A cooperative and hybrid network intrusion detection framework in cloud computing based on snort and optimized back propagation neural network

Z Chiba, N Abghour, K Moussaid, M Rida - Procedia Computer Science, 2016 - Elsevier
Procedia Computer Science, 2016Elsevier
Cloud computing provides a framework for supporting end users easily attaching powerful
services and applications through Internet. To give secure and reliable services in cloud
computing environment is an important issue. Providing security requires more than user
authentication with passwords or digital certificates and confidentiality in data transmission,
because it is vulnerable and prone to network intrusions that affect confidentiality, availability
and integrity of Cloud resources and offered services. To detect DoS attack and other …
Abstract
Cloud computing provides a framework for supporting end users easily attaching powerful services and applications through Internet. To give secure and reliable services in cloud computing environment is an important issue. Providing security requires more than user authentication with passwords or digital certificates and confidentiality in data transmission, because it is vulnerable and prone to network intrusions that affect confidentiality, availability and integrity of Cloud resources and offered services. To detect DoS attack and other network level malicious activities in Cloud, use of only traditional firewall is not an efficient solution. In this paper, we propose a cooperative and hybrid network intrusion detection system (CH-NIDS) to detect network attacks in the Cloud environment by monitoring network traffic, while maintaining performance and service quality. In our NIDS framework, we use Snort as a signature based detection to detect known attacks, while for detecting network anomaly, we use Back-Propagation Neural network (BPN). By applying snort prior to the BPN classifier, BPN has to detect only unknown attacks. So, detection time is reduced. To solve the problem of slow convergence of BPN and being easy to fall into local optimum, we propose to optimize the parameters of it by using an optimization algorithm in order to ensure high detection rate, high accuracy, low false positives and low false negatives with affordable computational cost. In addition, in this framework, the IDSs operate in cooperative way to oppose the DoS and DDoS attacks by sharing alerts stored in central log. In this way, unknown attacks that were detected by any IDS can easily be detected by others IDSs. This also helps to reduce computational cost for detecting intrusions at others IDS, and improve detection rate in overall the Cloud environment.
Elsevier
以上显示的是最相近的搜索结果。 查看全部搜索结果