logo SBA

ETD

Archivio digitale delle tesi discusse presso l’Università di Pisa

Tesi etd-05222013-230300


Tipo di tesi
Tesi di dottorato di ricerca
Autore
ABDELAZIM ISMAIL MOHAMED, HESHAM
Indirizzo email
hkholidy@di.unipi.it, hisham_dev@yahoo.com
URN
etd-05222013-230300
Titolo
Cloud Computing Security, An Intrusion Detection System for Cloud Computing Systems
Settore scientifico disciplinare
INF/01
Corso di studi
SCIENZE DI BASE
Relatori
tutor Prof. Hariri, Salim
commissario Prof. Ouksel, Aris M.
commissario Prof. Parashar, Manish
commissario Prof. Bonuccelli, Maurizio
commissario Prof. Abdelwahed, Sherif
commissario Prof. Vigna, Sebastiano
commissario Prof. Scateni, Riccardo
commissario Prof. Luccio, Fabrizio
tutor Prof. Baiardi, Fabrizio
commissario Prof.ssa Bodei, Chiara
Parole chiave
  • attacks
  • cloud computing
  • dataset
  • DDoS
  • feature extraction
  • intrusion detection
  • masquerade
  • masquerade detection
  • NetFlow
  • security
  • security events
  • sequence alignment
  • system calls
Data inizio appello
07/06/2013
Consultabilità
Completa
Riassunto
Cloud computing is widely considered as an attractive service model because it minimizes investment since its costs are in direct relation to usage and demand. However, the distributed nature of cloud computing environments, their massive resource aggregation, wide user access and efficient and automated sharing of resources enable intruders to exploit clouds for their advantage. To combat intruders, several security solutions for cloud environments adopt Intrusion Detection Systems. However, most IDS solutions are not suitable for cloud environments, because of problems such as single point of failure, centralized load, high false positive alarms, insufficient coverage for attacks, and inflexible design. The thesis defines a framework for a cloud based IDS to face the deficiencies of current IDS technology. This framework deals with threats that exploit vulnerabilities to attack the various service models of a cloud system. The framework integrates behaviour based and knowledge based techniques to detect masquerade, host, and network attacks and provides efficient deployments to detect DDoS attacks.

This thesis has three main contributions. The first is a Cloud Intrusion Detection Dataset (CIDD) to train and test an IDS. The second is the Data-Driven Semi-Global Alignment, DDSGA, approach and three behavior based strategies to detect masquerades in cloud systems. The third and final contribution is signature based detection. We introduce two deployments, a distributed and a centralized one to detect host, network, and DDoS attacks. Furthermore, we discuss the integration and correlation of alerts from any component to build a summarized attack report. The thesis describes in details and experimentally evaluates the proposed IDS and alternative deployments.



Acknowledgment:
===============
• This PH.D. is achieved through an international joint program with a collaboration between University of Pisa in Italy (Department of Computer Science, Galileo Galilei PH.D. School) and University of Arizona in USA (College of Electrical and Computer Engineering).

• The PHD topic is categorized in both Computer Engineering and Information Engineering topics.

• The thesis author is also known as "Hisham A. Kholidy".
File