Professional Documents
Culture Documents
Cloud Server Google App Engine Intrusion Detection System Parameter Tampering Client or Intruder Denial of Service
SQL Injection
Brute Force
Database / Datastore
Small size business, enterprises and organizations who cannot afford the high cost software, hardware and data storage medium to maintain their business as well as to improve it must use cloud services on a pay-per-use basis. Cloud provide many advantages include lower cost, greater business agility, reduced IT administrative overhead, access to best applications. But one question about cloud computing is still in its place-HOW SECURE IS THE CLOUD. End user who wants to access the services of cloud must have browser on their system to access the network. We always talk about attacks on clouds which makes our data insecure on clouds system but there are so many attacks which can also affect our data . when any user login through interface on cloud site then they must take care to perform secure process. I will discuss about those attacks which can take place during login process.
1.2.1.1
3. Community cloud The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). Government departments, universities, central banks etc. often find this type of cloud useful.
3
4. Hybrid cloud A hybrid cloud is a composition of at least one private cloud and at least one public cloud. A hybrid cloud is typically offered in one of two ways: a vendor has a private cloud and forms a partnership with a public cloud provider, or a public cloud provider forms a partnership with a vendor that provides private cloud platforms.
1.2.1.2
a. Software as a Service (SaaS). The capability provided to the consumer is to use the providers applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. b. Platform as a Service (PaaS). The capability provided to the or consumer acquired is to deploy onto created the cloud using
infrastructure consumer-created
applications
programming languages, libraries, services, and tools supported by the provider.3 The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. c. Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
1.2.1.3
Cloud Vendors
1. Microsoft Azure
4
End user access area-When client access network for any applications from any public location like restaurant, hotels, offices through Wi-Fi the risk of data theft will be increase. Malware can affect system. Malware is a software designed to damage computer system without the owners informed content.
Identity theft- When wrong person got your identity he may login behalf of you on cloud to get advantages of services and can also affect your information.
Fake antivirus software- Person who creates this kind of software want to access only important information called passive attacker but if attacker modify your work then he is called active attacker.
Attack on web browser- Web browsers works as an interface between consumer and service provider. Most popular web browsers are Google chrome, internet explorer, opera and safari.
Cross site scripting- Cross site scripting is to insert the malicious code on dynamic web page which cannot be detected by client browser interpreter or server. It is also named as xss. Once these malicious codes get executed on web browser then every time we access the browser it gets private information and delivers to attacks.
Flooding- If Browser gets control by attacker then flooding attack is also possible to consume lot of resources and services as well as to increase the work load on cloud server. When user request
of any service then service provider works towards to satisfy their request but when an attack intentionally flood requests to provider then he wants to fulfill the requirement of attacker as he thinks that attacker is a client. As a result cloud system will not be able to satisfy the normal request from user.
Denial of service- Malicious code gets injected onto browser then attacks execute that code to open window many times. As a result server deny to legitimate user to offer their services. Plug-ins- We want to open any downloaded file or run any new software then browser asks to install plug-in to run this program and we allow to them. This is also a way for attackers to get involve into our system.
SQL injection- QL injection is a technique often used to attack a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Threat from inside employee People connect with cloud computations put on their sensitive and confidential information on cloud. Companies which provide services have number of employee who have access to these
6
sensitive data on regular basis and discuss it from out of company. Insider threat is more than just fraud and can also comprise theft of data and intellectual property.
Data protection Everyone wants that their personal data on cloud must be secure. To provide security of data on cloud comprises. Where will the data be stored or processed Are there are multiple platform involved Who is liable for the data or security related issues and natural disasters and data leakage? What are legal commercial and reputational risks? Can we move against the cloud vendor to Claim loss of profits?
Identity and access management In cloud computing technology NIST advices the need for trusted identities and secure and efficient management of these identities while users privacy is protected is a key element for the successful adoption of any cloud solution the big issue is can the provider segregate and protect individual groups of data within the remote, distributed shared environment.
Identity and access related problems mostly faced by SAAS service provider because they have to manage so many accounts of customers and when user leaves the organization their account remains active increasing risk of data exposure.
