NICE: Network Intrusion Detection and
Countermeasure
Selection
in Virtual Network Systems
ABSTRACT:
Cloud security is one of most important issues that
have attracted a lot of research and development effort in past few years.
Particularly, attackers can explore vulnerabilities of a cloud system and
compromise virtual machines to deploy further large-scale Distributed
Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such
as multi-step exploitation, low frequency vulnerability scanning, and
compromising identified vulnerable virtual machines as zombies, and finally
DDoS attacks through the compromised zombies. Within the cloud system,
especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of
zombie exploration attacks is extremely difficult. This is because cloud users
may install vulnerable applications on their virtual machines. To prevent
vulnerable virtual machines from being compromised in the cloud, we propose a
multi-phase distributed vulnerability detection, measurement, and
countermeasure selection mechanism called NICE, which is built on attack graph
based analytical models and reconfigurable virtual network-based
countermeasures. The proposed framework leverages Open Flow network programming
APIs to build a monitor and control plane over distributed programmable virtual
switches in order to significantly improve attack detection and mitigate attack
consequences. The system and security evaluations demonstrate the efficiency
and effectiveness of the proposed solution.
EXISTING
SYSTEM:
Cloud
users can install vulnerable software on their VMs, which essentially
contributes to loopholes in cloud security. The challenge is to establish an
effective vulnerability/attack detection and response system for accurately
identifying attacks and minimizing the impact of security breach to cloud
users. In a cloud system where the infrastructure is shared by potentially
millions of users, abuse and nefarious use of the shared infrastructure
benefits attackers to exploit vulnerabilities of the cloud and use its resource
to deploy attacks in more efficient ways. Such attacks are more effective in
the cloud environment since cloud users usually share computing resources,
e.g., being connected through the same switch, sharing with the same data
storage and file systems, even with potential attackers. The similar setup for
VMs in the cloud, e.g., virtualization techniques, VM OS, installed vulnerable
software, networking, etc., attracts attackers to compromise multiple VMs.
DISADVANTAGES OF EXISTING SYSTEM:
1.
No
detection and prevention framework in a virtual networking environment.
2.
Not
accuracy in the attack detection from attackers.
PROPOSED SYSTEM:
In
this article, we propose NICE (Network Intrusion detection and Countermeasure
selection in virtual network systems) to establish a defense-in-depth intrusion
detection framework. For better attack detection, NICE incorporates attack
graph analytical procedures into the intrusion detection processes. We must
note that the design of NICE does not intend to improve any of the existing
intrusion detection algorithms; indeed, NICE employs a reconfigurable virtual
networking approach to detect and counter the attempts to compromise VMs, thus
preventing zombie VMs.
ADVANTAGES OF PROPOSED SYSTEM:
The
contributions of NICE are presented as follows:
Ø We devise NICE, a new multi-phase
distributed network intrusion detection and prevention framework in a virtual
networking environment that captures and inspects suspicious cloud traffic
without interrupting users’ applications and cloud services.
Ø NICE incorporates a software
switching solution to quarantine and inspect suspicious VMs for further
investigation and protection. Through programmable network approaches, NICE can
improve the attack detection probability and improve the resiliency to VM
exploitation attack without interrupting existing normal cloud services.
Ø NICE employs a novel attack graph
approach for attack detection and prevention by correlating attack behavior and
also suggests effective countermeasures.
Ø NICE optimizes the implementation on
cloud servers to minimize resource consumption. Our study shows that NICE
consumes less computational overhead compared to proxy-based network intrusion
detection solutions.
SYSTEM ARCHITECTURE:
ALGORITHM USED:
ü Alert Correlation Algorithm
ü Countermeasure Selection Algorithm
SYSTEM CONFIGURATION:-
HARDWARE CONFIGURATION:-
ü Processor - Pentium –IV
ü Speed - 1.1
Ghz
ü RAM - 256
MB(min)
ü Hard Disk -
20 GB
ü Key Board -
Standard Windows Keyboard
ü Mouse - Two
or Three Button Mouse
ü Monitor - SVGA
SOFTWARE CONFIGURATION:-
ü Operating System : Windows XP
ü Programming Language :
JAVA
ü Java Version :
JDK 1.6 & above.
REFERENCE:
Chun-Jen Chung, Student Member, IEEE,
Pankaj Khatkar, Student Member, IEEE, Tianyi Xing, Jeongkeun Lee, Member,
IEEE, and Dijiang Huang Senior Member, IEEE-“ NICE: Network
Intrusion Detection and Countermeasure Selection in Virtual Network Systems”-
IEEE TRANSACTIONS ON DEPEDABLE AND SECURE COMPUTING.