Downloaded 603 times
![REFERENCES
[1] Coud Sercurity Alliance, “Top threats to cloud computing
v1.0,”
https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
, March 2010.
[2] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A.
Kon- winski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M.
Zaharia, “A view of cloud computing,” ACM Commun., vol. 53,
no. 4, pp. 50–58, Apr. 2010.
[3] B. Joshi, A. Vijayan, and B. Joshi, “Securing cloud computing
environment against DDoS attacks,” IEEE Int’l Conf.
Computer Communication and Informatics (ICCCI ’12), Jan.
2012.
[4] H. Takabi, J. B. Joshi, and G. Ahn, “Security and privacy chal-
lenges in cloud computing environments,” IEEE Security &
Pri- vacy, vol. 8, no. 6, pp. 24–31, Dec. 2010.
[5] “Open vSwitch project,” http://openvswitch.org, May 2012.
[6] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and
J. Barker, “Detecting spam zombies by monitoring outgoing
mes- sages,” IEEE Trans. Dependable and Secure
Computing, vol. 9, no. 2, pp. 198–210, Apr. 2012.](https://image.slidesharecdn.com/pptnetworkintrusiondetectionandcountermeasureselection-151129173212-lva1-app6891/85/Network-Intrusion-Detection-and-Countermeasure-Selection-21-320.jpg)
More Related Content
Similar to Network Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure Selection
- 1. Network Intrusion Detectionand Countermeasure Selection in Virtual Network Systems Under The Guidance of: SWATHI S WALI Assistant Professor Dept. of ISE, NIT & MS Presented By: PRAMOD M 8th Sem B.E Dept. of ISE, NIT & MS
- 2. Overview Abstract Introductionto NICE NICE models NICE system design NICE attack analyzer Counter measures Conclusion References
- 3. Abstract In CloudSystem attackers can explore vulnerabilities of a cloud system and compromise virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multi- phase distributed vulnerability detection and countermeasure selection mechanism called NICE. NICE is built on attack graph based analytical models and reconfigurable virtual network-based countermeasures.
- 4. Introduction User can usethe cloud system resources to have his own virtual machine to run the desired application. Attackers can exploit vulnerabilities in clouds and utilize cloud system resources to deploy attacks. Cloud users can install vulnerable software on their VMs, which essentially contributes to loopholes in
- 5. Introduction(continued…) The challenge isto establish an effective attack detection and response system for accurately identifying attacks and minimizing the impact of security breach to cloud users. For better attack detection, NICE incorporates attack graph analytical procedures into the intrusion detection processes.
- 6. Introduction(continued…) NICE includestwo main phases (1)Deploy network intrusion detection agent (NICE-A) on each cloud server to capture and analyze cloud traffic. NICE-A periodically scans the virtual system vulnerabilities within a cloud server to establish Scenario Attack Graph (SAGs), and then based on the severity of identified vulnerability towards the collaborative attack goals, NICE will decide whether or not to put a VM in network inspection state.
- 7. Introduction(continued…) (2) Oncea VM enters inspection state, Deep Packet Inspection(DPI) is applied, or virtual network reconfigurations can be deployed to the inspecting VM to make the potential attack behaviors prominent.
- 8. Nice Models NiceModel is to describe how to utilize attack graphs to model security threats and vulnerabilities in a virtual networked system. (1)Threat Model The attacker’s primary goal is to exploit vulnerable VMs and compromise them as zombies.
- 9. Nice Models(continued…) Protection modelfocuses on virtual- network based attack detection and reconfiguration solutions.
- 10. Nice Models(continued…) (2)Attack GraphModel An attack graph is a modeling tool to illustrate all possible multi-stage, multi- host attack paths that are crucial to understand threats and then to decide appropriate countermeasures. In an attack graph, each node represents either precondition or consequence of an exploit.
- 11. Nice Models(continued…) Attackgraph is helpful in identifying potential threats, possible attacks and known vulnerabilities in a cloud system. Attack graph provides whole picture of current security situation of the system where we can predict the possible threats and attacks by correlating detected events or activities.
- 12. Nice Models(continued…) (3) VMProtection Model The VM protection model of NICE consists of a VM profiler, a security indexer and a state monitor. Security index is specified by the number of vulnerabilities present and their impact scores.
- 13.
- 14. Nice System Design NICE- A is a software agent running in each cloud server connected to the control center. NICE- A is a network intrusion detection engine. Intrusion detection alerts are sent to control center when suspicious traffic is detected.
- 15. After receiving analert, attack analyzer decides what countermeasure strategies to take, and then initiates it through the network controller. The network controller is responsible for deploying attack counter measures based on decisions made by the attack analyzer. VM profiles are maintained in a database and contain comprehensive information about vulnerabilities and alert.
- 16. Every detected vulnerabilityis added to its corresponding VM entry in the database. Alert involving theVM will be recorded in the VM profile database.
- 17.
- 18. After receivingan alert from NICE-A, alert analyzer matches the alert in the ACG. If the alert already exists in the graph and it is a known attack, the attack analyzer performs countermeasure selection procedure. If the alert is new, attack analyzer will perform alert correlation and analysis. If the alert is a new vulnerability and is not present in the NICE attack graph, the attack analyzer adds it to attack graph and then reconstructs it.
- 19. Counter Measures By changingthe MAC address of the virtual machine, one can prevent the vulnerabilities on the virtual machine. Creating filtering rules, will also help in preventing the attacks on the virtual machines. By changing the IP address.
- 20. Conclusion NICE is usedto identify attacks in the cloud virtual networking environment. NICE utilizes the attack graph model to conduct attack detection and prediction. NICE shows that the proposed solution can significantly reduce the risk of the cloud system.
- 21. REFERENCES [1] Coud SercurityAlliance, “Top threats to cloud computing v1.0,” https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf , March 2010. [2] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Kon- winski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A view of cloud computing,” ACM Commun., vol. 53, no. 4, pp. 50–58, Apr. 2010. [3] B. Joshi, A. Vijayan, and B. Joshi, “Securing cloud computing environment against DDoS attacks,” IEEE Int’l Conf. Computer Communication and Informatics (ICCCI ’12), Jan. 2012. [4] H. Takabi, J. B. Joshi, and G. Ahn, “Security and privacy chal- lenges in cloud computing environments,” IEEE Security & Pri- vacy, vol. 8, no. 6, pp. 24–31, Dec. 2010. [5] “Open vSwitch project,” http://openvswitch.org, May 2012. [6] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and J. Barker, “Detecting spam zombies by monitoring outgoing mes- sages,” IEEE Trans. Dependable and Secure Computing, vol. 9, no. 2, pp. 198–210, Apr. 2012.