This document summarizes a research paper that proposes a system to detect Distributed Denial of Service (DDoS) attacks on OpenStack cloud servers using XenServer virtualization and select appropriate countermeasures. The system uses Snort for intrusion detection on target virtual machines. When an attack is detected, algorithms generate an ID and select the most severe alert. Another algorithm then chooses the best countermeasure based on the attack type. The full paper provides details on implementation using tools like XenServer, OpenStack, Snort and Metasploit, as well as descriptions of the proposed detection and countermeasure selection algorithms.
A Network Intrusion Detection System (NIDS) monitors a network for malicious activities or policy violations [1]. The Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on x86 hardware virtualization extensions [2]. We design and implement a back-propagation network intrusion detection system in KVM. Compared to traditional Back Propagation (BP) NIDS, the Particle Swarm Optimization (PSO) algorithm is applied to improve efficiency. The results show an improved system in terms of recall and precision along with missing detection rates.
Security Issues related with cloud computingIJERA Editor
The term CLOUD means Common Location Independent Online Utility on Demand. It‟s an emerging technology in IT industries. Cloud technologies are improving day by day and now it become a need for all small and large scale industries. Companies like Google, Amazon, Microsoft etc. is providing virtualized environment for user by which it omits the need for physical storage and others. But as the advantage of cloud computing is increasing day by day the issues are also threatening the IT industries. These issues related with the security of the data. The basic idea of this review paper is to elaborate the security issues related with cloud computing and what methods are implemented to improve these security. Certain algorithms like RSA, DES, and Ceaser Cipher etc. implemented to improve the security issues. In this paper we have implemented Identity based mRSA algorithm in this paper for improving security of data.
International Journal of Computational Engineering Research (IJCER)ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
OpenStack security is a huge topic. In these slides I presented at the OpenStack Day, I analyzed cloud security the network to the application layer, going through specific layers, some in common between OpenStack itself and the applications.
Cloud Breach - Forensics Audit Planning
The goal of this presentation is to assist IT Risk and Security professionals with adding Cloud computing forensics to their Incident Response team.
It should assist them with understanding the technical ways of capturing forensic data from cloud service providers using security controls that incorporate and integrate logging, chain of evidence, virtualization and cloud security architecture
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
call for paper 2012, hard copy of journal, research paper publishing, where to publish research paper,
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals
This document summarizes various data encryption techniques for securing data in cloud computing. It discusses hybrid encryption algorithms that combine Caesar cipher, RSA, and monoalphabetic substitution. It also describes the DES algorithm and its structure. Finally, it explores identity-based encryption (IBE) where a third party generates public keys based on user identifiers like email addresses. The document concludes that data security is an important issue for cloud computing and more research is still needed to enhance security features using cryptographic techniques.
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
[Case Study] DDoS Attack on DNS using infected IoT Devices @ ACSAC 2015 (The 31st Annual Computer Security Applications Conference 2015), which is one of the most important cyber security conferences in the world and the oldest information security conference held annually
A Network Intrusion Detection System (NIDS) monitors a network for malicious activities or policy violations [1]. The Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on x86 hardware virtualization extensions [2]. We design and implement a back-propagation network intrusion detection system in KVM. Compared to traditional Back Propagation (BP) NIDS, the Particle Swarm Optimization (PSO) algorithm is applied to improve efficiency. The results show an improved system in terms of recall and precision along with missing detection rates.
Security Issues related with cloud computingIJERA Editor
The term CLOUD means Common Location Independent Online Utility on Demand. It‟s an emerging technology in IT industries. Cloud technologies are improving day by day and now it become a need for all small and large scale industries. Companies like Google, Amazon, Microsoft etc. is providing virtualized environment for user by which it omits the need for physical storage and others. But as the advantage of cloud computing is increasing day by day the issues are also threatening the IT industries. These issues related with the security of the data. The basic idea of this review paper is to elaborate the security issues related with cloud computing and what methods are implemented to improve these security. Certain algorithms like RSA, DES, and Ceaser Cipher etc. implemented to improve the security issues. In this paper we have implemented Identity based mRSA algorithm in this paper for improving security of data.
International Journal of Computational Engineering Research (IJCER)ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
OpenStack security is a huge topic. In these slides I presented at the OpenStack Day, I analyzed cloud security the network to the application layer, going through specific layers, some in common between OpenStack itself and the applications.
Cloud Breach - Forensics Audit Planning
The goal of this presentation is to assist IT Risk and Security professionals with adding Cloud computing forensics to their Incident Response team.
It should assist them with understanding the technical ways of capturing forensic data from cloud service providers using security controls that incorporate and integrate logging, chain of evidence, virtualization and cloud security architecture
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
call for paper 2012, hard copy of journal, research paper publishing, where to publish research paper,
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals
This document summarizes various data encryption techniques for securing data in cloud computing. It discusses hybrid encryption algorithms that combine Caesar cipher, RSA, and monoalphabetic substitution. It also describes the DES algorithm and its structure. Finally, it explores identity-based encryption (IBE) where a third party generates public keys based on user identifiers like email addresses. The document concludes that data security is an important issue for cloud computing and more research is still needed to enhance security features using cryptographic techniques.
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
[Case Study] DDoS Attack on DNS using infected IoT Devices @ ACSAC 2015 (The 31st Annual Computer Security Applications Conference 2015), which is one of the most important cyber security conferences in the world and the oldest information security conference held annually
Mobile Ad hoc Network is a collection of wireless mobile nodes forming a network without
using any existing infrastructure. MANET is a collection of mobile nodes along with wireless
transmitter and receiver that with each other via a bi-directional links either directly or indirectly. A
new intrusion detection system named communicates Enhanced Adaptive Acknowledgment
(EAACK) specially designed for MANETs. It is based on the digital signature algorithm (DSA). To
enhance the security in the mobile adhoc networks, we introduce a new approach called Hybrid
cryptography algorithm that provides integrity, confidentiality and authentication. This hybrid
cryptography algorithm is based on two cryptography algorithms such as RSA and AES. Encryption is
achieved by using, RSA algorithm for authentication and symmetric algorithm for the integrity. By
using the symmetric and asymmetric cryptographic algorithm, we can achieve better security and
integrity than the EAACK
This document summarizes a technical report about a framework called Honeyd that allows for the creation of virtual honeypots. Honeyd simulates entire computer systems at the network level by emulating different operating system behaviors and can provide arbitrary routing topologies and services. It is designed to deceive network fingerprinting and mapping tools for security purposes such as detecting attacks and studying adversaries.
A Review Paper on Secure authentication and data sharing in cloud storage usi...ijsrd.com
This document summarizes a research paper on secure authentication and data sharing in cloud storage using a key aggregate cryptosystem. It begins with an abstract that describes using public key cryptography to encrypt data and delegate decryption rights for any subset of ciphertexts with a constant size key. It then provides details on the proposed key aggregate cryptosystem, including an introduction, related work comparing it to other solutions, the system architecture, and sections on key aggregate encryption and a conclusion. The key aggregate cryptosystem allows a master key holder to release an aggregate key that decrypts a flexible set of ciphertexts in cloud storage while keeping other files encrypted.
