Performance analysis of intrusion detection systems in cloud-based systems

Abstract

Cloud computing services are widely used nowadays and need to be more secured for an effective exploitation by the users. One of the most challenging issues in these environments is the security of the hosted data. Many cloud computing providers offer web applications for their clients, this is why the most handling attacks in cloud computing are Distributed Denial of Service (DDoS). In this paper, we provide a comparative performance analysis of intrusion detection systems (IDSs) in a real world lab. The aim is to provide an up to date study for researchers and practitioners to understand the issues related to intrusion detection and to deal with DDoS attacks. This analysis includes intrusion detection rates, time running, etc. In the experiments, we configured a cloud platform using OpenStack and an IDS monitoring the whole network traffic of the web server configured. The results show that Suricata drops fewer packets than Bro and Snort successively when a DDoS attack is happening and detect more malicious packets.