Host-Based Intrusion Detection and Attack Graph Selection in VNS

Cloud Computing has several major issues and concerns, such as expectations regulations, performance, trust, and data security issues. DDOS is a multiple hosts attacks made simultaneously in all network. DDoS attacks performed some vulnerable action in early stage such as low-frequency vulnerability scanning, multistep exploitation, and identifying the compromised vulnerable virtual machines as zombies. In cloud environment we can’t find the zombies easily in infrastructure structure as a service (IaaS) clouds. This is happen by installing the vulnerable activities in virtual machines. The aim of this research is to examine the major security issues affecting Cloud Systems and the solutions available. And to prevent the countermeasures, zombies and further vulnerable activities we proposed a system called NICE. It is built on attack graph-based analytical models and reconfigurable virtual network-based countermeasures. The implementation of lightweight mirroring-based network intrusion detection agent (NICE-A) on each cloud server is to capture and analyze cloud traffic. The VM enter into inspection state, virtual network reconfigurations can be deployed to the inspecting VM to make the potential attack behaviors prominent.