SECRY - Secure file storage on cloud using hybrid cryptographyALIN BABU
Final project presentation of Final year B.tech CSE Project APJ Abdul Kalam Technological University.
About the project
Cloud computing has now become a major trend, it is a new data hosting technology that is very popular in recent years. In this project, we are developing an web application that can securely store the files to a cloud server. We proposes a system that uses hybrid cryptography technique to securely store the data in cloud. The hybrid approach when deployed in cloud environment makes the remote server more secure and thus, helps the users to fetch more trust of their data in the cloud. For data security and privacy protection issues, the fundamental challenge of separation of sensitive data and access control is fulfilled. Cryptography technique translates original data into unreadable format. This technique uses keys for translate data into unreadable form. So only authorized person can access data from cloud server.
We provide a cloud storage that uses multiple crypotraphic technique which is known by hybrid cryptography. The product provides confidentiality by using security for both upload and download. The data will be secured since we use multi level security techniques and multiple servers for storage.
IRJET- Secure File Storage on Cloud using CryptographyIRJET Journal
This document summarizes a research paper that proposes a secure file storage system on the cloud using cryptography. It discusses how the proposed system would split files into multiple chunks and store them across different cloud servers in an encrypted format to preserve confidentiality, integrity, and availability of data. The document provides background on cloud computing benefits and security challenges. It then describes the proposed system's use of symmetric and asymmetric encryption algorithms like AES, DES, and RC2 to encrypt chunks before storage.
This document provides a quick reference guide for Linux security that includes definitions of common security terms, general security tips, and Linux security resources. It defines terms like buffer overflow, cryptography, denial of service, and port scanning. It offers tips such as using automatic package managers to update software, configuring firewalls and intrusion detection, and enforcing strong password policies. The document also lists various security-related websites, books, and open source tools that can aid in hardening Linux systems.
Secure Cloud Environment Using RSA AlgorithmIRJET Journal
This document discusses using the RSA algorithm to provide security in cloud computing environments. It first provides background on cloud computing and discusses some of the security challenges in cloud environments. It then describes how public key cryptography algorithms like RSA can help address some of these security issues by allowing for secure storage and transmission of data through encryption with public/private key pairs. The document goes on to provide an overview of how the RSA algorithm works, including key generation and the encryption/decryption process. It proposes implementing RSA to provide security for data stored in the cloud.
This summary provides an overview of the key points from the OpenStack security document:
1. OpenStack is an open source cloud computing platform consisting of several interrelated components like Nova, Swift, Keystone, etc. Each component has its own REST API and is responsible for a certain functionality like compute, storage, identity, etc.
2. The document discusses various security aspects and pain points related to different OpenStack components like authentication tokens, message buses, REST APIs, volumes, and intrusion detection.
3. It also covers strategies for incident response, forensics, and reporting vulnerabilities in OpenStack. Maintaining chain of custody for evidence and providing forensic access to tenants are highlighted.
4. Finally, the
IRJET- Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud StorageIRJET Journal
This document proposes a key-aggregate searchable encryption (KASE) scheme to enable scalable and flexible data sharing in cloud storage. KASE allows a data owner to generate a single aggregate encryption key that can be used by authorized users to search over any number of encrypted files, avoiding the need to distribute multiple keys. The scheme consists of seven algorithms for system setup, key generation, encryption, key extraction, trapdoor generation, trapdoor adjustment, and trapdoor testing. It provides a secure and efficient way for flexible data access delegation in cloud storage.
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...IRJET Journal
This document proposes a method for secure data storage and integrity auditing in the cloud using multi-level encryption and data deduplication. The method first checks for duplicate files using hash comparisons and avoids uploading duplicate data to save storage space. It then encrypts data using AES, DES and RSA algorithms sequentially, generating keys each time. The keys are then re-encrypted using AES and stored on separate servers. This multi-level encryption and distribution of encrypted data and keys across servers makes the data more secure. It also enables proof of storage and authentication of authorized users using time-based keys.
Wireless Sensor Network (WSN) has a huge range of applications such as battlefield,surveillance, emergency rescue operation and smart home technology etc. Apart from its inherent constraints such as limited memory and energy resources, when deployed in hostile environmental conditions, the sensor nodes are vulnerable to physical capture and other security constraints. These constraints put security as a major challenge for the researchers in the field of computer networking. This paper reflects various issues and challenges related to security of WSN, its security architecture. The paper also provides a discussion on various security mechanisms deployed in WSN environment to overcome its security threats.
Wireless Sensor Network (WSN) has a huge range of applications such as battlefield,
surveillance, emergency rescue operation and smart home technology etc. Apart from its
inherent constraints such as limited memory and energy resources, when deployed in hostile
environmental conditions, the sensor nodes are vulnerable to physical capture and other
security constraints. These constraints put security as a major challenge for the researchers in
the field of computer networking. This paper reflects various issues and challenges related to
security of WSN, its security architecture. The paper also provides a discussion on various
security mechanisms deployed in WSN environment to overcome its security threats.
IRJET - Reliable and Efficient Revocation and Data Sharing using Identity...IRJET Journal
This document discusses a proposed system for reliable and efficient revocation and data sharing using identity-based encryption over cloud. The system aims to securely store and share data in the cloud while allowing revocation of user access. It proposes using identity-based encryption where a user's public key is generated from unique identity information like their email address, without needing to pre-share keys. When a user's authorization expires, they can be revoked to prevent future access. The system encrypts files with keys generated from user identities before uploading to cloud servers. Authorized users can download and decrypt data, while unauthorized users and servers cannot access plaintext.
International Journal of Computer Science and Security Volume (1) Issue (3)CSCJournals
The document discusses integrating VPN and IDS technologies to improve network security. It proposes configuring a VPN concentrator/firewall to encrypt traffic between remote clients and private networks. An IDS would be placed within the private network to monitor decrypted traffic. Rules would define the IDS monitoring encrypted VPN traffic and taking action on detected threats. The integration aims to address issues like switched and encrypted data evading traditional network IDS, while reducing false alarms through traffic correlation. Configuration rules specify interfaces, address pools, VPN/firewall settings, and IDS login to dynamically update firewall rules.
A Survey on Assured deletion and Access ControlAM Publications
The document summarizes security issues related to assured deletion and access control for outsourced data stored in cloud storage. It discusses Perlman's concept of assured deletion using time-based expiration of files. It also discusses the Vanish system which uses threshold secret sharing to allow self-destructing of data objects after a predefined time period. For access control, it covers Wang's approach using key derivation hierarchies and attribute-based encryption, where ciphertexts are labeled with attributes and user keys are associated with access policies controlling which ciphertexts can be decrypted.
