Intrusion Detection and Prevention for Infrastructure as a Service Cloud Computing System
Abstract
In the United States, cloud computing infrastructure networks have joined food, water, transportation, and energy as critical resources for the functioning of the national economy. Cloud computing infrastructures are the natural resources which house and analyze big data in all sectors of society. Present-day attacks on the nation’s computer systems do not simply damage an isolated machine or disrupt an individual’s or single enterprise system. Instead, modern attacks target infrastructure that is integral to the economy, national defense, and daily life. Therefore, the contribution of this project is the enhancement of detection, prevention mechanisms for multistage intrusion attacks (MAS) in cloud computing environments particularly focused on the domain of infrastructure-oriented public cloud systems, which are defined as infrastructure as a service (IaaS) environments. IaaS, is considered to be one of the fastest growing segments of cloud computing because it enables organizations to grow their computational resources and data storage capacity without directly investing in short lifespan hardware resources. This experimental research examines the integration of plan recognition into the detection engine of intrusion, prevention systems.
Intellectual Merit
Data-centric cloud computing abstractions make up over 40%~45% of all computing
environments currently utilized by individuals, organizations to access resources and services on
multiple architectures. These environments are leading the way to information-centric networking
(ICN) or data-oriented architectures to replace existing point-to-point network architectures (e.g.
Internet). Users of cloud computing devices have an artificial level of trust when interacting with
these environments because of their intangible nature. Unfortunately, the cybersecurity
community has neglected this fast emerging domain with respect to effectively addressing
intrusion attacks, particularly the growing issue of multi-stage intrusion attacks. This project will
address the issue of multi-stage intrusion detection. This research project examines intrusion
detection within clouding computing infrastructures with the following goals: (1) Developing a
distributed intrusion detection and prevention system (IDPS) enhanced with plan recognition that
can increase the certainty of knowledge about the security state of the critical assets in the cloud
(i.e. virtual machines and resources). (2) Enabling IDPS to evolve with changes to the cloud
computing system, utilizing an enhanced inference engine. (3) Broadens the community of
universities, and scholars conducting research in this area.
Broader Impact
This project lead by the University of Arkansas at Pine Bluff (UAPB),
HBCU. The research activities are narrowly defined to ensure
maximum impact in a short time-frame. The project outcomes include: (1) the development of a
new open-source tool to combat multi-stage intrusions attacks within IDPSs, which does not exist
now; (2) enhancing the curriculum of an undergraduate-oriented majority minority institution by
introducing into its existing curriculum topics in cloud computing and cloud computing security;
(3) enhancing faculty exposure at an HBCU to big data and cloud computing resources and
research/educational opportunities. The proposed research is anticipated to provide funding and
thesis topics for graduate students over the course of the three years.
Use of FutureGrid
I will use FutureGrid, to deploy an augmented version of snort, which will include non-adversarial plan recognition on VMs within the cloud. I will also, utilize VMs in my graduate network security course.
Scale Of Use
I am unsure, my true scale of use, as yet.
I expect I will have a few VMs for my experiments.
Futuregrid is a resource provider for