758Accesses
3Altmetric
Abstract
Cloud computing is an innovative paradigm technology that is known for its versatility. It provides many creative services as requested, and it is both cost efficient and reliable. More specifically, cloud computing provides an opportunity for tenants to reduce cost and raise effectiveness by offering an alternative method of service utilization. Although these services are easily provided to tenants on demand with minor infrastructure investment, they are significantly exposed to intrusion attempts since the services are offered under the administration of diverse supervision over the Internet. Moreover, the security mechanisms offered by cloud providers do not take into consideration the variation of tenants’ needs as they provide the same security mechanism for all tenants. So, meeting tenants’ security requirements are still a major challenge for cloud providers. In this paper, we concentrate on the security service offered to cloud tenants and service providers and their infrastructure to restrain intruders. We intend to provide a flexible, on-demand, scalable, and pay-as-you-go multi-tenant intrusion detection system as a service that targets the security of the public cloud. Further, it is designed to deliver appropriate and optimized security taking into consideration the tenants’ needs in terms of security service requirements and budget.
This is a preview of subscription content,log in via an institution to check access.
Access this article
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
Price includes VAT (Japan)
Instant access to the full article PDF.
Similar content being viewed by others
Notes
“A function is a process or a relation that associates each element x of a set X, the domain of the function, to a single element y of another set Y (possibly the same set), the codomain of the function” [39].
”The power set (or powerset) of any set S is the set of all subsets of S, including the empty set and S itself of the set R” [40].
References
Mell P, Grance T (2011) The NIST definition of cloud computing. Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology Gaithersburg, Gaithersburg
Amazon web services (aws)https://aws.amazon.com. Accessed 1 Jan 2017
Microsoft azure: Cloud computing platform & services.https://azure.microsoft.com. Accessed 19 Mar 2017
Rackspac.https://www.rackspace.com. Accessed 16 Apr 2017
Aruba cloud.https://www.arubacloud.com. Accessed 19 Apr 2017
Almorsy M, Grundy J, Müller I (2016) An analysis of the cloud computing security problem. arXiv preprintarXiv:1609.01107
Demchenko Y, Turkmen F, Slawik M, de Laat C (2017) Defining Intercloud Security Framework and Architecture Components for Multi-Cloud Data Intensive Applications. In: Cluster, cloud and grid computing (CCGRID), 2017 17th IEEE/ACM International Symposium on. IEEE, pp 945–952
Shawish A, Salama M (2014) Cloud computing: paradigms and technologies. In: Inter-cooperative collective intelligence: techniques and applications, Springer, pp 39–67
Patel A, Taghavi M, Bakhtiyari K, JúNior JC (2013) An intrusion detection and prevention system in cloud computing: a systematic review. J Netw Comput Appl 36(1):25–41
Adil M, Ijaz I (2015) IDS in cloud computing to secure virtual environment. Int J Enhanced Res Sci Technol Eng 4(3):199–207
Tan Z, Nagar UT, He X, Nanda P, Liu RP, Wang S, Hu J (2014) Enhancing big data security with collaborative intrusion detection. IEEE Cloud Comput 1(3):27–33
Oasis topology and orchestration specification for cloud applications (TOSCA) TC.https://www.oasis-open.org/committees/tosca/faq.php. Accessed 2 Mar 2017
Modi CN, Acha K (2017) Virtualization layer security challenges and intrusion detection/prevention systems in cloud computing: a comprehensive review. J Supercomput 73(3):1192–1234
Zhang Q, Cheng L, Boutaba R (2010) Cloud computing: state-of-the-art and research challenges. J Internet Serv Appl 1(1):7–18
Osanaiye O, Choo KKR, Dlodlo M (2016) Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud DDoS mitigation framework. J Netw Comput Appl 67:147–165
Park H, Lee EJ, Park DH, Eun, JS, Kim SH (2016) PaaS offering for the big data analysis of each individual APC. In: Information and communication technology convergence (ICTC), 2016 International Conference on. IEEE, pp 30–32
Rosado DG (2012) Security engineering for cloud computing: approaches and tools: approaches and tools. IGI Global
The customer success platform to grow your business.https://www.salesforce.com. Accessed 19 Mar 2017
Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (idps). NIST Spec Publ 800(2007):94