IRJET- Comparison Among RSA, AES and DESIRJET Journal
1. The document compares encryption algorithms RSA, AES, and DES for securing sensitive data stored in the cloud.
2. It first classifies a dataset using a KNN classifier to identify sensitive data. Then it applies RSA, AES, and DES encryption to the sensitive data.
3. It finds that AES encryption has the strongest security and fastest encryption time compared to RSA and DES based on the results.
Cloud Data Security using Elliptic Curve CryptographyIRJET Journal
This document discusses using elliptic curve cryptography to improve data security in cloud computing. It begins with an abstract that introduces cloud computing and data security as major issues. Then, it provides background on cryptography and classifications of cryptographic algorithms like symmetric, asymmetric, and hash functions. The document also discusses security issues in cloud computing like data isolation, secure data transfer, secure interfaces and access control. It proposes using elliptic curve cryptography to address these issues and provide confidentiality, integrity and authentication for data in the cloud. Overall, the document examines how cryptography can enhance security for data stored in cloud computing environments.
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligencePriyanka Aash
This document discusses the concepts of swarm intelligence and hive networks in the context of cybersecurity. It provides examples of how botnets have begun to utilize swarm behaviors by removing centralized command and control servers. This allows for botnets to operate in a more decentralized and autonomous manner. The document also discusses how security strategies need to evolve from static boundary defenses to more agile micro and macro segmentation approaches that emulate hive defense strategies found in nature. Specifically, the integration of security solutions and intelligence sharing is presented as a way to coordinate defenses against advanced persistent threats that utilize swarm and hive-like tactics.
The document proposes a decentralized access control scheme for secure data storage in clouds that supports anonymous authentication. The scheme allows a cloud to verify the authenticity of a user without knowing their identity before storing data. It also enables access control so that only valid users can decrypt stored information. The scheme prevents replay attacks and supports data creation, modification, and reading from the cloud. It further addresses revoking access for users. The scheme uses a decentralized approach with multiple key distribution centers for key management, unlike other centralized access control schemes for clouds.
This document outlines 5 test slides. Slides 1 through 5 are briefly described to test an unknown topic. The slides progress sequentially from the first to the fifth test slide with no other details provided.
Centre for the Creative Arts and Media (CCAM) | GMIT DAC Report Jonathan Flanagan
This document is an application for a Disability Access Certificate for material alterations and an extension to an existing building on the GMIT CCAM campus. The application includes calculations showing a €800 fee is required. Plans are provided showing the existing building layout and proposed alterations, including upgrading accessibility. The basis of compliance cited includes Part M of the building regulations, universal design guidance, and standards for accessible design.
Mobile Ad hoc Network is a collection of wireless mobile nodes forming a network without
using any existing infrastructure. MANET is a collection of mobile nodes along with wireless
transmitter and receiver that with each other via a bi-directional links either directly or indirectly. A
new intrusion detection system named communicates Enhanced Adaptive Acknowledgment
(EAACK) specially designed for MANETs. It is based on the digital signature algorithm (DSA). To
enhance the security in the mobile adhoc networks, we introduce a new approach called Hybrid
cryptography algorithm that provides integrity, confidentiality and authentication. This hybrid
cryptography algorithm is based on two cryptography algorithms such as RSA and AES. Encryption is
achieved by using, RSA algorithm for authentication and symmetric algorithm for the integrity. By
using the symmetric and asymmetric cryptographic algorithm, we can achieve better security and
integrity than the EAACK
This document summarizes a technical report about a framework called Honeyd that allows for the creation of virtual honeypots. Honeyd simulates entire computer systems at the network level by emulating different operating system behaviors and can provide arbitrary routing topologies and services. It is designed to deceive network fingerprinting and mapping tools for security purposes such as detecting attacks and studying adversaries.
A Review Paper on Secure authentication and data sharing in cloud storage usi...ijsrd.com
This document summarizes a research paper on secure authentication and data sharing in cloud storage using a key aggregate cryptosystem. It begins with an abstract that describes using public key cryptography to encrypt data and delegate decryption rights for any subset of ciphertexts with a constant size key. It then provides details on the proposed key aggregate cryptosystem, including an introduction, related work comparing it to other solutions, the system architecture, and sections on key aggregate encryption and a conclusion. The key aggregate cryptosystem allows a master key holder to release an aggregate key that decrypts a flexible set of ciphertexts in cloud storage while keeping other files encrypted.
SECRY - Secure file storage on cloud using hybrid cryptographyALIN BABU
Final project presentation of Final year B.tech CSE Project APJ Abdul Kalam Technological University.
About the project
Cloud computing has now become a major trend, it is a new data hosting technology that is very popular in recent years. In this project, we are developing an web application that can securely store the files to a cloud server. We proposes a system that uses hybrid cryptography technique to securely store the data in cloud. The hybrid approach when deployed in cloud environment makes the remote server more secure and thus, helps the users to fetch more trust of their data in the cloud. For data security and privacy protection issues, the fundamental challenge of separation of sensitive data and access control is fulfilled. Cryptography technique translates original data into unreadable format. This technique uses keys for translate data into unreadable form. So only authorized person can access data from cloud server.
We provide a cloud storage that uses multiple crypotraphic technique which is known by hybrid cryptography. The product provides confidentiality by using security for both upload and download. The data will be secured since we use multi level security techniques and multiple servers for storage.
IRJET- Secure File Storage on Cloud using CryptographyIRJET Journal
This document summarizes a research paper that proposes a secure file storage system on the cloud using cryptography. It discusses how the proposed system would split files into multiple chunks and store them across different cloud servers in an encrypted format to preserve confidentiality, integrity, and availability of data. The document provides background on cloud computing benefits and security challenges. It then describes the proposed system's use of symmetric and asymmetric encryption algorithms like AES, DES, and RC2 to encrypt chunks before storage.
This document provides a quick reference guide for Linux security that includes definitions of common security terms, general security tips, and Linux security resources. It defines terms like buffer overflow, cryptography, denial of service, and port scanning. It offers tips such as using automatic package managers to update software, configuring firewalls and intrusion detection, and enforcing strong password policies. The document also lists various security-related websites, books, and open source tools that can aid in hardening Linux systems.
Secure Cloud Environment Using RSA AlgorithmIRJET Journal
This document discusses using the RSA algorithm to provide security in cloud computing environments. It first provides background on cloud computing and discusses some of the security challenges in cloud environments. It then describes how public key cryptography algorithms like RSA can help address some of these security issues by allowing for secure storage and transmission of data through encryption with public/private key pairs. The document goes on to provide an overview of how the RSA algorithm works, including key generation and the encryption/decryption process. It proposes implementing RSA to provide security for data stored in the cloud.
This summary provides an overview of the key points from the OpenStack security document:
1. OpenStack is an open source cloud computing platform consisting of several interrelated components like Nova, Swift, Keystone, etc. Each component has its own REST API and is responsible for a certain functionality like compute, storage, identity, etc.