Shared technology issues Cloud customers needs resources dynamically as per requirement. The service provider is able to meet the demand of customer. They use virtualization where virtual machines share the same physical server for multiple customers.
Hypervisor security On hypervisor (virtual machine manager) many malware, rootkits and unwanted codes may installing themselves as a hypervisor below the operating system. This can make them difficult
7
to detect because hypervisor based malware could intercept any operations of operating systems. In fig 3 this kind of attack has shown.
Cross virtual machine side channel attacks Virtual memory shares the physical memory, CPU cycles, network buffers, dram of the physical machine attacks on virtual machine may takes place in two steps Placement of attacker virtual machine on the same physical machine Exploiting the shared resources.
Cross side channel attack on VMs virtual machine share the physical memory, CPU cycles, Network buffers, dram of the physical machines. Attack on VMs take place in 2 steps Placement of attacker virtual machine on the same physical machine exploiting the shared resources
The new blended threats technology protects organizations from targeted attacks that use malicious embedded URL links in emails as the initial infection method. Harnessing the same malware detection technology used in the M86 Secure Web Gateway (SWG), M86 Security's Targeted Attacks Service scans emails for embedded URL links to potentially malicious websites as they are accessed.
1.3 Motivation:
In the recent years, number of attacks on networks has exponentially increased therefore; interest in cyber attack detection has increased among the researchers. The tremendous opportunities for information and resource sharing that this entails comes a heightened need for information security, as computing resources are both more vulnerable and more heavily depended upon them before. This paper provides a review on current trends in cyber attack detection together with a study on technologies implemented by some researchers in this area. This will help to predict, pointing towards a number of areas of future research in the field of cyber attack detection and response.
10
While an organization makes its information system available to harmless Internet users, at the same time the information is available to the malicious users as well. Malicious users or hackers can get access to an organizations internal systems in various reasons. These are, Software bugs called vulnerabilities Lapse in administration Leaving systems to default configuration The malicious users use different techniques like Password cracking, sniffing unencrypted or clear text traffic etc. to exploit the system vulnerabilities mentioned above and compromise critical systems. Therefore, there needs to be some kind of security to the organizations private resources from the Internet as well as from inside users as survey says that eighty percent of the attacks happen from inside users for the very fact that they know the systems much more than an outsider knows and access to information is easier for an insider. Different organizations across the world deploy firewalls to protect their private network from the Public network. But, when it comes to securing a Private network from the Internet using firewalls, no network can be hundred percent secured. This is because; the business requires some kind of access to be granted on the internal systems to Internet users. The firewall provides security by allowing only specific services through it. The firewall implements a policy for allowing or disallowing connections based on organizational security policy and business needs. The firewall also protects the organization from malicious attack from the Internet by connections from unknown sources.
11
Response
Level 2:
Response Client
Database
12
Level 3:
Parameter tampering
Brute Force
Database
Denial of Service
SQL injection
13
Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities.
14
Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password.
Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL
Injection vulnerability.
Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack.
Example In a login form, which has a username and password, uses the table Users to authenticate the user. The code behind the login is select * from Users where username=$username and password=$password. Now if the attacker enters 'OR' '=' in the password field he gets logged in because the query returns True.
Control measure SQL injection is mainly done through form controls like text field, username field, hidden fields, etc. Therefore it can be detected by performing strong validation techniques on these inputs. We have maintained tokens of SQL and if the input appears to be one of them, the attacker is prevented from further operation.
Brute-force attacks are mainly used for guessing passwords and bypassing access control. However there are a lot of tools which use this techinque to examine the web service's catalogue structures and seek interesting, from the attacker's point of view, information. Very often the target of an attack is data in forms (GET/POST) and users' Session-IDs.
Control measures Brute Force attack can be controlled by having effective session management, strong authentication mechanism, understanding the behavior of intruders access and keeping track of the speed at which successive requests are made.
16
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games such as Minecraft and League of Legends. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management. Control measures: It can be prevented by having track of the attackers behavior, identifying the speed at which attacker is trying to access the resources and preventing the user for accessing the site once suspicious pattern of attackers behavior is identified.
