. Virtualization provides a new approach to solve the traditional security problems and can be taken as the underlying infrastructure of cloud computing. In this paper, we propose an intrusion prevention system, VMFence, in a virtualization-based cloud computing environment, which is used to monitor network flow and file integrity in real time, and provide a network defense and file integrity protection as well. Due to the dynamicity of the virtual machine, the detection process varies with the state of the virtual machine. The state transition of the virtual machine is described via Definite Finite Automata (DFA). We have implemented VMFence on an open-source virtual machine monitor platform—Xen. The experimental results show our proposed method is effective and it brings acceptable overhead.     

Multi-tenant intrusion detection system for public cloud (MTIDS)

Cloud computing is an innovative paradigm technology that is known for its versatility. It provides many creative services as requested, and it is both cost efficient and reliable. More specifically, cloud computing provides an opportunity for tenants to reduce cost and raise effectiveness by offering an alternative method of service utilization. Although these services are easily provided to tenants on demand with minor infrastructure investment, they are significantly exposed to intrusion attempts since the services are offered under the administration of diverse supervision over the Internet. Moreover, the security mechanisms offered by cloud providers do not take into consideration the variation of tenants’ needs as they provide the same security mechanism for all tenants. So, meeting tenants’ security requirements are still a major challenge for cloud providers. In this paper, we concentrate on the security service offered to cloud tenants and service providers and their infrastructure to restrain intruders. We intend to provide a flexible, on-demand, scalable, and pay-as-you-go multi-tenant intrusion detection system as a service that targets the security of the public cloud. Further, it is designed to deliver appropriate and optimized security taking into consideration the tenants’ needs in terms of security service requirements and budget.     

A feed forward deep neural network model using feature selection for cloud intrusion detection system

The rapid advancement and growth of technology have rendered cloud computing services indispensable to our activities. Threats and intrusions have since multiplied exponentially across a range of industries. In such a scenario, the intrusion detection system, or simply the IDS, is deployed on the network to monitor and detect any attacks. The paper proposes a feed-forward deep neural network (FFDNN) method based on deep learning methodology using a filter-based feature selection model. The feature selection strategy aims to determine and select the most highly relevant subset of attributes from the feature importance score for training the deep learning model. Three benchmark data sets were used to assess the experiment: CIC-IDS 2017, UNSW-NB15, and NSL-KDD. In order to justify the proposed technique, a comparison was done using other learning algorithms ranging from classical machine learning to ensemble learning methods that can detect various attacks. The experiments showed that the FFDNN model with reduced feature subsets gave the highest accuracy of 99.53% and 94.45% in the NSL-KDD and UNSW-NB15 data sets, while the ensemble-based XGBoost model performed better in the CIC-IDS 2017 data set. In addition, the results show that the overall accuracy, recall, and F1 score of the deep learning algorithm are generally better for all the data sets.     

基于分布式的电力系统入侵检测云安全模型研究

如何保证电力系统自身的安全可靠运行、防止恶意攻击以及加强入侵检测功能等,已成为电力企业信息化建设过程中需要关注的问题。结合电力行业的实际应用,设计了一种专门应用于电力系统的入侵检测云安全模型(C-DIDS),该模型结合多重检测技术,在分析设备引擎中使用了三级检测方法,并且在分析设备中添加了信息完整性分析策略,通过不同云安全管理区中的监视设备进行交互通信,从而加强了整个电力系统入侵检测系统的综合防范能力。     

An intrusion detection and prevention system in cloud computing: A systematic review

The distributed and open structure of cloud computing and services becomes an attractive target for potential cyber-attacks by intruders. The traditional Intrusion Detection and Prevention Systems (IDPS) are largely inefficient to be deployed in cloud computing environments due to their openness and specific essence. This paper surveys, explores and informs researchers about the latest developed IDPSs and alarm management techniques by providing a comprehensive taxonomy and investigating possible solutions to detect and prevent intrusions in cloud computing systems. Considering the desired characteristics of IDPS and cloud computing systems, a list of germane requirements is identified and four concepts of autonomic computing self-management, ontology, risk management, and fuzzy theory are leveraged to satisfy these requirements.     

