Presentation is loading. Please wait.

Presentation is loading. Please wait.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

Published byStuart Atkins Modified over 8 years ago

Similar presentations

Presentation on theme: "DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to."— Presentation transcript:

1 DIVYA K 1RN09IS016 RNSIT1

2 Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to reduce the impact of denial-of-service(DoS) attack or distributed denial-of-service(DDoS) in this environment. To counter these kinds of attacks, a framework of cooperative intrusion detection system(IDS) is proposed. 2

3 DIVYA K 1RN09IS016 RNSIT INTRODUCTION RELATED WORKS THE PROPOSED SYSTEM SIMULATION RESULTS & PERFORMANCE ANALYSIS CONCLUSION 3

4 DIVYA K 1RN09IS016 RNSIT Cloud computing has evolved through a number of implementations. Moving data into cloud provides great convenience to users. 3 kinds of services provided are: i.Software as a Service(SaaS)  offers complete online applications that can be directly executed by their users. ii.Infrastructure as a Service(IaaS)  service providers allow their customers to have access to entire virtual machines. iii.Platform as a Service(PaaS)  offers development tools & languages & APIs to build and run applications effectively. Security considerations  confidentiality, integrity & availability. Kinds of attacks i.Denial-of-service attack (DoS) ii.Distributed Denial-of-service attack (DDoS) 4

5 DIVYA K 1RN09IS016 RNSIT Intrusion detection system(IDS) is a practical solution to resist these attacks They cooperate with each other by exchanging alert messages. A cooperative agent is used to receive alerts from other IDSs. Accuracy of alerts can be judged by implementing majority vote on them. If the agent, finally, accepts these alerts, the system adds a new blocking rule into the block table against this type of packet attacks. Thus, except the victim, all other cloud computing regions can avoid attacks 5

6 DIVYA K 1RN09IS016 RNSIT In DoS, an attacker attempts to make the resources of the victim devices unavailable to its intended users. An attacker easily destroys the network or disables services provided by the target node by sending a bunch of data packets continually. These data packets occupy the network bandwidth and consume the target node’s resources associated with various hardware elements  CPU, memory In DDoS, an attacker sends numerous malicious packets from multiple hosts to disable the services provided by the target node. DDoS is similar to DoS but generates more traffic 6

7 DIVYA K 1RN09IS016 RNSIT The main aim of the IDS is to alert or notify the system that some malicious activities have taken place and try to eliminate it. 2 types i.Host-based intrusion detection systems (HIDSs)  analyze data collected by operating system. ii.Network-based intrusion detection systems (NIDSs)  analyze data collected from network packets. 2 parts i.Misuse detection system  to match & identify known intrusions ii.Anomaly detection system  to identify abnormal activities 7

8 DIVYA K 1RN09IS016 RNSIT 3 ways to report the detection results i.Notification response system  generates reports & alerts ii.Manual response system  provides additional capacity for the system administrator to initiate a manual response iii.Automatic response system  immediately respond to intrusion It is a kind of IDS designed to discover attacks on individual hosts as well as the network which connects them The benefit of DIDS is to gather the resources from IDSs in the network to withstand DoS or DDoS attack. 8

9 DIVYA K 1RN09IS016 RNSIT The proposed system is a kind of DIDS which supports an idea of cooperative defense in cloud computing environments. Any IDS will send out the alert to other IDSs while they are suffering from a severe attack defined in its block table. They exchange & evaluate the trustworthiness of these alerts. New blocking rule is added into block table after every new attack. 4 components  (a) intrusion detection, (b) alert clustering and threshold computation and comparison, (c) intrusion response and blocking and (d) cooperative operation. 9

10 DIVYA K 1RN09IS016 RNSIT10

11 DIVYA K 1RN09IS016 RNSIT The intrusion detection component is used to collect network packets & analyze them with correspondence to block table. This reduces time required for signature comparison. This improves system performance If an anomalous packet is detected, it is forward to second component. Otherwise the system accepts this packet. 11

12 DIVYA K 1RN09IS016 RNSIT12

13 DIVYA K 1RN09IS016 RNSIT The functions of this component are blocking bad packets and sending an alert notification to other IDSs. There are 2 modules in this component: i.Communication module  used to send an alert notification to other IDSs. ii.Block module  is triggered to block or drop the bad packet if the level of alert is serious. 13

14 DIVYA K 1RN09IS016 RNSIT This component is used to receive alert messages delivered from other IDSs After this, cooperative agent makes judgment by executing majority vote If majority vote > 50%, then the cooperative agent adds a new rule to the block table i.e., alert level is changed from moderate to serious level. Otherwise, IDS discards them as false messages. If one of the cloud computing regions suffers from DoS attack, all the other IDSs except the victim will receive alert message. In addition, malicious IDSs could be found if they send false alerts frequently. 14

15 DIVYA K 1RN09IS016 RNSIT15

16 DIVYA K 1RN09IS016 RNSIT The proposed system is implemented based on snort. It adds 3 modules into snort. They are: i.Block module  put into preprocessor of snort. ii.Communication module  put into plug-in module. iii.Cooperation module  put into plug-in module. The system simulates 3 cloud computing regions. Within each region, a network-based cooperative IDS is setup. 16

17 DIVYA K 1RN09IS016 RNSIT An attacker whose IP address is 140.113.73.27 launches attack against 2 different regions i.e. 140.113.73.41 & 140.113.73.22 17

18 DIVYA K 1RN09IS016 RNSIT The proposed system is compared with pure snort based IDS with respect to 2 performance metrics: detection rate & computation time. Consider, for 10000 data packets, we get ParameterSnort based IDSProposed system Computation time0.00263 seconds0.00269 seconds Detection rate97.2%97% 18

19 DIVYA K 1RN09IS016 RNSIT In this paper, a cooperative intrusion system for clouding computing network to reduce the impact of DoS attack is proposed. If one of them suffers from attack, alert message is sent from cooperative IDS to other IDS systems. The trustworthiness of alert is evaluated by majority vote method. Thus, proposed system keeps IDS system from single point of failure. 19

20 DIVYA K 1RN09IS016 RNSIT20

Download ppt "DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.

Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
IDS/IPS Definition and Classification

IDS/IPS Definition and Classification
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)

Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.

Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks

Similar presentations

Ads by Google