Oktay U, Sahingoz OK (2013) Proxy network intrusion detection system for cloud computing. In: Technological advances in electrical, electronics and computer engineering (TAEECE), 2013 International Conference on. IEEE, pp 98–104
Keegan N, Ji SY, Chaudhary A, Concolato C, Yu B, Jeong DH (2016) A survey of cloud-based network intrusion detection analysis. Hum Centric Comput Inf Sci 6(1):19
Zarrabi A, Zarrabi A (2012) Internet intrusion detection system service in a cloud. Citeseer
Varadharajan V, Tupakula U (2014) Security as a service model for cloud environment. IEEE Trans Netw Serv Manag 11(1):60–75
Alharkan T, Martin P (2012) Idsaas: Intrusion detection system as a service in public clouds. In: Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012). IEEE Computer Society, pp 686–687
Gul I, Hussain M (2011) Distributed cloud intrusion detection model. Int J Adv Sci Technol 34(38):135
Gupta S, Kumar P (2017) Profile and back off based distributed NIDS in cloud. Wirel Pers Commun 94(4):2879
Wang Z, Zhu Y (2017) A centralized HIDS framework for private cloud. In: Software engineering, artificial intelligence, networking and parallel/distributed computing (SNPD), 2017 18th IEEE/ACIS International Conference on. IEEE, pp 115–120
Modi C, Patel D (2018) A feasible approach to intrusion detection in virtual network layer of cloud computing. Sādhanā 43(7):114
Alruwaili FF, Gulliver A (2014) CCIPS: A cooperative intrusion detection and prevention framework for cloud services. Int J Latest Trends Comput 4(4):151–158
Ficco M, Tasquier L, Aversa R (2013) Intrusion detection in cloud computing. In: P2P, parallel, grid, cloud and internet computing (3PGCIC), 2013 Eighth International Conference on. IEEE, pp 276–283
Zargar ST, Takabi H, Joshi JB (2011) DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments. In: Collaborative computing: networking, applications and worksharing (CollaborateCom), 2011 7th International Conference on. IEEE, pp 332–341
Lo CC, Huang CC, Ku J (2010) A cooperative intrusion detection system framework for cloud computing networks. In: Parallel processing workshops (ICPPW), 2010 39th International Conference on. IEEE, pp 280–284
Service name and transport protocol port number registry. Inter Asterisk Exchange (IAX) Parameters.https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
Snort. Official snort ruleset covering the most emerging threats.https://www.snort.org/products. Online; Accessed 1 May 2017
Breiman L (2001) Random forests. Mach Learn 45(1):5–32
Kevric J, Jukic S, Subasi A (2017) An effective combining classifier approach using tree algorithms for network intrusion detection. Neural Comput Appl 28(1):1051–1058
Man ND, Huh EN (2012) A collaborative intrusion detection system framework for cloud computing. In Proceedings of the International Conference on IT Convergence and Security 2011. Springer, pp 91–109
Yan Y, Xu B, Gu Z (2008) Automatic service composition using and/or graph. In: E-commerce technology and the fifth IEEE conference on enterprise computing, e-commerce and e-services, 2008 10th IEEE Conference on. IEEE, pp 335–338
Function mathematics.https://en.wikipedia.org/wiki/Function_mathematics. Accessed 30 Mar 2018
Power set.https://en.wikipedia.org/wiki/Power_set. Accessed 30 Jan 2018
Amazon virtual private cloud (vpc).https://aws.amazon.com/vpc. Accessed 1 May 2016
Snort. Snort-network intrusion detection and prevention system.https://www.snort.org/. Online; Accessed 1 May 2015
Microsoft sql server.https://www.microsoft.com. Accessed 1 Jan 2017
iperf-the ultimate speed test tool for tcp, udp and sctp.https://iperf.fr/iperf-download.php/. Accessed 2 Oct 2016
Chapade S, Pandey K, Bhade D (2013) Securing cloud servers against flooding based DDoS attacks. In: Communication systems and network technologies (CSNT), 2013 International Conference on. IEEE, pp 524–528
Author information
Authors and Affiliations
École de technologie supérieure, 1100 Notre-Dame St W, Montréal, QC, H3C 1K3, Canada
Mohamed Hawedi & Chamseddine Talhi
École polytechnique de Montréal, 2900 Edouard Montpetit Blvd, Montréal, QC, H3T 1J4, Canada
Hanifa Boucheneb
- Mohamed Hawedi
You can also search for this author inPubMed Google Scholar
- Chamseddine Talhi
You can also search for this author inPubMed Google Scholar
- Hanifa Boucheneb
You can also search for this author inPubMed Google Scholar
Corresponding author
Correspondence toMohamed Hawedi.
Rights and permissions
About this article
Cite this article
Hawedi, M., Talhi, C. & Boucheneb, H. Multi-tenant intrusion detection system for public cloud (MTIDS).J Supercomput74, 5199–5230 (2018). https://doi.org/10.1007/s11227-018-2572-6
Published:
Issue Date:
Share this article
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative