International Journal of Scientific Research Engineering & Technology (IJSRET)

Volume 2 Issue 10 pp 623-626 January 2014 www.ijsret.org ISSN 2278 0882

IJSRET @ 2014
Scrutinizing Vulnerable Attacks in Cloud Infrastructure
Mrs.Rajasri.K *, Kanimozhi.S **,Dhivya Bharathi.Dja ***,Shankari.R ****
*Senior Assistant Professor, CSE, Christ College of Engg & Tech, Pondicherry, India
** Student, CSE, Christ College of Engg & Tech, Pondicherry, India
***Student, CSE, Christ College of Engg & Tech, Pondicherry, India
****Student, CSE, Christ College of Engg & Tech, Pondicherry, India
Abstract
Security in wireless network faces depreciation due
to far-reaching Distributed Denial-of-Service (DDoS).
DDoS attacks normally engage early on stage actions
such as multistep utilization, low-frequency vulnerability
scanning, and compromising notorious suspect able
virtual machines as zombies, and to end with DDoS
attacks in the course of the compromised zombies. We
propose an Enhanced Network Intrusion Detection
System using IDS Framework to overcome the DDoS
attack. The proposed system builds a monitoring and
control mechanism
over the scattered nodes and mitigates attack
consequences using relay nodes. The attacker zone is
isolated forming an attack path from the normal
transmission path using the relay nodes.
Keywords Attack graph, Cloud computing, D.O.S,
NICE-A, Spam
1 Introduction
A mobile ad-hoc network is an autonomous network
system of routers and hosts connected by wireless links.
They can be setup somewhere without any need for
external transportation like wires or base stations. The
routers are gratis to move arbitrarily and systematize
themselves capriciously. Acronym is MANET. Each
device in the network is called an NODE.
We address the problem of packet inspection and
security towards eves dropping attack in this paper. The
past works have concentrated in port monitoring in a
centralized system where a server takes control over the
hardware and communicating links of the network. We
propose a secure relay based IDS (SR-IDS) where re-
locatable relay nodes serve the purpose. These relays are
placed based on the shortest distance by which a relay
node can cover a maximum number of nodes at its zone.
1.1 Cloud computing
Cloud computing has become the novel hum word
driven largely by advertising and service contributions
from large corporate players like Google, IBM and
Amazon. Cloud computing is the use of network .Cloud
computing is the use of computing resources (hardware
and software) that are delivered as a service over a
network. Computing resources (hardware and software)
that are delivered as a service over a network.
Fig 1.1 Working of cloud
Here are mainly three form of cloud computing:
Public Cloud: IT resources on hand as a
service and collective across multiple
organizations, managed by an external service
provider
Private Cloud: IT resources devoted to a single
organization and obtainable on demand
Hybrid Cloud: a combine of private and public
clouds manage as a single entity to expand
capacity across clouds as needed.
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 2 Issue 10 pp 623-626 January 2014 www.ijsret.org ISSN 2278 0882
IJSRET @ 2014
Fig 1.2 Cloud computing types
1.2 Distributed Deniel-Of-Service
In computing,a denial-of-service attack (DoS attack)
or distributed denial- of-service attack (DDoS attack) is
an attempt to create a machine or network resource
engaged to its intended users. Although the means to
perform, motives for, and targets of a DoS attack can
vary, it normally consists of efforts to temporarily or
indefinitely interrupt or suspend services of
a host connected to the Internet. Perpetrators of DoS
attacks typically target sites or services hosted on high-
profile web servers such as banks, credit card payment
gateways, and even root name servers.
