Title: Intrusion detection in federated clouds

Authors: Massimo Ficco; Luca Tasquier; Rocco Aversa

Addresses: Department of Industrial and Information Engineering, Second University of Naples, Via Roma 29, I-81031 Aversa (CE), Italy ' Department of Industrial and Information Engineering, Second University of Naples, Via Roma 29, I-81031 Aversa (CE), Italy ' Department of Industrial and Information Engineering, Second University of Naples, Via Roma 29, I-81031 Aversa (CE), Italy

Abstract: In order to overcome the provisioning and scalability limits of a single cloud, cloud federation appears as the computing model in which multiple resources from independent cloud providers can be shared to create large-scale distributed virtual clusters. On the other hand, these complex architectures become an attractive target for distributed denial of service (DDoS) attacks. Although federated cloud environments have large amount of resources and profound dynamic allocation capability, which can be used to face DDoS attacks, they are however vulnerable to attacks that aim at compromising the service level agreements. In this paper, we investigate the key research topics for supporting distributed intrusion detection in a federated cloud environment. We propose a scalable intrusion detection solution, which can be used by cloud providers to protect the federated cloud infrastructure, as well as offered to the cloud service providers to monitor the hosted applications. We present a multi-layer architecture, which exploits a publish/subscribe middleware to collect and share security information in the federated cloud infrastructure. Moreover, we present an open-source framework, which provides features and interfaces to develop and deploy security components, as well as to define customised event correlation rules used to detect possible inter-cloud attacks.

Keywords: cloud federation; distributed DOS; denial of service; DDoS attacks; intrusion detection; event correlation; Bayesian networks; federated clouds; cloud computing; service level agreements; SLAs; publish/subscribe middleware; cloud security; open source; inter-cloud attacks.

DOI: 10.1504/IJCSE.2016.078929

International Journal of Computational Science and Engineering, 2016 Vol.13 No.3, pp.219 - 232

Received: 02 Mar 2014
Accepted: 21 May 2014

Published online: 24 Aug 2016 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article