IDSaaS: Intrusion Detection System as a Service in Public Clouds
MetadataShow full item record
In a public cloud computing environment, consumers cannot always just depend on the cloud provider’s security infrastructure. They may need to monitor and protect their virtual existence by implementing their own intrusion detection capabilities along with other security technologies within the cloud fabric. Also, cloud consumers may want to collect network traffic and log them for further analysis. This can help them in writing tailor-made attacking scenarios specifically designed based on the nature of the application they want to protect. Furthermore, consumers’ applications can be distributed among different regions of the cloud or in non-cloud locations. The need to protect all these assets from a centralized location is fundamental to many cloud consumers. We provide a framework and implementation for an intrusion detection system that is suitable for the public cloud environment. The Intrusion Detection as a Service (IDSaaS) targets security of the infrastructure level for a public cloud (IaaS) by providing intrusion detection technology that is highly elastic, portable and fully controlled by the cloud consumer. These features allow cloud consumers to protect their cloud-based applications from security threats and unauthorized intruders. We developed a proof-of-concept prototype on Amazon EC2 cloud and performed different experiments to evaluate its performance. After examining the experimental results, we found that IDSaaS can provide the required protection in a reasonable and effective manner.