Securing Infrastructure-as-a-Service Public Clouds Using Security Onion

The shift to Cloud computing has brought with it its specific security challenges concerning the loss of control, trust and multi-tenancy especially in Infrastructure-as-a-Service (IaaS) Cloud model. This article focuses on the design and development of an intrusion detection system (IDS) that can handle security challenges in IaaS Cloud model using an open source IDS. We have implemented a proof-of-concept prototype on the most deployed hypervisor—VMware ESXi—and performed various real-world cyber-attacks, such as port scanning and denial of service (DoS) attacks to validate the practicality and effectiveness of our proposed IDS architecture. Based on our experimental results we found that our Security Onion-based IDS can provide the required protection in a reasonable and effective manner.

Download Full-text

Scrutinizing Attacks and Evaluating Performance Appraisal Parameters via Feature Selection in Intrusion Detection System

10.21203/rs.3.rs-748765/v1 ◽

2021 ◽

Author(s):

Navroop Kaur ◽

Meenakshi Bansal ◽

Sukhwinder Singh S

Keyword(s):

Feature Selection ◽

Performance Evaluation ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Cyber Attacks ◽

Support Vector ◽

K Nearest Neighbor ◽

Evaluation Parameters

Abstract In modern times the firewall and antivirus packages are not good enough to protect the organization from numerous cyber attacks. Computer IDS (Intrusion Detection System) is a crucial aspect that contributes to the success of an organization. IDS is a software application responsible for scanning organization networks for suspicious activities and policy rupturing. IDS ensures the secure and reliable functioning of the network within an organization. IDS underwent huge transformations since its origin to cope up with the advancing computer crimes. The primary motive of IDS has been to augment the competence of detecting the attacks without endangering the performance of the network. The research paper elaborates on different types and different functions performed by the IDS. The NSL KDD dataset has been considered for training and testing. The seven prominent classifiers LR (Logistic Regression), NB (Naïve Bayes), DT (Decision Tree), AB (AdaBoost), RF (Random Forest), kNN (k Nearest Neighbor), and SVM (Support Vector Machine) have been studied along with their pros and cons and the feature selection have been imposed to enhance the reading of performance evaluation parameters (Accuracy, Precision, Recall, and F1Score). The paper elaborates a detailed flowchart and algorithm depicting the procedure to perform feature selection using XGB (Extreme Gradient Booster) for four categories of attacks: DoS (Denial of Service), Probe, R2L (Remote to Local Attack), and U2R (User to Root Attack). The selected features have been ranked as per their occurrence. The implementation have been conducted at five different ratios of 60-40%, 70-30%, 90-10%, 50-50%, and 80-20%. Different classifiers scored best for different performance evaluation parameters at different ratios. NB scored with the best Accuracy and Recall values. DT and RF consistently performed with high accuracy. NB, SVM, and kNN achieved good F1Score.

Download Full-text

SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks

Information ◽

10.3390/info10030106 ◽

2019 ◽

Vol 10 (3) ◽

pp. 106 ◽

Cited By ~ 21

Author(s):

Pedro Manso ◽

José Moura ◽

Carlos Serrão

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Network Performance ◽

Detection System ◽

Denial Of Service ◽

Cyber Attacks ◽

Normal Operation ◽

Ddos Attacks ◽

Network Infrastructure ◽

Sdn Controller

The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.

Download Full-text

Efficient Intrusion Detection System for SDN Orchestrated Internet of Things

Journal of Computer Networks and Communications ◽

10.1155/2021/5593214 ◽

2021 ◽

Vol 2021 ◽

pp. 1-14

Author(s):

Esubalew M. Zeleke ◽

Henock M. Melaku ◽

Fikreselam G. Mengistu

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Service Availability ◽

Dos Attacks ◽

Network Systems ◽

Security Challenge ◽

Accuracy Result

Internet of Things (IoT) can simply be defined as an extension of the current Internet system. It extends the human to human interconnection and intercommunication scenario of the Internet by including things, to bring anytime, anywhere, and anything communication. A discipline in networking evolving in parallel with IoT is Software Defined Networking (SDN). It is an important technology that is aimed to solve the different problems existing in the traditional network systems. It provides a new convenient home to address the different challenges existing in different network-based systems including IoT. One important security challenge prevailing in such SDN-based IoT (SDIoT) systems is guarantying service availability. The ever-increasing denial of service (DoS) attacks are responsible for such service denials. A centralized signature-based intrusion detection system (IDS) is proposed and developed in this work. Random Forest (RF) classifier is used for training the model. A very popular and recent benchmark dataset, CICIDS2017, has been used for training and validating the machine learning (ML) models. An accuracy result of 99.968% has been achieved by using only 12 features on Wednesday’s release of the dataset. This result is higher than the achieved accuracy results of related works considering the original CICIDS2017 dataset. A maximum cross-validated accuracy result of 99.713% has been achieved on the same release of the dataset. These developed models meet the basic requirement of a supervised IDS system developed for smart environments and can effectively be used in different IoT service scenarios.