2. The document discusses various security aspects and pain points related to different OpenStack components like authentication tokens, message buses, REST APIs, volumes, and intrusion detection.
3. It also covers strategies for incident response, forensics, and reporting vulnerabilities in OpenStack. Maintaining chain of custody for evidence and providing forensic access to tenants are highlighted.
4. Finally, the
IRJET- Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud StorageIRJET Journal
This document proposes a key-aggregate searchable encryption (KASE) scheme to enable scalable and flexible data sharing in cloud storage. KASE allows a data owner to generate a single aggregate encryption key that can be used by authorized users to search over any number of encrypted files, avoiding the need to distribute multiple keys. The scheme consists of seven algorithms for system setup, key generation, encryption, key extraction, trapdoor generation, trapdoor adjustment, and trapdoor testing. It provides a secure and efficient way for flexible data access delegation in cloud storage.
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...IRJET Journal
This document proposes a method for secure data storage and integrity auditing in the cloud using multi-level encryption and data deduplication. The method first checks for duplicate files using hash comparisons and avoids uploading duplicate data to save storage space. It then encrypts data using AES, DES and RSA algorithms sequentially, generating keys each time. The keys are then re-encrypted using AES and stored on separate servers. This multi-level encryption and distribution of encrypted data and keys across servers makes the data more secure. It also enables proof of storage and authentication of authorized users using time-based keys.
Wireless Sensor Network (WSN) has a huge range of applications such as battlefield,surveillance, emergency rescue operation and smart home technology etc. Apart from its inherent constraints such as limited memory and energy resources, when deployed in hostile environmental conditions, the sensor nodes are vulnerable to physical capture and other security constraints. These constraints put security as a major challenge for the researchers in the field of computer networking. This paper reflects various issues and challenges related to security of WSN, its security architecture. The paper also provides a discussion on various security mechanisms deployed in WSN environment to overcome its security threats.
Wireless Sensor Network (WSN) has a huge range of applications such as battlefield,
surveillance, emergency rescue operation and smart home technology etc. Apart from its
inherent constraints such as limited memory and energy resources, when deployed in hostile
environmental conditions, the sensor nodes are vulnerable to physical capture and other
security constraints. These constraints put security as a major challenge for the researchers in
the field of computer networking. This paper reflects various issues and challenges related to
security of WSN, its security architecture. The paper also provides a discussion on various
security mechanisms deployed in WSN environment to overcome its security threats.
IRJET - Reliable and Efficient Revocation and Data Sharing using Identity...IRJET Journal
This document discusses a proposed system for reliable and efficient revocation and data sharing using identity-based encryption over cloud. The system aims to securely store and share data in the cloud while allowing revocation of user access. It proposes using identity-based encryption where a user's public key is generated from unique identity information like their email address, without needing to pre-share keys. When a user's authorization expires, they can be revoked to prevent future access. The system encrypts files with keys generated from user identities before uploading to cloud servers. Authorized users can download and decrypt data, while unauthorized users and servers cannot access plaintext.
International Journal of Computer Science and Security Volume (1) Issue (3)CSCJournals
The document discusses integrating VPN and IDS technologies to improve network security. It proposes configuring a VPN concentrator/firewall to encrypt traffic between remote clients and private networks. An IDS would be placed within the private network to monitor decrypted traffic. Rules would define the IDS monitoring encrypted VPN traffic and taking action on detected threats. The integration aims to address issues like switched and encrypted data evading traditional network IDS, while reducing false alarms through traffic correlation. Configuration rules specify interfaces, address pools, VPN/firewall settings, and IDS login to dynamically update firewall rules.
A Survey on Assured deletion and Access ControlAM Publications
The document summarizes security issues related to assured deletion and access control for outsourced data stored in cloud storage. It discusses Perlman's concept of assured deletion using time-based expiration of files. It also discusses the Vanish system which uses threshold secret sharing to allow self-destructing of data objects after a predefined time period. For access control, it covers Wang's approach using key derivation hierarchies and attribute-based encryption, where ciphertexts are labeled with attributes and user keys are associated with access policies controlling which ciphertexts can be decrypted.
IRJET- Comparison Among RSA, AES and DESIRJET Journal
1. The document compares encryption algorithms RSA, AES, and DES for securing sensitive data stored in the cloud.
2. It first classifies a dataset using a KNN classifier to identify sensitive data. Then it applies RSA, AES, and DES encryption to the sensitive data.
3. It finds that AES encryption has the strongest security and fastest encryption time compared to RSA and DES based on the results.
Cloud Data Security using Elliptic Curve CryptographyIRJET Journal
This document discusses using elliptic curve cryptography to improve data security in cloud computing. It begins with an abstract that introduces cloud computing and data security as major issues. Then, it provides background on cryptography and classifications of cryptographic algorithms like symmetric, asymmetric, and hash functions. The document also discusses security issues in cloud computing like data isolation, secure data transfer, secure interfaces and access control. It proposes using elliptic curve cryptography to address these issues and provide confidentiality, integrity and authentication for data in the cloud. Overall, the document examines how cryptography can enhance security for data stored in cloud computing environments.
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligencePriyanka Aash
This document discusses the concepts of swarm intelligence and hive networks in the context of cybersecurity. It provides examples of how botnets have begun to utilize swarm behaviors by removing centralized command and control servers. This allows for botnets to operate in a more decentralized and autonomous manner. The document also discusses how security strategies need to evolve from static boundary defenses to more agile micro and macro segmentation approaches that emulate hive defense strategies found in nature. Specifically, the integration of security solutions and intelligence sharing is presented as a way to coordinate defenses against advanced persistent threats that utilize swarm and hive-like tactics.
The document proposes a decentralized access control scheme for secure data storage in clouds that supports anonymous authentication. The scheme allows a cloud to verify the authenticity of a user without knowing their identity before storing data. It also enables access control so that only valid users can decrypt stored information. The scheme prevents replay attacks and supports data creation, modification, and reading from the cloud. It further addresses revoking access for users. The scheme uses a decentralized approach with multiple key distribution centers for key management, unlike other centralized access control schemes for clouds.
This document outlines 5 test slides. Slides 1 through 5 are briefly described to test an unknown topic. The slides progress sequentially from the first to the fifth test slide with no other details provided.
Centre for the Creative Arts and Media (CCAM) | GMIT DAC Report Jonathan Flanagan
This document is an application for a Disability Access Certificate for material alterations and an extension to an existing building on the GMIT CCAM campus. The application includes calculations showing a €800 fee is required. Plans are provided showing the existing building layout and proposed alterations, including upgrading accessibility. The basis of compliance cited includes Part M of the building regulations, universal design guidance, and standards for accessible design.
