Project Name

CIDS: adapting legacy intrusion detection systems to the cloud with hybrid sampling

Introduction

Many attacks originate from inside, and security problems within cloud-computing platforms are becoming more and more severe. Although many Intrusion Detection System (IDS) help monitor and protect the inbound and outbound traffic of data centers, it is still challenging to deploy IDS inside a cloud-computing platform due to extremely high bandwidth within, and the lack of a single ingress point to deploy the IDS. This thesis presents two ideas allowing traditional IDS to be adopted to the cloud environment: software-defined-networking (SDN) based packet collection and a hybrid sampling algorithm to significantly reduce workload on the IDS.

We integrate our data collector in the Open vSwitch of every physical server, making packets capturing highly efficient. Our hybrid sampling algo-rithm combines both flow statistics and IDS feedback to intelligently choose which packets to sample. The sampling rate is determined by the current workload in the cloud, and thus minimizing the effects to normal workload.

We evaluate our prototype system CIDS on a 125-server production OpenStack cloud using real world attack traces, and demonstrate the effec-tiveness of our approach.

Particpant

Qingtang Xia

Tianjia Chen

Wei Xu

Progress

Sep. 2014

start

Nov. 2016

The paper is accepted by SC2

Paper

PID4532159