An LSTM-based novel near-real-time multiclass network intrusion detection system for complex cloud environments

The Internet is connected with everyone for sharing and monitoring digital information. However, securing network resources from malicious activities is critical for several applications. Numerous studies have recently used deep learning-based models in detecting intrusions and received relatively robust recognition outcomes. Nevertheless, most investigations have operated old datasets, so they could not detect the most delinquent attack information. Therefore, the current research proposes the long short-term memory (LSTM)-based near real-time multiclass network intrusion detection system (NIDS) utilizing complex cloud CSE-CICIDSS2018 datasets to secure and detect the network anomalous. The proposed strategy utilizes a random forest algorithm for dimensionality reduction and feature selection. In addition, the selected best suitable features were used in a deep learning-based LSTM model developed for detecting network intrusions. The experimental outcomes reveal that the presented LSTM model obtained 99.66% testing accuracy with 0.12% loss. Thus, the suggested approach can detect network intrusions with the highest precision and lowest rate over the earlier designs.     

基于云模型的改进FMEA风险评估方法

针对风险评估过程中的模糊性和随机性两个不确定性因素,采用云模型对语义评价变量进行量化,并通过云的合成对专家的评价结果进行集结,构建云风险评价矩阵。将风险因子O、S、D期望重要度与云的相似度相结合计算风险因子的权重。考虑到传统故障模式与影响分析（Failure Mode and Effects Analysis,FMEA）中故障模式风险值排序的缺陷,基于云的距离测度算法提出云-VIKOR的风险排序方法。最后以实例验证了所提方法的精确性和有效性。     

数据库入侵检测的一种数据挖掘方法

针对在数据库系统中检测恶意事务提出了一种数据挖掘方法。该方法挖掘数据库中各数据项事务之间的数据关联规则,所设计的数据关联规则挖掘器主要用来挖掘与数据库日志记录相关的数据。不符合关联规则的事务作为恶意事务。试验证明该方法可以有效的检测到恶意事务。     

面向云计算平台的多层免疫入侵检测模型

为保障云计算环境下的信息安全,提出了一种面向云平台的多层免疫入侵检测模型。针对云环境的体系结构,借鉴生物免疫系统分层防御机理,在用户终端部署非特异性免疫层,采用树突状细胞算法进行入侵行为危险度检测;在数据中心部署特异性免疫层和免疫记忆层,利用改进的动态克隆选择算法对未知和已知入侵行为进行辩识及抵御。实验表明,模型既能抵御入侵行为,又能对整个云计算环境进行实时监控,是一种有效的云计算安全模型。     

Cloud computing system risk estimation and service selection approach based on cloud focus theory

The main cloud computing service providers usually provide cross-regional and services of Crossing Multi-Internet Data Centers that supported with selection strategy of service level agreement risk constraint. But the traditional quality of service (QoS)-aware Web service selection approach cannot ensure the real-time and the reliability of services selection. We proposed a cloud computing system risk assessment method based on cloud theory, and generated the five property clouds by collecting the risk value and four risk indicators from each virtual machine. The cloud backward generator integrated these five clouds into one cloud, according to the weight matrix. So the risk prediction value is transferred to the risk level quantification. Then we tested the Web service selection experiments by using risk assessment level as QoS mainly constraint and comparing with LRU and MAIS methods. The result showed that the success rate and efficiency of risk assessment with cloud focus theory Web services selection approaches are more quickly and efficient.