Download Full-text

History Aware Anomaly Based IDS for Cloud IaaS

INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY ◽

10.24297/ijct.v10i6.3205 ◽

2013 ◽

Vol 10 (6) ◽

pp. 1779-1784 ◽

Cited By ~ 1

Author(s):

Punit Gupta ◽

Pallavi Kaliyar

Keyword(s):

Cloud Computing ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Dos Attack ◽

Infrastructure As A Service ◽

Network Attack ◽

Security Challenges ◽

Different Types ◽

Cross Site

Cloud Computing provides different types of servicesÂ such as SaaS, PaaS, IaaS. Each of them have their own security challenges, but IaaS undertakes all types of challenges viz., network attack ,behaviour based attack, request based attacksÂ i.e handling the requests from untrusted users, XSS (cross site scripting attack), DDOS and many more. These attacks are independent of each other and consequently the QoS provided by cloud is compromised. This paper proposes a History aware Behaviour based IDS (Intrusion Detection System) BIDS. BIDS provides detection of untrusted users, false requests that may lead to spoofing, XSSÂ or DOS attack and many more such attacks. In addition,Â certain cases where user login or password is compromised. History aware BIDs can be helpful in detecting such attacks and maintaining the QoS provided to the user in cloud IaaS ( Infrastructure as a service).

Download Full-text

Deteksi Serangan Denial of Service di Situs Web dengan Wireshark Menggunakan Metode IDS Berbasis Anomali

JELIKU (Jurnal Elektronik Ilmu Komputer Udayana) ◽

10.24843/jlk.2020.v08.i04.p02 ◽

2020 ◽

Vol 8 (4) ◽

pp. 375

Author(s):

Finandito Adhana ◽

I Ketut Gede Suhartana

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Dos Attack ◽

Dos Attacks ◽

Data Packets ◽

Anomaly Pattern ◽

Suspicious Activity

Denial of Service (DoS) attacks are increasingly dangerous. This DoS attack works by sending data packets continuously so that the target being attacked cannot be operated anymore. DoS attacks attack the most websites, thus making the website inaccessible. An anomaly based intrusion detection system (IDS) is a method used to detect suspicious activity in a system or network on the basis of anomaly pattern arising from such interference. Wireshark is software used to analyze network traffic packets that have various kinds of tools for network professionals.

Download Full-text

Network Intrusion Detection System (NIDS) in Cloud Environment based on Hidden Naïve Bayes Multiclass Classifier

Al-Mustansiriyah Journal of Science ◽

10.23851/mjs.v28i2.508 ◽

2018 ◽

Vol 28 (2) ◽

pp. 134 ◽

Cited By ~ 2

Author(s):

Hafza A. Mahmood

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Naive Bayes ◽

Detection System ◽

Denial Of Service ◽

Naïve Bayes ◽

Cloud Environment ◽

Dos Attacks ◽

Network Intrusion ◽

Hidden Naive Bayes

Cloud Environment is next generation internet based computing system that supplies customiza-ble services to the end user to work or access to the various cloud applications. In order to provide security and decrease the damage of information system, network and computer system it is im-portant to provide intrusion detection system (IDS. Now Cloud environment are under threads from network intrusions, as one of most prevalent and offensive means Denial of Service (DoS) attacks that cause dangerous impact on cloud computing systems. This paper propose Hidden naïve Bayes (HNB) Classifier to handle DoS attacks which is a data mining (DM) model used to relaxes the conditional independence assumption of Naïve Bayes classifier (NB), proposed sys-tem used HNB Classifier supported with discretization and feature selection where select the best feature enhance the performance of the system and reduce consuming time. To evaluate the per-formance of proposal system, KDD 99 CUP and NSL KDD Datasets has been used. The experi-mental results show that the HNB classifier improves the performance of NIDS in terms of accu-racy and detecting DoS attacks, where the accuracy of detect DoS is 100% in three test KDD cup 99 dataset by used only 12 feature that selected by use gain ratio while in NSL KDD Dataset the accuracy of detect DoS attack is 90 % in three Experimental NSL KDD dataset by select 10 fea-ture only.

Download Full-text

Design and Implementation of Virtual Security Function Based on Multiple Enclaves

Future Internet ◽

10.3390/fi13010012 ◽

2021 ◽

Vol 13 (1) ◽

pp. 12

Author(s):

Juan Wang ◽

Yang Yu ◽

Yi Li ◽

Chengyang Fan ◽

Shirong Hao

Keyword(s):

