An Improved Hybrid Intrusion Detection System in Cloud Computing

Abstract

ssecurity is a major concern. Cloud computing and Intrusion Detection and Prevention Systems are one such measure to mitigate these attacks. Different researchers have proposed different IDSs time to time some of these IDS's combine features of two or more IDSs which are called as Hybrid Intrusion Detection Systems. Most of the researchers combine the features of Signature based detection methodology and Anomaly based detection methodology. For a signature based IDS if an attacker attacks slowly and organized, the attack may go undetected through the IDS, as signatures include factors which are based on duration of the events and the actions of attacker do not match. Sometimes, for an unknown attack there is no signature updated or an attacker attack in the mean time when the database is updating. Thus, signature-based IDS fail to detect unknown attacks. Anomaly based IDS suffer from many false-positive readings. Thus there is a need to hybridize those IDS which can overcome the shortcomings of each other. In this paper we proposed a new approach to IDS (Intrusion Detection System) which is more efficient than the traditional IDS (Intrusion Detection System). The IDS is based on Honeypot Technology and Anomaly based Detection Methodology. We have designed Architecture for the IDS in a packet tracer and then implemented it in real time. We have discussed experimental results performed both the Honeypot and Anomaly based IDS have some shortcomings but if we hybridized these two technologies, the newly proposed HIDS is capable enough to overcome these shortcomings with much enhanced performance. In this paper, we present a modified Hybrid Intrusion Detection System (HIDS) that combines the positive features of two different detection methodologies - Honeypot methodology and anomaly based intrusion detection methodology. In the experiment we run both the Intrusion Detection System individually first and then together and record the data from time to time. From the data we can conclude that the resulting IDS is much better in detecting intrusions from the existing IDSs.