Cloud security is one of most important issues that
need a lot of research and development effort in past few years.
Particularly, attackers can find out the vulnerabilities of a cloud
system and compromise virtual machines to deploy further
large-scale Distributed Denial-of-Service (DDoS). DDoS attacks
usually involve early stage actions such as multi-step
xploitation, low frequency vulnerability scanning, and
compromising identified vulnerable virtual machines as zombies,
and finally DDoS attacks can be takes place through the
compromised zombies. Within the cloud system, especially the
Infrastructure-as-a-Service (IaaS) clouds, the detection of
zombie exploration attacks is extremely difficult. This is
because cloud users may install vulnerable applications on their
virtual machines. To prevent vulnerable virtual machines from
being compromised in the cloud, we propose a multi-phase
distributed vulnerability detection, measurement, and
countermeasure selection mechanism called NICE, which
provides reconfigurable virtual network-based countermeasures.
The system and security evaluations demonstrate the efficiency
and effectiveness of the proposed solution.
Mandar M. Mahadeokar : received the B.E. degree in Computer
Engineering from A.I.S.S.M.S.COE,Pune, INDIA in 2013 and
perusing M.E. degree in Computer Engineering from S.A.O.E ,
Pune
Suresh B.Rathod : received the B.E. degree in Computer
Engineering from T.COE,Tulajapur INDIA in 2007 and M.E. degree
in Computer Engineering from S.C.O.E, Pune in 2012.He is
currently working asa Assistant Professor in S.A.O.E,Pune.
Network Security
Cloud Computing
Cloud Computing
Zombie Detection
NICE, proposed to detect and identify collaborative
attacks in the cloud virtual environment. NICE conduct
attack detection and prediction. It only investigates
network IDS approach to detect/find out zombie
explorative attacks. In order to improve the detection
accuracy, host-based IDS solutions are needed to be
consider which cover the whole spectrum of IDS in the
cloud system. And also existing system does not provide
any mechanism for attack prevention, so this drawback is
overcome in proposed system.
[1] O.Database, “Open source vulnerability database
(OVSDB),” http://osvdb.org/. 2012.
[2] Chun-Jen Chung, Student Member, IEEE, Pankaj
Khatkar, Student Member, IEEE, Tianyi Xing,
Jeongkeun Lee, Member, IEEE, and Dijiang Huang
Senior Member, IEEE "NICE: Network Intrusion
Detection and Countermeasure Selection in Virtual
Network Systems", IEEE, Vol. 10, No. 4, Year
2013.
[3] G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W.
Lee, “BotHunter:detecting malware infection through
IDS-driven dialog correlation,” Proc. of 16th
USENIX Security Symp. (SS ’07), pp.12:1–12:16, Aug.
2007.