Example: When a web application uses hidden fields to store status information, a malicious user can tamper with the values stored on his browser and change the referred information. For example, an e-commerce shopping site uses hidden fields to refer to its items, as follows: <input type=hidden id=1008 name=cost value=70.00>
17
In this example, an attacker can modify the value information of a specific item, thus lowering its cost. [5]
Control measures 1. Data Validation strategies a. Accept known good i. This strategy is also known as "whitelist" or "positive" validation. The idea is that you should check that the data is one of a set of tightly constrained known good values. Any data that doesn't match should be rejected. ii. If you expect a postcode, validate for a postcode (type, length and syntax):
public String isPostcode(String postcode) { return (postcode != null && Pattern.matches("^(((2|8|9)\d{2})|((02|08|09)\d{2})|([19]\d{3}))$", postcode)) ? postcode : "";}
b. Reject known bad i. This strategy, also known as "negative" or "blacklist" validation is a weak alternative to positive validation. Essentially, if you don't expect to see characters such as %3f or JavaScript or similar, reject strings containing them. This is a dangerous strategy, because the set of possible bad data is potentially infinite. c. Sanitize i. Rather than accept or reject input, another option is to change the user input into an acceptable format
18
2. Authorization Authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define access policy. For example,human resources staff are normally authorized to access employee records, and this policy is usually formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected). Resources include individual files' or items' data, computer programs,
computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer programs and other devices on the computer.
3. Data validation Data validation is the process of ensuring that a program operates on clean, correct and useful data. It uses routines, often called "validation rules" or "check routines", that check for correctness, meaningfulness, and security of data that are input to the system. The rules may be implemented through the automated facilities of a data dictionary, or
19
by the inclusion of explicit application program validation logic.For business applications, data validation can be defined through declarative data integrity rules, or procedure-based business rules. Data that does not conform to these rules will negatively affect business process execution. Therefore, data validation should start with business process definition and set of business rules within this process. Rules can be collected through the requirements capture exercise. The simplest data validation verifies that the characters provided come from a valid set. For example, telephone numbers should include the digits and possibly the characters +, -, (, and ) (plus, minus, and parentheses). A more sophisticated data validation routine would check to see the user had entered a valid country code, i.e., that the number of digits entered matched the convention for the country or area specified.
4. Denial of Service Attacks The Denial of Service (DoS) attack is focused on making unavailable a resource (site, application, server) for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. If a service receives a very large number of requests, it may stop providing service to legitimate users. In the same way, a service may stop if a programming vulnerability is exploited, or the way the service handles resources used by it.
5. Error Handling An exception is an event that may change the program flow. One layer of the system uses an exception to give another layer information about special states the system is currently in. The different layers of software or hardware have contracts, that tell what can be expected; this is generally known as Programming by Contract. In the context of exception handling, a program is said to be exception-safe, if exceptions that occur will not produce side-effects (such as memory leaks), will not change stored data so that it becomes unreadable, or generate output that is invalid.
20
6. Session Management A session is a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user (see Login session). A session is set up or established at a certain point in time, and torn down at a later point in time. An established communication session may involve more than one message in each direction. A session is typically, but not always, stateful, meaning that at least one of the communicating parts needs to save information about the session history in order to be able to communicate, as opposed to stateless communication, where the communication consists of independent requests with responses.An established session is the basic requirement to perform a connection-oriented communication. A session also is the basic step to transmit in connectionless communication modes. However any unidirectional transmission does not define a session.[1]
21
3.3 Scheduling
3.3.1 Time line chart:
22
Our project was based on the Java Programming Language and had to be deployed on to the cloud ,not many options were available to us some of the shortlisted tools we considered were as follows:
1. Microsoft Azure Platform 2. Google App Engine 3. Amazon Cloud Services 4. IBM Cloud Services 5. Ubuntu One Cloud Service
After considering all these options we had an in depth study of them to decide which particular service we required that would suit our needs. Further analysis showed that the google app engine platform would be the best choice due to their support for the java programming language and their dependable services.