2 Existing System
Initially they have used to identify an intrusion in a
Centralized Network .Here the attack is only found out if
they have attacked the server. If there is attack in the
host it is never found out. The proposed structure
leverages Open Flow network encoding APIs to build a
observe and control plane over scattered programmable
virtual switches to considerability improve attack
detection and alleviate attack consequences. The system
and security evaluations reveal the competence and
effectiveness of the proposed solution. NICE is Network
Intrusion Detection and Counter measure Selection in
Virtual Network Systems, builds a graph based model in
it and a framework is been designed, which monitor and
control the entire network. It is done in three phases
PHASE 1
Deploy a lightweight mirroring-based network
intrusion detection agent (NICE-A) on every cloud
server to confine and scrutinize cloud traffic. A NICE-A
regularly scan the virtual system vulnerabilities
surrounded by a cloud server to establish Scenario
Attack Graph (SAGs), and then based on the severity of
identified vulnerability toward the mutual attack goals,
NICE will choose whether or not to set a VM in network
examination state.
PHASE 2
On one occasion, a VM enter inspection state, Deep
Packet Inspection (DPI) is applied, and/or implicit
network reconfigurations can be deploy to the inspect
VM to compose the potential attack behaviors
prominent. NICE significantly advances the current
network IDS/IPS solutions by employing programmable
virtual networking loom that allows the system to
construct a dynamic reconfigurable IDS system. By
using software switching techniques, NICE constructs a
mirroring-based traffic capture framework to minimize
the interference on users traffic compared to traditional
bump-in-the-wire IDS/IPS. The programmable virtual
networking structural design of NICE enables the cloud
to establish assessment and quarantine modes for
suspicious VMs according to their current vulnerability
state in the current SAG.
PHASE 3
Countermeasure Selection is very important method
in which it is based on two features namely, (i)Hardware
oriented: It includes the Attack analyzer and VM
profiling method. (ii)Network oriented: It includes the
Network controller, which is used to know what type of
protocol used, how much time it is been activated and
how many data transfer is been done by the protocol.
2.2 Countermeasure-Selection Algorithm
Algorithm2: Countermeasure Selection
Require: Alert; GE; V ; CM
1: Let vAlert Source node of the Alert
2.1 Alert Co-Relation Algorithm
Algorithm 1:Alert_Correlation
Require: alert ac, SAG, ACG
1: if (ac is a original alert) then
2: generate node ac in ACG
3: n1 vc 2 mapac
4: for all n2 2 parentn1 do
5: create edges (n2:alert; ac)
6: for all Si contain a do
7: if a is the last element in Si then
8: append ac to Si
9: else
10: create path Si1 fsubsetSi; a; acg
11: end if
12: end for
13: add ac to n1:alert
14: end for
15: end if
16: return S
2.2 Countermeasure Selection Algorithm
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 2 Issue 10 pp 623-626 January 2014 www.ijsret.org ISSN 2278 0882
IJSRET @ 2014
Algorithm2: Countermeasure Selection
Require: Alert;GE; V ; CM
1: Let vAlert Source node of the Alert
2: if Distance to TargetvAlert > threshold then
3: Update ACG
4: return
5: end if
6: Let T DescendantvAlert [ vAlert
7: Set PrvAlert 1
8: Generate_Risk_Problem(T)
9: Let benefitjTj; jCMj_ ;
10: for each t 2 T do
11: for each cm 2 CM do
12: if cm:conditiont then
13: Prt Prt _ 1 _ cm:effectiveness
14: Estimate_Risk_Problem(Descendantt)
15: benefitt; cm_ _Prtarget node. (7)
16: end if
17: end for
18: end for
19: Let ROIjTj; jCMj_ ;
20: for each t 2 T do
21: for each cm 2 CM do
22: ROIt; cm_ benefitt;cm_ cost:
cmintrusiveness:cm . (8)
23: end for
24: end for
25: Update SAG and Update ACG
26: return Select Optimal CMROI
2.3 DRAWBACKS IN EXISTING SYSTEM
Nice is limited to centralized architecture
VM profiling consumes additional delay.
Attackers link failures are not addressed
Data consistency levels are low.
3 Proposed System
In the proposed system we choose a relay node and
the number of active nodes. Here the relay nodes are
mainly chooses to isolate the secured and non secured
nodes and this is done based on the distance of
connecting paths between nodes. We can easily replace
or move the relay nodes. If one node is out of range, then
we can replace it by relay nodes. And by isolating secure
and non secure nodes we can avoid transferring data in
non-secured nodes. And attacks are been reduced.