The document is a condition report for the Cluain Mhuire Chapel. It finds the building to be in fair condition overall, with some repairs needed to the roof, stained glass windows, and exterior features. The conservation value of the building is highlighted, being of historical, architectural, and religious significance. A schedule of items to conserve is provided, along with conservation principles, issues to address, and recommendations for maintenance and restoration works respecting the building's integrity.
This document outlines 5 test slides. Slides 1 through 5 are briefly described to test an unknown topic. The slides progress sequentially from the first to the fifth test slide with no other details provided.
Jonathan Flanagan is a student at Galway Mayo Institute of Technology working on a project for rigging and a cyclorama. He has chosen IFF rails FF5004 to use inside the chapel and extensions, which will require support towers as they are over 5000mm high. The rails will connect using junctions and brackets will be bolted to walls. A 5x7M cyclorama arrangement is planned for the studio extension, along with seating, floor bars, windows, and surround sound for a cinema space.
Here are some potential solutions:
1. Replace older locomotives and trucks with newer models that emit less pollution. Transitioning to electric or alternative fuel vehicles could significantly reduce emissions.
2. Prohibit idling of diesel engines near homes and businesses to limit exposure to toxic fumes. Restricting unnecessary idling would cut down on pollution.
3. Install pollution control technologies like particulate filters on diesel engines. Advanced emission control systems designed to trap soot and other particles can help clean up exhaust.
4. Implement emission reduction plans with set targets and timelines. Requiring the rail yards to develop strategies and invest in upgrades aimed at decreasing their environmental impact over time.
5. Engage in community outreach and
Centre for the Creative Arts and Media (CCAM) | GMIT General Arrangment DrawingsJonathan Flanagan
This document contains a site layout plan for a proposed car park and landscaping at CCAM Main Building. It includes details such as:
- Dimensions and locations of proposed and existing structures, ramps, landscaping areas, and parking spaces.
- Accessible routes between parking, building entrances, and other site features.
- Proposed drainage including SUDS permeable paving and pipes.
- Signage, lighting, and other site details.
- A legend explaining symbols on the plan.
Our journal has become is a renowned international journal that operates on a monthly basis. It embraces the principles of open access, peer review, and full refereeing to ensure the highest standards of scholarly communication stands as a testament to the commitment of the global scientific community towards advancing research, promoting interdisciplinary collaborations, and enhancing academic excellence.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document discusses the need for a collaborative intrusion detection system (IDS) for cloud computing. It proposes a framework where IDSs in cloud computing regions would correlate alerts from multiple detectors and exchange knowledge with each other. This could help reduce the impact of large-scale coordinated attacks by providing timely notifications about new intrusions. The document reviews related work on cloud logging and forensic analysis, and describes an architecture for a collaborative IDS framework consisting of IDS managers, dispatchers, and elementary detectors that communicate via encrypted messages.
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
Cloud computing is a computing paradigm that shifts drastically from traditional computing architecture. Although this new computing paradigm brings many advantages like utility computing model but the design in not flawless and hence suffers from not only many known computer vulnerabilities but also introduces unique information confidentiality, integrity and availability risks as well due its inherent design paradigm. To provide secure and reliable services in cloud computing environment is an important issue. To counter a variety of attacks, especially large-scale coordinated attacks, a framework of Collaborative Intrusion Detection System (IDS) is proposed. The proposed system could reduce the impact of these kinds of attacks through providing timely notifications about new intrusions to Cloud users' systems. To provide such ability, IDSs in the cloud computing regions both correlate alerts from multiple elementary detectors and exchange knowledge of interconnected Clouds with each other.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
This document discusses securing healthcare networks against cyber attacks. It proposes using intrusion detection systems to continuously monitor networks, firewalls to ensure endpoint devices comply with security policies, and biometrics for identity-based network access control. This would help protect patient privacy by safeguarding electronic health records and enhancing the security of hospital networks. The growing adoption of electronic records and devices in healthcare has increased risks of attacks that could intercept patient data or take over entire hospital networks. Strong network security measures are needed to address these risks.
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3IJERA Editor
Linux Operating System is being reverenced by many professionals because of its versatile nature. As many network security professionals ,particularly those of ethical hackers use linux in an extensive way, did we ever observe how and why the number of hackers were enhancing day to day. Not only professionals ,every one are unleashing their hacking potentials with the help of Backtrack5R3 operating system which is a comprehensive tool kit for security auditing. This paper emphasizes on the so called SET (Social Engineering Toolkit).In a pen-testing scenario, alongside uncovering vulnerabilities in the hardware and software systems and exploiting them ,the most effective of all is penetrating the human mind to extract the desire information. Such devious technics are known as social engineering ,and computer based software tools to facilitate this form the basis of Social Engineering Toolkit
Prevention of Vulnerable Virtual Machines against DDOS.pptxNoorFathima60
The document describes the NICE model for preventing vulnerable virtual machines from DDoS attacks in the cloud. The NICE model uses a network-based intrusion detection system agent in each cloud server to monitor traffic between virtual machines. It profiles virtual machines to gather configuration details and detects attacks by constructing scenario attack graphs. When attacks are detected, the network controller can reconfigure the virtual network to mitigate the attacks.
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its
applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
This document discusses cloud computing and security. It begins with an overview of cloud computing models including infrastructure as a service (IAAS), platform as a service (PAAS), and software as a service (SAAS). It then covers security threats such as program threats from viruses, worms, and trojans, as well as system and network threats like denial of service attacks and port scanning. Finally, it discusses implementing security defenses through approaches like firewalls, intrusion detection, and vulnerability assessment.
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...Hassan EL ALLOUSSI
This document discusses intrusion detection systems (IDS) in cloud computing environments. It begins by defining cloud computing and describing its essential characteristics and deployment and service models. It then addresses security concerns in cloud computing, including threats from both insiders and outsiders. Next, it provides an overview of traditional IDS approaches, including host-based, network-based, and virtual machine-based systems. The document proposes several architectures for implementing IDS in clouds, including distributing sensors across cloud nodes, using a third-party monitoring service, integrating detection engines into cloud services, and taking a virtual machine-based approach. It concludes that the best approach combines behavioral and signature-based detection methods and can be implemented either by cloud providers or tenants
ADVANCED MULTIMEDIA PLATFORM BASED ON BIG DATA AND ARTIFICIAL INTELLIGENCE IM...IJNSA Journal
The proposed work describes the design of a multimedia platform managing users and implementing cybersecurity. The paper describes in details the use cases of the whole platform embedding Big Data and artificial intelligence (AI) engine predicting network attacks. The platform has been tested by Tree Ensemble algorithm classifying and predicting anomalous server logs of possible attacks. The data logs are collected in Cassandra Big Data System enabling the AI training model. The work has been developed within the framework of a research industry project.