3. Blobstore Service Api to handle images and store them 4.24x7 Maintenance Support
Google App Engine (often referred to as GAE or simply App Engine, and also used by the acronym GAE/J) is a platform as a service (PaaS) cloud computing platform for developing and hosting web applications in Google-managed data centers. Applications are sandboxed and run across multiple servers. App Engine offers automatic scaling for web applicationsas the number of requests increases for an application, App Engine automatically allocates more resources for the web application to handle the additional demand. Google App Engine is free up to a certain level of consumed resources. Fees are charged for additional storage, bandwidth, or instance hours required by the application. It was first released as a preview version in April 2008, and came out of preview in September 2011. Runtimes and frameworks Currently, the supported programming languages are Python, Java (and, by extension, other JVM languages such as Groovy, JRuby, Scala, Clojure, Jython and PHP via a special version of Quercus), and Go. Google has said that it plans to support more languages in the future, and that the Google App Engine has been written to be language independent. Google App Engine supports many Java standards and frameworks. Core to this is the servlet 2.5 technology using the open-source Jetty Web Server, along with accompanying technologies such as JSP. JavaServer Faces operates with some workarounds. Though the datastore used may be unfamiliar to programmers, it is easily accessed and supported with JPA. JDO and other methods of reading and writing data are also provided. The Spring Framework works with GAE, however the Spring Security module (if used) requires workarounds. Apache Struts 1 is supported, and Struts 2 runs with workarounds. The Django web framework and applications running on it can be used on App Engine with modification. Django-nonrel aims to allow Django to work with non-relation databases and the project includes support for App Engine.
24
Applications developed for the Grails web application framework may be modified and deployed to Google App Engine with very little effort using the App Engine Plugin. Spring Roo also offers a cross-platform ability to develop. Reliability and Support All billed High-Replication Datastore App Engine applications have a 99.95% uptime SLA. App Engine is designed in such a way that it can sustain multiple datacenter outages without any downtime. This resilience to downtime is shown by the statistic that the High Replication Datastore saw 0% downtime over a period of a year. [16] Paid support from Google engineers is offered as part of Premier Accounts.[17] Free support is offered in the App Engine Groups and Stack Overflow, however assistance by a Google staff member is not guaranteed. Differences with other application hosting Compared to other scalable hosting services such as Amazon EC2, App Engine provides more infrastructure to make it easy to write scalable applications, but can only run a limited range of applications designed for that infrastructure. App Engine's infrastructure removes many of the system administration and development challenges of building applications to scale to hundreds of requests per second and beyond.[27] Google handles deploying code to a cluster, monitoring, failover, and launching application instances as necessary. While other services let users install and configure nearly any *NIX compatible software, App Engine requires developers to use only its supported languages, APIs, and frameworks. Current APIs allow storing and retrieving data from a BigTable non-relational database; making HTTP requests; sending e-mail; manipulating images; and caching. Existing web applications that require a relational database will not run on App Engine without modification.
25
Per-day and per-minute quotas restrict bandwidth and CPU use, number of requests served, number of concurrent requests, and calls to the various APIs, and individual requests are terminated if they take more than 60 seconds or return more than 32MB of data. Differences between SQL and GQL Google App Engine's datastore has a SQL-like syntax called "GQL". GQL intentionally does not support the Join statement, because it seems to be inefficient when queries span more than one machine. Instead, one-to-many and many-to-many relationships can be accomplished using ReferenceProperty().This shared-nothing approach allows disks to fail without the system failing. Switching from a relational database to the Datastore requires a paradigm shift for developers when modelling their data.Unlike a relational database the Datastore API is not relational in the SQL sense. The Java version supports asynchronous non-blocking queries using the Twig Object Datastore interface. This offers an alternative to using threads for parallel data processing.