     

Of daemons and men: A file system approach towards intrusion detection

We present FI²DS a file system, host based anomaly detection system that monitors Basic Security Module (BSM) audit records and determines whether a web server has been compromised by comparing monitored activity generated from the web server to a normal usage profile. Additionally, we propose a set of features extracted from file system specific BSM audit records, as well as an IDS that identifies attacks based on a decision engine that employs one-class classification using a moving window on incoming data. We have used two different machine learning algorithms, Support Vector Machines (SVMs) and Gaussian Mixture Models (GMMs) and our evaluation is performed on real-world datasets collected from three web servers and a honeynet. Results are very promising, since FI²DS detection rates range between 91% and 95.9% with corresponding false positive rates ranging between 8.1× 10⁻² % and 9.3× 10⁻⁴ %. Comparison of FI²DS to another state-of-the-art filesystem-based IDS, FWRAP, indicates higher effectiveness of the proposed IDS in all three datasets. Within the context of this paper FI²DS is evaluated for the web daemon user; nevertheless, it can be directly extended to model any daemon-user for both intrusion detection and postmortem analysis.     

A hierarchical distributed model predictive control approach to irrigation canals: A risk mitigation perspective

This paper presents a hierarchical distributed model predictive control approach applied to irrigation canal planning from the point of view of risk mitigation. Two levels in optimization are presented. At the lower level, a distributed model predictive controller optimizes the operation by manipulating flows and gate openings in order to follow the water level set-points. The higher level implements a risk management strategy based on the execution of mitigation actions if risk occurrences are expected. Risk factors such as unexpected changes in demand, failures in operation or maintenance costs are considered in the optimization. Decision variables are mitigation actions which reduce risk impacts that may affect the system. This work shows how model predictive control can be used as a decision tool which takes into account different types of risks affecting the operation of irrigation canals.     

Deep SARSA-based reinforcement learning approach for anomaly network intrusion detection system

International Journal of Information Security - The growing evolution of cyber-attacks imposes a risk in network services. The search of new techniques is essential to detect and classify dangerous...     

云计算架构中恶意代码入侵自动监测系统设计

为了解决云计算架构中恶意代码以各种形式入侵产生损害,不能及时发现、维护而造成云计算架构安全性能降低,无法正常使用的问题,建立一套基于BP神经网络的入侵监测系统,实现对云计算架构中恶意代码入侵的自动监测,对及时监测入侵恶意代码及有效增加云计算架构安全有这直接而又重要作用;系统以STM32F103ZET6为主控芯片构建MUC主控单元,并通过EZ-USB FX2 USB2.0控制芯片将各个模块与其相连;采用LM2575系列的稳压器,为系统提供电源;软件设计过程中,采用BP神经网络法计算各恶意代码入侵的输出值,降低监测误差;通过实验测试表明,该系统可实现云计算架构中入侵恶意代码的自动监测功能,且具有扩展性强、操作方便等特点,对云计算架构的使用安全性具有重要的应用价值。     

Decision-making in cloud computing environments: A cost and risk based approach

In this article a sophisticated formal mathematical decision model is developed that supports the selection of Cloud Computing services in a multisourcing scenario. The objective is to determine the selection of appropriate Cloud Computing services offered by different providers. In order to do so, we consider cost as well as risk factors which are relevant to the decision scope. For example, coordination costs, IT service costs, maintenance costs and the costs of taken risks were compared. Risks are modeled by means of the three common security objectives integrity, confidentiality and availability. The managerial implications of the model lie in the sustainable decision support and the comprehensive decision approach. The formal model is prototypically implemented using a software tool and examined with the help of a simulation study in three realistic scenarios and a sensitivity analysis.     

云计算中的入侵检测模型

本文提出了一种云环境下的网络安全处理模型,模型中的每台云服务器都拥有自己的入侵检测系统,并且所有的服务器共享一个异常管理平台,该平台负责报警信息的接收、处理和日志管理.模型采用报警级别动态调整技术和攻击信息共享方法,最大限度地降低了漏报率和服务器遭受同种攻击的可能性,有效提高了检测效率和系统安全水平.     