IRJET- Security Attacks Detection in Cloud using Machine Learning AlgorithmsIRJET Journal
This document discusses using machine learning algorithms to detect security attacks in cloud computing. It first describes common security attacks like denial of service attacks, malware injection, side channel attacks, and man-in-the-middle attacks. It then discusses machine learning classification algorithms like naive Bayes, support vector machines, decision trees, and ensemble methods that can be used to detect these attacks. Specifically, it explores using naive Bayes and hidden naive Bayes classifiers to detect denial of service attacks and assess their accuracy compared to other algorithms like multilayer perceptron and random forest.
This document proposes a system called FireCol, which stands for a collaborative protection network for detecting flooding DDoS attacks. FireCol uses a distributed network of intrusion prevention systems located at internet service providers that form virtual protection rings around hosts. These systems collaborate by exchanging selected traffic information to detect DDoS attacks close to the source. The document outlines the architecture of FireCol and experimental results showing its effectiveness at detecting attacks with low overhead. Future work is mentioned to extend FireCol's capabilities.
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
The document proposes a signature-based intrusion detection system using multithreading. It captures network packets and analyzes them for intrusions by comparing signatures to databases of known attacks. A multithreaded design is suggested to improve performance by processing packets in parallel threads. Agents would be deployed on the network with detection modules that use caching of frequent signatures to speed up analysis. An update module would transfer new frequent signatures to the caches.
The document provides an overview of network-based intrusion detection systems (NIDS) and the open-source NIDS tool Snort. It discusses the need for NIDS to monitor networks for attacks and anomalies, explores commercial and open-source NIDS options like Snort and BlackICE, and how to analyze NIDS logs and write custom Snort rules. The document aims to present the basics of intrusion detection and how NIDS tools can be deployed to detect attacks on networks.
The document provides an overview of network-based intrusion detection systems (NIDS) and explores Snort, an open-source NIDS. It discusses the need for NIDS to monitor networks for attacks, presents examples of NIDS detections using Snort logs, and provides information on writing custom Snort rules. Key topics covered include NIDS deployments with Snort, analyzing Snort detects, and the basics of writing Snort signatures.
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...IRJET Journal
This document discusses a proposed cloud-based honeynet system using machine learning techniques for attack detection. A honeynet is a collection of honeypots, which are decoy systems meant to be attacked in order to study attacker behavior and detect compromises. The proposed system involves deploying various honeypots (Dionaea, Cowrie, Honeytrap) in a private cloud to capture traffic from machines attempting unauthorized access. The logs generated by the honeynet are then analyzed using machine learning classification algorithms (SVM, Random Forest, Naive Bayes) to determine the most accurate one for distinguishing malicious from benign traffic for each honeypot. The system is intended to help secure a cloud network and detect any
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
This document discusses online intrusion alert aggregation using generative data stream modeling. It proposes a probabilistic model to collect and model alerts of similar attacks over time to identify the beginning and completion of attacks. The system architecture includes sensor, detection, alert processing and reaction layers. The alert processing layer generates meta-alerts based on attack instance information. Experimental results show the approach can generate meta-alerts and reduce false positives by executing clustering algorithms multiple times on the data stream. It concludes the method is effective for aggregating alerts in real-time intrusion detection systems.
Replay of Malicious Traffic in Network TestbedsDETER-Project
In this paper we present tools and methods to integrate attack measurements from the Internet with controlled experimentation on a network testbed. We show that this approach provides greater fidelity than synthetic models. We compare the statistical properties of real-world attacks with synthetically generated constant bit rate attacks on the testbed. Our results indicate that trace replay provides fine time-scale details that may be absent in constant bit rate attacks. Additionally, we demonstrate the effectiveness of our approach to study new and emerging attacks. We replay an Internet attack captured by the LANDER system on the DETERLab testbed within two hours.
Data and tools from the paper are available at: http://montage.deterlab.net/magi/hst2013tools
Also read the LANDER Blog entry at: http://ant.isi.edu/blog/?p=411
1. International Journal of Engineering Research and General Science Volume 3, Issue 4, July-August, 2015
ISSN 2091-2730
65 www.ijergs.org
A Practical Approach for the Detection of DDoS attack and It’s
Countermeasure selection in Open Stack using Xen Cloud Server
Sruthi.C, Sreyas.S, Archana.S.Narayanan, Anjaly Lakshmi.S, Jishnu.IJ
Department of Information Technology
Government Engineering College Sreekrishnapuram
Kerala, India.
Email: sruthicpalakkad@gmail.com
Contact No : +91 9496353377
Abstract— - Cloud Security is an attractive issue for research and development efforts. A cloud server means virtual server, which
runs on a cloud computing environment. XenServer, is the best server virtualization platform, that can be used in world‘s largest
clouds. OpenStack is a free and open source cloud computing platform. Xen Cloud Server can be obtained by integrating XenServer
with OpenStack. Attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large
scale Distributed Denial of Service(DDoS). Common type of DDoS attacks include ICMP Flood, UDP Flood, SYN Flood. Snort is a
widely used open source intrusion detection tool kit, that has to be installed on the cloud VM, which is the target of the attacker. It
detects the attack and raises alerts. Appropriate countermeasures are selected from a set of countermeasures, thus establishing security
in cloud.
Keywords— Cloud Security, Cloud Computing, Distributed Denial of Service, OpenStack, XenServer, Snort, Virtualization
INTRODUCTION
Users migrating to Cloud, consider security as the most important factor. Cloud Computing is the practice of using a network of
remote servers hosted on the internet to store, manage and process data, rather than a local server or a personal computer[2]. The word
cloud in cloud computing is used as a metaphor for the term "internet". So cloud computing means a type of internet-based computing,
where different services such as servers, storage and applications are delivered to an organization‘s computers and devices through the
internet. Attackers can exploit vulnerabilities in the cloud to deploy large scale DDoS attacks. In a DDoS attack, the attacker attempt
to temporarily interrupt or suspend the services of a website, so that it is unavailable to users. Our system mainly focuses on DDoS
attack detection and countermeasure selection in cloud.
XenServer is the best server virtualization platform, that is used in world‘s largest clouds. The cloud server, we are using is Xen
Cloud Server. Xen Cloud Server is obtained as a result of integrating XenServer with OpenStack, an open source cloud computing
environment. To give XenServer, a cloud infrastructure, we have used Devstack. Devstack is a bunch of scripts, that is used to quickly
deploy OpenStack. OpenStack has five services: Nova(Compute service), Swift(storage service), Glance(image service),
Keystone(Identity service), Horizon(UI service). We can create new users and launch instances in OpenStack. For giving DDoS attack
to the target VM in cloud, we use metasploit framework in Kali linux. Kali Linux is a debian-derived linux distribution, designed for
digital forensics and penetration testing. Metasploit framework is a tool for developing and executing exploit code against a remote
target machine. It is a metasploit project‘s best known creation, a software platform for developing, testing and executing exploits. It
can be used to create security testing tools and exploit modules and also as a penetration testing system.