JSP allows Java code and certain pre-defined actions to be interleaved with static web markup content, with the resulting page being compiled and executed on the server to deliver a document. The compiled pages (and any dependent Java libraries) use Java bytecode rather than a native software format. Like any other Java program, they must be executed within a Java virtual machine (JVM) that integrates with the server's host operating system to provide an abstract platform-neutral environment. JSP pages are usually used to deliver HTML and XML documents, but through the use of OutputStream, they can deliver other types of data as well. Syntax JSP pages use several delimiters for scripting functions. The most basic is <% ... %>, which encloses a JSP scriptlet. A scriptlet is a fragment of Java code that is run when the user requests the page. Other common delimiters include <%= ... %> for expressions, where the value of the expression is placed into the page delivered to the user, and directives, denoted with <%@ ... %>. Java code is not required to be complete (self contained) within its scriptlet element block, but can straddle markup content providing the page as a whole is syntactically correct. For example, any Java if/for/while blocks opened in one scriptlet element must be correctly closed in a later element for the page to successfully compile. Markup which falls inside a split block of code is subject to that code, so markup inside an if block will only appear in the output when the if condition evaluates to true; likewise, markup inside a loop construct may appear multiple times in the output depending upon how many times the loop body runs. Comparison with similar technologies JSP pages are similar to PHP pages and ASP.NET Web Forms, in that all three add server-side code to an HTML page. However, all three terms refer to a different component of the system. JSP refers to the JSP pages, which can be used alone, with Java servlets, or with a framework such as Apache Struts. PHP is itself a programming language, designed for dynamic Web pages.
27
ASP.net is a framework comparable to Struts or JavaServer Faces that uses pages called Web Forms. While JSP pages use the Java language, ASP.NET pages can use any .NET-compatible language (usually C#). ASP.NET is designed for a Microsoft Windows web server, while PHP and Java server technologies (including JSP) support Windows or GNU/Linux, among other platforms.
4.1.3 Servlets
A Servlet is a java based server side web technology. As the name implies, it serves a client request and receives a response from the server. Technically speaking a Servlet is a Java class in Java EE that conforms to the Java Servlet API, a protocol by which a Java class may respond to requests. They are not tied to a specific client-server protocol, but are most often used with the HTTP protocol. Therefore, the word "Servlet" is often used in the meaning of "HTTP Servlet".Thus, a software developer may use a servlet to add dynamic content to a Web server using the Java platform. The generated content is commonly HTML, but may be other data such as XML. Servlets are the Java counterpart to non-Java dynamic Web content technologies such as CGI and ASP.NET. Servlets can maintain state in session variables across many server transactions by using HTTP cookies, or URL rewriting. To deploy and run a Servlet, a Web container must be used. A Web container (also known as a Servlet container) is essentially the component of a Web server that interacts with the servlets. The Web container is responsible for managing the lifecycle of servlets, mapping a URL to a particular servlet and ensuring that the URL requester has the correct access rights. The servlet API, contained in the Java package hierarchy javax.servlet, defines the expected interactions of the Web container and a servlet. A Servlet is an object that receives a request and generates a response based on that request. The basic servlet package defines Java objects to represent servlet requests and responses, as well as objects to reflect the servlet's configuration parameters and execution environment. The package
28
javax.servlet.http defines HTTP-specific subclasses of the generic servlet elements, including session management objects that track multiple requests and responses between the Web server and a client. Servlets may be packaged in a WAR file as a Web application. Servlets can be generated automatically from JavaServer Pages (JSP) by the JavaServer Pages compiler. The difference between Servlets and JSP is that Servlets typically embed HTML inside Java code, while JSPs embed Java code in HTML. While the direct usage of Servlets to generate HTML (as shown in the example below) has become rare, the higher level MVC web framework in Java EE (JSF) still explicitly uses the Servlet technology for the low level request/response handling via the FacesServlet. A somewhat older usage is to use servlets in conjunction with JSPs in a pattern called "Model 2", which is a flavor of the model-view-controller pattern. Advantages over CGI The advantages of using servlets are their fast performance and ease of use combined with more power over traditional CGI (Common Gateway Interface). Traditional CGI scripts written in Java have a number of disadvantages when it comes to performance:
When an HTTP request is made, a new process is created for each call of the CGI script. This overhead of process creation can be very system-intensive, especially when the script does relatively fast operations. Thus, process creation will take more time than CGI script execution. Java servlets solve this, as a servlet is not a separate process. Each request to be handled by a servlet is handled by a separate Java thread within the Web server process, omitting separate process forking by the HTTP daemon.
Simultaneous CGI request causes the CGI script to be copied and loaded into memory as many times as there are requests. However, with servlets, there are the same amount of threads as requests, but there will only be one copy of the servlet class created in memory that stays there also between requests.
