A Cluster-Based Intrusion Detection Framework for Monitoring the Traffic of Cloud Environments

Abstract

In cloud environments, Intra-VM network traffic are out of the monitor traditional physical IDS. To enable the monitor of Intra-VM network traffic, we propose cIDS, a novel cluster-based intrusion detection framework for monitoring the network traffic of cloud environments. cIDS does not require the support of physical switches and Instead of using virtualized IDS to monitor virtual network traffic, we export the intra-VM network traffic to physical IDS, and leverages IDS cluster to provide intrusion detection for multiple security domains. Openflow and SDN is used to redirect virtual network traffic to different IDSes. We also design a traffic deduplication mechanism which could eliminate redundant network traffic and lessen the burden of the IDS cluster. We evaluate the effectiveness and efficiency of cIDS through comprehensive experiments. The results shown that cIDS could successfully monitor the network traffic of cloud environments and cIDS outperforms virtualized IDS approach in terms of performance.