Intrusion Detection and Prevention for Infrastructure as a Service Cloud Computing System

Project Information

Discipline

Computer Science (401) 

Subdiscipline

11.04 Information Sciences and Systems 

Orientation

Research 

In the United States, cloud computing infrastructure networks have joined food, water, transportation, and energy as critical resources for the functioning of the national economy. Cloud computing infrastructures are the natural resources which house and analyze big data in all sectors of society. Present-day attacks on the nation’s computer systems do not simply damage an isolated machine or disrupt an individual’s or single enterprise system. Instead, modern attacks target infrastructure that is integral to the economy, national defense, and daily life. Therefore, the contribution of this project is the enhancement of detection, prevention mechanisms for multistage intrusion attacks (MAS) in cloud computing environments particularly focused on the domain of infrastructure-oriented public cloud systems, which are defined as infrastructure as a service (IaaS) environments. IaaS, is considered to be one of the fastest growing segments of cloud computing because it enables organizations to grow their computational resources and data storage capacity without directly investing in short lifespan hardware resources. This experimental research examines the integration of plan recognition into the detection engine of intrusion, prevention systems.

Data-centric cloud computing abstractions make up over 40%~45% of all computing environments currently utilized by individuals, organizations to access resources and services on multiple architectures. These environments are leading the way to information-centric networking (ICN) or data-oriented architectures to replace existing point-to-point network architectures (e.g. Internet). Users of cloud computing devices have an artificial level of trust when interacting with these environments because of their intangible nature. Unfortunately, the cybersecurity community has neglected this fast emerging domain with respect to effectively addressing intrusion attacks, particularly the growing issue of multi-stage intrusion attacks. This project will address the issue of multi-stage intrusion detection. This research project examines intrusion detection within clouding computing infrastructures with the following goals: (1) Developing a distributed intrusion detection and prevention system (IDPS) enhanced with plan recognition that can increase the certainty of knowledge about the security state of the critical assets in the cloud (i.e. virtual machines and resources). (2) Enabling IDPS to evolve with changes to the cloud computing system, utilizing an enhanced inference engine. (3) Broadens the community of universities, and scholars conducting research in this area.

This project lead by the University of Arkansas at Pine Bluff (UAPB), HBCU. The research activities are narrowly defined to ensure maximum impact in a short time-frame. The project outcomes include: (1) the development of a new open-source tool to combat multi-stage intrusions attacks within IDPSs, which does not exist now; (2) enhancing the curriculum of an undergraduate-oriented majority minority institution by introducing into its existing curriculum topics in cloud computing and cloud computing security; (3) enhancing faculty exposure at an HBCU to big data and cloud computing resources and research/educational opportunities. The proposed research is anticipated to provide funding and thesis topics for graduate students over the course of the three years.

Project Contact

Project Lead

Jessie Walker (walkerjj) 

Project Manager

Jessie Walker (walkerjj) 

Project Members

Leonardo Vieira, Eduardo Luque, John Gilmore, Darius Brown, Sumon Maruful, Brandon Martin, Tofuli Baendo  

Resource Requirements

Hardware System

• I don't care (what I really need is a software environment and I don't care where it runs)

 

I will use FutureGrid, to deploy an augmented version of snort, which will include non-adversarial plan recognition on VMs within the cloud. I will also, utilize VMs in my graduate network security course.

I am unsure, my true scale of use, as yet. I expect I will have a few VMs for my experiments.

Project Timeline

Submitted

05/17/2013 - 09:59