Essay: Essay on intrusion detection systems

Intrusion Detection Systems have become an important part of software applications. They are integrated into the applications so that the network activities can be monitored and any incongruous behavior with respect to the given requirements can be detected in time. Cloud Computing provides the user with a variety of uses, one of them being the doing away of the usage of storage of information on local systems. But issues being faced in this scenario range from vulnerability of sensitive and confidential data to hackers and trademark violations to security concerns raised debating the longevity and sustainability of this networking type. This paper explores the frameworks and the clouds, along with their related issues, to understand these problems and the probable solutions that we might come up with.
I. INTRODUCTION
Over the years, existing technologies have been used to come up with the highly efficient and useful concept of Cloud computing. It helps reduce costs and maintains emphasis on business. Users are at the receiving end of a highly positive and cost-effective way of extending services. Multiple advantages hold Cloud Computing at a higher level, but the fact that high-level mechanisms lead to high-level threats is something that has emerged in the aftermath of Cloud Computing usage.
Though services have already been extended to the users over the cloud over the last few years, the term ‘Cloud Computing’ still sounds new and complex to some users, while Some others might be openly comfortable with the term as well as the meaning that comes along with it.
There are stark differences between Cloud Computing and previous technologies that added up to Cloud Computing. Listing out these differences would allow us to understand this concept better.
1. The ability of the Cloud to enable users to pay for storage that they need, a Pay-As-You-Go concept.
2. Easy storage and backup of information in various locations, thereby expanding reliability.
3. Simultaneous support for multiple users.
4. Cost-effectiveness.
5. Availability irrespective of user’s location, using multiple servers.
6. Absence of physical devices ensures an easier data recovery process.
7. Geometrically increased storage.
The most important concern for any organization is the storage and protection of highly confidential data within its ranks. Cloud Computing might alleviate these issues to a certain extent, but this, too is prone to security concerns, both from the provider’s end as well as the customer’s end. We shall explore solutions to these problems in this paper.
First, let us have a look at a visual model of Cloud Computing.
The given sections of the model to be explored are:
1. Deployment Models (Public, Private, Hybrid, Community)
2. Service Models (IaaS, PaaS and SaaS)
3. Essential Characteristics (Broad Network Access, Rapid Elasticity, Measured Service, On-Demand Self-Service and Resource Pooling.
These are depicted the following figure:
Fig 1. Visual Model of Cloud Computing
II. TYPES OF CLOUD DEPLOYMENT MODELS
On the basis of organizational properties, deployments can take place in four different ways, listed out below:
‘ Public Cloud
‘ Private Cloud
‘ Community Cloud
‘ Hybrid Cloud
Public Cloud: Cloud resources and services are made widely available to the end users, as a Pay-As-You-Go model.
Private Cloud: Cloud services are offered only within an organization.
Community Cloud: Cloud services are offered to a community that spans across different organizations, having similar objectives.
Hybrid Cloud: This deployment model is composed of two or more other types of models that are described above.
III. TYPES OF CLOUD COMPUTING
There are three types of cloud computing service models, as they are called. Though similarities persist between the three models, each of them has its own distinct qualities.
‘ Infrastructure-as-a-Service (IaaS): This is the first layer of cloud computing. Access is provided to different resources that span different areas such as data storage and network communications. Management of various components of cloud computing is done here. This service model reduces excess cost and negates any risk that might crop up. The IaaS Stack is shown clearly in the following figure.
Fig. 2. IaaS Stack
‘ Platform-as-a-Service (PaaS): This is the second layer of cloud computing. Management here is divided between the customer and the cloud service provider. Intrusion Detection is completely done by the cloud service provider. The PaaS Stack is shown below:
Fig. 3. PaaS Stack
‘ Software-as-a-Service (SaaS): Similar to the concept of PaaS, this service model, too, puts the entire responsibility of intrusion detection on the shoulders of the service provider and that of the applications to the end user. The SaaS Stack is shown precisely in the following figure:
Fig. 4. SaaS Stack Each has its own properties and similarities between the other two. Based on the service model that is selected, the degree to which intrusion detection can be performed varies.
IV. CLOUD ARCHITECTURE AND SECURITY THREATS
The concept of deployment according to the afore-mentioned deployment models throws up the question of how it is done and in what manner it is done. Cloud services may be offered to users, but to be precise, it requires a particular format in which to deploy the services, i.e. a Cloud Architecture. This cloud architecture can be divided into three layers:
‘ System Layer
‘ Platform Layer
‘ Application Layer
Dwelling on the topic of security threats to cloud services, a breakdown of the architecture gives a clearer picture of how threats are made to these layers to break down the system.
Security Layer: Transfer of data to and from a web-page might result in transfer of the said data to the server that is performing the actions.
Platform Layer: Threats to this layer can grant access to the cloud services due to reasons that range from code vulnerability to buffer overflow.
Application Layer: Attacks browser data such as cookies that can provide confidential data, thus giving away access to the user’s account.
There are five primary questions that might be asked pertaining to cloud computing and its related data:
‘ How is the content protected?
‘ Is the content secure?
‘ What measures are taken for risk minimization?
‘ Will these measures compromise on security?
‘ To what extent are these measures successful in preventing or mitigating risks?
Fig 5. Cloud Computing Architecture
V. INTEGRATION OF IDS INTO CLOUD
As is evident from the expectations from an Intrusion Detection System, an IDS must be able to defend the cloud on which it is deployed from known as well as unknown attacks. It must also be able to make out the difference between the different kinds of attacks. For example, it must be able to detect if the services provided by the cloud are used for other attacks or if the services themselves are under attack. Different actions can be taken for different situations to detect and correct intrusions. Configurations need to be done in order to allow users to be able to access the cloud services according to certain limits.
