Intrusion Detection for the Iaas Cloud Model
Total Page:16
File Type:pdf, Size:1020Kb
Intrusion Detection for the IaaS Cloud Model Athanasios Argyropoulos SID: 3307150001 SCHOOL OF SCIENCE & TECHNOLOGY A thesis submitted for the degree of Master of Science (MSc) in Communications and Cybersecurity DECEMBER 2016 THESSALONIKI – GREECE i Intrusion Detection for the IaaS Cloud Model Athanasios Argyropoulos SID: 330715001 Supervisor: Prof. Dimitrios Baltatzis Supervising Committee Members: SCHOOL OF SCIENCE & TECHNOLOGY A thesis submitted for the degree of Master of Science (MSc) in Communications and Cybersecurity DECEMBER 2016 THESSALONIKI – GREECE ii Abstract This dissertation was written as a part of the MSc in Communications and Cybersecurity at the Hellenic International University. The subject of this dissertation is the study of cloud systems, specifically the Infrastructure as a Service model, the Intrusion Detection Systems and finally propose a complete solution and architecture of Intrusion Detection in the cloud. This was done by initially analyzing the literature, regarding the cloud, the Intrusion Detection Systems, and the specialized IDSs for the cloud. Then we studied the security problems encountered in the cloud environment and using these data as a basis we went on with our own proposal. At the end, there is a small experimental test of our model. Here, I would like to thank my supervisor prof. Dimitrios Baltatzis, for introducing me to this subject and technologies through his class, “Intrusion Detection and Event Management” and for his support and the guidance he offered for the completion of this dissertation. Athanasios Argyropoulos 23 December 2016 iii Contents Abstract ........................................................................................................................ iii List of Figures ............................................................................................................ viii List of Tables ................................................................................................................. x 1 Introduction ............................................................................................................ 1 1.1 What is Cloud Computing ............................................................................... 1 1.2 Cloud Service models...................................................................................... 1 1.2.1 Infrastructure as a service (IaaS).............................................................. 2 1.2.2 Platform as a service (PaaS) .................................................................... 2 1.2.3 Software as a service (SaaS) .................................................................... 2 1.3 Cloud Types .................................................................................................... 4 1.3.1 Public Cloud............................................................................................. 4 1.3.2 Private Cloud ........................................................................................... 4 1.3.3 Hybrid Cloud ........................................................................................... 4 1.3.4 Community Cloud .................................................................................... 5 1.4 Main characteristics of the cloud computing .................................................. 6 1.4.1 On-demand self-service ........................................................................... 6 1.4.2 Broad network Access ............................................................................. 6 1.4.3 Resource pooling ..................................................................................... 7 1.4.4 Rapid elasticity......................................................................................... 7 1.4.5 Measured Services ................................................................................... 7 1.5 What is an Intrusion Detection System ........................................................... 8 1.5.1 Network-based intrusion detection system (NIDS) ................................. 9 1.5.2 Wireless intrusion detection systems (WIDS) ......................................... 9 1.5.3 Network behavior analysis (NBA) ......................................................... 10 1.5.4 Host-based intrusion detection system (HIDS)...................................... 10 1.6 General known techniques of the Intrusion Detection Systems .................... 11 1.6.1 Signature based Detection...................................................................... 11 1.6.2 Anomaly Detection ................................................................................ 11 1.6.3 Artificial Neural Network (ANN) based IDS ........................................ 12 1.6.4 Fuzzy Logic based IDS .......................................................................... 12 1.6.5 Association Rule based IDS................................................................... 12 1.6.6 Support Vector Machine (SVM) based IDS .......................................... 13 iv 1.6.7 Genetic Algorithm (GA) based IDS ...................................................... 13 1.6.8 Hybrid Techniques ................................................................................. 13 2 Problem Definition............................................................................................... 14 2.1 The OWASP organization ............................................................................. 14 2.2 OWASP Cloud Top 10 Security Risks ......................................................... 14 2.2.1 Accountability and Data Ownership ...................................................... 15 2.2.2 User Identity Federation ........................................................................ 16 2.2.3 Regulatory Compliance ......................................................................... 17 2.2.4 Business Continuity and Resiliency....................................................... 17 2.2.5 User Privacy and Secondary Usage of Data .......................................... 17 2.2.6 Service and Data Integration .................................................................. 18 2.2.7 Multi Tenancy and Physical Security .................................................... 18 2.2.8 Incidence Analysis and Forensic Support .............................................. 19 2.2.9 Infrastructure Security ........................................................................... 19 2.2.10 Nonproduction Environment Exposure Service-to-User ....................... 20 2.3 Problems the IDS can solve .......................................................................... 20 2.4 Reasoning for the Risks choice and selection ............................................... 21 2.5 Attack taxonomy in cloud computing ........................................................... 22 2.5.1 Service-to-User ...................................................................................... 22 2.5.2 User-to-Service ...................................................................................... 22 2.5.3 Cloud-to-Service .................................................................................... 22 2.5.4 Service-to-Cloud .................................................................................... 22 2.5.5 Cloud-to-User ........................................................................................ 23 2.5.6 User-to-Cloud ........................................................................................ 23 3 Related Work ....................................................................................................... 24 3.1 Categories of IDS/IPS used in Cloud Computing ......................................... 24 3.1.1 Host based Intrusion Detection Systems for Cloud(HIDS) ................... 24 3.1.2 Network based Intrusion Detection Systems for Cloud (NIDS) ............ 24 3.1.3 Distributed Intrusion Detection Systems for Cloud (DIDS) .................. 25 3.1.4 Hypervisor-based Intrusion Detection Systems for Cloud .................... 25 3.1.5 Intrusion Prevention Systems (IPS) for Cloud....................................... 26 3.1.6 Intrusion Detection and Prevention Systems (IDPS) for Cloud ............ 26 3.2 Methods Proposed ......................................................................................... 27 v 3.2.1 Central management approach ............................................................... 27 3.2.2 IDS as Hardware .................................................................................... 27 3.2.3 Open Source IDS ................................................................................... 27 3.2.4 Solutions with combining concepts ....................................................... 28 3.2.5 Solutions with a single technology ........................................................ 29 3.3 What we learned from these Methods in Use ............................................... 31 4 Proposed Solution ................................................................................................ 32 4.1 Methodology Used ........................................................................................ 32 4.2 Multi Tenancy and Physical Security............................................................ 35 4.2.1 Denial of Service (DoS) attacks ............................................................. 35 4.2.2 Cloud Malware Injection Attack ............................................................ 40 4.2.3 Side