Cloud computing is a computer model that tries
to facilitate the users’ access based on their request for the
information and computing sources. In recent years, making
the cloud against the attacks has become significantly
important. One of the security methods is the use of intrusion
detection systems. In these systems, when a suspicious event
that represents an abuse occurs, warning are made to inform
the production system managers. Source sharing is the most
important part in cloud computing. Therefore, nowadays,
cloud providers use the virtualization technology to share the
sources, which is available in two levels including virtual
machine and hypervisor. In the infrastructure, the cloud
virtual machines are shared with other organizations virtual
machines as the service. In this paper, it is tried to use the
virtualization properties in the hypervisor level and improve
the IDS in the infrastructure layer of cloud computing. In
fact, genetic algorithm is used to improve IDS.
Published In : IJCAT Journal Volume 2, Issue 9
Date of Publication : September 2015
Pages : 348 - 355
Figures :07
Tables : 01
Publication Link :Improving False Negative Rate in Hypervisor-
Based Intrusion Detection in IaaS Cloud
Shabnam Kazemi : received the
MSc degree in computer
engineering from Azad University,
International Branch, Kish, IRAN,
in 2015. His current research
interests are in the areas of
communication and networking,
and Information Technology.
Vahe Aghazarian : received the
MSc and Ph.D. degrees in
computer engineering from Azad
University, Sciences and Research
Branch, Tehran, IRAN, in 2002,
and 2007. He obtained the top
student awards in MSc and Ph.D.
courses. He is currently an
assistant professor in the
Department of Computer Science,
Azad University, Central Branch,
Tehran, IRAN. In 2008, Dr. Vahe
Aghazarian won top researcher
award in Azad University, Central Tehran Branch. His current
research interests are in the areas of communication and
networking, Internet QoS, Microprocessors, and Information
Technology.
Alireza Hedayati : Completed his
B.S., M.S. and Ph.D., studies in
Computer Engineering in Iran, dated
2000, 2004, and 2011, respectively.
He joined the Faculty of Computer
Engineering Department at Islamic
Azad University (Central Tehran
Branch) in 2005. His research
interests include Mobile value added
services, Next generation networks,
Network Management.
Cloud Computing
Intrusion Detection System
Virtualization
Genetic Algorithm
Hypervisor-Based
Intrusion
Iaas
In proposed system we use signature based and genetic
based techniques for intrusion detection. It takes the
advantages of both of two techniques. Cloud intrusion
detection datasets are able to detect cloud attacks. Cloud
based IDS were able to detect 94% of Random sets of
cloud attacks. By adding background traffic retrieved from
darpa, IDS was able to detect the same percentage of
attacks and no false positive alarm is raised while filtering
background traffic. The false negative rate in this system is
very low and near it ideal system.
[1] S. INSTITUTE, “Understanding Intrusion Detection
System”, SANS INTITUTE INFO SECTION
READING ROOM, 2001.
[2] A. Zarrabi, “Internet Intrusion Detection System Service
in a Cloud”, IJCSI International Journal of
Computer Science, 2012, vol. 9, no. 5.
[3] C. Lawrence, “Intrusion Prevention Systems: The
Future of Intrusion Detection”, in Intrusion Prevention
Systems: The Future of Intrusion Detection, Auckland,
2004.
[4] Office of Privacy Commissioner Of CANADA,
“www.priv.gc.ca, ” Introduction to Cloud Computing.
[Online]. (accessed in Nov 18, 2014)
[5] M. Boniface, B. Nasser, J. Papay and S. C. Phillips,
“Platform-as-a-Service Architecture for Real-Time Quality of Service Management in Clouds”, in Internet
and Web Applications and Services (ICIW), 2010 Fifth
International Conference on, Barcelona.
[6] A. Ziarati, “A multilevel evolutionary algorithm for
optimizing nu-merical functions”, IJIEC, 2011, vol. 2.
[7] Hisham A. Kholidy, Fabrizio Baiardi. A cloud
intrusion detection dataset for cloud computing
and masquerade attacks, new generations, in proc.