For attack detection, a highly effective Network Intrusion Detection System(NIDS), called Snort is used. Snort monitors and analyzes
the network traffic and raises alerts when an intruder intrudes. Snort can be configured in such a way that it can detect the DDoS
attack of an attacker. We can customize the rules of Snort, edit the configuration file for desired performance. Snort is installed on the
target machine(Target VM in cloud) of an attacker. By using ID generation algorithm, NAT algorithm, CMS algorithm and Marking
algorithm, most severe attack is detected and countermeasure is selected from the pool of countermeasures. A virtual firewall can be
2. International Journal of Engineering Research and General Science Volume 3, Issue 4, July-August, 2015
ISSN 2091-2730
66 www.ijergs.org
configured in the target machine, or standard countermeasures can be implemented for DDoS attacks, as a countermeasure. It focuses
on a new approach of attack detection and countermeasure selection in Cloud
ARCHITECTURE
Figure.1 System Architecture
Main components in the architecture are
a. Cloud server
b. Virtual machines
c. Open Vswitch
d. Control center
A Network Controller
Details of Cloud Servers
Attack Analyzer
The architecture consists of two cloud servers that are integrated with OpenStack cloud platform. Cloud servers and OpenStack can
create as many virtual machines as needed. Attack analyzer monitors the traffic in the network. It generates alerts depending on the
types of the DDoS attack received and it also helps to obtain the most severe alert. The Network controller does the countermeasure
selection based on the type of DDoS attack. All the information about the cloud server and VMs in it are present in Details of cloud
server. Open Vswitch is a virtual switch used to interconnect the cloud servers and control center.
IMPLEMENTATION METHOD
Tools Used
XenServer, OpenStack, XenServer with OpenStack, Network Intrusion Detection Agent(Snort), Metasploit Framework (Kalilinux)
are installed for the project.
a. XenServer
XenServer is the best server virtualization platform and hypervisor management platform that can be used in world‘s largest clouds.
The Xen hypervisor, the heart of XenServer, is the most prolific public and private cloud hypervisor. XenServer is compatible with a
variety of cloud management products. To make Xen Cloud Server, we have integrated XenServer with OpenStack cloud
environment.
b. Openstack
OpenStack is a collection of Open source software project that can be collectively linked to operate a cloud network infrastructure in
order to provide Infrastructure as a service(IaaS). OpenStack helps to deploy virtual machine and other instances which handle
different tasks for managing a cloud environment on the fly.
c. XenServer with OpenStack
3. International Journal of Engineering Research and General Science Volume 3, Issue 4, July-August, 2015
ISSN 2091-2730
67 www.ijergs.org
Integrating XenServer with OpenStack is a task that require a lot of resources and time. We use DevStack to deploy
OpenStack[8]. DevStack is a bunch of scripts, used to quickly create an OpenStack development environment. We customize the local
file according to our system configuration. The default service configured by DevStack are identity(Keystone), object storage(Swift),
usage storage(glands), block storage(Cinder), compute(Nova), network(Nova), dashboard( Horizon), Orchestration(Heat).
d. Network Intrusion Detection System
Snort is used as network intrusion detection agent in a system[7]. Snort is an Open source intrusion detection tool kit for monitoring
and analyzing the network traffic. When it identifies attack, it sends a report to the system. Snort works in three modes: Packet sniffer
modes, packet logger mode, IDS mode.
• Sniffer mode:
Sniffer mode is the simplest Snort mode, and it is used to quickly capture the traffic.
• Packet logger mode:
Packet logger mode in Snort, logs the packet to disk.
• IDS mode:
Snort raises alert, when it detects a malicious activity in this IDS mode.
e. Metasploit framework
The metasploit frame work is an open source tool for developing and executing exploit code against a remote target machine[6]. Here
metasploit framework is used to generate DDoS attack. It is setup in Kalilinux.
Algorithms Used
Four Different algorithms are developed for the project. The algorithms are ID generation algorithm, NAT algorithm, CMS algorithm
and Marking algorithm.
a. ID generation algorithm
Input
• Alerts and priorities from snort database.
Output
• Generated ID, alert ID.
Algorithm
Step 1: Get the priority of each alert
Step 2: Set k=1 Step 3: Store the priority value in sorted order to an answerarray[]
Step 4: Get the value of alert id as k=k*10+1
Step 5: Repeat the step 4 for n times, where n is the number of alerts.
Step 6 Append the alert id to a retriarray[ ]
Step 7: Insert the value of the newly generated alert id on to the database.
4. International Journal of Engineering Research and General Science Volume 3, Issue 4, July-August, 2015
ISSN 2091-2730
68 www.ijergs.org
b. NAT Algorithm
Input
• Different ID obtained from ID generation algorithm.
Output
• Alert ID of the most severe alert.
Algorithm
Step 1: Insert the first alert id onto the tree as the root node
Step 2: Get the next alert id
Step 3: If the length of the alert id is less than that of the root node, insert it as
the left child of the root node using insert() function.
Step 4: If the length of the alert id is greater than that of the root, insert it as the
right child of the root node using insert() function.
Step 5: Call the insert() function recursively on each node.
Step 6: Call the inorder traversal() function to get the value of nodes in ascending
order.
Step 7: Store these values into an array.
Step 8: Last element in the array gives the most severe alert id
c. CMS algorithm
Input
• Type of attack obtained from the ID generation algorithm.
Output
• Best countermeasure for most severe attack.
Algorithm
Step 1: Find the alert of the more severe alert id.
Step 2: Find the type of attack corresponding to the alert from the database.
Step 3: Find the distance between the least intrusive alert and the most intrusive
alert and store the value in the distance variable.
Step 4: Calculate the dummy value for each attack with different priority dummy
value=cost * intrusiveness/priority.
Step 5: Find the countermeasure with priority 1 for the attack and whose dummy
value is maximum.
5. International Journal of Engineering Research and General Science Volume 3, Issue 4, July-August, 2015
ISSN 2091-2730
69 www.ijergs.org
Step 6: Return the countermeasure.
d. Marking Algorithm
Input
• Most severe alert, its attack type and best countermeasure, distance.
Output
• Status of each alert and specific work assigned to the alert.
Algorithm
Step 1: Select the countermeasure with maximum priority.
Step 2: Get the dummy value of the selected countermeasure.
Step 3: Find the mark for the countermeasure as Mark=dummy value * distance
Step 4: Enter the mark in the Status table.
Step 5: Set the corresponding status of the alert as ‗ Examined ‘.
ANALYSIS
In this chapter analysis of Snort is provided. Analysis is done on the basis
of types of traffic analyzed, alert generation in different networks and packet loss
in host and virtual environment.
