A Cooperative and Hybrid Network Intrusion Detection Framework in Cloud Computing Based on Snort and Optimized Back Propagation Neural Network

被引：27

作者：

Chiba, Z. ^{[1
]}

Abghour, N. ^{[1
]}

Moussaid, K. ^{[1
]}

El Omri, A. ^{[1
]}

Rida, M. ^{[1
]}

机构：

[1] Hassan II Univ Casablanca, Team Modeling & Optimizat Mobile Serv, Fac Sci, Casablanca 20100, Morocco

来源：

7TH INTERNATIONAL CONFERENCE ON AMBIENT SYSTEMS, NETWORKS AND TECHNOLOGIES (ANT 2016) / THE 6TH INTERNATIONAL CONFERENCE ON SUSTAINABLE ENERGY INFORMATION TECHNOLOGY (SEIT-2016) / AFFILIATED WORKSHOPS | 2016年 / 83卷

关键词：

Cloud computing; Network intrusion detection; Back-propagation neural network; Snort; Optimization algorithm;

D O I：

10.1016/j.procs.2016.04.249

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Cloud computing provides a framework for supporting end users easily attaching powerful services and applications through Internet. To give secure and reliable services in cloud computing environment is an important issue. Providing security requires more than user authentication with passwords or digital certificates and confidentiality in data transmission, because it is vulnerable and prone to network intrusions that affect confidentiality, availability and integrity of Cloud resources and offered services. To detect DoS attack and other network level malicious activities in Cloud, use of only traditional firewall is not an efficient solution. In this paper, we propose a cooperative and hybrid network intrusion detection system (CH-NIDS) to detect network attacks in the Cloud environment by monitoring network traffic, while maintaining performance and service quality. In our NIDS framework, we use Snort as a signature based detection to detect known attacks, while for detecting network anomaly, we use Back-Propagation Neural network (BPN). By applying snort prior to the BPN classifier, BPN has to detect only unknown attacks. So, detection time is reduced. To solve the problem of slow convergence of BPN and being easy to fall into local optimum, we propose to optimize the parameters of it by using an optimization algorithm in order to ensure high detection rate, high accuracy, low false positives and low false negatives with affordable computational cost. In addition, in this framework, the IDSs operate in cooperative way to oppose the DoS and DDoS attacks by sharing alerts stored in central log. In this way, unknown attacks that were detected by any IDS can easily be detected by others IDSs. This also helps to reduce computational cost for detecting intrusions at others IDS, and improve detection rate in overall the Cloud environment. (C) 2016 The Authors. Published by Elsevier B.V.

引用

页码：1200 / 1206

页数：7

共 19 条

[1]

ALSHDAIFAT B, 2015, J INFORM SECURITY RE, V6, P49

[2]

[Anonymous], 2014, INT J ENG RES TECHNO

[3]

[Anonymous], 2015, INT J SCI ENG TECHNO

[4] Distributed Intrusion Detection in Clouds Using Mobile Agents [J].

Dastjerdi, Amir Vahid ;

Abu Bakar, Kamalrulnizam ;

Tabatabaei, Sayed Gholam Hassan .

2009 THIRD INTERNATIONAL CONFERENCE ON ADVANCED ENGINEERING COMPUTING AND APPLICATIONS IN SCIENCES (ADVCOMP 2009), 2009, :175-+

[5]

Gang Ke, 2014, Applied Mechanics and Materials, V599-601, P726, DOI 10.4028/www.scientific.net/AMM.599-601.726

[6] An Immediate System Call Sequence Based Approach for Detecting Malicious Program Executions in Cloud Environment [J].

Gupta, Sanchika ;

Kumar, Padam .

WIRELESS PERSONAL COMMUNICATIONS, 2015, 81 (01) :405-425

[7]

JOUINI M, 2014, COMP INT SEC CIS 201, P689

[8]

Lo C.C., 2012, 39 IEEE INT C PAR PR, P280

[9]

Manthira Moorthy S., 2014, INT J ENG TECHNOL IJ, V5, P5023

[10]

Martin L., 2010, CISC VIS NETW IND GL

← 1 2 →