Ninth International Conference on Information
Technology- New Generations, 2012, pp. 397-402.
[8] A.bakshi, and B.Yogesh. ,“Securing Cloud from
DDOS Attacks Using Intrusion Detection System in
Virtual Machine”, in proc. Second International
Conference on Communication Software and
Networks, 2010, pp. 260-264.
[9] H. Li, and D. Liu. “Research on Intelligent Intrusion
Prevention System Based on Snort, in proc.
International Conference on Computer, Mechatronics,
Control and Electronic Engineering (CMCE), 2010
,vol. 1, pp. 251-253.
[10] DARPA: , MIT Lincoln Laboratory, DARPA datasets,
MIT,USA,
http://www.ll.mit.edu/mission/communications/ist/corp
ora/ideval/data/index.html (accessed in August 29,
2014).
[11] (2010), Symantec [online], Available :
http://www.symantec.com/connect/articles/strategiesreduce-
false-positives-false-negativesnids.
[12] P.Mell, and T.Grance, 2011, “ The NIST Definition of
Cloud Computing”, NIST Special Publication 800-145
(SP800-145), National Institute of Standards and
Technology.
[13] Roschke S., Feng C.,Meinel C. 2009,
“Intrusion Detection in the Cloud”, Eight IEEE
international conference on Dependable, Autonomic
and Secure Computing, pp. 729-734.
[14] Roschke S., Feng C.,Meinel C. 2009,
“Intrusion Detection in the Cloud”, Eight IEEE
international conference on Dependable, Autonomic
and Secure Computing, pp. 729-734.
[15] Modi C, et al. 2012, “A survey of intrusion detection
techniques in Cloud”, Journal of Network and
Computer Applications,
http://dx.doi.org/10.1016/j.jnca.2012.05.003
[16] Debar, H., Curry, D., Feinstein, B.: “ The
Intrusion Detection Message Exchange Format”,
Internet Draft Technical Report, IETF Intrusion
Detection Exchange Format Working Group (July
2004).
[17] Dotan Cohen 2007, “What is a Zero-Day
Exploit? ” http://what-iswhat.
com/what_is/zero_day_exploit.html (Accessed 29
April 2013)
[18] Mudzingwa, D.; Agrawal, R. 2012, “A study
of methodologies used in intrusion detection and
prevention systems (IDPS) ”, Proceedings of IEEE
Southeastcon, pp.1-6.
[19] Karen Scarfone and Peter Mell 2007, “Guide to
Intrusion Detection and Prevention Systems (IDPS) ”,
Computer Security Division, Information Technology
Laboratory NIST Gaithersburg.
http://csrc.nist.gov/publications/nistpubs/800-
94/SP800-94.pdf, (Accessed 29 April 2015)
[20] Carlos Gershenson 2003, “Artificial Neural Networks
for Beginners”.
http://arxiv.org/ftp/cs/papers/0308/0308031.pdf
(Accessed 30 April
2013)
[21] Ibrahim LM. 2010, “Anomaly network
intrusion detection system based on distributed timedelay
neural network”, Journal of Engineering
Science and Technology, Vo. 5, Issue: 4, Start page:
457.
[22] Bashah, Idris Bharanidharan Shanmugam, Abdul
Manan ahmed 2005, “hybrid intelligent intrusion
detection system”, proceedings of world academy of
title science, engineering and technology, vol. 6.
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10
.1.1.119.8994
[23] Chi Cheng, Wee Peng Tay and Guang-Bin Huang
2012,“Extreme Learning Machines for Intrusion
Detection”, The 2012 International Joint Conference on
Neural Networks (IJCNN), pp. 1-8.
[24] Roshan Chitrakar and Huang Chuanhe 2012,
“Anomaly Detection using Support Vector Machine
Classification with k-Medoids Clustering”, Third
Asian Himalayas International Conference on Internet
(AH-ICI), pp. 1-5
[25] Noreen Kausar, BrahimBelhaouari
Samir, SuziahBtSulaiman, Iftikhar Ahmad, Muhammad
Hussain 2012, “An Approach towards Intrusion
Detection using PCA Feature Subsets and SVM”,
International Conference on Computer &
Information Science (ICCIS), PP. 569-574.
[26] Dickerson, J.E., Dickerson, J.A. 2000, “Fuzzy
network profiling for intrusion detection”, 19th
International Conference of the North American
Fuzzy Information Processing Society, pp. 301-306.
[27] Dickerson, J.E., Juslin, J., Koukousoula, O.,
Dickerson, J.A. 2001, “Fuzzy intrusion detection”,
IFSA World Congress and 20th NAFIPS
International Conference, 2001. Joint 9th, pp.1506-
1510.
[28] Piyakul Tillapart, Thanachai Thumthawatworn and
Pratit Santiprabhob 2002, “Fuzzy Intrusion Detection
System”, Proc. of 6th World Multiconference on
Systemics, Cybernetics and Informatics, pp. 272-276.
[29] Chavan, S., Shah, K., Dave, N., Mukherjee, S.,
Abraham, A., Sanyal, S. 2004, “Adaptive neuro-fuzzy
intrusion detection systems”, Proceedings of
International Conference on Information Technology:
Coding and Computing, pp. 70- 74.
[30] Hong Han; Xin-Liang Lu; Li-Yong Ren; 2004,
“Using data mining to discover signatures in networkbased
intrusion detection”, Proceedings of International
Conference on Machine Learning and Cybernetics,
pp.13- 17.
[31] Yu-Xin Ding; Hai-Sen Wang; Qing-Wei Liu;
2008,“Intrusion scenarios detection based on data
mining”,International Conference on Machine
Learning and Cybernetics, pp.1293-1297. [32] Hu Zhengbing; Li ZhiTang; Wu Junqi; 2008, “A
Novel Network Intrusion Detection System
(NIDS) Based on Signatures Search of Data
Mining”, First International Workshop on
Knowledge Discovery and Data Mining, pp.10-16.
[33] Tian-rui Li; Wu-ming Pan; 2005, “Intrusion
detection system based on new association rule
mining model”, IEEE International Conference on
Granular Computing, pp. 512- 515.
[34] Lei Li; De-Zhang Yang; Fang-Cheng Shen; 2010,
“A novel rule-based Intrusion Detection System
using data mining”, 3rd IEEE International
Conference on Computer Science and Information
Technology, pp.169-172.
[35] Tanapuch W, J., Machigar O, Y., 2013, “Elitism
Enhancements for Genetic Algorithm based Network
Intrusion Detection System”, Journal of
Convergence Information Technology (ICNC),
International Conference on, pp:31-42.
[36] Wei Li 2004, “Using Genetic Algorithm for
Network Intrusion Detection”, In Proceedings of the
United States Department of Energy Cyber Security
Group Training Conference, pp. 24-27.
[37] Xia, T.; Qu, G.; Hariri, S.; Yousif, M. 2005,
“An efficient network intrusion detection method
based on information theory and genetic
algorithm”, 24th IEEE International Performance,
Computing, and Communications Conference, pp.
11-17.
[38] Wei lu and issa traore 2004, “ detecting new
forms of network intrusion using genetic
programming”, international journal on
computational intelligence, vol. 20, no. 3, pp. 475-
494.
[39] Botha M, Solms R, Perry K, Loubser
E,Yamoyany G. 2002, “ The utilization of
artificial intelligence in a hybrid intrusion
detection system”, In Proceedings of the 2002
annual research conference of the South African
institute of computer scientists and
information technologists on Enablement through
technology, pp.149-155.
[40] Vieira, K.; Schulter, A.; Westphall, C.B.;
Westphall,C.M. 2010, “Intrusion Detection for
Grid and Cloud Computing”, IT Professional,
vol.12, no.4, pp.38-43.
[41] Nikolai, J., Wang, Y., 2014, “Hypervisor-based
Cloud Intrusion Detection System”, Computing,
Networking and Communications (ICNC),
International Conference on, pp:5025-5026.