• Tidak ada hasil yang ditemukan

Ensuring Security in Cloud with Multi-Level IDS and Log Management System

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2024

Membagikan "Ensuring Security in Cloud with Multi-Level IDS and Log Management System"

Copied!
5
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 5 Halaman )

Teks penuh

(1)

International Journal of Recent Advances in Engineering & Technology (IJRAET)

_______________________________________________________________________________________________

Ensuring Security in Cloud with Multi-Level IDS and Log Management System

1Prema Jain, 2Ashwin Kumar

PG Scholar, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka1, Assistant Professor, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka 2

Email: 1[email protected], 2[email protected] Abstract— Cloud computing systems provide services to so

many people who are not proven to be trustworthy. Due to their distributed nature, cloud computing environment are easy targets for intruders. There are various issues that need to be dealt with respect to security and performance in a cloud computing scenario. A common issue is intrusion detection systems management of large loads of data. There needs to be a strong balance between IDS security level and system performance. If the IDS provide stronger security service using more rules or patterns, then it needs much more computing resources in proportion to the strength of security. So the amount of resources allocating for customers decreases. Another issue in Cloud Computing is that, huge amount of logs makes system administrators hard to analyze them. To counter these kinds of issues, a multi-level intrusion detection system is proposed. The proposed system could detect various types of attacks and provide suitable level of security by examining attacker data record observed in processes on the virtual machine.

Intrusion Detection System is a security layer over cloud server used to detect ongoing intrusive activity in network.

Index Terms— Cloud Computing, Intrusion Detection System, multi-level IDS, Trusted Third Party.

I. INTRODUCTION

Cloud computing is a collection of all sources to enable resource sharing in terms of scalable infrastructures, middleware and application development platforms, and value-added business applications. In past three decades, the world of computation has changed from centralized (client-server not web-based) to distributed systems and now we are getting back to the virtual centralization (Cloud Computing). But security in cloud computing environment is of major concern. Intrusion Detection Systems (IDSs) are amongst the main tools for providing security in networks, cloud and grid [1].

Traditional IDSs are not efficient enough to handle large data flow. A common issue is intrusion detection systems management of large loads of data. There needs to be a strong balance between IDS security level and system

performance. Due to the large data sets, IDS require a huge amount of memory and CPU usage [2].

Another important problem is log management. Cloud Computing systems are used by many people, therefore, they generate huge amount of logs. So, system administrators should decide to which log should be analyzed first.

In this paper, we propose Multi-level IDS and log management method based on consumer behavior for applying IDS effectively to Cloud Computing system.

The rest of the paper is organized as follows. In Chapter II we describe relationship between Cloud Model to the Security Control & Compliance Model. In chapter III, we describe our proposal method and its implementation.

Finally, we conclude the paper in chapter in Chapter IV.

II. CLOUD MODEL, SECURITY CONTROL

& COMPLIANCE MODEL

A. Cloud model

In cloud environments, multiple parties’ data and services may exist on a single physical platform running virtual services for its customers [3]. This creates several problems for security, compliance and audit, including:

 Limited ability to control data and applications

 Limited knowledge and no visibility into the degree of segmentation and security controls between those collocated virtual resources

 Audit and control of data in the public cloud with no visibility into the provider’s systems and controls Even in a private cloud that is privately managed, multi-tenancy is enacted at many layers, including storage, application, database, operating platform and hypervisor-based infrastructure. In other words, shared hosts, data centers and networks can potentially exist

(2)

between the same and different organizations or internal business units. As such, it is critical that network segmentation is created securely with the ability to monitor any anomalies that may occur across virtual network boundaries.

B. Security control Model

As such, the differences in methods and responsibility for securing the three cloud service models mean that consumers of cloud services are faced with a challenging endeavor. Unless cloud providers can readily disclose their security controls and the extent to which they are implemented to the consumer and the consumer knows which controls are needed to maintain the security of their information, there is tremendous potential for misguided decisions and detrimental outcomes.

This is critical. First one classifies a cloud service against the cloud architecture model. Then it is possible to map its security architecture; as well as business, regulatory, and other compliance

Figure 1 - Mapping the Cloud Model to the Security Control & Compliance Model

requirements against it as a gap-analysis exercise. The result determines the general ―security‖ posture of a service and how it relates to an asset’s assurance and protection requirements [4].

The figure 1 shows an example of how a cloud service mapping can be compared against a catalogue of compensating controls to determine which controls exist and which do not — as provided by the consumer, the cloud service provider, or a third party. This can in turn be compared to a compliance framework or set of requirements, as shown in figure 1.

