Attack Prediction Models for Cloud Intrusion Detection Systems

In spite of the functional and economic benefits of the cloud-computing systems, they also expose entirely several attacks. Most of the current cloud security technologies do not provide early warnings about such attacks. The early warnings give the cloud administrator or the auto response controller ample time to take preventive measures. This paper discusses our three prediction models that are integrated to our Autonomic Cloud Intrusion Detection Framework (ACIDF) namely, The Finite State Hidden Markov prediction model (FSHMPM), The Finite Context Prediction Model (FCPM) that uses a Variable Order Markov Model (VMM) with a Probabilistic Suffix Tree (PST), and HoltWinter Prediction Model (HWPM). We compare these models and highlight the pros and cons of each one. The prediction models were evaluated against DARPA 2000 dataset. The FSHMPM has successfully fired the early warnings 39.6 minutes before the launching of the LLDDoS1.0 attack. The FCPM has successfully fired the early warnings 58.98 minutes before the launching of the same attack. The HWPM has an error rate of 42.07% for HTTP flow forecast and 44.02% for FTP one.