基于集群的云环境流量监控入侵检测框架

2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud) Pub Date : 2016-06-25 DOI:10.1109/CSCloud.2016.43

Bo Li, Peng Liu, Li Lin

{"title":"基于集群的云环境流量监控入侵检测框架","authors":"Bo Li, Peng Liu, Li Lin","doi":"10.1109/CSCloud.2016.43","DOIUrl":null,"url":null,"abstract":"In cloud environments, Intra-VM network traffic are out of the monitor traditional physical IDS. To enable the monitor of Intra-VM network traffic, we propose cIDS, a novel cluster-based intrusion detection framework for monitoring the network traffic of cloud environments. cIDS does not require the support of physical switches and Instead of using virtualized IDS to monitor virtual network traffic, we export the intra-VM network traffic to physical IDS, and leverages IDS cluster to provide intrusion detection for multiple security domains. Openflow and SDN is used to redirect virtual network traffic to different IDSes. We also design a traffic deduplication mechanism which could eliminate redundant network traffic and lessen the burden of the IDS cluster. We evaluate the effectiveness and efficiency of cIDS through comprehensive experiments. The results shown that cIDS could successfully monitor the network traffic of cloud environments and cIDS outperforms virtualized IDS approach in terms of performance.","PeriodicalId":410477,"journal":{"name":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"85 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"A Cluster-Based Intrusion Detection Framework for Monitoring the Traffic of Cloud Environments\",\"authors\":\"Bo Li, Peng Liu, Li Lin\",\"doi\":\"10.1109/CSCloud.2016.43\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In cloud environments, Intra-VM network traffic are out of the monitor traditional physical IDS. To enable the monitor of Intra-VM network traffic, we propose cIDS, a novel cluster-based intrusion detection framework for monitoring the network traffic of cloud environments. cIDS does not require the support of physical switches and Instead of using virtualized IDS to monitor virtual network traffic, we export the intra-VM network traffic to physical IDS, and leverages IDS cluster to provide intrusion detection for multiple security domains. Openflow and SDN is used to redirect virtual network traffic to different IDSes. We also design a traffic deduplication mechanism which could eliminate redundant network traffic and lessen the burden of the IDS cluster. We evaluate the effectiveness and efficiency of cIDS through comprehensive experiments. The results shown that cIDS could successfully monitor the network traffic of cloud environments and cIDS outperforms virtualized IDS approach in terms of performance.\",\"PeriodicalId\":410477,\"journal\":{\"name\":\"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)\",\"volume\":\"85 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSCloud.2016.43\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCloud.2016.43","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

在云环境中，虚拟机内部的网络流量超出了传统物理IDS的监控范围。为了实现对虚拟机内部网络流量的监控，我们提出了一种新的基于集群的入侵检测框架cIDS，用于监控云环境下的网络流量。cIDS不需要物理交换机的支持，而不是使用虚拟IDS来监控虚拟网络流量，我们将虚拟机内的网络流量导出到物理IDS，并利用IDS集群为多个安全域提供入侵检测。Openflow和SDN用于将虚拟网络流量重定向到不同的ids。我们还设计了流量重复删除机制，可以消除冗余的网络流量，减轻IDS集群的负担。我们通过综合实验来评估cIDS的有效性和效率。结果表明，cIDS可以成功地监控云环境中的网络流量，并且在性能方面优于虚拟化IDS方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Cluster-Based Intrusion Detection Framework for Monitoring the Traffic of Cloud Environments

In cloud environments, Intra-VM network traffic are out of the monitor traditional physical IDS. To enable the monitor of Intra-VM network traffic, we propose cIDS, a novel cluster-based intrusion detection framework for monitoring the network traffic of cloud environments. cIDS does not require the support of physical switches and Instead of using virtualized IDS to monitor virtual network traffic, we export the intra-VM network traffic to physical IDS, and leverages IDS cluster to provide intrusion detection for multiple security domains. Openflow and SDN is used to redirect virtual network traffic to different IDSes. We also design a traffic deduplication mechanism which could eliminate redundant network traffic and lessen the burden of the IDS cluster. We evaluate the effectiveness and efficiency of cIDS through comprehensive experiments. The results shown that cIDS could successfully monitor the network traffic of cloud environments and cIDS outperforms virtualized IDS approach in terms of performance.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)

自引率

0.00%

发文量