An iterative mathematical decision model for cloud migration: A cost and security risk approach

This paper presents an iterative mathematical decision model for organizations to evaluate whether to invest in establishing information technology (IT) infrastructure on‐premises or outsourcing IT services on a multicloud environment. This is because a single cloud cannot cover all types of users’ functional/nonfunctional requirements, in addition to several drawbacks such as resource limitation, vendor lock‐in, and prone to failure. On the other hand, multicloud brings several merits such as vendor lock‐in avoidance, system fault tolerance, cost reduction, and better quality of service. The biggest challenge is in selecting an optimal web service composition in the ever increasing multicloud market in which each provider has its own pricing schemes and delivers variation in the service security level. In this regard, we embed a module in the cloud broker to log service downtime and different attacks to measure the security risk. If security tenets, namely, security service level agreement, such as availability, integrity, and confidentiality for mission‐critical applications, are targeted by cybersecurity attacks, it causes disruption in business continuity, leading to financial losses or even business failure. To address this issue, our decision model extends the cost model by using the cost present value concept and the risk model by using the advanced mean failure cost concept, which are derived from the embedded module to quantify cloud competencies. Then, the cloud economic problem is transformed into a bioptimization problem, which minimizes cost and security risks simultaneously. To deal with the combinatorial problem, we extended a genetic algorithm to find a Pareto set of optimal solutions. To reach a concrete result and to illustrate the effectiveness of the decision model, we conducted different scenarios and a small‐to‐medium business IT development for a 5‐year investment as a case study. The result of different implementation shows that multicloud is a promising and reliable solution against IT on‐premises deployment.     

A requirements-based programming approach to developing a NASA autonomous ground control system

A new requirements-based programming approach to the engineering of computer-based systems offers not only an underlying formalism, but also full formal development from requirements capture through to the automatic generation of provably-correct code. The method, Requirements-to-Design-to-Code (R2D2C), is directly applicable to the development of autonomous systems and systems having autonomic properties. We describe both the R2D2C method and a prototype tool that embodies the method, and illustrate the applicability of the method by describing how the prototype tool could be used in the development of LOGOS, a NASA autonomous ground control system that exhibits autonomic behavior. Finally, we briefly discuss other possible areas of application of the approach.     

A frontier-void-based approach for autonomous exploration in 3D

We consider the problem of an autonomous robot searching for objects in unknown 3D space. Similar to the well-known frontier-based exploration in 2D, the problem is to determine a minimal sequence of sensor viewpoints until the entire search space has been explored. We introduce a novel approach that combines the two concepts of voids, which are unexplored volumes in 3D, and frontiers, which are regions on the boundary between voids and explored space. Our approach has been evaluated on a mobile platform using a 5-DOF manipulator searching for victims in a simulated urban search and rescue setup. The results indicate the real-world capability and search efficiency of the proposed method.     

A cloud based health insurance plan recommendation system: A user centered approach

The recent concept of “Health Insurance Marketplace” introduced to facilitate the purchase of health insurance by comparing different insurance plans in terms of price, coverage benefits, and quality designates a key role to the health insurance providers. Currently, the web based tools available to search for health insurance plans are deficient in offering personalized recommendations based on the coverage benefits and cost. Therefore, anticipating the users’ needs we propose a cloud based framework that offers personalized recommendations about the health insurance plans. We use the Multi-attribute Utility Theory (MAUT) to help users compare different health insurance plans based on coverage and cost criteria, such as: (a) premium, (b) co-pay, (c) deductibles, (d) co-insurance, and (e) maximum benefit offered by a plan. To overcome the issues arising possibly due to the heterogeneous data formats and different plan representations across the providers, we present a standardized representation for the health insurance plans. The plan information of each of the providers is retrieved using the Data as a Service (DaaS). The framework is implemented as Software as a Service (SaaS) to offer customized recommendations by applying a ranking technique for the identified plans according to the user specified criteria.