C. Compliance Model (Intrusion detection system) Intrusion detection systems (IDS) are an essential component of defensive measures protecting computer systems and network against harm abuse [5]. It becomes crucial part in the Cloud computing environment. The main aim of IDS is to detect computer attacks and provide the proper response [6]. An IDS is defined as the technique that is used to detect and respond to intrusion

activities from malicious host or network [7]. There are mainly two categories of IDSs, which are listed in Table 1.

Once an intrusion has been detected, IDS issues alerts notifying administrators of this fact. The next step is undertaken either by the administrators or the IDS itself, by taking advantage of additional countermeasures (specific block functions to terminate sessions, backup systems, routing connections to a system trap, legal infrastructure etc.) – following the organization’s security policy (Figure 2). An IDS is an element of the security policy. Among various IDS tasks, intruder identification is one of the fundamental ones. It can be useful in the forensic research of incidents and installing appropriate patches to enable the detection of future attack attempts targeted on specific persons or resources.

III. PROPOSED SYSTEM AND ITS IMPLEMENTATION

In this section we describe architecture of multi-level intrusion detection system, log management system and implementation details of proposed system.

A. Description of Proposed Architecture

Reducing the number of resources required for IDS implementation and enhancing security are main concern so a new system based on multilevel concept is proposed which deals with effective use of system of resources. The proposed system binds user in different security groups based on degree of anomaly called anomaly level. Our proposal architecture is as shown in figure 3.

It consists of AAA module which is responsible for authentication, authorization and accounting. When user tries to access the cloud the AAA checks the authentication of the user and based on it, it gets the recently updated anomaly level.

Table 1: Types of IDS

Figure 2: Intrusion Detection System (IDS) Infrastructure

(3)

Figure 3: Multilevel Proposed Model

After that, AAA chooses suitable IDS which have the security level correspondent to the user’s anomaly level.

Security is divided into three levels viz. high, medium and low. High Level applies patterns of all known attacks and a portion of anomaly detection when it needs for providing strong security service. Medium Level applies patterns of known attacks to rules providing strong security service. Low Level has flexible resource management and applies patterns of chosen malicious attacks that can occur at high frequency which affect more fatally [8].

Multi-level IDS defines the anomaly behaviors by risk level policy. The risk levels assign risk points in proportion to risk of anomaly behavior. With example of login failure, the criteria of behaviors for judging that some traffic is anomaly are described in table 2. The criteria of anomaly level for deciding security group with risk point is shown in table 3.

In Multi-level IDS scheme, an IDS consumes more resource when providing higher level security, because higher level security applies more rules than lower level.

On the other hand, if an IDS provides lower level security policy, then the amount of resource usage is decreased although the detecting power of attacks also drops. The assignment of VM to a user is determined in accordance with security level.

Cloud Computing system deploys each VM to one of three security group. When a user is assigned a VM by the system first time, there is no data for determining which security level of IDS is suitable for the user, so a high-level IDS should be assigned to the user. Since first provisioning, the decision of which VM is to be assigned to the user may change according to anomaly level of the user, and a migration may occur. Migration is a technique to move VM to other VM space[9]. In the case of existing users, they are judged by previous personal usage history, and assigned VMs with the security level derived by the judgment.

Table 2: Assessment of Anomalous

Table 3: Criteria of Anomaly Level

B. Log management system

So many people would use Cloud Computing service, so the huge logs arise from transaction between systems, user information update, and mass data processing and so on.

Therefore, it is very difficult to analyze using the logs in emergency.

Log generation and storage can be complicated by several factors, including:

• A high number of log sources

• Inconsistent log content

• Lack of structure among generated logs

• Formats

• Timestamps among sources

• Increasingly large volumes of data

• Not calculating the proper events per second (EPS)

• and losing logs due to saturation.

To make analyzing log better, we propose the method that divides log priority according to security level. The auditing priority of the logs is also decided by the anomaly level of users. It means the logs generated by user who have most high anomaly level are audited with top priority. On the other hand, logs of low-level users are audited at last. So our method can efficiently cope with potential attacks from the relatively more dangerous users than others.

C. Implementation details

Intrusion detection systems (IDSs) are one of the most popular devices for protecting cloud computing systems from various types of attack [8]. IDS can observe the traffic from each virtual machine (VM) and generate alert logs and can manage cloud computing globally. Since cloud infrastructures have enormous network traffic, traditional IDSs are not efficient enough to handle such a substantial data flow. A common issue is intrusion detection systems management of large loads of data.

