Assessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing

Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud environments. This is because that such IDSs employ only the network information in their detection engine and this, therefore, makes them ineffective for the cloud-specific vulnerabilities. In this paper, we propose a novel assessment methodology for anomaly-based IDSs for cloud computing which takes into account both network and system-level information for generating the evaluation dataset. In addition, our approach deploys the IDS sensors in each virtual machine in order to develop a cooperative anomaly detection engine. The proposed assessment methodology is then deployed in a testbed cloud environment to generate an IDS dataset which includes both network and system-level features. Finally, we evaluate the performance of several machine learning algorithms over the generated dataset. Our experimental results demonstrate that the proposed IDS assessment approach is effective for attack detection in the cloud as most of the algorithms are able to identify the attacks with a high level of accuracy.