Implementations of intrusion detection architectures in cloud computing

Abstract

Cloud computing is a paradigm that provides access to compute infrastructure on demand by allowing a customer to use virtual machines (VMs) to solve a given computational problem. Before implementing new applications running on the cloud, it is often useful to estimate the performance/cost of various implementations. In this paper we will compare different scenarios of collaborative intrusion detection systems that we have proposed already in a previous paper. This study is done using CloudAnalyst which is developed to simulate large-scale Cloud applications in order to study the behavior of such applications under various deployment configurations [11]. The simulation is done taking into consideration several parameters such as the data processing time, the response time, user hourly average, the request servicing time, the total data transfer and virtual machines costs. The obtained results are analyzed and compared in order to choose the most efficient implementation in terms of response time and the previous parameters. We will go into the details of the IDS (intrusion detection system) database by performing a statistical analysis of KDD dataset using the Weka tool to extract the most relevant attributes. For that we will briefly survey recent researches and proposals regarding the study and analysis of KDD dataset then we give an overview about the KDD dataset which is wildly used in anomaly detection, we also proceed to the analysis of KDD using Weka by executing a set of algorithms such as CfsSubsetEval and J48 in order to deduct the combinations of attributes that are relevant in the detection of attacks.