An improved distributed intrusion detection architecture for cloud computing

Abstract

In recent years, cloud computing has provided a framework for dynamic and saleable use of a wide range of services. Despite the advantages of cloud, security is still one of its most challenging issues. Intrusion detection systems, as a common security tool, can be used to increase the level of security in cloud environments. However, some of the inherent features of the cloud, such as being highly distributed, the variety and dynamism of its services, and difference security needs of each user or cloud service has made conventional IDSs inefficient for this environment. In this paper, an efficient architecture for intrusion detection has been proposed for cloud computing. For this purpose, we classify services, in terms of their security requirements, into groups of services with similar security constraints. This way the intrusion detection process can be customized according to the specific attacks that usually target the services of each group. The proposed architecture has been evaluated using Snort and by customizing it for each cloud service security requirement. Simulations indicate that the proposed architecture has been able to decrease the total time of traffic analysis against attacks by 17.5 % on average, while having the same detection rate and not losing the accuracy.