Design and Development of an Efficient Alert Summarization Technique for Cloud Environment to Detect Intrusions

Abstract

The recent development of cloud computing has drastically modified everyone’s perception of software delivery, infrastructure architectures and development models. Following the transition from mainframe machines to client/server deployment models, cloud computing incorporate elements from utility computing, grid computing and autonomic computing, into revolutionary deployment architecture. Cloud computing has emerged as a new computing paradigm in which users can access various resources from remote sites using ‘pay-per-service’. This brisk transition regarding the clouds has fuelled concerns on a censorious issue regarding the success of information security, communication and information systems. The open and distributed structure of cloud computing and services has become an appealing target for potential cyber-attacks by intruders. The conventional Intrusion Detection Systems (IDS) are inefficient to be deployed on cloud computing environments because of their openness and specific essence. Traditional IDSs are known for producing large volumes of alerts regardless of all the progress made over the last few years. The dissection of a large number of raw alerts from giant networks is usually labour intensive and time consuming because the relevant alerts are usually buried under the heaps of irrelevant alerts. The work presented in the thesis showcases the development of an efficient alert summarization technique that is embedded in IDS implemented on cloud environment, which filters out the irrelevant alerts depending on various trust factors thus improving the quality of relevant alerts, hence enabling the analyst to focus on important alerts. The proposed prototype has been implemented in real environment and different types of vulnerabilities were examined using the proposed system. Also various parameters for intrusion detection have been observed in real cloud environment.