A Fuzzy Intrusion Detection System for Cloud Computing
Abstract
The aim of this work was to create an approach using fuzzy inference systems to detect intruders on cloud computing applications. Cloud computing is a topic that has been extensively discussed and although it is gaining market share, some researchers highlight a critical factor for their use, i.e., data security and reliability of processes. To validate the proposed approach, a distributed system was created in Java language in order to control a process of collaborative software development in the cloud. Two fuzzy inference systems were created: one to analyze network problems and another for analysis of security problems in distributed environment. Several tests were made in order to verify the operation and application of the proposed approach. Such tests were satisfactory.
Keywords
Download Options
Introduction
The increase of computer networks usage necessity leads directly to the complexity increasing of integrated management systems. This is due to increasing the number of new devices that are added to the network, and they need to communicate with each other, and thus the task of management [1] is becoming something every most important and crucial to their performance time.
Cloud computing has given help to this technological evolution process, but it also came with security problems to information exchange [2]. Initially, it may be understood as a form of information processing in which computing resources are highly scalable and they are offered to customers as services via Internet. Cloud computing is an all-inclusive solution where components such as hardware, software, networking and storage, among others, are provided to users quickly and on demand.
The network growth and complexity made the risks verification execution, in order to provide security to data and information, an essential task. Network traffic analysis to study and to investigate its behavior [3] is a way to ensure its integrity, avoiding attacks and suspicious events. In order to know if a network is protected or vulnerable to unauthorized access [4], the implementation of an Intrusion Detection System (IDS) is required.
Recently, on November 26th, 2012, some Google’s services were disconnected during twenty minutes approximately; time enough to affect everyone [5]. The organizations using Google Apps, a tool to manage all e-mails of a company, were without e-mail service while failure was present. This episode showed the majority of countries have high international dependency on the services offered by Google. Thus, the fragility of the service became apparent. A question must be raised: to what extent can we fully trust on services using the cloud?
In this sense, the motivation for this work was to study the possibility of minimizing the network vulnerability and security risks in the cloud, by applying a proposed software development in the cloud. Data integrity is prime importance, and information systems are subject to physical and human failings and even constitute a potential target for malicious attacks for data acquisition.
Conclusion
The results obtained by Network Inference System (NIS) and by Security Inference System (SIS) generally have achieved the objectives, allowing to diagnostic if there were network problems or security problems.
Now, it is studying the possibility of some future work, being three quite promising: 1) create a system for verifying the integrity of transmitted artifact, avoiding the need of manual verification by a human; 2) develop a routine to receive problems notification via email, to be possible the manager be informed of the flaws in any place; and 3) expand the detection of security problems for other types of attacks, in addition to those that were tested.
The results obtained by Network Inference System (NIS) and by Security Inference System (SIS) served the purpose, and it was possible to detect the problems presented.