Only a single instance answers all requests concurrently. This reduces memory usage and makes the management of persistent data easy.A servlet can be run by a servlet engine in a restrictive environment, called a sandbox. This is similar to an applet that runs in the
29
sandbox of the Web browser. This makes a restrictive use of potentially harmful servlets possible.
30
Each of these modules describe the attributes and the methods that are used and performed by the entities involved in the project working. Modular approach simplified the task of what task each of the module will be performing in the project.
Send Parameter
Tamper Parameters
Acceptable pattern ?
no Stop
31
2. SQL Injection
no
Proceed further
32
Cloud
33
support for web application development with PHP 5.3 and the Symfony framework, and improved code completion, layouting, hints and navigation in JavaFX projects. NetBeans IDE 6.9, released in June 2010, added support for OSGi, Spring Framework 3.0, Java EE dependency injection (JSR-299), Zend Framework for PHP, and easier code navigation (such as "Is Overridden/Implemented" annotations), formatting, hints, and refactoring across several languages. NetBeans IDE 7.0 was released in April 2011. On August 1, 2011, the NetBeans Team released NetBeans IDE 7.0.1, which has full support for the official release of the Java SE 7 platform.
User interface management (e.g. menus and toolbars) User settings management Storage management (saving and loading any kind of data) Window management Wizard framework (supports step-by-step dialogs) NetBeans Visual Library Integrated development tools
35
NetBeans IDE is a free, open-source, cross-platform IDE with built-in-support for Java Programming Language.
The Profiler is based on a Sun Laboratories research project that was named JFluid. That research uncovered specific techniques that can be used to lower the overhead of profiling a Java application. One of those techniques is dynamic bytecode instrumentation, which is particularly useful for profiling large Java applications. Using dynamic bytecode instrumentation and additional algorithms, the NetBeans Profiler is able to obtain runtime information on applications that are too large or complex for other profilers. NetBeans also support Profiling Points that let you profile precise points of execution and measure execution time.
37
The project aims to detect attack at early possible level in the system right from the login to the logout of the user. The methodology followed is as per the standards of the OWASP project. The project aims to develop a completely secure system which is not only able to detect malicious attacks but also to prevent and keep a track of such attacks so that the system is aware of the steps need to be taken the next time.
Fig 8:Homepage
38
39
40
41
42
43
Cloud Computing is a new type of service which provides large scale computing resource to each customer. Cloud Computing systems can be easily threatened by various cyber attacks, because most of Cloud Computing systems provide services to so many people who are not proven to be trustworthy. Therefore, a Cloud Computing system needs to contain some Intrusion Detection Systems (IDSs) for protecting each Virtual Machine (VM) against threats. In this case, there exists a tradeoff between the security level of the IDS and the system performance. If the IDS provide stronger security service using more rules or patterns, then it needs much more computing resources in proportion to the strength of security. So the amount of resources allocating for customers decreases. Another problem in Cloud Computing is that, huge amount of logs makes system administrators hard to analyze them. In this paper, we propose a method that enables Cloud Computing system to achieve both effectiveness of using the system resource and strength of the security service without trade-off between them.. In this project we have just detected the possible attacks and threats on the cloud server. An enhancement to this is the prevention of it. In future we will also prevent the attacks i.e. the attack detection and prevention on cloud server. Thus this will help us to minimize the risk and threats that could affect a cloud. We will also monitor the attack patterns and develop an mechanism that would capture and record all new attacks and prevent them from occurring in the future.
44
REFERENCES
[1]
Claudio Mazzariello, Roberto Bifulco and Roberto Canonico Integrating a Network IDS into an Open Source Cloud Computing Environment, ACM, 2009, pp. 199212. John McHugh, Alan Christie, and Julia Allen The Role of Intrusion Detection Systems, Proceedings of IEEE Network pp no. 42-51 September/October 2000. ]Biswanath Mukherjee, Karl N. Levitt Network Intrusion Detection System, Proceedings of IEEE Network pp.26-41 May/June 1994.
[2]
[3]
[4]
[5]
[6]
45