Choosing a relay node depends on:
TTL of the Node
Number of active links
Mobility
Let M be the nodes mobility and L be the active links
the node serves/ served, then
Mi<Mj<Mk<..Mn such that
Mi is inversely proportional to B.
Where, B is the bandwidth operated.
For a constant throughput the number of data
transferred must be constant.
Mi*B ~= 1 +/- E
Where,
E is the error correction while the
bandwidth is adjusted.
R1, R2, Rn must satisfy the above condition to
be a re-locatable IDS relay.
Calculating the maximum transmission distance:
Pr/Pt= Ft*((B/4piR)^2)
Where,B- bandwidth of the end node
Pt- Transmitter power of the sender
Pr- Receiver power of the end node
Ft- Loss factor
R- End nodes transmission radius
Number of active connections is calculated by checking
if ,BR range of the end nodes lies within BR of the
Relay Node.
The communicating radius:
r= (BR1 + BR2 + BRn)/ BRr
BR- Broadcasting Range
Mark each r1, r2, rn such that all active nodes are taken
into account.
Figure 3.1 Network structure using reliable nodes
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 2 Issue 10 pp 623-626 January 2014 www.ijsret.org ISSN 2278 0882
IJSRET @ 2014
3.1 ADVANTAGE OF PROPOSED SYSTEM
Attacker's link failures are addressed.
Secured paths are identified for data transfer.
Streamless communication is possible.
Fastware redirection can be done by the use of
relay nodes.
Low wait and hold.
4 Conclusions and Future Work
Our project is about, detecting attacks. Eves
dropping attack is isolated from the network by forming
a secure and non-secure zone using dynamic IDS relays.
The zone is differentiated using secure path and non
secure path based on maximum connectivity and the
distance at which the end node communicates at each
instance, reducing the possibility of the attackers.
Acknowledgement
This work is supported by Hewlett-Packard Labs
Innovation Research Program Grant and the Office of
Naval Research Young Investigator Program Awards.
REFERENCES
[1] Coud Sercurity Alliance, Top Threats to Cloud
Computing v1.0,
https://cloudsecurityalliance.org/topthreats/csathreats.
v1.0.pdf,Mar. 2010 .
2] H. Takabi, J.B. Joshi, and G. Ahn, Security and
Privacy
Challenges in Cloud Computing Environments, IEEE
Securityand Privacy, vol. 8, no. 6, pp. 24-31, Dec. 2010.
[3]Open vSwitch Project, http://openvswitch.org, May
2012.
[4] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M.
Stephenson, and J. Barker, Detecting Spam Zombies by
Monitoring Outgoing Messages, IEEE Trans.
Dependable and Secure Computing, vol. 9, no. 2, pp.
198-210, Apr. 2012.
[5] G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W.
Lee,BotHunter: Detecting Malware Infection through
IDS-drivenDialog Correlation, Proc. 16th USENIX
Security Symp. (SS 07),pp. 12:1-12:16, Aug. 2007.
[6] X. Ou, S. Govindavajhala, and A.W. Appel,
MulVAL: A Logic-Based Network Security Analyzer,
Proc. 14th USENIX Security Symp., pp. 113-128, 2005.
[7] R. Sadoddin and A. Ghorbani, Alert Correlation
Survey: Framework and Techniques, Proc. ACM Intl
Conf. Privacy, Security and Trust: Bridge the Gap
between PST Technologies and Business Services
(PST 06), pp. 37:1-37:10, 2006
[8] S. Roschke, F. Cheng, and C. Meinel, A New Alert
Correlation Algorithm Based on Attack Graph, Proc.
Fourth Intl Conf.Computational Intelligence in Security
for Information Systems,pp. 58-67, 2011.
[9] Mitre Corporation, Common Vulnerabilities and
Exposures,CVE, http://cve.mitre.org/, 2012
[10] O.Database,Open Source Vulnerability Database
(OVSDB),
http://osvdb.org/, 2012.
[11] Metasploit http://www.metasploit.com, 2012.
[12] Armitage,http://www.fastandeasyhacking.com,
2012.