Intrusion Detection System ◽

Detection System ◽

Network Function Virtualization ◽

Sensitive Data ◽

Network Function ◽

State Security ◽

Security Challenges ◽

Iot Platforms ◽

Scalable Network ◽

Virtual Network Function

Network function virtualization (NFV) provides flexible and scalable network function for the emerging platform, such as the cloud computing, edge computing, and IoT platforms, while it faces more security challenges, such as tampering with network policies and leaking sensitive processing states, due to running in a shared open environment and lacking the protection of proprietary hardware. Currently, Intel® Software Guard Extensions (SGX) provides a promising way to build a secure and trusted VNF (virtual network function) by isolating VNF or sensitive data into an enclave. However, directly placing multiple VNFs in a single enclave will lose the scalability advantage of NFV. This paper combines SGX and click technology to design the virtual security function architecture based on multiple enclaves. In our design, the sensitive modules of a VNF are put into different enclaves and communicate by local attestation. The system can freely combine these modules according to user requirements, and increase the scalability of the system while protecting its running state security. In addition, we design a new hot-swapping scheme to enable the system to dynamically modify the configuration function at runtime, so that the original VNFs do not need to stop when the function of VNFs is modified. We implement an IDS (intrusion detection system) based on our architecture to verify the feasibility of our system and evaluate its performance. The results show that the overhead introduced by the system architecture is within an acceptable range.

Download Full-text

An Intrusion Detection System for Cyber Attacks in Wireless Networked Control Systems

IEEE Transactions on Circuits & Systems II Express Briefs ◽

10.1109/tcsii.2017.2690843 ◽

2018 ◽

Vol 65 (8) ◽

pp. 1049-1053 ◽

Cited By ~ 13

Author(s):

Ahmad W. Al-Dabbagh ◽

Yuzhe Li ◽

Tongwen Chen

Keyword(s):

Intrusion Detection ◽

Control Systems ◽

Intrusion Detection System ◽

Networked Control Systems ◽

Detection System ◽

Cyber Attacks ◽

Networked Control

Download Full-text

Towards Effective Detection of Recent DDoS Attacks: A Deep Learning Approach

Security and Communication Networks ◽

10.1155/2021/5710028 ◽

2021 ◽

Vol 2021 ◽

pp. 1-14

Author(s):

Ivandro Ortet Lopes ◽

Deqing Zou ◽

Francis A Ruambo ◽

Saeed Akbar ◽

Bin Yuan

Keyword(s):

Deep Learning ◽

Intrusion Detection System ◽

State Of The Art ◽

Detection System ◽

Denial Of Service ◽

Model Performance ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Validation Metrics ◽

High Processing

Distributed Denial of Service (DDoS) is a predominant threat to the availability of online services due to their size and frequency. However, developing an effective security mechanism to protect a network from this threat is a big challenge because DDoS uses various attack approaches coupled with several possible combinations. Furthermore, most of the existing deep learning- (DL-) based models pose a high processing overhead or may not perform well to detect the recently reported DDoS attacks as these models use outdated datasets for training and evaluation. To address the issues mentioned earlier, we propose CyDDoS, an integrated intrusion detection system (IDS) framework, which combines an ensemble of feature engineering algorithms with the deep neural network. The ensemble feature selection is based on five machine learning classifiers used to identify and extract the most relevant features used by the predictive model. This approach improves the model performance by processing only a subset of relevant features while reducing the computation requirement. We evaluate the model performance based on CICDDoS2019, a modern and realistic dataset consisting of normal and DDoS attack traffic. The evaluation considers different validation metrics such as accuracy, precision, F1-Score, and recall to argue the effectiveness of the proposed framework against state-of-the-art IDSs.

Download Full-text

Intrusion Detection System for AES Encripted Low-Power IoT Networks

10.14210/cotb.v12.p392-399 ◽

2021 ◽

Author(s):

Eduardo De Oliveira Burger Monteiro Luiz ◽

Alessandro Copetti ◽

Luciano Bertini ◽

Juliano Fontoura Kazienko

Keyword(s):

Low Power ◽

Detection System ◽

Denial Of Service ◽

Security Requirements ◽

Power Devices ◽

Dos Attacks ◽

Reflection Attack ◽

Ipv6 Protocol ◽

Iot Devices ◽

High Level

The introduction of the IPv6 protocol solved the problem of providingaddresses to network devices. With the emergence of the Internetof Things (IoT), there was also the need to develop a protocolthat would assist in connecting low-power devices. The 6LoWPANprotocols were created for this purpose. However, such protocolsinherited the vulnerabilities and threats related to Denial of Service(DoS) attacks from the IPv4 and IPv6 protocols. In this paper, weprepare a network environment for low-power IoT devices usingCOOJA simulator and Contiki operating system to analyze theenergy consumption of devices. Besides, we propose an IntrusionDetection System (IDS) associated with the AES symmetric encryptionalgorithm for the detection of reflection DoS attacks. Thesymmetric encryption has proven to be an appropriate methoddue to low implementation overhead, not incurring in large powerconsumption, and keeping a high level of system security. The maincontributions of this paper are: (i) implementation of a reflectionattack algorithm for IoT devices; (ii) implementation of an intrusiondetection system using AES encryption; (iii) comparison ofthe power consumption in three distinct scenarios: normal messageexchange, the occurrence of a reflection attack, and runningIDS algorithm. Finally, the results presented show that the IDSwith symmetric cryptography meets the security requirements andrespects the energy limits of low-power sensors.

Download Full-text