cl-CIDPS: A Cloud Computing Based Cooperative Intrusion Detection and Prevention System Framework

Cloud Computing is one of today's most promising technologies due to its cost-efficiency, flexibility and scalability for computing processes. However, the complex architecture of cloud infrastructure and the different levels of users lead to special requirements especially in security area. The Cloud provider is responsible for providing secure, reliable and trustful services to its consumers. Network intrusion detection system and network intrusion prevention system (IDPS), is a pioneer active security-defensive mechanism that is ideal to be used in cloud computing. Collaborative or cooperative IDS had been a hot topic for the last few years. However, there were some limitations in previous techniques indicating that they are not sufficient to cover all security threats in clouds. The main objective is to propose a cloud based cooperative intrusion detection and prevention system (cl-CIDPS). The system adds several contributions to the area of IDPS in clouds by proposing an integrated design that considers detection, prevention and logging capabilities applying both signature and anomaly detection mechanisms. cl-CIDPS was evaluated using a powerful network security simulator tool (Nessi2) that is capable of testing detection units and communication schemas. NeSSi2 was extended for a cloud based IDPS presenting a valuable simulation background that can be used by future researches to evaluate similar proposed techniques for cloud computing infrastructure.