Toward a policy-based distributed intruison detection system in cloud computing using data mining approaches

Abstract

Cloud computing has gain wide-spread popularity in recent years. Despite its numerous advantages, security is still one of the most challenging issues associated with it. An intrusion detection system (IDS), as a common security tool, can be used to increase the level of security in cloud computing. An IDS need to be accurate, efficient, adaptive and extensible. Cloud features, such as being highly distributed, generating large volume of data, variety and dynamism of the provided services on one hand and different security needs of users on the other hand has made traditional IDSs inefficient for this environment. In this paper and by using data mining methods, an efficient policy driven detection strategy for intrusion detection has been proposed for the cloud environment. The proposed approach classifies different security needs, based on CIA triad model, into groups of users with the same security requirements and then selects the appropriate policy. By grouping similar users/security requirements and tuning each IDS accordingly, the proposed approach has been able to improve IDS efficiency. Results of our simulations show that the proposed approach decreases the total detection time by 21% in average while preserving adequate detection coverage. Improving IDS efficiency implies that it also processes a bigger volume of data due to reduction in time, better use of resources and also loads balancing between groups.