Using SNORT and AFTERGLOW to detect and visualize all malicious attacks within IaaS Cloud COmputing Systems

Cloud computing provides a flexible and scalable information infrastructure to users. It attracts various customers. Unfortunately Cloud Infrastructure as a Service suffered security breaches. For this project we would download Afterglow through the DAVIX Live CD. It would pipe all step into a simple command. We would interact Intrusion Detection Systems and Afterglow in order to detect, visualize all benign detail of data and to generate link graphs. We would identify the source IP, destination IP and destination Port of the connection. Snort Packet Processing created Sniff.pcap. To convert sniff.pcap to a CSV file we executed: Tcpdump –vttttnneli eth0 > tcpdump.log | usr/local/bin/tcpdump2csv.pl “sip dip dport” < tcpdump.log >sniff.csv Tcpdump2csv.pl allowed us to select a number of possible file to be written to the CSV output, including timestamp, destination IP, source IP and destination Port.