logo SBA


Digital archive of theses discussed at the University of Pisa


Thesis etd-05222013-230300

Thesis type
Tesi di dottorato di ricerca
email address
hkholidy@di.unipi.it, hisham_dev@yahoo.com
Thesis title
Cloud Computing Security, An Intrusion Detection System for Cloud Computing Systems
Academic discipline
Course of study
tutor Prof. Hariri, Salim
commissario Prof. Ouksel, Aris M.
commissario Prof. Parashar, Manish
commissario Prof. Bonuccelli, Maurizio
commissario Prof. Abdelwahed, Sherif
commissario Prof. Vigna, Sebastiano
commissario Prof. Scateni, Riccardo
commissario Prof. Luccio, Fabrizio
tutor Prof. Baiardi, Fabrizio
commissario Prof.ssa Bodei, Chiara
  • attacks
  • cloud computing
  • dataset
  • DDoS
  • feature extraction
  • intrusion detection
  • masquerade
  • masquerade detection
  • NetFlow
  • security
  • security events
  • sequence alignment
  • system calls
Graduation session start date
Cloud computing is widely considered as an attractive service model because it minimizes investment since its costs are in direct relation to usage and demand. However, the distributed nature of cloud computing environments, their massive resource aggregation, wide user access and efficient and automated sharing of resources enable intruders to exploit clouds for their advantage. To combat intruders, several security solutions for cloud environments adopt Intrusion Detection Systems. However, most IDS solutions are not suitable for cloud environments, because of problems such as single point of failure, centralized load, high false positive alarms, insufficient coverage for attacks, and inflexible design. The thesis defines a framework for a cloud based IDS to face the deficiencies of current IDS technology. This framework deals with threats that exploit vulnerabilities to attack the various service models of a cloud system. The framework integrates behaviour based and knowledge based techniques to detect masquerade, host, and network attacks and provides efficient deployments to detect DDoS attacks.

This thesis has three main contributions. The first is a Cloud Intrusion Detection Dataset (CIDD) to train and test an IDS. The second is the Data-Driven Semi-Global Alignment, DDSGA, approach and three behavior based strategies to detect masquerades in cloud systems. The third and final contribution is signature based detection. We introduce two deployments, a distributed and a centralized one to detect host, network, and DDoS attacks. Furthermore, we discuss the integration and correlation of alerts from any component to build a summarized attack report. The thesis describes in details and experimentally evaluates the proposed IDS and alternative deployments.

• This PH.D. is achieved through an international joint program with a collaboration between University of Pisa in Italy (Department of Computer Science, Galileo Galilei PH.D. School) and University of Arizona in USA (College of Electrical and Computer Engineering).

• The PHD topic is categorized in both Computer Engineering and Information Engineering topics.

• The thesis author is also known as "Hisham A. Kholidy".