There needs to be a strong balance between IDS security level and system performance. Multi-level IDS method leads to effective resource usage by applying

(4)

differentiated level of security strength to users based on the degree of anomaly. Flow of the proposed system is as shown in figure 4.

Figure 4: Flowchart for Proposed Model

Figure 5: User module in which user can upload, download files

There are 3 modules which are implemented in multi-level Intrusion detection system: user module, Trusted third party (TPA) module and cloud provider (CSP) module.

In user module, the user sends the request to the server.

Based on the request, CSP provides the permission to download or upload the corresponding file to the user which is shown in figure 5. Before this process, the user authorization step is involved. In the server side, it checks the user name and its password for security process. If it is satisfied and then received the queries form the client and provide the corresponding functionalities. If the server finds the intruder means, it set the alternative path to those intruders.

In TPA module, an optional TPA, who has expertise and capabilities that users may not have, is trusted to assess and expose risk of cloud storage services on behalf of the users upon request. Users should be equipped with security means so that they can make continuous correctness assurance of their stored data even without the existence of local copies. In case that user does not necessarily have the time, feasibility or resources to monitor their data, they can delegate the tasks to an optional trusted TPA of their respective choices as shown in figure 6. In our model, we assume that the point-to-point communication channels between each cloud server and the user is authenticated and reliable, which can be achieved in practice with little overhead.

Figure 6: TPA module with capability of verifying the user data on behalf of the users upon request.

Figure 7: CSP module with detailed description of intruder

(5)

CSP module is the important part of proposed system because major functions of intrusion detection can be carried out in current module. Users store their data through a CSP into a set of cloud servers, which are running in a simultaneous, the user interacts with the cloud servers via CSP to access or retrieve his data. One of the key issues is to effectively detect any unauthorized data modification and corruption, possibly due to server compromise and/or random Byzantine failures. Besides, in the distributed case when such inconsistencies are successfully detected, to find such intruders is also of great significance. When a user access Cloud computing system first time, Multi-level IDS judges anomaly level of user using following matters: the user’s IP coverage, vulnerable ports to attack, the number of ID/PW failure, and so on. The most important element for estimating anomaly level is how fatal it is. The rest of judgment criteria are possibility to attack success, possibility to attack occurrence, and so on [10]. Based on degree of anomaly, bind the users into corresponding security group. In this system divide security level into three, such as High, Medium and Low for effective IDS construction.

The risk points for user anomaly level are decided by Cloud Service Provider. If the user belongs to low security level then CSP will send a sms to user. If the user belongs to middle security level then the user get a warning from CSP. In case the user belongs to high security level then that particular user is considered as a most dangerous intruder and such user will be blocked by CSP. In figure 7 shows that user anomaly level is 3 and belongs to medium security level group.

IV. CONCLUSION

Multi-level IDS and log management method is based on consumer behavior for applying IDS effectively to the cloud system. They assign a risk level to user behavior based on analysis of their behavior over time. By applying differentiated levels of security strength to users based on the degree of anomaly increases the effective usage of resources. Their method proposes the classification of generated logs by anomaly level. This is so that the system administrator analyses logs of the most suspected users first. Also the data traffic in the cloud is minimized and security is enhanced.

REFERENCES

[1] Introduction to Cloud Computing white paper Dialogic, 2010.

[2] Roberto Di Pietro and Luigi V .Mancini, Intrusion Detection Systems, Springer, Jan 2008.

[3] Thoran Rodrigues, "Cloud Security: Technology, Processes, Responsibility", The Enterprise Cloud, May 29,2012.

[4] Security Guidance for Critical Areas of Focus in

Cloud Computing,

http://www.cloudsecurityalliance.org/guidance/cs aguide.v2.1.pdf

[5] J. Mchugh, A. Christie, and J. Allen, ―Defending Yourself: The Role of Intrusion Detection Systems‖, IEEE Software, Volume 17, Issue 5, Sep.-Oct., pp. 42-51, 2000.

[6] K. V. S. N. R. Rao, A. Pal, and M. R. Patra, ―A Service Oriented Architectural Design for Building Intrusion Detection Systems‖, International Journal of Recent Trends in Engineering, vol. 1, no. 2, pp. 11-14, 2009.

[7] U. Thakar, ―HoneyAnalyzer – Analysis and Extraction of Intrusion Detection Patterns &

Signatures Using Honeypot‖, The second International Conference on Innovations in Information Technology, Dubai, UAE September 26-28, 2005.

[8] T. Kropp, ―System threats and vulnerabilities [power system protection],‖ IEEE Power and Energy Magazine, vol. 4, no. 2, pp. 46– 50, 2006.