Types of Traffic Analyzed
When the Network Traffic was analyzed for 2 minutes TCP, UDP, ICMP and Synflood alerts were received. Out of 2893 alerts raised
by Snort 1157 were TCP alerts, 723 alerts were of UDP, 578 alerts were of type ICMP, 434 Synflood alerts. Based on this percentage
of each alerts were calculated as shown in table. A pie chart is constructed taking these values from the table I. From pie chart, we
analyzed that majority of traffic analyzed by snort is of type TCP. least alerts were generated for Synflood attack.
TABLE I. TYPES OF TRAFFIC ANALYSED IN 2 MINUTES
TCP 40
UDP 25
ICMP 20
SYN FLOOD 15
6. International Journal of Engineering Research and General Science Volume 3, Issue 4, July-August, 2015
ISSN 2091-2730
70 www.ijergs.org
Figure.2 Types of traffic analyzed
Alert Generation in different Networks
When the alerts raised by Snort were observed under different network speed. All packets were monitored by Snort working at a speed
of 54 Kbps. So alert generation is 100 percentage. When we examined the Snort under 54 Kbps, 152 Kbps, 550 Kbps, 720 Kbps and
1000 Kbps, results obtained are shown in the table II. We can analyze that as the network speed increases there is a slight reduction in
the alert generation percentage. This is shown in figure 3.
TABLE II. ALERT GENERATION
Network Traffic (Kbps) Alert generation in percentage
54 100
152 100
550 90
720 84
1000 72
7. International Journal of Engineering Research and General Science Volume 3, Issue 4, July-August, 2015
ISSN 2091-2730
71 www.ijergs.org
Figure.3 Alert generation
Packet loss in Host and Virtual environment in different Networks
When the Network Traffic was monitored by Snort in host and virtual environment under different network speeds, the table III was
obtained. It was analyzed that at 54 Kbps, both host and virtual environment showed zero percentage packet loss. when the network
speed was again increased to 550 Kbps a packet loss of 4 percent was seen in host environment, and a packet loss of 1 percent was
seen in virtual environment. When this process was repeated for a higher network speed of 720 Kbps, 1000 Kbps packet loss increased
in both host and virtual environment. It was analyzed that packet loss in virtual environment is less when compared to host
environment.
TABLE III. PACKET LOSS IN HOST AND VIRTUAL ENVIRONMENT
Network Speed(Kbps) Host Virtual
54 0 0
152 1 0
550 4 1
720 8 3
1000 13 5
8. International Journal of Engineering Research and General Science Volume 3, Issue 4, July-August, 2015
ISSN 2091-2730
72 www.ijergs.org
Figure.4 Packet loss in host and virtual environment
PERFORMANCE
XenServer - XENISM
Out of 8079 MB XenServer uses 967 MB and DevStack uses 4096 MB. 1700 MB RAM is allocated to Ubuntu VM running on it.
XenServer performs smoothly under this memory condition. 0.631 of the total memory is used by XenServer. These are shown in the
figure 5 given below.
Figure.5 Memory Utilization
OpenStack
The figure 6 shows the Hypervisor summary of OpenStack. The hypervisor used is the XenServer shown in the figure ‘XENISM‘. The
details of XenServer can be viewed in OpenStack. The fig shows that the memory usage of XenServer on OpenStack is 2.8 GB of 39.4
GB. The CPU usage is 50 percent (5 out of 10).
9. International Journal of Engineering Research and General Science Volume 3, Issue 4, July-August, 2015
ISSN 2091-2730
73 www.ijergs.org
Figure.6 Hypervisor summary
Snort - RAM Utilization
RAM utilization of Snort is given in the table IV. It shows the performance of Snort in a time interval of 30 seconds. On an average
the RAM used by Snort is 0.6875 GB. This is formed by taking average of values obtained from table IV. A line graph is plotted from
these values and it was observed that the RAM usage of Snort is minimum and constant, which results in its good performance.
TABLE IV. RAM UTILIZATION
Time (S) Ram Utilization
30 0.603
60 0.665
90 0.721
120 0.761
Figure.7 RAM utilization
10. International Journal of Engineering Research and General Science Volume 3, Issue 4, July-August, 2015
ISSN 2091-2730
74 www.ijergs.org
Overall Performance
The overall performance of the whole system is measured in terms of :
• CPU performance
• Memory performance
• Network performance
a. CPU Performance
The CPU performance graph given in figure 8 shows that the system uses the CPU 1 and CPU 2 equally. At the time 1.42 PM the
CPU utilization is maximum while at 1.38 PM the CPU utilization is minimum.
Figure.8 CPU Performance
b. Memory Performance
Initially the RAM used is near to 0 GB but as the system starts functioning this value is nearly 6.5 GB. From the figure 9, the memory
performance of the system is constant.
Figure.9 Memory Performance
c. Network Performance
Network performance of the system is monitored in 90 Kbps network. The network performance changes as the network traffic
increases. Network traffic of the system is shown in the figure 10.
11. International Journal of Engineering Research and General Science Volume 3, Issue 4, July-August, 2015
ISSN 2091-2730
75 www.ijergs.org
Figure.10 Network Performance
CONCLUSION
Organizations that operate or use Internet connected services such as websites, portals and Cloud services need to be aware of
threats that can disrupt service. Our System focuses uncommon attack vector that has been used to attempt to adversely affect Cloud
services on the Internet, DDoS. The most common types of DDoS attacks include SYNflood, DNS amplification, malformed TCP and
UDP packets. We use the metasploit framework in Kali Linux for giving attacks to cloud server. The system makes use of a widely
used intrusion detection tool kit, Snort for detecting the attacks to cloud. It is a highly effective tool, for network intrusion detection.
Appropriate Countermeasures are selected from a pool of countermeasures. Thus, the system aims at attack detection and
countermeasure selection in cloud services.
The Future work of the project is to configure a virtual firewall on the OpenStack cloud server. Developing a good false
alarm detecting algorithm is also considered as a future work. The entire system can also be implemented on host based IDS, so that a
comparative study can be made between current system and host based system.
REFERENCES:
[1] Chun-Jen Chung, Pankaj Khatkar, Tianyi Xing, Jeongkeun Lee and Dijiang Huang, ―NICE: Network Intrusion Detection and
Countermeasure Selection in Virtual Network Systems‖, IEEE Transaction on dependable and secure computing Vol: 10, No:4, Year
2013
[2] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and J.Barker, ―Detecting spam zombies by monitoring outgoing
messages,‖ IEEE Trans. Dependable and Secure Computing, vol. 9, no. 2, pp. 198–210, Apr. 2012.
[3] ―Openflow‖, http://www.openflow.org/wp/learnmore/, 2015.
[4] Mitre Corporation, ―Common vulnerabilities and exposures,
CVE‖ http://cve.mitre.org/, 2015.
[5] O. Database, ―Open source vulnerability database (OVSDB)‖,
http://osvdb.org/, 2015.
[6] ―Metasploit ‖, http://www.metasploit.com, 2015.
[7] ―Snort‖ http://www.snort.org, 2015.
[8] ―XenServer ‖ http://www.xenserver.org, 2015