There are different types of Intrusion Detection Systems:
‘ Network IDS: For monitoring of network traffic and activity using sensors.
‘ Host IDS: For monitoring the systems on which the IDS is installed.
‘ Active IDS: On account of suspicion, this IDS automatically blocks attacks without involvement of operator.
‘ Passive IDS: Unlike Active IDS, this IDS monitors traffic and alerts the operator to suspicious activities and likely attacks.
‘ Knowledge-based IDS: This IDS keeps a record of previous attacks and using this knowledge, prevents future attacks of the same type.
‘ Behavior-based IDS: Uses the knowledge of how the system ‘behaves’ under normal conditions to prevent intrusions.
‘ Stack-based IDS: This IDS works on data packets. In case of injection of suspicious data packets in the stream, the IDS can extract the packet before any operation can be performed on it.
VI. DATA-PROTECTION-AS-A-SERVICE (DPaaS)
In the present situation, there is no tangible source which can assure the user that the application under use is secure and trustworthy. Lack of security features in the cloud might force the cloud providers to compromise on the following criteria:
‘ Accountability
‘ Data Ownership
‘ Unauthorized Access to Confidential Data
‘ Data Thefts
‘ Data Integrity
‘ Ease of Access of Data to Third Parties
DPaaS plays an important role in alleviating the problems faced by cloud providers and allows them to protect data in ways other than just legalities and other moral downfalls.
The various abilities of Data-Protection-as-a-Service (DPaaS) include:
‘ Reduce costs incurred due to hiring of Data Protection specialists.
‘ Dole out solutions for security across different applications.
‘ Enforce authentication and authorization policies by going through a process of application confinement.
‘ Enlists the help of cryptographic protections.
‘ Offers services such as logging and auditing to address the issue of accountability.
‘ Address the problems of rapid development and maintenance.
In order to fulfil the security thresholds, a cloud service provider would have to provide DPaaS as an additional service along with their original environments to help users (who might be companies or independent developers) to gradually build their brand value. The underlying principles for Data-Protection-as-a-Service are:
‘ Applying restrictions on cloud data based on authorization levels of the users and the applications accessing the data. This helps filter out malicious programs and improves security.
‘ In order to annihilate all sorts of risks faced by unauthorized access, authorization checks must be implemented on methods and processes such as debugging, batch processing and maintenance of data.
‘ Auditing on a platform level must be supported in order to allow developers to take off from a higher level rather than start from scratch, control independence from code, easier standard compliance and reduced examination costs.
Data Protection can be used as:
‘ Data Isolation ‘ Access controls using authorization processes.
‘ Data Sanitization ‘ Removal of confidential data from devices in different scenarios.
‘ Data Location ‘ Knowledge of the location where the confidential data is stored and also the knowledge of the security measures taken to protect the data.
Fig. 6. Sample Architecture For DPaaS
VII. ADDITIONAL APPROACHES TO IDS IMPLEMENTATIONS
One more approach that cloud service providers can use to improve detection of intrusion would be to use Virtual Machines (VMs). By equipping each Virtual Machine with a user-configured IDS sensor, the cloud provider can ensure that each component of the VM can be monitored based on user requirements. Apart from the function of monitoring the VM, the IDS must also take up the responsibility of alerting the VM once any suspicious activity is spotted or a probable attack is detected. To achieve this, Network-based and Host-based IDS sensors must be built in to every VM present in the cloud.
In addition to just the installation of sensors to monitor the VMs, users of the monitored cloud can also configure the sensors and their thresholds. This is accomplished by the IDS Management Station, to which all the monitored data is also reported to. This IDS Management station also ensures the improvement in sensor efficiency.
For successful implementations of IDS systems, we can use different places to implement them. The different places are:
‘ In the Virtual Machine itself: to monitor system activity and record alerts on probable issues
‘ In the host system: to monitor the host system as well as traffic between Virtual Machines on the host system, also called the hypervisor.
‘ In the Virtual Network: to monitor traffic between VMs on the host as well as traffic between the VMs and the host.
‘ In the traditional network deployments
Virtualization: An important technology that drives Cloud Computing, it enhances the infrastructure and makes it easy to use and manage. It increases the speed of operations and also reduces the costs that are incurred.
For this purpose, we need to make sure that the IDS that we are implementing handles this virtualization in a way that the occurrences are minimized to a huge extent. VMs can also be used in this process, since they can be easily stopped and resumed. In this process, there are a few roadblocks that are still present despite the implementation of IDS, but they can be explored as an additional area of research.
VIII. CONCLUSION
The need for data protection in the given quest for secure data on a cloud is getting stronger by the day. For this purpose, we turn to Intrusion Detection Systems (IDS). Intrusion Detection Systems form an important part of cloud security and they must be implemented thoroughly by the cloud service providers. In this paper, we have seen the different threats that Cloud data can face and also the mitigations to those threats: Intrusion Detection Systems (IDS). We discussed the types of Cloud Deployment Models, types of Cloud Computing, Cloud Architecture and Data-Protection-as-a-Service (DPaaS). It is important that Data-Protection-as-a-Service must be integrated into the Cloud since it has a high ability to detect and prevent malicious attacks. Also, a single cloud platform could be privy to the data of millions of applications, thus vindicating the need for DPaaS.