[9] Kento S, Hitoshi. S, Satoshi. M, ―A Model-based Algorithm for Optimizing I/O Intensive Applications in Clouds using VM-Based Migration‖, 9th IEEE/ACM International Symposium, Cluster Computing and Grid, 2009.

[10] Wikipedia, http:// en.wikipedia.org/ wiki/

Cloud_computing



Referensi

Unduh sekarang ( PDF - 5 Halaman - 451.24 KB )

Dokumen terkait

DSpace at Chattogram Veterinary and Animal Sciences University: The study was undertaken on five thousand Hisex Brown parent stock layer breeders at Mirsarai Poultry Farm and Hatchery for a period from 02/03/2012 to 30/03/2012 to observe housing, feeding, breeding, lighting, and disease control practices of Hisex Brown birds with a view to observe production performance of the parent breeder stock under controlled housing system.The production performance was compared at 6 to 7 months of laying period under slat system in controlled house. The selected farm supplied average 25.4gm,61.5gm and 113.38gm for starter(0-5wks),grower(6-17wks) and layer(18-50wks) for a day and the average body weight gain was 248.2,1171.67gm and 2145.21gm respectively for female.The average hen house egg production (24th-50th week)was 85.03%.The peak production achieved at 26th of age and the value is 90% which constant 32 weeks age .The peak production was 26-32 weeks of age (Average 90.57%).Average hatchability (24th-50th) was 84.78% which is efficient.The highest Hatching percentage was recoded at 42,43 and 44th weeks that was 90.62%,91.60% and 91.04% respectively.The management system was controlled properly by proper feed supplement,vaccination, fumigation, ventilation, bio-security and hygienic management regularly.

ABSTRACT This study was carried out to know the overall management practices and to identify the problems of rearing Black Bengal Goats in some selected areas of Chittagong District

DSpace at Chattogram Veterinary and Animal Sciences University: The study was undertaken on five thousand Hisex Brown parent stock layer breeders at Mirsarai Poultry Farm and Hatchery for a period from 02/03/2012 to 30/03/2012 to observe housing, feeding, breeding, lighting, and disease control practices of Hisex Brown birds with a view to observe production performance of the parent breeder stock under controlled housing system.The production performance was compared at 6 to 7 months of laying period under slat system in controlled house. The selected farm supplied average 25.4gm,61.5gm and 113.38gm for starter(0-5wks),grower(6-17wks) and layer(18-50wks) for a day and the average body weight gain was 248.2,1171.67gm and 2145.21gm respectively for female.The average hen house egg production (24th-50th week)was 85.03%.The peak production achieved at 26th of age and the value is 90% which constant 32 weeks age .The peak production was 26-32 weeks of age (Average 90.57%).Average hatchability (24th-50th) was 84.78% which is efficient.The highest Hatching percentage was recoded at 42,43 and 44th weeks that was 90.62%,91.60% and 91.04% respectively.The management system was controlled properly by proper feed supplement,vaccination, fumigation, ventilation, bio-security and hygienic management regularly.

Study on Management Practices and Problem confrontations of Black Bengal Goats at Rural Areas in Some selected Areas of Chittagong District A Production Report by Kallol Barua

DSpace at Chattogram Veterinary and Animal Sciences University: The study was undertaken on five thousand Hisex Brown parent stock layer breeders at Mirsarai Poultry Farm and Hatchery for a period from 02/03/2012 to 30/03/2012 to observe housing, feeding, breeding, lighting, and disease control practices of Hisex Brown birds with a view to observe production performance of the parent breeder stock under controlled housing system.The production performance was compared at 6 to 7 months of laying period under slat system in controlled house. The selected farm supplied average 25.4gm,61.5gm and 113.38gm for starter(0-5wks),grower(6-17wks) and layer(18-50wks) for a day and the average body weight gain was 248.2,1171.67gm and 2145.21gm respectively for female.The average hen house egg production (24th-50th week)was 85.03%.The peak production achieved at 26th of age and the value is 90% which constant 32 weeks age .The peak production was 26-32 weeks of age (Average 90.57%).Average hatchability (24th-50th) was 84.78% which is efficient.The highest Hatching percentage was recoded at 42,43 and 44th weeks that was 90.62%,91.60% and 91.04% respectively.The management system was controlled properly by proper feed supplement,vaccination, fumigation, ventilation, bio-security and hygienic management regularly.

% Improved HYV Fodder Production by NGO at Road sides & Fellow land 40 80.00 Prevention of diseases 44 88.00 Ensuring adequate veterinary services and health care facilities 41