Assessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing

Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permitting multiple users to utilize the same physical resource, and thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in cloud environments. This is because such IDSs employ only the network information in their detection engines, and this, therefore, makes them ineffective for the cloud-specific vulnerabilities. In this paper, we propose a novel assessment methodology for anomaly-based IDSs in cloud computing that takes into account both the network and system-level information for generating the evaluation dataset. Our approach deploys the IDS sensors in each virtual machine to create a cooperative environment for our anomaly detection engine. The proposed assessment methodology is then deployed in a testbed cloud environment to generate an IDS dataset, which includes both network and systemlevel features. Finally, we evaluate the performance of several machine learning algorithms over the generated dataset. Our experimental results demonstrate that the proposed IDS assessment approach is effective for attack detection in the cloud, as most of the algorithms are able to identify the attacks with a high level of accuracy.